Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo Log per favore

Controllo Log per favore Opzioni
Topic Precedente · Topic Sucessivo
giovanitasca
Inviato: Thursday, September 15, 2011 9:49:56 PM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
Un saluto a tutti del forum. Non ci sentiamo da un bel pò. Nulla di drammatico, tuttavia da qualche settimana ho notato un rallentamento notevole nell'apertura delle pagine di IE, specialmente appena vi accedo dopo avere acceso il PC. Un'altra cosa strana è che Firefox spesse volte utilizza il 90% della CPU, bloccandomi di fatto il sistema.
Resto in attesa, Giovanni




Tempo impiegato: 28 minuti, 7 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:36:46, on 15/09/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\OO Software\Defrag\oodag.exe
C:\Programmi\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\Installer\MSI552.tmp
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
C:\Programmi\AVAST Software\Avast\avastUI.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Translate Client\translateclient.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe
C:\Programmi\iTunes\iTunes.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Programmi\File comuni\Apple\Apple Application Support\distnoted.exe
F:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programmi\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programmi\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
O4 - HKLM\..\Run: [avast] "C:\Programmi\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [facemoods] "C:\Programmi\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [lZsbPGC1M3PP] control.exe "C:\Programmi\Y6Yqsfk\lZsbPGC1M3PP.cpl",0,1
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10t_Plugin.exe -update plugin
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Translate Client.lnk = C:\Programmi\Translate Client\translateclient.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239469460484
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.crtvg.es/camweb/camera.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FC698AD-972E-434D-AD94-E8526C8D5F62}: NameServer = 192.168.1.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Programmi\AVAST Software\Avast\afwServ.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate1c9c383d9272c48) (gupdate1c9c383d9272c48) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: KMService - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Programmi\OO Software\Defrag\oodag.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programmi\Macrium\Reflect\ReflectService.exe
O23 - Service: SolidConverterPDFv4ReadSpool (SCPDFV4ReadSpool) - Solid Documents, LLC - C:\WINDOWS\Installer\MSI552.tmp
Torna in alto
 
Sponsor
Inviato: Thursday, September 15, 2011 9:49:56 PM

 
Torna in alto
 
r16
Inviato: Thursday, September 15, 2011 10:01:33 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
La probabile causa sono questi:
facemoods.com e Y6Yqsfk

Perchè non aggiorni il browser? (IE6 è pieno di "buchi")

Almeno IE7:

http://www.microsoft.com/downloads/details.aspx?FamilyID=9ae91ebe-3385-447c-8a30-081805b2f90b&DisplayLang=it


Scarica Combofix (usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop. (è obligatorio)

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.
Torna in alto
 
giovanitasca
Inviato: Friday, September 16, 2011 1:21:38 AM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
Ho provveduto ad installare IE7

Ecco il log Combofix

ComboFix 11-09-15.05 - Tascapane 16/09/2011 1:05.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1919.1334 [GMT 2:00]
Eseguito da: c:\documents and settings\Tascapane\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Sistema Antivirus NOD32 2.70 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{7CD4632C-0D36-4618-B7A3-6ADD836499DF}\_Setup.dll
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{7CD4632C-0D36-4618-B7A3-6ADD836499DF}\Setup.dat
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{7CD4632C-0D36-4618-B7A3-6ADD836499DF}\Setup.exe
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{7CD4632C-0D36-4618-B7A3-6ADD836499DF}\Setup.ico
c:\documents and settings\Tascapane\Dati applicazioni\Desktopicon
c:\documents and settings\Tascapane\Dati applicazioni\facemoods.com
c:\documents and settings\Tascapane\Dati applicazioni\inst.exe
c:\documents and settings\Tascapane\Dati applicazioni\OfferBox
c:\documents and settings\Tascapane\Dati applicazioni\OfferBox\config.dat
c:\documents and settings\Tascapane\Dati applicazioni\OfferBox\config.xml
c:\documents and settings\Tascapane\WINDOWS
c:\programmi\facemoods.com
c:\programmi\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
c:\programmi\facemoods.com\facemoods\1.4.17.11\facemoods.crx
c:\programmi\facemoods.com\facemoods\1.4.17.11\facemoods.png
c:\programmi\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll
c:\programmi\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll
c:\programmi\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
c:\programmi\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
c:\windows\ehome\medctrro.exe
c:\windows\IsUn0410.exe
c:\windows\system\QTOLE32.DLL
c:\windows\system32\asr3232.dll
c:\windows\system32\zip32.dll
.
.
((((((((((((((((((((((((( Files Creati Da 2011-08-15 al 2011-09-15 )))))))))))))))))))))))))))))))))))
.
.
2011-09-15 22:45 . 2011-06-21 18:38 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-09-15 22:45 . 2011-06-21 18:38 468480 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-09-15 22:45 . 2011-06-21 18:38 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-09-15 22:45 . 2011-06-21 11:46 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2011-09-15 22:45 . 2010-02-22 22:04 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2011-09-15 22:45 . 2011-06-21 18:38 6076416 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-09-15 22:45 . 2011-06-21 18:38 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2011-09-15 22:45 . 2011-06-21 18:38 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2011-09-08 20:23 . 2011-09-08 20:23 -------- d-----w- c:\programmi\MediaInfo
2011-09-03 10:17 . 2011-09-09 09:12 603136 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-08-28 20:13 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2011-08-28 20:13 . 1998-08-20 11:02 140800 ----a-w- c:\windows\system32\tm20dec.ax
2011-08-28 20:13 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2011-08-28 20:13 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2011-08-28 20:13 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2011-08-28 20:13 . 1998-08-17 09:21 5672 ----a-w- c:\windows\system32\quartz.vxd
2011-08-28 20:13 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll
2011-08-28 20:13 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2011-08-28 20:13 . 2011-08-28 20:13 4608 ----a-w- c:\windows\system32\w95inf32.dll
2011-08-28 20:13 . 2011-08-28 20:13 2272 ----a-w- c:\windows\system32\w95inf16.dll
2011-08-28 20:12 . 2011-08-28 20:12 -------- d-----w- c:\programmi\Auralog
2011-08-28 13:08 . 2011-08-28 13:08 1409 ----a-w- c:\windows\system32\tmp7C1B2.FOT
2011-08-28 13:08 . 2011-08-28 13:08 1409 ----a-w- c:\windows\system32\tmp7A1B2.FOT
2011-08-28 13:08 . 2011-08-28 13:08 1409 ----a-w- c:\windows\system32\tmp6D1B2.FOT
2011-08-28 13:08 . 2011-08-28 13:08 -------- d-----w- c:\windows\LHSp
2011-08-28 13:08 . 1999-06-07 13:02 81920 ----a-w- c:\windows\asr3232.dll
2011-08-28 13:08 . 2011-08-28 13:08 -------- d-----w- C:\ASR3232
2011-08-28 13:08 . 1999-02-11 15:23 63488 ----a-w- c:\windows\ASR320VB.DLL
2011-08-28 13:08 . 1998-06-17 21:00 77824 ----a-w- c:\windows\system32\MSBIND.DLL
2011-08-28 13:08 . 1998-04-26 21:00 570128 ----a-w- c:\programmi\File comuni\Microsoft Shared\DAO\dao350.dll
2011-08-28 13:08 . 1998-06-23 21:00 118064 ----a-w- c:\windows\system32\MSADODC.OCX
2011-08-28 13:08 . 1998-06-17 21:00 89360 ----a-w- c:\windows\system32\VB5DB.dll
2011-08-28 13:08 . 1997-03-05 21:00 46080 ----a-w- c:\windows\system32\MCIWNDX.OCX
2011-08-28 13:07 . 2011-08-28 13:07 -------- d-----w- c:\programmi\Deamm
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2004-08-19 13:39 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-09-01 20:43 . 2011-06-28 22:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 15:00 . 2009-04-11 16:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-15 13:29 . 2004-08-03 21:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-10-30 02:45 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-04 11:43 . 2011-07-19 20:13 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-07-19 20:13 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:37 . 2011-07-19 20:13 103384 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-07-04 11:36 . 2011-07-19 20:13 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-07-19 20:13 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:36 . 2011-07-19 20:13 194264 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-07-04 11:35 . 2011-07-19 20:13 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2011-07-19 20:13 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2011-07-19 20:13 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2011-07-19 20:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-07-19 20:13 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2011-07-19 20:13 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-04 11:12 . 2011-07-19 20:13 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-06-24 14:10 . 2009-04-11 15:14 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:38 . 2004-08-19 13:39 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:38 . 2004-08-19 13:39 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:38 . 2004-08-19 13:39 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:38 . 2004-08-19 13:39 17408 ----a-w- c:\windows\system32\corpol.dll
2011-06-21 11:47 . 2004-08-19 13:26 389120 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-19 13:39 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-09-07 21:34 . 2011-04-30 11:56 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\programmi\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 16049664]
"avast"="c:\programmi\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-12-06 198160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Translate Client.lnk - c:\programmi\Translate Client\translateclient.exe [2011-8-9 1687552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tascapane^Menu Avvio^Programmi^Esecuzione automatica^MRU-Blaster Scheduler.lnk]
path=c:\documents and settings\Tascapane\Menu Avvio\Programmi\Esecuzione automatica\MRU-Blaster Scheduler.lnk
backup=c:\windows\pss\MRU-Blaster Scheduler.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tascapane^Menu Avvio^Programmi^Esecuzione automatica^MRU-Blaster Silent Clean.lnk]
path=c:\documents and settings\Tascapane\Menu Avvio\Programmi\Esecuzione automatica\MRU-Blaster Silent Clean.lnk
backup=c:\windows\pss\MRU-Blaster Silent Clean.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftweak_RAMRush]
2009-09-17 15:47 670720 ----a-w- c:\programmi\RAMRush\RAMRush.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 15:51 421160 ----a-w- c:\programmi\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 02:14 172032 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2011-01-25 09:41 2781000 ----a-w- c:\programmi\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-06 19:15 198160 ----a-w- c:\programmi\File comuni\Real\Update_OB\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5488:TCP"= 5488:TCP:DoctorsOffice_Chat
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [19/07/2011 22:13 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [19/07/2011 22:13 194264]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [28/01/2010 18:36 15328]
R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\drivers\tdrpm147.sys [11/04/2009 17:51 971584]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [19/07/2011 22:13 103384]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [19/07/2011 22:13 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19/07/2011 22:13 309848]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [11/04/2009 18:32 15424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/07/2011 22:13 19544]
R2 OODefragAgent;O&O Defrag Agent;c:\programmi\OO Software\Defrag\oodag.exe [25/01/2011 11:41 2398536]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [28/01/2010 18:36 220128]
R2 SCPDFV4ReadSpool;SolidConverterPDFv4ReadSpool;c:\windows\Installer\MSI552.tmp [20/12/2009 15:44 189688]
S0 kiggf;kiggf;c:\windows\system32\drivers\dqnnblal.sys --> c:\windows\system32\drivers\dqnnblal.sys [?]
S2 avast! Firewall;avast! Firewall;c:\programmi\AVAST Software\Avast\afwServ.exe [19/07/2011 22:13 121000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate1c9c383d9272c48;Servizio di Google Update (gupdate1c9c383d9272c48);c:\programmi\Google\Update\GoogleUpdate.exe [22/04/2009 21:52 133104]
S2 KMService;KMService;c:\windows\system32\srvany.exe [27/04/2011 0:23 8192]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [14/04/2011 13:47 8192]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [22/04/2009 21:52 133104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-09-15 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-22 21:46]
.
2011-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc6db1f337d224.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-22 19:52]
.
2011-03-31 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2010-05-21 10:17]
.
2011-08-13 c:\windows\Tasks\wavepadShakeIcon.job
- c:\programmi\NCH Software\WavePad\wavepad.exe [2011-08-13 15:26]
.
2010-01-14 c:\windows\Tasks\Wise Registry Cleaner 4.job
- c:\programmi\Wise Registry Cleaner\WiseRegistryCleaner.exe [2010-01-14 22:47]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Download with ImTOO iPad Mate Platinum
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
LSP: c:\windows\system32\imon.dll
TCP: Interfaces\{5FC698AD-972E-434D-AD94-E8526C8D5F62}: NameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - hxxp://www.crtvg.es/camweb/camera.cab
FF - ProfilePath - c:\documents and settings\Tascapane\Dati applicazioni\Mozilla\Firefox\Profiles\nv2qgmx7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-lZsbPGC1M3PP - c:\programmi\Y6Yqsfk\lZsbPGC1M3PP.cpl
HKLM-Run-facemoods - c:\programmi\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
AddRemove-FileMaker Pro 5.0 - c:\windows\IsUn0410.exe
AddRemove-WinNc 5 - c:\docume~1\ALLUSE~1\DATIAP~1\TARMAI~1\{7CD46~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-16 01:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCPDFV4ReadSpool]
"ImagePath"="c:\windows\Installer\MSI552.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-507921405-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3753EF0A-9EAC-8220-B080-F82A2CE1FDE3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaelhmkjodlhdcpgok"=hex:6b,61,6b,6f,66,68,64,61,68,70,61,6a,6d,70,6b,6f,63,6d,
6e,64,6c,6a,00,00
"haokjldhjcnpoldb"=hex:6b,61,6b,6f,66,68,64,61,68,70,61,6a,6d,70,6b,6f,63,6d,
6e,64,6c,6a,00,00
"gajmadbbpeplen"=hex:61,63,69,62,62,69,65,69,66,61,63,69,6a,64,6c,6e,66,67,70,
66,63,6e,63,6e,67,6d,70,62,62,6a,6e,69,62,6a,6a,66,65,6d,6e,6c,6f,62,6d,66,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="802E84F0694A0649AC9A6D24A4E0B96E9F3B3136840D2834BD8494E690E3238B2A34D130F981AF4529C3433246A2C4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14075D575E7D6A3B9808FEBC9E127BECC74CAAF1803DBF852F5C45A4B3CA1C7298CF76893D9165E465E04D9467575D6123F2FA1F4F3C3FC8EE09604AD1EC3EEE8E7C68E4CF5CC25359C73468BB947FE3EFD49C82FB94584DC36A762E9EC017DB71A1B661505EED7267E65AC337A34C8B6199A47C8DD48348ACAA2B8993F5BC99C3D633305087BB6936EBDAEDA1D274E761201D8C1DCB6DD578F715B641FD78695BBC20A3720AB144C005C8D4D2385AEF324705DAD990F572CC823FB34A8EC67560F536B5715E0BF3D566A70939AA95FA65734DAE84FAB202220129A3E4A2D94853A82281173F35CC9747703F544772C8E28EDBF8F4296BC9462C44CDDE7797D104000346C42B5386FC6491CF3CEDEFF8E7850BC915FA9C75D7437A1D959099E398AAECE7EEE5BB3E517DE9B89742419203C7A957639777924E06A320FC322DB68B5AE7EE9D7579743354509AA42C4F7E19CAF97BF1E6DF92703B91891CE7D36529C5F0876D27CA0E94B28D3AB3D8B2096086AF34E5166ECDDB2C05328E7FC2F095A8F6018D08A1D13EE25E01AC383FE3E57877A3FB156FFD8127B512030C633A44C15FD0436CA5EDC8B4F27A06FE74A588216D8F009C64C0A57D50493D61540A0052800C666B307024FB71584FA28C477D042461D5A18099E084711C149BE58CE62227EFE3DFD0D09211F2F028E271A5CAAA222872E42E6E2016ADEEF3191ECF6AFA925CBB68C9642CCE043AC5BDC303CC22619461658889A48F8B4F5B7A3647CFAC78D601E8916A591525D3F2F6D583347A507C40E7DF1A0353066A5D279C4B320A0084DD09D1815AC6CC7D0C99313104C8CEDBC1773931A4C50C9221C8F2177DE744328DB2EAAD43CDE11C02ED8E799325354DAB604D45445281C062CD8C49F4A2575160166D59779244B75A07602F90ADCD16D8B2883375E5BC0F70E675E5AC97BBF43BA6214FB48842FEAE37C784F701D319B7C50BB51BF008BB2E0CE9D29129E853951A7FC0092023C12C181D169FC3FBE2C8B02A726EEA23A914775CDEDDC04DCA7C6BB84156D11EF493056DDE2FA0EA9F24D1ED6DFB4C41E02B2671B6A6C6C5D98F5BADC9541AE1323A1EF542A043BB22F3491292A493890B14DA82ED4F29A9A483ECF6B68D780E358BC72B84465BFBDFF57D092F1E419777829B9D7C125C3E73A066DC49606F38E0012A344EC11FAC72FC97F5F6EFDBF719BDB284BD7CD641B142535E240187E8B72F316DAE8C46C4986E83317FF66C318820AEAC72F112E16F5A83AE50734D1E633A8D6796718D2F"
"OODEFRAG14.00.00.01PROFESSIONAL"="6AB7881C85050F5C697C1130AAA3ED65D3C7B4B2D975480E37EB9D4F0E0BF1CDDC0E41DC9784DDCBC0566C45D3622CBC8F6051467C29C702BC8B367B7FCD15A0230BA6BAE8F7B005B8D6BC446013BF15CF5DF43730ADC918E81018E76129AAEB983C2FF3663E9306F5AE89B5D4C713C7A1B3D7FBB26839A85256CB964B7741247B82D4369EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E6679DB7CE019D40AA5CA9C6AECB7A5D14078DDD3D353FF39FBBD68EFD8E99FBE5E972E25823FCC88B89512AEE536E5A6317339B3E413CA209FB1504917419B2407FF206C709860620BCD6E4E6740A590F31BBE40157B68F90523B3DE9610527E03C910F3A427EC2E0EAEAFBA2AA33C0D58204BF95E303DC71AE1DDDB4EBB4EC2F09B8661A2EE1A205132BB9EC41AD635BC4FEF441B94A30D92421D3D211D61B876F62350714844C34D9492A3D64109BB354B392FA100A33EEE8C2CADAAF6D4CBAA19F6C511A0D6C0B0A8A1C4627C7446935BB687081919444D691B4950BCD1E0CF1953E82CD76B11C8F4825E9FC93407B0CC48C030B0783E8EEB14900CAA2B4B259FBA2529E0F50E9FAEF9BBFC087F25B2293D7C411E2385853D8824C79E735DCF29ED431E1F801F002819D94AE8BC46E67FA678057F16A084AD21DE087704BA87E5ED2C04F2C7D1B7C140BE669DA2310EBE71CB20BD3D8DDBFFE9CD5C7E2252A61AF60D883F285CBE7CF86E9F486FD0C66571C89397F4436C2D046F971B7F5E9221A8401FE6CDDD565F1F9853C704AA7B05C50EB533B735D84CF25CCA1BD74E4EC3A0B7A278A4E833A4C10560CD18095481CE47131A52F98DC17878555955A0A91C002384295A192CD43B92B15361E824F514B678D2FC51FC6557E8EF1B567BD8471BD5DFEA628B22ED1AA06ED7D220B8BCA3A4D859B091A62CE6082BCE85D585DA454C76BAD340A8C83DBA00FD913C067EAA7D71C06CD2AEFD9C7B563C903A45847A106FDEC9FAF3C7A8865D5D4F8AB70A7D46FB7586E625962122D73CD236354D745570D7BC4B238EBB1F3844BDF44598BBFB123D4C748A6666320E1390DC8D56D21B5574383149BA09BA0BF6A597976B32E6E8C903C5809FA9FFE04A412FC06AD5D4AFB043FC629F64D711236782B42532AAA85F3B10252467169977F0B9B2E56E3F2FE50DFB544DE1424E688D732DB31809C05BA8F26788448B63B8BCF35C0B7E543C90FD0BDF55EFE25110B92D784A642B36678C69D980455EEF1DDC04D4F35550128FA81AFEA0F639AC6BE4A5820224410668E47B270A88E4FA360C0DB1447E828CA23E650751ED7DB9EF624E7BBA62084A8B70725E2E9AD4B1B5035CDE97B9BE546E876D8894B3A7219DB472B83C9B21BB201FEA7F6D13385"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'lsass.exe'(1288)
c:\windows\system32\imon.dll
.
Ora fine scansione: 2011-09-16 01:19:04
ComboFix-quarantined-files.txt 2011-09-15 23:18
.
Pre-Run: 6.015.234.048 byte disponibili
Post-Run: 6.767.640.576 byte disponibili
.
- - End Of File - - 324A4DA6DF0BDDB3F7F54872DDC97048
Torna in alto
 
r16
Inviato: Friday, September 16, 2011 6:32:18 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt


Code:
KillAll::

Driver::
nod32drv
kiggf

File::
c:\windows\system32\drivers\nod32drv.sys
c:\windows\system32\drivers\dqnnblal.sys

RegNull::
[HKEY_USERS\S-1-5-21-1715567821-507921405-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3753EF0A-9EAC-8220-B080-F82A2CE1FDE3}*]

SecCenter::
{E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
Torna in alto
 
giovanitasca
Inviato: Friday, September 16, 2011 11:30:16 PM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
Ecco il nuovo LOG

ComboFix 11-09-15.05 - Tascapane 16/09/2011 22:54:40.3.1 - x86
Eseguito da: c:\documents and settings\Tascapane\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Tascapane\Desktop\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
FILE ::
"c:\windows\system32\drivers\dqnnblal.sys"
"c:\windows\system32\drivers\nod32drv.sys"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\nod32drv.sys
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NOD32DRV
-------\Service_kiggf
-------\Service_nod32drv
.
.
((((((((((((((((((((((((( Files Creati Da 2011-08-16 al 2011-09-16 )))))))))))))))))))))))))))))))))))
.
.
2011-09-15 22:45 . 2011-06-21 18:38 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-09-15 22:45 . 2011-06-21 18:38 468480 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-09-15 22:45 . 2011-06-21 18:38 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-09-15 22:45 . 2011-06-21 11:46 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2011-09-15 22:45 . 2010-02-22 22:04 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2011-09-15 22:45 . 2011-06-21 18:38 6076416 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-09-15 22:45 . 2011-06-21 18:38 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2011-09-15 22:45 . 2011-06-21 18:38 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2011-09-08 20:23 . 2011-09-08 20:23 -------- d-----w- c:\programmi\MediaInfo
2011-09-03 10:17 . 2011-09-09 09:12 603136 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-08-28 20:13 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2011-08-28 20:13 . 1998-08-20 11:02 140800 ----a-w- c:\windows\system32\tm20dec.ax
2011-08-28 20:13 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2011-08-28 20:13 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2011-08-28 20:13 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2011-08-28 20:13 . 1998-08-17 09:21 5672 ----a-w- c:\windows\system32\quartz.vxd
2011-08-28 20:13 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll
2011-08-28 20:13 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2011-08-28 20:13 . 2011-08-28 20:13 4608 ----a-w- c:\windows\system32\w95inf32.dll
2011-08-28 20:13 . 2011-08-28 20:13 2272 ----a-w- c:\windows\system32\w95inf16.dll
2011-08-28 20:12 . 2011-08-28 20:12 -------- d-----w- c:\programmi\Auralog
2011-08-28 13:08 . 2011-08-28 13:08 1409 ----a-w- c:\windows\system32\tmp7C1B2.FOT
2011-08-28 13:08 . 2011-08-28 13:08 1409 ----a-w- c:\windows\system32\tmp7A1B2.FOT
2011-08-28 13:08 . 2011-08-28 13:08 1409 ----a-w- c:\windows\system32\tmp6D1B2.FOT
2011-08-28 13:08 . 2011-08-28 13:08 -------- d-----w- c:\windows\LHSp
2011-08-28 13:08 . 1999-06-07 13:02 81920 ----a-w- c:\windows\asr3232.dll
2011-08-28 13:08 . 2011-08-28 13:08 -------- d-----w- C:\ASR3232
2011-08-28 13:08 . 1999-02-11 15:23 63488 ----a-w- c:\windows\ASR320VB.DLL
2011-08-28 13:08 . 1998-06-17 21:00 77824 ----a-w- c:\windows\system32\MSBIND.DLL
2011-08-28 13:08 . 1998-04-26 21:00 570128 ----a-w- c:\programmi\File comuni\Microsoft Shared\DAO\dao350.dll
2011-08-28 13:08 . 1998-06-23 21:00 118064 ----a-w- c:\windows\system32\MSADODC.OCX
2011-08-28 13:08 . 1998-06-17 21:00 89360 ----a-w- c:\windows\system32\VB5DB.dll
2011-08-28 13:08 . 1997-03-05 21:00 46080 ----a-w- c:\windows\system32\MCIWNDX.OCX
2011-08-28 13:07 . 2011-08-28 13:07 -------- d-----w- c:\programmi\Deamm
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2004-08-19 13:39 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-09-01 20:43 . 2011-06-28 22:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 15:00 . 2009-04-11 16:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-15 13:29 . 2004-08-03 21:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-10-30 02:45 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-04 11:43 . 2011-07-19 20:13 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-07-19 20:13 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:37 . 2011-07-19 20:13 103384 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-07-04 11:36 . 2011-07-19 20:13 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-07-19 20:13 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:36 . 2011-07-19 20:13 194264 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-07-04 11:35 . 2011-07-19 20:13 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2011-07-19 20:13 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2011-07-19 20:13 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2011-07-19 20:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-07-19 20:13 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2011-07-19 20:13 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-04 11:12 . 2011-07-19 20:13 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-06-24 14:10 . 2009-04-11 15:14 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:38 . 2004-08-19 13:39 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:38 . 2004-08-19 13:39 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:38 . 2004-08-19 13:39 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:38 . 2004-08-19 13:39 17408 ----a-w- c:\windows\system32\corpol.dll
2011-06-21 11:47 . 2004-08-19 13:26 389120 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-19 13:39 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-09-07 21:34 . 2011-04-30 11:56 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\programmi\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 16049664]
"avast"="c:\programmi\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-12-06 198160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Translate Client.lnk - c:\programmi\Translate Client\translateclient.exe [2011-8-9 1687552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tascapane^Menu Avvio^Programmi^Esecuzione automatica^MRU-Blaster Scheduler.lnk]
path=c:\documents and settings\Tascapane\Menu Avvio\Programmi\Esecuzione automatica\MRU-Blaster Scheduler.lnk
backup=c:\windows\pss\MRU-Blaster Scheduler.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tascapane^Menu Avvio^Programmi^Esecuzione automatica^MRU-Blaster Silent Clean.lnk]
path=c:\documents and settings\Tascapane\Menu Avvio\Programmi\Esecuzione automatica\MRU-Blaster Silent Clean.lnk
backup=c:\windows\pss\MRU-Blaster Silent Clean.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftweak_RAMRush]
2009-09-17 15:47 670720 ----a-w- c:\programmi\RAMRush\RAMRush.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 15:51 421160 ----a-w- c:\programmi\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 02:14 172032 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2011-01-25 09:41 2781000 ----a-w- c:\programmi\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-06 19:15 198160 ----a-w- c:\programmi\File comuni\Real\Update_OB\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5488:TCP"= 5488:TCP:DoctorsOffice_Chat
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [19/07/2011 22:13 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [19/07/2011 22:13 194264]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [28/01/2010 18:36 15328]
R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\drivers\tdrpm147.sys [11/04/2009 17:51 971584]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [19/07/2011 22:13 103384]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [19/07/2011 22:13 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19/07/2011 22:13 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/07/2011 22:13 19544]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [14/04/2011 13:47 8192]
R2 OODefragAgent;O&O Defrag Agent;c:\programmi\OO Software\Defrag\oodag.exe [25/01/2011 11:41 2398536]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [28/01/2010 18:36 220128]
R2 SCPDFV4ReadSpool;SolidConverterPDFv4ReadSpool;c:\windows\Installer\MSI552.tmp [20/12/2009 15:44 189688]
S2 avast! Firewall;avast! Firewall;c:\programmi\AVAST Software\Avast\afwServ.exe [19/07/2011 22:13 121000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate1c9c383d9272c48;Servizio di Google Update (gupdate1c9c383d9272c48);c:\programmi\Google\Update\GoogleUpdate.exe [22/04/2009 21:52 133104]
S2 KMService;KMService;c:\windows\system32\srvany.exe [27/04/2011 0:23 8192]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [22/04/2009 21:52 133104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-09-16 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-22 21:46]
.
2011-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc6db1f337d224.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-22 19:52]
.
2011-03-31 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2010-05-21 10:17]
.
2011-08-13 c:\windows\Tasks\wavepadShakeIcon.job
- c:\programmi\NCH Software\WavePad\wavepad.exe [2011-08-13 15:26]
.
2010-01-14 c:\windows\Tasks\Wise Registry Cleaner 4.job
- c:\programmi\Wise Registry Cleaner\WiseRegistryCleaner.exe [2010-01-14 22:47]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Download with ImTOO iPad Mate Platinum
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
LSP: c:\windows\system32\imon.dll
TCP: Interfaces\{5FC698AD-972E-434D-AD94-E8526C8D5F62}: NameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - hxxp://www.crtvg.es/camweb/camera.cab
FF - ProfilePath - c:\documents and settings\Tascapane\Dati applicazioni\Mozilla\Firefox\Profiles\nv2qgmx7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-16 23:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
.
C:\## aswSnx private storage
.
Scansione completata con successo
Files nascosti: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCPDFV4ReadSpool]
"ImagePath"="c:\windows\Installer\MSI552.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="802E84F0694A0649AC9A6D24A4E0B96E9F3B3136840D2834BD8494E690E3238B2A34D130F981AF4529C3433246A2C4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14075D575E7D6A3B9808FEBC9E127BECC74CAAF1803DBF852F5C45A4B3CA1C7298CF76893D9165E465E04D9467575D6123F2FA1F4F3C3FC8EE09604AD1EC3EEE8E7C68E4CF5CC25359C73468BB947FE3EFD49C82FB94584DC36A762E9EC017DB71A1B661505EED7267E65AC337A34C8B6199A47C8DD48348ACAA2B8993F5BC99C3D633305087BB6936EBDAEDA1D274E761201D8C1DCB6DD578F715B641FD78695BBC20A3720AB144C005C8D4D2385AEF324705DAD990F572CC823FB34A8EC67560F536B5715E0BF3D566A70939AA95FA65734DAE84FAB202220129A3E4A2D94853A82281173F35CC9747703F544772C8E28EDBF8F4296BC9462C44CDDE7797D104000346C42B5386FC6491CF3CEDEFF8E7850BC915FA9C75D7437A1D959099E398AAECE7EEE5BB3E517DE9B89742419203C7A957639777924E06A320FC322DB68B5AE7EE9D7579743354509AA42C4F7E19CAF97BF1E6DF92703B91891CE7D36529C5F0876D27CA0E94B28D3AB3D8B2096086AF34E5166ECDDB2C05328E7FC2F095A8F6018D08A1D13EE25E01AC383FE3E57877A3FB156FFD8127B512030C633A44C15FD0436CA5EDC8B4F27A06FE74A588216D8F009C64C0A57D50493D61540A0052800C666B307024FB71584FA28C477D042461D5A18099E084711C149BE58CE62227EFE3DFD0D09211F2F028E271A5CAAA222872E42E6E2016ADEEF3191ECF6AFA925CBB68C9642CCE043AC5BDC303CC22619461658889A48F8B4F5B7A3647CFAC78D601E8916A591525D3F2F6D583347A507C40E7DF1A0353066A5D279C4B320A0084DD09D1815AC6CC7D0C99313104C8CEDBC1773931A4C50C9221C8F2177DE744328DB2EAAD43CDE11C02ED8E799325354DAB604D45445281C062CD8C49F4A2575160166D59779244B75A07602F90ADCD16D8B2883375E5BC0F70E675E5AC97BBF43BA6214FB48842FEAE37C784F701D319B7C50BB51BF008BB2E0CE9D29129E853951A7FC0092023C12C181D169FC3FBE2C8B02A726EEA23A914775CDEDDC04DCA7C6BB84156D11EF493056DDE2FA0EA9F24D1ED6DFB4C41E02B2671B6A6C6C5D98F5BADC9541AE1323A1EF542A043BB22F3491292A493890B14DA82ED4F29A9A483ECF6B68D780E358BC72B84465BFBDFF57D092F1E419777829B9D7C125C3E73A066DC49606F38E0012A344EC11FAC72FC97F5F6EFDBF719BDB284BD7CD641B142535E240187E8B72F316DAE8C46C4986E83317FF66C318820AEAC72F112E16F5A83AE50734D1E633A8D6796718D2F"
"OODEFRAG14.00.00.01PROFESSIONAL"="6AB7881C85050F5C697C1130AAA3ED65D3C7B4B2D975480E37EB9D4F0E0BF1CDDC0E41DC9784DDCBC0566C45D3622CBC8F6051467C29C702BC8B367B7FCD15A0230BA6BAE8F7B005B8D6BC446013BF15CF5DF43730ADC918E81018E76129AAEB983C2FF3663E9306F5AE89B5D4C713C7A1B3D7FBB26839A85256CB964B7741247B82D4369EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E6679DB7CE019D40AA5CA9C6AECB7A5D14078DDD3D353FF39FBBD68EFD8E99FBE5E972E25823FCC88B89512AEE536E5A6317339B3E413CA209FB1504917419B2407FF206C709860620BCD6E4E6740A590F31BBE40157B68F90523B3DE9610527E03C910F3A427EC2E0EAEAFBA2AA33C0D58204BF95E303DC71AE1DDDB4EBB4EC2F09B8661A2EE1A205132BB9EC41AD635BC4FEF441B94A30D92421D3D211D61B876F62350714844C34D9492A3D64109BB354B392FA100A33EEE8C2CADAAF6D4CBAA19F6C511A0D6C0B0A8A1C4627C7446935BB687081919444D691B4950BCD1E0CF1953E82CD76B11C8F4825E9FC93407B0CC48C030B0783E8EEB14900CAA2B4B259FBA2529E0F50E9FAEF9BBFC087F25B2293D7C411E2385853D8824C79E735DCF29ED431E1F801F002819D94AE8BC46E67FA678057F16A084AD21DE087704BA87E5ED2C04F2C7D1B7C140BE669DA2310EBE71CB20BD3D8DDBFFE9CD5C7E2252A61AF60D883F285CBE7CF86E9F486FD0C66571C89397F4436C2D046F971B7F5E9221A8401FE6CDDD565F1F9853C704AA7B05C50EB533B735D84CF25CCA1BD74E4EC3A0B7A278A4E833A4C10560CD18095481CE47131A52F98DC17878555955A0A91C002384295A192CD43B92B15361E824F514B678D2FC51FC6557E8EF1B567BD8471BD5DFEA628B22ED1AA06ED7D220B8BCA3A4D859B091A62CE6082BCE85D585DA454C76BAD340A8C83DBA00FD913C067EAA7D71C06CD2AEFD9C7B563C903A45847A106FDEC9FAF3C7A8865D5D4F8AB70A7D46FB7586E625962122D73CD236354D745570D7BC4B238EBB1F3844BDF44598BBFB123D4C748A6666320E1390DC8D56D21B5574383149BA09BA0BF6A597976B32E6E8C903C5809FA9FFE04A412FC06AD5D4AFB043FC629F64D711236782B42532AAA85F3B10252467169977F0B9B2E56E3F2FE50DFB544DE1424E688D732DB31809C05BA8F26788448B63B8BCF35C0B7E543C90FD0BDF55EFE25110B92D784A642B36678C69D980455EEF1DDC04D4F35550128FA81AFEA0F639AC6BE4A5820224410668E47B270A88E4FA360C0DB1447E828CA23E650751ED7DB9EF624E7BBA62084A8B70725E2E9AD4B1B5035CDE97B9BE546E876D8894B3A7219DB472B83C9B21BB201FEA7F6D13385"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'lsass.exe'(896)
c:\windows\system32\imon.dll
.
- - - - - - - > 'Explorer.EXE'(1556)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\programmi\iTunes\iTunesMiniPlayer.dll
c:\programmi\iTunes\iTunesMiniPlayer.Resources\it.lproj\iTunesMiniPlayerLocalized.dll
c:\programmi\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\AVAST Software\Avast\AvastSvc.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2011-09-16 23:30:46 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-09-16 21:30
ComboFix2.txt 2011-09-15 23:19
.
Pre-Run: 6.471.643.136 byte disponibili
Post-Run: 6.338.285.568 byte disponibili
.
- - End Of File - - 683EC05E8D0FE8A4E90DD7927F2B51EE
Torna in alto
 
r16
Inviato: Saturday, September 17, 2011 12:36:16 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Per eliminare i vari Tooll scaricati: Combofix)
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.

Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223

Da Installazione Applicazioni, disinstalla le versioni installate di Abobe Reader, Adobe Flash Player (comprese quelle marcate Macromedia) e Java ( (tutte le versioni eventuamente presenti) .

Dopo la disinstallazione, installa le versioni aggiornate di:

Adobe Reader: (Togliere la spunta da McAfee Security Scan Plus)

http://www.adobe.com/it/products/acrobat/readstep2.html

Una volta installato Adobe Reader lancialo.
nella barra degli strumenti clicca sul ?
clicca su Ricerca aggiornamenti ed esegui gli aggioramenti che veranno proposti.

Per aggiornare FlashPlayer segui questa procedura:
Scarica il programma di disinstallazione di FlashPlayer
http://download.macromedia.com/pub/flashplayer/current/uninstall_flash_player.exe

Scarica l'ultima versione di FlashPlayer per IE

http://www.filehippo.com/download_flashplayer_ie/download/63c688278801a7f8be2831d545749793/

Scarica l'ultima versione di FlashPlayer non per IE
http://www.filehippo.com/download_flashplayer_firefox/download/ad00b872f90689d7324cc341b740a9fd/

Scarica l'ultima versione di Java:
http://www.java.com/it/download/index.jsp

Se in fase di installazione, ti venisse richiesta l'installazione di qualche Toolbar, non la installare. (togli la spunta)

Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)

SVUOTA IL CESTINO

Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section .
clicca su Open ads spy.
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
Spunta tutte le caselline e clicca su Remove selected

Fai uno ScanDisk, e una deframmentazione del HD.
Riattiva il ripristino configurazione di sistema

Il pc dovrebbe funzionare meglio di prima.
Torna in alto
 
giovanitasca
Inviato: Sunday, September 18, 2011 11:05:43 AM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
Ho fatto tutto. Mi pare che vada decisamente meglio. Tuttavia non ho capito (può dipendere anche da altro) perchè per esempio il CinePlayer che utilizzo da sempre per la visione dei DVD non vuol sentirne di leggere i DVD. Mi dice "Si è verificato un errore in Sonic CinePlayer(TM) 1.5. L'applicazione verrà chiusa." Ho provato a disinstallare e a reinstallare ma il risultato non è cambiato. Va bè, vi sono altri programmi per leggere i DVD. Un'altra cosa è che aprendo il DVD Fab mi dice che la modalità DAM (ricordo bene?) non è abilitata....
Un caro saluto a tutti
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo Log per favore


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.