Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Cortesemente qualcuno può controllare il file log? computer lento

Cortesemente qualcuno può controllare il file log? computer lento Opzioni
Topic Precedente · Topic Sucessivo
robbyrobby
Inviato: Friday, July 09, 2010 10:45:56 PM
Rank: AiutAmico

Iscritto dal : 12/10/2004
Posts: 103
Ho fatto una scansione con malwarebytes (ha trovato 6 virus) e poi con hajackthis per il file log che copio qui di seguito...(il computer è lento in tutto) Grazie



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22.19.22, on 09/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\I-Storm USB ADSL Modem\CnxDslTb.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Dati applicazioni\U3\U3Launcher\LaunchU3.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/go.php?verb=register-home&lang=ita
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\ctbr.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Programmi\Dragon Systems\NaturallySpeaking\Program\web_ie.dll
O2 - BHO: (no name) - {3BF460B1-82A4-43EF-AC39-DFF8A270B473} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\ctbr.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O5 "LPT1:" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 "EPSON Stylus Photo RX420 Series (Copia 1)" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\I-Storm USB ADSL Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [3170 Scan2PC] "C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: LaunchU3.exe.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: SmarThru4 Acquisisci selezione - C:\Programmi\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Programmi\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Salva come HTML - C:\Programmi\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Salva testo selezionato - C:\Programmi\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Programmi\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Programmi\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programmi\SmarThru 4\WebCapture.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Programmi\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Programmi\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Acquisisci selezione - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Programmi\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Acquisisci selezione - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Programmi\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Salva come HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Programmi\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Salva come HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Programmi\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Salva testo selezionato - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Programmi\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Salva testo selezionato - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Programmi\SmarThru 4\WebCapture.dll (HKCU)
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\ctbr.dll
O20 - Winlogon Notify: tuvSljii - tuvSljii.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe

--
End of file - 10177 bytes
Torna in alto
 
Sponsor
Inviato: Friday, July 09, 2010 10:45:56 PM

 
Torna in alto
 
r16
Inviato: Friday, July 09, 2010 11:09:15 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
Commenta:
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: (no name) - {3BF460B1-82A4-43EF-AC39-DFF8A270B473} - (no file)
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\ctbr.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O5 "LPT1:" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 "EPSON Stylus Photo RX420 Series (Copia 1)" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [3170 Scan2PC] "C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O20 - Winlogon Notify: tuvSljii - tuvSljii.dll (file missing)


Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)

Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected

Riavvia il pc.


Fai questa scansione:
Scarica Combofix (usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop. (è obligatorio)

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (se usi Vista: tasto destro su Combofix.exe e clicca su: "Esegui come Amministratore" )


E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
Torna in alto
 
robbyrobby
Inviato: Saturday, July 10, 2010 5:36:30 PM
Rank: AiutAmico

Iscritto dal : 12/10/2004
Posts: 103
Buon pomeriggio, ho effettuato esattamente tutto ciò che mi avevi indicato e qui di seguito ti copio il report di combofix come mi avevi chiesto.
Ti ringrazio anticipatamente e attendo altre indicazioni se necessario.
Roberto

ComboFix 10-07-08.02 - VR 10/07/2010 10.28.47.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.247.7 [GMT 2:00]
Eseguito da: c:\documents and settings\VR\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\VR\Dati applicazioni\Install.dat
C:\Logo.sys
c:\windows\command
c:\windows\desktop
c:\windows\system\Color

.
((((((((((((((((((((((((( Files Creati Da 2010-06-10 al 2010-07-10 )))))))))))))))))))))))))))))))))))
.

2010-07-09 15:56 . 2010-07-09 15:56 -------- d-----w- c:\programmi\Trend Micro
2010-07-09 15:40 . 2010-07-09 15:40 -------- d-----w- c:\documents and settings\VR\Dati applicazioni\Malwarebytes
2010-07-09 15:39 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-09 15:39 . 2010-07-09 15:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-07-09 15:39 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-09 15:38 . 2010-07-09 15:39 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-07-05 15:33 . 2010-07-05 15:33 -------- d-----w- c:\windows\Samsung
2010-07-05 13:15 . 2010-07-05 13:15 -------- d-----w- c:\documents and settings\VR\Dati applicazioni\SmarThru4
2010-07-05 13:14 . 2007-10-22 06:55 41984 ------w- c:\windows\system32\drivers\DgivEcpXP.sys
2010-07-05 13:13 . 2007-12-27 14:15 458752 ----a-w- c:\windows\prinst.exe
2010-07-05 13:12 . 2007-12-27 14:38 94208 ----a-w- c:\windows\system32\SamFaxPort.dll
2010-07-05 13:12 . 2010-07-05 13:12 -------- d-----w- c:\programmi\File comuni\SRC Shared
2010-07-05 13:11 . 1997-05-26 12:55 23040 ----a-w- c:\windows\system32\irisco32.dll
2010-07-05 13:08 . 2010-07-05 13:11 -------- d-----w- c:\programmi\Readiris10
2010-07-05 13:06 . 2010-07-05 13:24 -------- d-----w- c:\programmi\SmarThru 4
2010-07-05 12:54 . 2010-07-05 12:54 -------- d-----w- c:\programmi\Samsung
2010-07-05 08:22 . 2010-07-05 08:22 -------- d-----w- C:\spoolerlogs
2010-07-05 08:04 . 2010-07-05 08:04 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-29 20:20 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-29 20:20 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-29 20:20 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-29 20:20 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-29 20:20 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-29 20:20 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-29 20:20 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-29 20:18 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-06-29 20:18 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-22 14:35 . 2003-03-29 14:45 89184 ----a-w- c:\windows\system32\drivers\imagedrv.sys
2010-06-22 14:34 . 2001-06-26 06:15 38912 ----a-w- c:\windows\system32\picn20.dll
2010-06-22 14:34 . 2001-07-06 12:41 569344 ----a-w- c:\windows\system32\imagr5.dll
2010-06-22 14:34 . 2001-07-06 10:44 544768 ----a-w- c:\windows\system32\imagx5.dll
2010-06-22 14:34 . 2001-07-06 16:24 283920 ----a-w- c:\windows\system32\ImagXpr5.dll
2010-06-22 14:34 . 2010-06-22 14:34 -------- d-----w- c:\programmi\File comuni\Ahead
2010-06-22 14:34 . 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-06-16 06:37 . 2010-06-16 06:37 -------- d-----w- c:\programmi\MSXML 6.0
2010-06-16 06:27 . 2010-05-06 10:32 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-16 06:27 . 2010-05-06 10:32 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-16 06:27 . 2010-05-06 10:32 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-16 06:27 . 2010-05-06 10:32 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-06-16 06:27 . 2010-05-06 10:32 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-16 06:27 . 2010-05-06 10:32 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-06-16 06:27 . 2010-05-06 10:32 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-16 06:25 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-06-16 01:06 . 2004-08-19 11:00 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2010-06-16 01:06 . 2004-08-19 11:00 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2010-06-16 01:06 . 2008-04-14 01:53 92672 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-06-16 01:06 . 2009-07-31 08:02 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-06-16 01:04 . 2008-04-14 02:12 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2010-06-16 01:04 . 2008-04-14 02:12 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll
2010-06-16 01:03 . 2008-04-14 02:13 81920 ------w- c:\windows\system32\ieencode.dll
2010-06-16 01:02 . 2008-04-14 02:14 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-06-15 21:01 . 2008-06-14 17:32 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-06-15 21:00 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-06-15 20:59 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-06-15 20:58 . 2010-02-12 04:33 100864 -c----w- c:\windows\system32\dllcache\6to4svc.dll
2010-06-15 20:57 . 2009-10-15 16:29 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-06-15 20:57 . 2009-10-15 16:29 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-06-15 20:56 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-06-15 20:56 . 2010-02-17 12:05 2193664 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-06-15 20:56 . 2009-03-06 14:19 286208 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-06-15 20:56 . 2009-02-09 11:22 111104 -c----w- c:\windows\system32\dllcache\services.exe
2010-06-15 20:56 . 2009-02-09 10:51 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-06-15 20:56 . 2009-02-09 10:51 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-06-15 20:56 . 2009-02-09 10:51 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-06-15 20:56 . 2009-06-25 08:25 735744 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-06-15 20:56 . 2009-02-09 10:51 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-06-15 20:56 . 2009-02-09 10:51 736256 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-06-15 20:56 . 2010-02-16 19:05 2149888 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-06-15 20:56 . 2010-02-16 19:05 2028032 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-06-15 20:53 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-06-15 20:53 . 2010-05-02 08:06 1851264 -c----w- c:\windows\system32\dllcache\win32k.sys
2010-06-15 20:50 . 2010-03-05 14:38 65536 -c----w- c:\windows\system32\dllcache\asycfilt.dll
2010-06-15 20:46 . 2010-02-05 18:25 1296896 -c----w- c:\windows\system32\dllcache\quartz.dll
2010-06-15 20:45 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-06-15 20:44 . 2009-12-24 06:59 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2010-06-15 20:44 . 2010-01-13 14:00 86528 -c----w- c:\windows\system32\dllcache\cabview.dll
2010-06-15 20:42 . 2008-04-21 21:14 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-06-15 20:37 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-06-15 18:57 . 2010-06-29 20:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software
2010-06-15 16:16 . 2001-08-31 12:00 31360 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-06-15 16:16 . 2001-08-31 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-06-15 16:16 . 2001-08-31 12:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2010-06-15 16:16 . 2001-08-31 12:00 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll
2010-06-15 16:16 . 2001-08-31 12:00 74240 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
2010-06-15 16:16 . 2001-08-31 12:00 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll
2010-06-15 16:16 . 2001-08-31 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2010-06-15 16:16 . 2008-04-14 02:13 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2010-06-15 16:16 . 2008-04-14 02:13 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2010-06-15 16:14 . 2001-08-30 21:08 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2010-06-15 16:13 . 2001-08-31 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-06-15 16:12 . 2001-08-31 12:00 6144 -c--a-w- c:\windows\system32\dllcache\kbd101a.dll
2010-06-15 16:11 . 2001-08-31 12:00 36864 -c--a-w- c:\windows\system32\dllcache\hanjadic.dll
2010-06-15 16:10 . 2004-08-03 20:31 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe
2010-06-15 16:09 . 2001-08-31 12:00 29184 -c--a-w- c:\windows\system32\dllcache\asptxn.dll
2010-06-15 16:09 . 2001-08-31 12:00 10240 -c--a-w- c:\windows\system32\dllcache\aspperf.dll
2010-06-15 16:09 . 2001-08-31 12:00 6144 -c--a-w- c:\windows\system32\dllcache\admxprox.dll
2010-06-15 16:09 . 2001-08-31 12:00 50176 -c--a-w- c:\windows\system32\dllcache\adrot.dll
2010-06-15 16:08 . 2003-04-14 19:04 16384 -c--a-w- c:\windows\system32\dllcache\tcptsat.dll
2010-06-15 16:08 . 2001-08-31 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-06-15 16:08 . 2001-08-31 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2010-06-15 16:08 . 2001-08-31 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2010-06-15 16:08 . 2001-08-31 12:00 15360 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2010-06-15 16:08 . 2003-04-14 19:04 217088 -c--a-w- c:\windows\system32\dllcache\fpmmcsat.dll
2010-06-15 16:04 . 2001-08-31 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-06-15 15:59 . 2001-08-31 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2010-06-15 15:59 . 2001-08-31 12:00 7168 ----a-w- c:\windows\system32\wamregps.dll
2010-06-15 15:59 . 2001-08-31 12:00 60928 -c--a-w- c:\windows\system32\dllcache\iisclex4.dll
2010-06-15 15:59 . 2001-08-31 12:00 3584 -c--a-w- c:\windows\system32\dllcache\iismui.dll
2010-06-15 15:59 . 2001-08-31 12:00 3584 ----a-w- c:\windows\system32\iismui.dll
2010-06-15 15:59 . 2001-08-31 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2010-06-15 15:59 . 2001-08-31 12:00 19968 ----a-w- c:\windows\system32\inetsloc.dll
2010-06-15 15:59 . 2001-08-31 12:00 171520 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2010-06-15 15:59 . 2008-04-14 02:13 8192 ----a-w- c:\windows\system32\staxmem.dll
2010-06-15 15:58 . 2008-04-14 02:13 68608 ----a-w- c:\windows\system32\iisext.dll
2010-06-15 15:58 . 2008-04-14 02:13 65024 ----a-w- c:\windows\system32\iismap.dll
2010-06-15 15:58 . 2008-04-14 02:13 13312 ----a-w- c:\windows\system32\infoadmn.dll
2010-06-15 15:58 . 2008-04-14 02:13 290816 ----a-w- c:\windows\system32\adsiis.dll
2010-06-15 15:58 . 2008-04-14 02:13 133632 ----a-w- c:\windows\system32\iisrtl.dll
2010-06-15 15:58 . 2008-04-14 02:13 14336 ----a-w- c:\windows\system32\exstrace.dll
2010-06-15 15:58 . 2008-04-14 02:13 43520 ----a-w- c:\windows\system32\admwprox.dll
2010-06-15 15:57 . 2008-04-14 02:13 29696 ----a-w- c:\windows\system32\irmon.dll
2010-06-15 15:57 . 2008-04-14 02:14 152576 ----a-w- c:\windows\system32\irftp.exe
2010-06-15 15:57 . 2008-04-13 18:54 88192 ----a-w- c:\windows\system32\drivers\irda.sys
2010-06-15 15:57 . 2008-04-14 02:13 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-06-15 15:51 . 2001-08-17 19:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-10 07:26 . 2009-11-17 08:48 -------- d-----w- c:\programmi\CCleaner
2010-07-09 17:46 . 2007-11-07 21:20 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-09 15:56 . 2010-07-09 15:56 388096 ----a-r- c:\documents and settings\VR\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-09 10:19 . 2009-09-08 12:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2010-07-07 07:06 . 2009-09-08 12:26 -------- d-----w- c:\documents and settings\VR\Dati applicazioni\Spyware Terminator
2010-07-07 07:06 . 2009-09-08 12:26 -------- d-----w- c:\programmi\Spyware Terminator
2010-07-05 14:34 . 2007-10-04 18:48 -------- d-----w- c:\programmi\Google
2010-07-05 13:09 . 2007-06-28 13:42 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-07-05 10:48 . 2008-11-16 00:21 -------- d-----w- c:\programmi\DivX
2010-07-03 09:02 . 2001-08-31 10:00 46072 ----a-w- c:\windows\system32\perfc010.dat
2010-07-03 09:02 . 2001-08-31 10:00 341524 ----a-w- c:\windows\system32\perfh010.dat
2010-06-22 14:34 . 2009-04-05 23:31 -------- d-----w- c:\programmi\Ahead
2010-06-22 06:58 . 2008-04-26 12:01 -------- d-----w- c:\programmi\Crawler
2010-06-18 17:03 . 2009-05-30 17:47 -------- d-----w- c:\documents and settings\VR\Dati applicazioni\U3
2010-06-16 20:17 . 2007-06-28 04:25 68712 ----a-w- c:\documents and settings\VR\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-06-15 19:15 . 2007-06-28 04:05 -------- d-----w- c:\programmi\Alwil Software
2010-06-15 16:00 . 2007-06-26 14:57 22980 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-10 12:18 . 2010-06-10 12:18 503808 ----a-w- c:\documents and settings\VR\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-693f8cb5-n\msvcp71.dll
2010-06-10 12:18 . 2010-06-10 12:18 499712 ----a-w- c:\documents and settings\VR\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-693f8cb5-n\jmc.dll
2010-06-10 12:18 . 2010-06-10 12:18 348160 ----a-w- c:\documents and settings\VR\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-693f8cb5-n\msvcr71.dll
2010-06-10 12:18 . 2010-06-10 12:18 12800 ----a-w- c:\documents and settings\VR\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2b6656f3-n\decora-d3d.dll
2010-06-10 12:18 . 2010-06-10 12:18 61440 ----a-w- c:\documents and settings\VR\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2b6656f3-n\decora-sse.dll
2010-05-06 10:32 . 2004-08-19 11:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:06 . 2004-08-19 11:31 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 17:11 . 2009-08-19 15:10 30878 ----a-w- c:\windows\nsreg.dat
2010-04-28 13:45 . 2010-04-28 13:45 73000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-20 05:46 . 2004-08-19 11:37 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-13 09:40 . 2010-04-13 09:40 503808 ----a-w- c:\documents and settings\VR\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3654fe93-n\msvcp71.dll
2010-04-13 09:40 . 2010-04-13 09:40 499712 ----a-w- c:\documents and settings\VR\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3654fe93-n\jmc.dll
2010-04-13 09:40 . 2010-04-13 09:40 12800 ----a-w- c:\documents and settings\VR\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2dee28aa-n\decora-d3d.dll
2010-04-13 09:40 . 2010-04-13 09:40 61440 ----a-w- c:\documents and settings\VR\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2dee28aa-n\decora-sse.dll
2010-04-13 09:40 . 2010-04-13 09:40 348160 ----a-w- c:\documents and settings\VR\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3654fe93-n\msvcr71.dll
2010-04-12 15:29 . 2010-04-25 19:28 411368 ----a-w- c:\windows\system32\deployJava1.dll
2001-06-05 06:32 . 2001-06-05 06:32 23476 ---ha-w- c:\programmi\folder.htt
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\programmi\I-Storm USB ADSL Modem\CnxDslTb.exe" [2003-10-29 462848]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-08 2176512]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\System32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\TWAIN_32\\Samsung\\ScanMgr.exe"=
"c:\\WINDOWS\\TWAIN_32\\Samsung\\CLX3170\\Scan2Pc.exe"=
"c:\\WINDOWS\\TWAIN_32\\Samsung\\CLX3170\\Sscan2io.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot

R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [29/06/2010 22.20.39 165456]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\SYSTEM32\DRIVERS\sp_rsdrv2.sys [08/09/2009 14.26.53 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [29/06/2010 22.20.39 17744]
R3 trid3d;trid3d;c:\windows\SYSTEM32\DRIVERS\trid3dm.sys [28/06/2007 16.24.48 222336]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 av100s2k;av100s2k;c:\windows\SYSTEM32\DRIVERS\av100s2k.sys [23/01/2009 17.08.13 10496]
S3 av100u2k;av100u2k;c:\windows\SYSTEM32\DRIVERS\av100u2k.sys [23/01/2009 17.08.13 11392]
S3 camvid20;Philips ToUcam Camera; Video;c:\windows\SYSTEM32\DRIVERS\camdrv21.sys [15/11/2007 23.01.05 223232]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\SYSTEM32\DRIVERS\CnxEtP.sys [13/08/2009 23.36.18 60288]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\SYSTEM32\DRIVERS\CnxEtU.sys [13/08/2009 23.31.31 646784]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\SYSTEM32\DRIVERS\CnxTgN.sys [13/08/2009 23.36.18 108675]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys --> c:\windows\system32\DRIVERS\RTL8192su.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'

2010-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-06-21 12:49]

2010-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-06-21 12:49]

2010-07-10 c:\windows\Tasks\User_Feed_Synchronization-{CD8C8E0D-2B32-4BB4-9AF3-506F183C97AC}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.avast.com/go.php?verb=register-home&lang=ita
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: SmarThru4 Acquisisci selezione - c:\programmi\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Capture Selection - c:\programmi\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Salva come HTML - c:\programmi\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Salva testo selezionato - c:\programmi\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Save as HTML - c:\programmi\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\programmi\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\programmi\SmarThru 4\WebCapture.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\programmi\Crawler\ctbr.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-10 10:48
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2916)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast5\AvastSvc.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-07-10 11:04:27 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-07-10 09:04

Pre-Run: 28.134.157.824 byte disponibili
Post-Run: 27.994.878.976 byte disponibili

- - End Of File - - 21D0EFA824834D8E9397ED90E48A75DF
Torna in alto
 
r16
Inviato: Saturday, July 10, 2010 11:25:34 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Per eliminare i vari Tooll scaricati: (combofix)
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.

Disattiva il ripristino configurazione di sistema.
http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Spegni il pc. (non il riavvio)
Avvia il pc.

Esegui anche uno Scandisk.
Fai una deframmentazione del HD.

Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo

Usa per un pò il pc, e riferisci, se è ancora lento.
Torna in alto
 
maopapof
Inviato: Sunday, July 11, 2010 12:23:52 AM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,185
boing :O)

prima si fà lo scandisck e dopo la deframmentazione ;O)

ps ...
C:\Programmi\Spyware Terminator .... con avast 5 .... rallenta tanto il pc
Torna in alto
 
r16
Inviato: Sunday, July 11, 2010 1:55:34 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
maopapof ha scritto:
boing :O)
prima si fà lo scandisck e dopo la deframmentazione ;O)

Mi posti un link, oppure un commento di qualcuno, in cui si DEVE fare prima un'operazione, e POI l'altra?
Grazie.
Torna in alto
 
logic
Inviato: Sunday, July 11, 2010 2:09:26 PM

Rank: AiutAmico

Iscritto dal : 2/25/2010
Posts: 1,008
r16 ha scritto:
maopapof ha scritto:
boing :O)
prima si fà lo scandisck e dopo la deframmentazione ;O)

Mi posti un link, oppure un commento di qualcuno, in cui si DEVE fare prima un'operazione, e POI l'altra?
Grazie.


Confermo quanto affermato da mao. E' semplice ed elementare logica.
La deframmentazione su un HD con eventuali settori danneggaiti puo durare in eterno. Prima si controllano i settori e dopo si fà la deframmentazione.
Torna in alto
 
pidue
Inviato: Sunday, July 11, 2010 2:23:43 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
r16, non prendertela, mao e logic hanno ragione. Non a caso se chiudi male Windows, al riavvio spesso parte lo Scandisk in automatico, mica il Defrag. Questo è un paradosso, però, alle volte, se mandi in esecuzione il Defrag, può succedere che il sistema ti chieda di eseguire prima uno Scan disk.
Se proprio vuoi un link a conferma di quanto detto, eccolo qua. Ma non è questione di link, mica è vangelo quello che c'è scritto, è un'elementare questione di logica, come bene ha detto logic.
http://www.askanaway.it/soluzioni.htm (vai alla voce SCANDISK)
Torna in alto
 
r16
Inviato: Sunday, July 11, 2010 2:58:09 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
pidue ha scritto:
r16, non prendertela,

Ciao pidue .
Non me la prendo per niente.
Ho solo chiesto (a Mao) se, e dove, le avesse lette quelle informazioni.
E sinceramente, non potevo fidarmi di quello che diceva,(nè di altri) senza nessun riscontro documentato, oppure detto da persone di cui mi fido. (scusa la sfiducia Mao Drool )
Adesso, (grazie a te) posso cambiare le istruzioni.
Ciao.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Cortesemente qualcuno può controllare il file log? computer lento


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.