Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

potete controllarmi hijackthis log grazie Opzioni
maurom1973
Inviato: Saturday, October 17, 2009 8:27:03 PM

Rank: Member

Iscritto dal : 12/8/2007
Posts: 29
vi ringrazio per la vostra cortesia come sempre
vi posto il log perche il pc e lentissimo ad aviarsi


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.21.07, on 17/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Common Files\Motive\McciCMService.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Creative\Shared Files\CTSched.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S15A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Programmi\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Programmi\File comuni\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://87.29.157.20:8081/activex/AMC.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - E:\programmi\Common\Database\bin\fbserver.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Programmi\Common Files\Motive\McciCMService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TipCtrl - Utipu inc. - C:\Programmi\uTIPu\TipCtrl.exe
O23 - Service: UPnPService - Magix AG - C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 10173 bytes
Sponsor
Inviato: Saturday, October 17, 2009 8:27:03 PM

 
shapiro
Inviato: Saturday, October 17, 2009 9:14:19 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

prova a fare pulizia dei file temporanei

Installa Ccleaner

http://www.aiutamici.com/software?ID=11223

durante l’installazione deseleziona l’opzione per la barra di Yahoo, lo apri, vai in Opzioni>Avanzate, togli la spunta a “Cancella file temp di windows solo se più vecchi di 48 ore”, poi avvialo, seleziona "Analizza" ed alla fine dell'analisi premi "Avvia pulizia".

clicca su Registro, nella pagina successiva clicca Trova problemi, poi al termine dello scan clicca su Ripara selezionati , risposndi di sì alla richiesta di salvare il backup (salvalo in una cartella a piacimento) poi ripara tutti gli elementi trovati. Riavvia il computer



scarica Malwarebytes


http://www.malwarebytes.org/mbam/program/mbam-setup.exe



1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare le eventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum


maurom1973
Inviato: Sunday, October 18, 2009 10:47:33 AM

Rank: Member

Iscritto dal : 12/8/2007
Posts: 29
Malwarebytes' Anti-Malware 1.41
Versione del database: 2977
Windows 5.1.2600 Service Pack 3

18/10/2009 10.45.26
mbam-log-2009-10-18 (10-45-21).txt

Tipo di scansione: Scansione completa (C:\|E:\|F:\|)
Elementi scansionati: 234898
Tempo trascorso: 1 hour(s), 34 minute(s), 15 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 7
Valori di registro infetti: 2
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 7

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\TypeLib\{c24d7016-d00f-41ef-9781-984b6b5ff38f} (Rogue.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ec88fcd0-2ed5-4d65-9b4c-71d146b43a2e} (Rogue.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e532cfb1-5edd-4663-8c22-bcd67b5e5bd4} (Rogue.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ConTest.dll (Rogue.Ascentive) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> No action taken.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Documents and Settings\Utente\Dati applicazioni\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> No action taken.
C:\Documents and Settings\Utente\Dati applicazioni\Convivea\Bit_Che\scripts\special.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Utente\Documenti\Download\Live-Player_setup.exe (Adware.NaviPromo) -> No action taken.
C:\System Volume Information\_restore{BEC6C552-7A71-4EC0-8CD7-8B57703A0EE5}\RP218\A0093068.exe (Rogue.Ascentive) -> No action taken.
C:\System Volume Information\_restore{BEC6C552-7A71-4EC0-8CD7-8B57703A0EE5}\RP218\A0093069.exe (Rogue.PCSpeedScan) -> No action taken.
C:\WINDOWS\system32\ConTest.dll (Rogue.Ascentive) -> No action taken.
C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> No action taken.
maurom1973
Inviato: Sunday, October 18, 2009 10:48:18 AM

Rank: Member

Iscritto dal : 12/8/2007
Posts: 29
Malwarebytes' Anti-Malware 1.41
Versione del database: 2977
Windows 5.1.2600 Service Pack 3

18/10/2009 10.45.26
mbam-log-2009-10-18 (10-45-21).txt

Tipo di scansione: Scansione completa (C:\|E:\|F:\|)
Elementi scansionati: 234898
Tempo trascorso: 1 hour(s), 34 minute(s), 15 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 7
Valori di registro infetti: 2
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 7

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\TypeLib\{c24d7016-d00f-41ef-9781-984b6b5ff38f} (Rogue.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ec88fcd0-2ed5-4d65-9b4c-71d146b43a2e} (Rogue.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e532cfb1-5edd-4663-8c22-bcd67b5e5bd4} (Rogue.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ConTest.dll (Rogue.Ascentive) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> No action taken.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Documents and Settings\Utente\Dati applicazioni\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> No action taken.
C:\Documents and Settings\Utente\Dati applicazioni\Convivea\Bit_Che\scripts\special.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Utente\Documenti\Download\Live-Player_setup.exe (Adware.NaviPromo) -> No action taken.
C:\System Volume Information\_restore{BEC6C552-7A71-4EC0-8CD7-8B57703A0EE5}\RP218\A0093068.exe (Rogue.Ascentive) -> No action taken.
C:\System Volume Information\_restore{BEC6C552-7A71-4EC0-8CD7-8B57703A0EE5}\RP218\A0093069.exe (Rogue.PCSpeedScan) -> No action taken.
C:\WINDOWS\system32\ConTest.dll (Rogue.Ascentive) -> No action taken.
C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> No action taken.
shapiro
Inviato: Sunday, October 18, 2009 11:00:21 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
riavvia il programma e lascia che elimini le minacce trovate

disattiva il ripristino, riavvia e riattivalo creando un nuovo punto


Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

non usare il pc durante la scansione, nemmeno il mouse!
maurom1973
Inviato: Sunday, October 18, 2009 12:27:10 PM

Rank: Member

Iscritto dal : 12/8/2007
Posts: 29
ComboFix 09-10-16.09 - Utente 18/10/2009 12.20.18.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2047.1472 [GMT 2:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091017-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Utente\Dati applicazioni\Desktopicon
c:\windows\Installer\2d28c8.msp
c:\windows\system32\Data

.
((((((((((((((((((((((((( Files Creati Da 2009-09-18 al 2009-10-18 )))))))))))))))))))))))))))))))))))
.

2009-10-18 08:58 . 2009-10-18 08:58 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\ATI
2009-10-18 08:58 . 2009-10-18 08:58 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Logitech-LS
2009-10-18 08:57 . 2009-10-18 08:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Motive
2009-10-18 08:28 . 2009-10-18 08:29 -------- d-----w- c:\programmi\Folderico
2009-10-18 08:09 . 2009-10-18 08:09 -------- d--h--w- c:\documents and settings\Utente\Risorse di rete
2009-10-15 16:09 . 2009-10-15 16:09 -------- d-----w- C:\mirc script
2009-10-10 12:21 . 2009-10-10 12:21 135 ----a-w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\fusioncache.dat
2009-10-10 12:21 . 2009-10-10 12:24 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ApplicationHistory
2009-10-04 18:10 . 2009-10-04 18:10 -------- d-----w- c:\programmi\JRE
2009-09-27 08:29 . 2009-09-27 08:29 64 ----a-w- c:\windows\system32\BurnData.bin
2009-09-27 08:29 . 2009-09-27 08:29 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Roxio
2009-09-27 08:23 . 2009-09-27 08:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Napster
2009-09-27 08:23 . 2009-09-28 11:38 -------- d-----w- c:\programmi\Napster
2009-09-27 07:15 . 2009-10-18 07:59 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Apple Computer
2009-09-27 07:14 . 2009-09-27 07:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-27 07:13 . 2009-09-27 07:13 -------- d-----w- c:\programmi\Bonjour
2009-09-27 07:11 . 2009-09-27 07:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2009-09-26 20:44 . 2009-10-16 18:23 -------- d-----w- c:\programmi\Alice Messenger
2009-09-21 20:26 . 2009-09-21 20:26 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\com.maisonthe.VodafoneStationAssistant.B346B89D6616488DE8DCE4FEACC768D33B80ABC4.1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-18 10:17 . 2008-12-01 14:46 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Skype
2009-10-18 08:58 . 2009-01-29 19:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-10-18 07:59 . 2008-11-29 08:36 -------- d-----w- c:\programmi\Ahead
2009-10-18 07:59 . 2009-07-05 16:03 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Paltalk
2009-10-18 07:59 . 2008-12-13 12:04 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\dvdcss
2009-10-18 07:59 . 2009-01-18 14:57 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Creative
2009-10-18 07:58 . 2008-12-01 14:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\EPSON
2009-10-18 07:58 . 2008-11-29 08:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-10-18 07:20 . 2008-12-01 14:46 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\skypePM
2009-10-18 07:07 . 2009-02-01 21:33 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-10-17 18:56 . 2008-11-29 08:21 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-17 18:06 . 2008-12-09 07:12 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\DataCast
2009-10-14 09:43 . 2004-08-19 12:00 92638 ----a-w- c:\windows\system32\perfc010.dat
2009-10-14 09:43 . 2004-08-19 12:00 512194 ----a-w- c:\windows\system32\perfh010.dat
2009-10-10 16:05 . 2008-11-28 18:38 34352 ----a-w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-04 18:09 . 2008-12-11 19:51 -------- d-----w- c:\programmi\OpenOffice.org 3
2009-10-04 18:06 . 2008-12-03 20:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-27 07:14 . 2008-11-29 08:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-09-25 19:42 . 2009-09-16 17:53 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\vlc
2009-09-21 20:25 . 2008-12-03 20:31 -------- d-----w- c:\programmi\File comuni\Adobe AIR
2009-09-11 14:17 . 2004-08-19 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 12:54 . 2009-02-01 21:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-02-01 21:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-08-19 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 19:04 . 2009-09-01 19:04 -------- d-----w- c:\programmi\File comuni\DVDVideoSoft
2009-09-01 19:04 . 2009-09-01 19:04 -------- d-----w- c:\programmi\DVDVideoSoft
2009-08-31 17:15 . 2009-08-31 17:15 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\CoSoSys
2009-08-29 07:56 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 15:41 . 2008-12-01 15:06 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\uTorrent
2009-08-26 08:00 . 2004-08-19 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-22 08:53 . 2009-01-17 14:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MAGIX
2009-08-22 08:45 . 2009-08-22 08:45 -------- d-----w- c:\programmi\MAGIX
2009-08-17 16:10 . 2009-04-11 08:07 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-04-11 08:08 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-04-11 08:08 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-04-11 08:08 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-04-11 08:08 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-04-11 08:08 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-04-11 08:08 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-04-11 08:08 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-04-11 08:08 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-07 19:11 . 2009-08-07 19:11 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-05 08:59 . 2004-08-19 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:26 . 2004-08-19 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:26 . 2004-08-19 15:34 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\programmi\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]
"CreativeTaskScheduler"="c:\programmi\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\programmi\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"LogitechVideoTray"="c:\programmi\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"CTSysVol"="c:\programmi\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-04 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Windows Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-30 19:40 10520 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\programmi\\u torrent\\uTorrent.exe"=
"e:\\programmi\\voipe stunt\\VoipStunt\\VoipStunt.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"e:\\programmi\\camfrog5.1\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Programmi\\TeamViewer3\\TeamViewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Project_Dream\\ProjectDream.exe"=
"c:\\Programmi\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\mirc script\\programma mirc\\mIRCGFind\\mIRC.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:Porta UDP ooVoo 443
"37674:TCP"= 37674:TCP:*:Disabled:Porta TCP ooVoo 37674
"37674:UDP"= 37674:UDP:*:Disabled:Porta UDP ooVoo 37674
"37675:UDP"= 37675:UDP:*:Disabled:Porta UDP ooVoo 37675

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [29/11/2008 10.20.39 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/04/2009 10.08.02 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29/11/2008 10.40.34 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29/11/2008 10.40.38 107272]
R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [17/01/2009 16.37.17 110304]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/04/2009 10.08.02 20560]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [18/08/2009 20.05.58 941784]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [30/10/2008 1.05.58 31896]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;e:\programmi\Common\Database\bin\fbserver.exe [17/01/2009 16.34.17 1527900]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [31/05/2009 10.36.07 36608]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [20/03/2006 19.34.56 1452032]
S3 TipCtrl;TipCtrl;c:\programmi\uTIPu\TipCtrl.exe [03/02/2009 21.15.06 314504]
S3 UPnPService;UPnPService;c:\programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [17/01/2009 16.35.44 544768]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [14/05/2009 19.11.29 79888]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;*.local
IE: Save YouTube Video as MP3 - c:\programmi\File comuni\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://87.29.157.20:8081/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\4qtyy51s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\programmi\File comuni\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-18 12:23
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-10-18 12.25.14
ComboFix-quarantined-files.txt 2009-10-18 10:25

Pre-Run: 59.911.438.336 byte disponibili
Post-Run: 59.927.097.344 byte disponibili

201 --- E O F --- 2009-10-14 09:44
shapiro
Inviato: Sunday, October 18, 2009 12:53:14 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


vai qui ====>> http://www.virustotal.com/it/

analizza il file evidenziato in rosso e postami il risultato

se non riesci a salvare la pagina, clicca in alto su ''formattato''

c:\windows\system32\DRIVERS\VBoxNetFlt.sys
maurom1973
Inviato: Monday, October 19, 2009 7:56:30 PM

Rank: Member

Iscritto dal : 12/8/2007
Posts: 29
dentro la cartella o trovato solo questo file (VBoxNetAdp.sys) quello in rosso nn ce spero di aver fatto bene o fatto copia e incolla ti posto il tutto
e grazie ancora per la tua cortesia



Virustotal è un servizio che analizza files sospetti e permette la rapida identificazione di virus, worms, trojans, e di tutti i tipi di malware rilevati dai motori antivirus. Più informazioni...

File VBoxNetAdp.sys ricevuto il 2009.10.19 17:49:11 (UTC)
Stato corrente: Carico ... in coda attesa scansione finito NON TROVATO INTERROTTO

Risultato:
Carico informazioni server...
Il tuo file è in coda in posizione: 2.
Tempo stimato inizio tra 52 e 75 secondi.
Non chiudere la finestra fino al termine della scansione.
Lo scanner che stava processando il tuo file si è fermato in questo momento, stiamo aspettando alcuni secondi per tentare di recuperare i tuoi risultati.
Se stai aspettando da più di cinque minuti devi rimandare il tuo file.
VirusTotal sta controllando il tuo file in questo momento,
i risultati saranno visualizzati mentre vengono generati.
Formattato Stampa risultati
Il tuo file è scaduto o non esiste.
Il servizio è fermo in questo momento, il tuo file sta aspettando di essere controllato (posizione: ) da un tempo indefinito.
Puoi aspettare la risposta sul web (ricarico automatico) o digitare il tuo indirizzo email nel riquadro qui sotto e premere "richiesta" così il sistema ti invierà una notifica al termine della scansione. Email:


Antivirus Versione Ultimo aggiornamento Risultato
Jiangmin 11.0.800 2009.10.19 -
Microsoft 1.5101 2009.10.19 -
Prevx 3.0 2009.10.19 -
TrendMicro 8.950.0.1094 2009.10.19 -
VBA32 3.12.10.11 2009.10.18 -
Informazioni addizionali
File size: 79888 bytes
MD5...: 6ca346b293f218824dd4d793ac56e9ca
SHA1..: e69ed49bcbd0921de2e468a0c320f22616ec3890
SHA256: 7a0c72afca1c20e506c447d51a36dfc1433b717320627343c7c01be7b8cb6c7c
ssdeep: 768:oldZprgRrpsNtso4FgeH1ZCfczMYMHxLNcTJfUdx1WilX6tr7H+bB20VFLab
amm:oldDcpdvH1ZCScIdfGxk4X6h7eb7fm5m

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x39b0
timedatestamp.....: 0x49f5fbc9 (Mon Apr 27 18:39:05 2009)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0xb8ea 0xb900 6.42 496dd3ba605a86b33f9e4083e08f45d8
.rdata 0xbc00 0x19f1 0x1a00 4.92 97f906c7243155eae62cbd6d2d8f7556
.data 0xd600 0x228c 0x22c0 0.90 df62505b2e32fb532a032763318e3f0c
.edata 0xf8c0 0xdc6 0xe00 5.36 733276a7f5b2724db9a3f1c4b2e1da8a
INIT 0x106c0 0x926 0x940 5.45 24e82de53b6109f8e07f2f8ebd1801ee
.rsrc 0x11000 0x3c8 0x400 3.21 0362156582c05a3c93de4ce0eb5b1dff
.reloc 0x11400 0x9e0 0xa00 6.48 fbc715a4dbd33bedf88eabe833ee8145

( 3 imports )
> ntoskrnl.exe: wcscpy, IoGetDeviceProperty, ZwOpenKey, ZwQueryValueKey, ObfDereferenceObject, RtlInitUnicodeString, IoFileObjectType, ObReferenceObjectByPointer, ZwOpenFile, RtlCreateSecurityDescriptor, ZwSetSecurityObject, PsGetVersion, _alloca_probe, RtlUnicodeStringToAnsiString, IoFreeMdl, IofCompleteRequest, PsCreateSystemThread, ObReferenceObjectByHandle, ZwClose, KeWaitForSingleObject, KeInitializeEvent, ExfInterlockedInsertHeadList, ExfInterlockedInsertTailList, KeWaitForMultipleObjects, _allmul, KeQueryInterruptTime, _aulldiv, KeQuerySystemTime, KeGetCurrentThread, KeDelayExecutionThread, ZwYieldExecution, DbgPrint, strchr, KeInitializeMutex, KeReleaseMutex, ExAllocatePoolWithTag, ExFreePoolWithTag, MmFreeContiguousMemory, MmGetPhysicalAddress, MmAllocateContiguousMemory, MmGetSystemRoutineAddress, KeQueryActiveProcessors, _aullshr, _allshr, PsGetCurrentProcessId, IoGetCurrentProcess, _aulldvrm, IofCallDriver, IoBuildDeviceIoControlRequest, IoGetDeviceObjectPointer, ExfInterlockedRemoveHeadList, KeSetEvent, PsTerminateSystemThread, MmMapLockedPagesSpecifyCache, KeInitializeSpinLock
> HAL.dll: KfLowerIrql, KfRaiseIrql, ExReleaseFastMutex, KeGetCurrentIrql, ExAcquireFastMutex, KfAcquireSpinLock, KfReleaseSpinLock
> NDIS.SYS: NdisMRegisterMiniport, NdisMRegisterUnloadHandler, NdisReturnPackets, NdisMGetDeviceProperty, NdisMSetAttributesEx, NdisOpenConfiguration, NdisReadConfiguration, NdisWriteConfiguration, NdisInitializeWrapper, NdisMDeregisterDevice, NdisMSleep, NdisMRegisterDevice, NdisAllocatePacketPoolEx, NdisFreePacketPool, NdisUnchainBufferAtBack, NdisAllocatePacket, NdisAllocateBuffer, NdisFreePacket, NdisAllocateBufferPool, NdisFreeBufferPool, NdisFreeMemory, NdisAllocateMemoryWithTag, NdisTerminateWrapper, NdisCloseConfiguration

( 130 exports )
AssertMsg1, AssertMsg2, RTAssertShouldPanic, RTErrConvertFromNtStatus, RTLogCloneRC, RTLogComPrintf, RTLogComPrintfV, RTLogCopyGroupsAndFlags, RTLogCreate, RTLogCreateEx, RTLogCreateExV, RTLogDefaultInit, RTLogDefaultInstance, RTLogDestroy, RTLogFlags, RTLogFlush, RTLogFlushRC, RTLogFlushToLogger, RTLogFormatV, RTLogGetDefaultInstance, RTLogGroupSettings, RTLogLogger, RTLogLoggerEx, RTLogLoggerExV, RTLogLoggerV, RTLogPrintf, RTLogPrintfV, RTLogRelDefaultInstance, RTLogRelLoggerV, RTLogRelPrintfV, RTLogRelSetDefaultInstance, RTLogSetDefaultInstance, RTLogSetDefaultInstanceThread, RTLogWriteCom, RTLogWriteDebugger, RTLogWriteStdErr, RTLogWriteStdOut, RTLogWriteUser, RTMemAlloc, RTMemAllocZ, RTMemContAlloc, RTMemContFree, RTMemExecAlloc, RTMemExecFree, RTMemFree, RTMemRealloc, RTMemTmpAlloc, RTMemTmpAllocZ, RTMemTmpFree, RTMpNotificationDeregister, RTMpNotificationRegister, RTPowerNotificationDeregister, RTPowerNotificationRegister, RTPowerSignalEvent, RTProcSelf, RTR0Init, RTR0ProcHandleSelf, RTR0Term, RTSemEventCreate, RTSemEventDestroy, RTSemEventSignal, RTSemEventWait, RTSemEventWaitNoResume, RTSemFastMutexCreate, RTSemFastMutexDestroy, RTSemFastMutexRelease, RTSemFastMutexRequest, RTSemMutexCreate, RTSemMutexDestroy, RTSemMutexRelease, RTSemMutexRequest, RTSpinlockAcquire, RTSpinlockAcquireNoInts, RTSpinlockCreate, RTSpinlockDestroy, RTSpinlockRelease, RTSpinlockReleaseNoInts, RTStrFormat, RTStrFormatNumber, RTStrFormatTypeDeregister, RTStrFormatTypeRegister, RTStrFormatTypeSetUser, RTStrFormatV, RTStrPrintf, RTStrPrintfEx, RTStrPrintfExV, RTStrPrintfV, RTStrToInt16, RTStrToInt16Ex, RTStrToInt16Full, RTStrToInt32, RTStrToInt32Ex, RTStrToInt32Full, RTStrToInt64, RTStrToInt64Ex, RTStrToInt64Full, RTStrToInt8, RTStrToInt8Ex, RTStrToInt8Full, RTStrToUInt16, RTStrToUInt16Ex, RTStrToUInt16Full, RTStrToUInt32, RTStrToUInt32Ex, RTStrToUInt32Full, RTStrToUInt64, RTStrToUInt64Ex, RTStrToUInt64Full, RTStrToUInt8, RTStrToUInt8Ex, RTStrToUInt8Full, RTThreadNativeSelf, RTThreadPreemptDisable, RTThreadPreemptIsEnabled, RTThreadPreemptRestore, RTThreadSleep, RTThreadYield, RTTimeMilliTS, RTTimeNanoTS, RTTimeNow, RTTimeSystemMilliTS, RTTimeSystemNanoTS, RTUuidClear, RTUuidCompare, RTUuidCompareStr, RTUuidFromStr, RTUuidIsNull, RTUuidToStr, g_szRTAssertMsg1, g_szRTAssertMsg2

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (87.2%)
Win32 Executable Generic (8.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
shapiro
Inviato: Monday, October 19, 2009 8:03:00 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
abilita la visualizzazione dei file nascosti (apri una cartella qualsiasi, vai su Strumenti--> Opzioni cartella--> Visualizzazione e spunta Visualizza file e cartelle nascosti

con la funzione ''cerca'' di windows controlla se effettivamente il file non e' nel pc
maurom1973
Inviato: Tuesday, October 20, 2009 7:37:15 PM

Rank: Member

Iscritto dal : 12/8/2007
Posts: 29
o fatto il tutto non ce propio comq il pc ora si avvia molto piu velocemente
shapiro
Inviato: Tuesday, October 20, 2009 7:45:09 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Installa Ccleaner, durante l’installazione deseleziona l’opzione per la barra di Yahoo, lo apri, vai in Opzioni>Avanzate, togli la spunta a “Cancella file temp diwindows solo se più vecchi di 48 ore”, poi avvialo, seleziona "Analizza" ed alla fine dell'analisi premi "Avvia Pulizia

clicca su Registro, nella pagina successiva clicca Trova problemi, poi al termine dello scan clicca su Ripara selezionati , risposndi di sì alla richiesta di salvare il backup (salvalo in una cartella a piacimento) poi ripara tutti gli elementi trovati. Riavvia il computer

scarica ccleaner da qui

http://www.aiutamici.com/software?ID=11223


Appena terminato queste operazioni postami un log di hjt

Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.