Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Amici, mi controllate il log file?

2 pages: [1] 2
Amici, mi controllate il log file? Opzioni
Topic Precedente · Topic Sucessivo
delgiud
Inviato: Tuesday, June 21, 2011 10:51:51 PM
Rank: Member

Iscritto dal : 3/27/2004
Posts: 29
Macchina lentissima, CPU sempre sui massimi di utilizzo, audio distorto e lento, innumerevoli scansioni e cleaners utilizzati inutilmente.
Temo si tratti di virus o spyware. Grazie


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:46:14, on 21/06/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files (x86)\REMINDER\reminder.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5542&r=27361209v326l0318z105t48k1y664
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5542&r=27361209v326l0318z105t48k1y664
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5542&r=27361209v326l0318z105t48k1y664
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\Windows\system32\UTSCSI.EXE
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11549 bytes
Torna in alto
 
Sponsor
Inviato: Tuesday, June 21, 2011 10:51:51 PM

 
Torna in alto
 
r16
Inviato: Wednesday, June 22, 2011 7:46:19 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Scarica TDSSKiller.zip sul desktop:

http://support.kaspersky.com/viruses/solutions?qid=208280684

Estrai i dati in una cartella e fai doppio clik su TDSSKiller.exe
clicca su "Start Scan"
Se trova qualche infezione di default avrai l'opzione "Cure" per cui, clicca su "Continue".
Se un file sospetto viene trovato,l'azione di default sarà skip,clicca su "Continue".
Se è richiesto il riavvio,(Reboot) acconsenti. (per eliminare l'infezione è necessario riavviare il pc)
Se nessun riavvio è richiesto clicca su report e salva il contenuto in un file di testo.
Il log lo trovi in C:\
Postalo qui.

Per postare il log:
Collegati ad internet e vai alla pagina WikiSend: http://www.wikisend.com/
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.
Torna in alto
 
delgiud
Inviato: Wednesday, June 22, 2011 8:34:39 PM
Rank: Member

Iscritto dal : 3/27/2004
Posts: 29
Fatto. Pare non ci sia niente.

TDSSKiller.2.5.5.0_22.06.2011_20.27.05_log.txt
Torna in alto
 
r16
Inviato: Wednesday, June 22, 2011 8:51:59 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su "fix checked":

Commenta:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll


Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223

Conosci questo programma? (in rosso)
C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
Questo eseguibile puzza da morire:
logger.exe

Scarica Combofix (usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop. (è obligatorio)

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (se usi Vista: tasto destro su Combofix.exe e clicca su: "Esegui come Amministratore" )

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.
Torna in alto
 
delgiud
Inviato: Thursday, June 23, 2011 7:25:49 PM
Rank: Member

Iscritto dal : 3/27/2004
Posts: 29
Scusa il ritardo, ma ero fuori sede.
Dunque:
Sul file Teleca, ho trovato questo:
Dont worry, these processes are perfectly safe and are part of the HTC Sync install. In addition to logger.exe... capabilitymanager.exe, generic.exe, and fsyncserver.exe will run in the background on your pc.
In effetti ho collegato al pc un cellulare HTC, quindi non dovrebbe essere nulla
Ecco il log combofix:
ComboFix 11-06-22.02 - Fabio 23/06/2011 19:10:58.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.4094.2911 [GMT 2:00]
Eseguito da: c:\users\Fabio\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Fabio\AppData\Roaming\.#
c:\users\Fabio\AppData\Roaming\.#\MBX@F98@2122770.###
c:\users\Fabio\AppData\Roaming\.#\MBX@F98@21227A0.###
c:\users\Fabio\Documents\DPE.DUS
.
.
((((((((((((((((((((((((( Files Creati Da 2011-05-23 al 2011-06-23 )))))))))))))))))))))))))))))))))))
.
.
2011-06-23 17:18 . 2011-06-23 17:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-22 21:54 . 2011-06-22 21:54 -------- d-----w- c:\users\Fabio\AppData\Roaming\Template
2011-06-21 21:04 . 2011-06-21 21:05 -------- d-----w- c:\program files (x86)\eMule AdunanzA
2011-06-21 20:45 . 2011-06-21 20:45 388096 ----a-r- c:\users\Fabio\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-21 20:45 . 2011-06-21 20:45 -------- d-----w- c:\program files (x86)\Trend Micro
2011-06-21 17:43 . 2011-06-21 17:44 -------- d-----w- c:\users\Fabio\AppData\Roaming\vlc
2011-06-21 17:43 . 2011-06-21 17:43 -------- d-----w- c:\program files (x86)\VideoLAN
2011-06-21 17:32 . 2011-06-21 17:42 -------- d-----w- c:\users\Fabio\AppData\Roaming\GlarySoft
2011-06-21 17:30 . 2011-06-21 17:30 -------- d-----w- c:\program files (x86)\Glary Utilities
2011-06-21 17:11 . 2011-06-22 22:49 -------- d-----w- c:\program files (x86)\CCleaner
2011-06-18 23:08 . 2011-06-18 23:08 -------- d-----w- c:\users\Fabio\AppData\Roaming\SeriousBit
2011-06-18 23:08 . 2011-06-18 23:08 -------- d-----w- c:\program files\EnhanceMySe7en
2011-06-11 17:28 . 2011-06-11 17:28 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-05 14:25 . 2011-06-05 14:25 -------- d-----w- c:\users\Fabio\AppData\Roaming\Yahoo!
2011-06-05 14:25 . 2011-06-21 17:21 -------- d-----w- c:\program files (x86)\Yahoo!
2011-06-05 14:25 . 2011-06-05 14:25 -------- d-----w- c:\program files (x86)\FLV Player
2011-05-31 21:23 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2011-05-31 21:22 . 2011-05-31 21:22 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-05-31 21:21 . 2011-06-01 19:59 -------- d-----w- c:\program files (x86)\Winamp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-12 17:15 . 2011-05-12 17:15 45056 ----a-w- c:\windows\SysWow64\UTSCSI.EXE
2011-05-08 18:35 . 2011-05-08 18:35 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-05-08 18:35 . 2011-05-08 18:35 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-05-08 18:35 . 2011-05-08 18:35 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-05-08 18:35 . 2011-05-08 18:35 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-05-08 18:35 . 2011-05-08 18:35 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-05-08 18:35 . 2011-05-08 18:35 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-05-08 18:35 . 2011-05-08 18:35 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-05-08 18:35 . 2011-05-08 18:35 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-05-08 18:35 . 2011-05-08 18:35 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-05-08 18:35 . 2011-05-08 18:35 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-05-08 18:35 . 2011-05-08 18:35 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-05-08 18:35 . 2011-05-08 18:35 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-05-08 18:35 . 2011-05-08 18:35 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-05-08 18:35 . 2011-05-08 18:35 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-05-08 18:35 . 2011-05-08 18:35 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-05-08 18:35 . 2011-05-08 18:35 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-05-08 18:35 . 2011-05-08 18:35 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-08 18:35 . 2011-05-08 18:35 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-05-08 18:35 . 2011-05-08 18:35 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-08 18:35 . 2011-05-08 18:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-08 18:35 . 2011-05-08 18:35 222208 ----a-w- c:\windows\system32\msls31.dll
2011-05-08 18:35 . 2011-05-08 18:35 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-08 18:35 . 2011-05-08 18:35 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-05-08 18:35 . 2011-05-08 18:35 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-05-08 18:35 . 2011-05-08 18:35 12288 ----a-w- c:\windows\system32\mshta.exe
2011-05-08 18:35 . 2011-05-08 18:35 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-05-08 18:35 . 2011-05-08 18:35 114176 ----a-w- c:\windows\system32\admparse.dll
2011-05-08 18:35 . 2011-05-08 18:35 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-05-08 18:35 . 2011-05-08 18:35 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-05-08 18:35 . 2011-05-08 18:35 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-05-08 18:35 . 2011-05-08 18:35 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-08 18:35 . 2011-05-08 18:35 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-08 18:35 . 2011-05-08 18:35 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-05-08 18:35 . 2011-05-08 18:35 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-05-08 18:35 . 2011-05-08 18:35 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-08 18:35 . 2011-05-08 18:35 448512 ----a-w- c:\windows\system32\html.iec
2011-05-08 18:35 . 2011-05-08 18:35 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-08 18:35 . 2011-05-08 18:35 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-08 18:35 . 2011-05-08 18:35 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-05-08 18:35 . 2011-05-08 18:35 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-08 18:35 . 2011-05-08 18:35 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-05-08 18:35 . 2011-05-08 18:35 160256 ----a-w- c:\windows\system32\wextract.exe
2011-05-08 18:33 . 2011-05-08 18:33 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-05-08 18:33 . 2011-05-08 18:33 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2011-05-08 18:33 . 2011-05-08 18:33 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-05-08 18:33 . 2011-05-08 18:33 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-08 18:33 . 2011-05-08 18:33 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-05-08 18:33 . 2011-05-08 18:33 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-05-08 18:33 . 2011-05-08 18:33 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-05-08 18:33 . 2011-05-08 18:33 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-08 18:33 . 2011-05-08 18:33 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2011-05-08 18:33 . 2011-05-08 18:33 144384 ----a-w- c:\windows\system32\cdd.dll
2011-05-08 18:33 . 2011-05-08 18:33 1133568 ----a-w- c:\windows\system32\FntCache.dll
2011-05-08 18:33 . 2011-05-08 18:33 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-05-08 18:33 . 2011-05-08 18:33 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-05-08 18:33 . 2011-05-08 18:33 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-05-08 18:33 . 2011-05-08 18:33 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-05-08 18:33 . 2011-05-08 18:33 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-05-08 18:33 . 2011-05-08 18:33 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-05-08 18:33 . 2011-05-08 18:33 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-05-08 18:33 . 2011-05-08 18:33 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-05-08 18:33 . 2011-05-08 18:33 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2011-05-08 18:33 . 2011-05-08 18:33 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2011-05-08 18:33 . 2011-05-08 18:33 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-05-08 18:33 . 2011-05-08 18:33 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2011-05-08 18:33 . 2011-05-08 18:33 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-05-08 18:33 . 2011-05-08 18:33 4068864 ----a-w- c:\windows\system32\mf.dll
2011-05-08 18:33 . 2011-05-08 18:33 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2011-05-08 18:33 . 2011-05-08 18:33 206848 ----a-w- c:\windows\system32\mfps.dll
2011-05-08 18:33 . 2011-05-08 18:33 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-05-08 18:33 . 2011-05-08 18:33 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-04-05 20:08 . 2011-04-05 20:08 287024 ----a-w- c:\program files (x86)\SoftonicDownloader_per_prtscr.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"Mobile Connectivity Suite"="c:\program files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Avvio veloce di Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1034-4700-7760-000000000002}\SC_Acrobat.exe [2011-1-1 25214]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"AppleSyncNotifier"=c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Acrobat Assistant 7.0"="c:\program files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"ArcSoft Connection Service"=c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"MoveIt"=c:\windows\SysWOW64\MoveIt.exe
"mctudll"=c:\windows\SysWOW64\mctudll.exe
"HMXUtil6x"=c:\windows\SysWOW64\HMXUtil6x.exe
.
R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-16 135664]
R3 BthAvrcp;Profilo Bluetooth AVRCP;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-16 135664]
R3 hmxproj64;USB Projector ;c:\windows\system32\drivers\hmxusb64.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-05 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 311592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 HMXProjExt64;HMXProjExt64;c:\windows\system32\DRIVERS\HMXExGrp64.sys [x]
S3 HMXProjMir64;HMXProjMir64;c:\windows\system32\DRIVERS\HMXMrGrp64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S4 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S4 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*Deregistered* - Avgldx64
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-06-23 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-06-21 08:32]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-16 11:37]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-16 11:37]
.
2011-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3027131733-561021120-3669646746-1000Core.job
- c:\users\Fabio\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-05 13:47]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3027131733-561021120-3669646746-1000UA.job
- c:\users\Fabio\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-05 13:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-05 828960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5542&r=27361209v326l0318z105t48k1y664
IE: Converti destinazione link in Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti nel file PDF esistente - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
FF - ProfilePath - c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\865r7qv2.default\
FF - prefs.js: browser.startup.homepage - hxxp://vshare.toolbarhome.com/?hp=df
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Illimitux: illimitux@illimitux.net - %profile%\extensions\illimitux@illimitux.net
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2011-06-23 19:20:50
ComboFix-quarantined-files.txt 2011-06-23 17:20
.
Pre-Run: 211.906.510.848 byte disponibili
Post-Run: 211.615.797.248 byte disponibili
.
- - End Of File - - 36B972BDBA074FD379F418E8CBE11013
Torna in alto
 
r16
Inviato: Thursday, June 23, 2011 7:47:26 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Disattiva il ripristino configurazione di sistema.
http://windows.microsoft.com/it-IT/windows7/Turn-System-Restore-on-or-off

Per eliminare i vari Tooll scaricati: (combofix)
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.

Vai in c:\windows\prefetch.
Cancella tutti i file meno il file layout.ini

Svuota il cestino.

Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223

Quando hai finito, dimmi se ci sono miglioramenti.
Torna in alto
 
delgiud
Inviato: Thursday, June 23, 2011 11:04:36 PM
Rank: Member

Iscritto dal : 3/27/2004
Posts: 29
Il file layout.ini in prefetch non esiste
Torna in alto
 
delgiud
Inviato: Thursday, June 23, 2011 11:18:22 PM
Rank: Member

Iscritto dal : 3/27/2004
Posts: 29
Comunque ho fatto tutto il resto, ma senza esito. Il pc impiega quasi 5 minuti solo per accendersi, la lucetta dell'hard disk lampeggia in continuazione, i suoni si sentono distorti a partire dal primo suono del pc quando si accende! Perfino il mouse va a scatti o si inceppa.
Devo riattivare Ripristino configurazione e salvare un punto di ripristino?
Torna in alto
 
r16
Inviato: Thursday, June 23, 2011 11:23:48 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Vediamo se c'è un rootkit in memoria:
Scarica TDSSKiller.zip sul desktop:
http://support.kaspersky.com/viruses/solutions?qid=208280684
Estrai i dati in una cartella e fai doppio clik su TDSSKiller.exe
clicca su "Start Scan"
Se trova qualche infezione di default avrai l'opzione "Cure" per cui, clicca su "Continue".
Se un file sospetto viene trovato,l'azione di default sarà skip,clicca su "Continue".
Se è richiesto il riavvio,(Reboot) acconsenti. (per eliminare l'infezione è necessario riavviare il pc)
Se nessun riavvio è richiesto clicca su report e salva il contenuto in un file di testo.
Il log lo trovi in C:\
Postalo qui.
Torna in alto
 
delgiud
Inviato: Thursday, June 23, 2011 11:28:40 PM
Rank: Member

Iscritto dal : 3/27/2004
Posts: 29
Scusa r16, ma non è la prima operazione che mi hai fatto fare già?
Torna in alto
 
r16
Inviato: Friday, June 24, 2011 12:10:17 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Hai ragione scusami.
Evidentemente sono stanco.
Per cui, ti riprendo domani, con la speranza di essere un pò più in forma.
Torna in alto
 
delgiud
Inviato: Friday, June 24, 2011 12:17:50 AM
Rank: Member

Iscritto dal : 3/27/2004
Posts: 29
Grazie e buonanotte
Torna in alto
 
r16
Inviato: Friday, June 24, 2011 1:24:31 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Allora, quando un pc impiega molto tempo per arrivare al desktop, le cause possono essere varie.
Escludendo un'infezione, (le scansioni non hanno rilevato virus di una certa gravità) le cause possono essere:
Un software in tempo reale che è danneggiato, oppure entra in conflitto con altri programmi.
Stessa cosa con la CPU alta.

Oppure un problema hardware.
In questo caso, non ti posso aiutare un granchè, in quanto le mie conoscenze in quel campo, sono piuttosto limitate.


Suggerimenti:
Disistallare tutti i software in tempo reale. (Antivirus, antispyware, firewall, se è quello di windows lo puoi solo disattivare, non eliminare)

Una volta disistallati, controllare se il pc si avvia velocemente, e controllare la CPU.

Per disistallare correttamente AVG:
Pannello di controllo\ programmi e funzionalità, e rimuoverlo.
Poi fare una scansione con questo tool per eliminare le chiavi rimaste:
http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1165.exe
Scaricare il tool
Riavviare in modalità provvisoria
Eseguire il tool
Riavviare il computer in modalità normale .
Torna in alto
 
delgiud
Inviato: Friday, June 24, 2011 5:00:29 PM
Rank: Member

Iscritto dal : 3/27/2004
Posts: 29
Il link per l'AVG remover non funziona.
Altri software in tempo reale non mi risultano.
L'uilizzo della CPU per i processi risulta fisso al 100% !!!! Quello dei servizi è sul 50%
Se può aiutarti, ho notato che col passare del tempo, diciamo una mezzoretta dall'avvio, le prestazioni cominciano a migliorare, come se i processi attivi diminuissero (la lucetta dell' hard disk la mpeggia più raramente)
Torna in alto
 
r16
Inviato: Friday, June 24, 2011 5:41:07 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Scegli la versione adatta al antivirus che usi.
http://www.avg.com/us-en/utilities

Oppure:
http://www.freewarefiles.com/AVG-Remover-64bit_program_47438.html

http://rezetpc.blogspot.com/2010/01/avg-removal-tool.html

Il tuo S.O è a 64 bit.

Dobbiamo sapere se può dipendere dall'antivirus.
Torna in alto
 
delgiud
Inviato: Friday, June 24, 2011 10:28:23 PM
Rank: Member

Iscritto dal : 3/27/2004
Posts: 29
Fatto. Nessun miglioramento Brick wall
Torna in alto
 
r16
Inviato: Friday, June 24, 2011 10:48:02 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
scarica OTL by Oldtimer

http://oldtimer.geekstogo.com/OTL.exe

Esegui il file OTL.exe
(Dopo aver eseguito OTL, sui sistemi Windows 7 e Windows Vista si dovrà rispondere in modo affermativo alla comparsa del messaggio di avviso di UAC.)

Metti la spunta nella casella:
Scan all users (lo trovi in alto)
Su Service metti la spunta su "All".
Su Standard Registry metti la spunta su "All".

Sotto "Custom Scans\Fixes" copia-incolla questo codice:

Code:
Netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32 /all
%SYSTEMDRIVE%\*.*
CREATERESTOREPOINT
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%appdata%\*.*
%PROGRAMFILES%\*.

Clicca su Run scan
Lascia che il programma, venga eseguito, senza interruzioni.
Finita la scansione, OTL produrrà due file di log (OTL.txt ed Extras.txt), memorizzati nella medesima cartella del programma.

Carica i log di OTL su http://www.wikisend.com/
Postali qui.
Torna in alto
 
delgiud
Inviato: Saturday, June 25, 2011 5:27:26 PM
Rank: Member

Iscritto dal : 3/27/2004
Posts: 29
Ecco i logfiles:

OTL.Txt

Extras.Txt
Torna in alto
 
delgiud
Inviato: Saturday, June 25, 2011 8:21:54 PM
Rank: Member

Iscritto dal : 3/27/2004
Posts: 29
Ho appena notato che sono disabilitate tutte le funzioni del touch pad: zooming, scorrimento etc.
Ho cercato di riattivarle dal pannello di controllo: tutte le caselle delle funzioni sono bianche e non mi accettano il segno di spunta. Che è successo? Si è cancellato qualche file del driver? Non posso più nemmeno fare il ripristino configurazione, perchè l'abbiamo disattivato.
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Amici, mi controllate il log file?


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.