Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » applicazioni lente

3 pages: [1] 2 3
applicazioni lente Opzioni
Topic Precedente · Topic Sucessivo
Scilipoti
Inviato: Monday, September 12, 2011 9:17:15 AM
Rank: AiutAmico

Iscritto dal : 1/2/2003
Posts: 68
Buongiorno
Mi è stato consigliato di rivolgermi in questa sessione per il mio problema
Win xp....le applicazioni sono diventate lente da quando uso l'antivirus Kaspersky
E' un antivirus che mi sembra buono e prima di rinnovare la licenza vorrei un vostro parere. Può rallentare gli esecutivi ? ( exe)...quello che poi succede a me. Molto spesso esce la scritta " non risponde" quando lancio un esecutivo (ad esempio) di installazione di un gioco. Ho provato anche a disattivare l'antivirus per il periodo della sola installazione....ebbene...alle volte funziona, altre no.
Oso anche RemoveIT.. per cercare di tener pulito il PC...oltre a Malwarebytes ...Li uso abbastanza regolarmente.
Gradirei un vostro parere ringraziando anticipatamente
aggiungo un log.
bhoda@libero.it
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Programmi\Uniblue\RegistryBooster\rbmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\IObit\Advanced SystemCare 4\ASCService.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Programmi\IncrediMail\bin\IncMail.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Documents and Settings\Admin\Dati applicazioni\Dropbox\bin\Dropbox.exe
C:\Programmi\Microsoft Office\Office10\msoffice.exe
C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\CrossLoop\CrossLoopService.exe
C:\Documents and Settings\All Users\Dati applicazioni\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Programmi\IncrediMail\Bin\ImApp.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\Programmi\Maxtor\Utils\SyncServices.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\Documenti\Vari prog\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.it/nwshp?hl=it&tab=wn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Programmi\Soluto\soluto.exe /userinit,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Admin\Dati applicazioni\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Admin\Dati applicazioni\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Office12\ONBttnIE.dll
O9 - Extra button: &Tastiera Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Office12\REFIEBAR.DLL
O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1303833072406
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Programmi\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Servizio Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 - Service: CrossLoop Service (CrossLoopService) - CrossLoop - C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\CrossLoop\CrossLoopService.exe
O23 - Service: Freemake Service (FreemakeUtilsService) - Freemake - C:\Documents and Settings\All Users\Dati applicazioni\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Programmi\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Programmi\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Programmi\Maxtor\Utils\SyncServices.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Unknown owner - (no file)
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\CrossLoop\tvnserver.exe

--
End of file - 9299 bytes
Torna in alto
 
Sponsor
Inviato: Monday, September 12, 2011 9:17:15 AM

 
Torna in alto
 
shapiro
Inviato: Monday, September 12, 2011 9:40:12 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164



ciao Scilipoti stavo controllando per curiosita' il tuo log - manca la parte iniziale- e mi e' caduto l'occhio su questo FreemakeUtilsService



vai sul sito virus total e controlla il suo eseguibile

C:\Documents and Settings\All Users\Dati applicazioni\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Torna in alto
 
Scilipoti
Inviato: Monday, September 12, 2011 9:51:49 AM
Rank: AiutAmico

Iscritto dal : 1/2/2003
Posts: 68
Grazie shapiro............ho fatto quello che mi hai detto e il risultato mi sembra questo
Nome file: FreemakeUtilsService.exe
Data di presentazione: 2011/08/22 13:49:11 (UTC)
Stato attuale: finito
Risultato: 0 / 44 (0,0%)
Torna in alto
 
shapiro
Inviato: Monday, September 12, 2011 9:57:28 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
questo " non risponde" esce quando lanci alcuni eseguibili oppure sempre

fai questa scansione

scarica CKScanner sul desktop

doppio clic sull'icona CKScanner.exe per lanciare il programma e quindi clic sul pulsante Search For Files.

Quando la scansione è terminata (- il cursore clessidra scompare quando la scansione è completata), clicca sulla lista pulsante Save to File.

verrà creata sul desktop --- > ckfiles.txt

clic sul pulsante Esci per chiudere il programma
Torna in alto
 
Scilipoti
Inviato: Monday, September 12, 2011 2:49:17 PM
Rank: AiutAmico

Iscritto dal : 1/2/2003
Posts: 68
Fatto anche quello....ecco il risultato
CKScanner - Additional Security Risks - These are not necessarily bad
c:\programmi\custom\tela\cracks2c.pcx
c:\programmi\custom\tiles\cracks2m.cpt
scanner sequence 3.LB.11.PCAAMS
----- EOF -----
Torna in alto
 
shapiro
Inviato: Monday, September 12, 2011 3:52:03 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Scarica FindyKill e installalo

Una volta installato chiudi tutte le applicazioni attive e disconnettiti dal internet, poi clicca sull'icona di FindyKill e nella finestra dos che si aprirà scrivi 2 e premi Invio. Attendi il termine della scansione e posta qui il log che trovi in C:\FindyKill.txt


fai anche questa scansione

disattiva il tuo antivirus

scarica combofix sul desktop
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

non usare il pc durante la scansione, nemmeno il mouse!
Torna in alto
 
Scilipoti
Inviato: Monday, September 12, 2011 5:59:28 PM
Rank: AiutAmico

Iscritto dal : 1/2/2003
Posts: 68
ho fatto combofix

ecco il risultato

ComboFix 11-09-12.02 - Admin 12/09/2011 17.42.31.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2037.1434 [GMT 2:00]
Eseguito da: c:\documents and settings\Admin\Documenti\Scarico\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\Dati applicazioni\facemoods.com
c:\documents and settings\Admin\Dati applicazioni\OfferBox
c:\documents and settings\Admin\Dati applicazioni\OfferBox\config.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\1.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\a.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\b.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\c.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\d.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\e.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\f.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\g.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\h.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\i.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\J.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\k.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\l.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\m.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\mru.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\n.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\o.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\p.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\q.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\r.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\s.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\t.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\u.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\v.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\w.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\x.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\y.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\z.xml
c:\documents and settings\Admin\Impostazioni locali\Dati applicazioni\setup.exe
c:\documents and settings\Admin\WINDOWS
c:\windows\IsUn0410.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2011-08-12 al 2011-09-12 )))))))))))))))))))))))))))))))))))
.
.
2011-09-12 15:14 . 2011-09-12 15:24 -------- dc----w- c:\programmi\FindyKill
2011-09-12 07:46 . 2011-09-12 07:46 -------- dc----w- c:\programmi\VirusTotalUploader2
2011-09-11 15:19 . 2011-09-11 15:19 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-09-11 07:45 . 2011-09-11 07:45 -------- dc----w- c:\programmi\ImTOO
2011-09-07 12:58 . 2011-09-07 12:58 -------- dc----w- c:\programmi\File comuni\ANDShared
2011-09-07 12:58 . 2011-09-07 13:01 -------- dc----w- C:\R99itITA
2011-09-07 09:27 . 2011-09-07 09:27 -------- dc----w- c:\programmi\File comuni\SWiSHzone.com
2011-09-07 09:27 . 2011-09-07 09:33 -------- dc----w- c:\programmi\SWiSH Max3
2011-09-07 09:18 . 2011-09-07 09:20 -------- dc----w- c:\programmi\DownVision
2011-09-06 14:39 . 2011-09-06 14:39 -------- dc----w- c:\documents and settings\Admin\Dati applicazioni\gtk-2.0
2011-09-06 14:39 . 2011-09-06 14:39 -------- dc----w- c:\documents and settings\Admin\.thumbnails
2011-09-06 14:30 . 2011-09-06 14:43 -------- dc----w- c:\documents and settings\Admin\.gimp-2.6
2011-09-06 14:20 . 2011-09-06 14:20 -------- dc----w- c:\documents and settings\Admin\Dati applicazioni\AntsSoft
2011-09-06 06:53 . 2011-09-06 06:53 -------- dc----w- c:\documents and settings\LocalService\Dati applicazioni\TightVNC
2011-09-06 06:52 . 2011-09-06 07:14 -------- dc----w- c:\documents and settings\Admin\Impostazioni locali\Dati applicazioni\CrossLoop
2011-09-04 09:13 . 2011-09-04 09:17 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\SpeedBit
2011-09-04 09:13 . 2011-09-04 09:13 -------- dc----w- c:\programmi\File comuni\SpeedBit
2011-09-04 09:13 . 2011-09-04 09:13 84480 ----a-w- c:\windows\system32\EasyHook32.dll
2011-09-04 09:13 . 2011-09-04 09:13 109216 ----a-w- c:\windows\system32\EasyHook64.dll
2011-09-04 09:13 . 2011-09-04 09:18 -------- dc----w- c:\programmi\DAP
2011-09-04 09:09 . 2011-09-04 09:09 -------- dc----w- c:\programmi\SAVERS4FREE.COM
2011-09-03 10:17 . 2011-09-03 10:17 603136 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-09-03 07:42 . 2011-09-03 07:42 -------- dc----w- c:\programmi\Glary Utilities
2011-09-02 07:27 . 2011-09-11 06:38 -------- dc----w- C:\TEMP
2011-08-31 09:34 . 2011-08-31 09:34 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\casualArts
2011-08-31 09:34 . 2011-08-31 09:34 -------- dc----w- c:\documents and settings\Admin\Dati applicazioni\casualArts
2011-08-31 06:31 . 2011-08-31 17:50 -------- dc----w- c:\programmi\Sandboxie
2011-08-28 14:04 . 2011-08-28 14:04 -------- dc----w- c:\programmi\File comuni\Logishrd
2011-08-28 14:03 . 2011-08-28 14:03 -------- dc----w- c:\programmi\Logitech
2011-08-26 18:03 . 2011-08-26 18:04 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2011-08-25 17:00 . 2011-08-25 17:00 -------- dc----w- c:\documents and settings\Admin\Dati applicazioni\GlarySoft
2011-08-25 11:12 . 1997-06-03 07:31 108032 ------w- c:\windows\system32\sh33w32.dll
2011-08-25 07:15 . 2011-08-26 17:54 -------- dc----w- c:\programmi\DVD Cutter Plus
2011-08-25 06:49 . 2011-08-25 07:19 -------- dc----w- c:\programmi\AVS4YOU
2011-08-24 17:07 . 2011-08-24 17:07 -------- dc----w- c:\documents and settings\Admin\Dati applicazioni\HillStoneAnimationStudios
2011-08-23 09:56 . 2011-08-23 09:56 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-23 09:55 . 2011-08-23 09:55 -------- d-----w- c:\windows\The Curse of the Ring
2011-08-23 09:55 . 2011-08-23 09:55 -------- d-----w- c:\windows\Robin's Quest
2011-08-23 09:55 . 2011-08-23 09:55 -------- d-----w- c:\windows\Spirit Seasons
2011-08-23 09:55 . 2011-08-23 09:55 -------- d-----w- c:\windows\Mystic Gateways The Celestial Quest
2011-08-23 09:55 . 2011-08-23 09:55 -------- d-----w- c:\windows\Mystery of Mortlake Mansion
2011-08-23 09:55 . 2011-08-23 09:55 -------- d-----w- c:\windows\Eternal Night - Realm of Souls
2011-08-23 09:55 . 2011-08-23 09:55 -------- d-----w- c:\programmi\Nightmare Realm Collector's Edition
2011-08-23 09:54 . 2011-08-23 09:54 -------- d-----w- c:\windows\Between the Worlds
2011-08-23 09:54 . 2011-08-23 09:54 -------- d-----w- c:\windows\Downtown Secrets
2011-08-23 09:54 . 2011-08-23 09:54 -------- d-----w- c:\windows\Dominic Crane 2 - Dark Mystery Revealed
2011-08-23 08:46 . 2011-08-23 09:54 -------- dc----w- c:\programmi\TuneUp Utilities 2011
2011-08-22 11:23 . 2011-08-22 11:23 -------- dc----w- c:\programmi\VS Revo Group
2011-08-18 08:41 . 2011-08-18 08:41 -------- dc----w- c:\programmi\Digital Photo Software
2011-08-17 17:52 . 2011-08-17 17:52 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Fenomen Games
2011-08-16 17:32 . 2011-08-16 17:32 -------- dc----w- c:\programmi\iWebAlbum
2011-08-15 10:30 . 2011-08-15 13:22 -------- dc----w- c:\documents and settings\Admin\Dati applicazioni\XnView
2011-08-15 10:30 . 2011-08-15 10:30 -------- dc----w- c:\programmi\XnView
2011-08-15 06:50 . 2011-08-15 07:08 -------- dc----w- c:\documents and settings\Admin\Dati applicazioni\Anvsoft
2011-08-15 06:50 . 2011-08-15 07:06 -------- dc----w- c:\programmi\AnvSoft
2011-08-14 17:12 . 2011-08-14 17:15 -------- dc----w- c:\programmi\Notepad++
2011-08-14 17:12 . 2011-08-14 17:15 -------- dc----w- c:\documents and settings\Admin\Dati applicazioni\Notepad++
2011-08-14 16:33 . 2011-08-14 16:33 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\WinMaximizer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2004-08-19 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2004-08-19 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-19 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 17:52 . 2010-10-25 11:39 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2010-10-25 11:39 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10 . 2010-10-11 15:09 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:30 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:30 . 2004-08-19 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:30 . 2004-08-19 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-19 12:00 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-19 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-08-20 16:09 . 2011-08-20 16:09 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\documents and settings\Admin\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\documents and settings\Admin\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\documents and settings\Admin\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\documents and settings\Admin\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\programmi\IncrediMail\bin\IncMail.exe" [2011-07-20 366024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-11-02 365336]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\Admin\Menu Avvio\Programmi\Esecuzione automatica\
Dropbox.lnk - c:\documents and settings\Admin\Dati applicazioni\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Corel MEDIA FOLDERS INDEXER 8.LNK]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 -c--a-w- c:\programmi\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 17:14 1695232 ------w- c:\programmi\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2006-08-11 09:15 81920 -c--a-w- c:\programmi\Maxtor\OneTouch Status\MaxMenuMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 -c--a-w- c:\programmi\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-05-03 09:12 399736 -c--a-w- c:\programmi\uTorrent\uTorrent.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Advanced SystemCare 4"=c:\programmi\IObit\Advanced SystemCare 4\ASCTray.exe
"FTweakFCleaner"=c:\programmi\FCleaner\FCleaner.exe -a
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Google Update"="c:\documents and settings\Admin\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe"
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
"HP Software Update"="c:\programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
"RemoteControl"=c:\programmi\CyberLink\PowerDVD\PDVDServ.exe
"LanguageShortcut"=c:\programmi\CyberLink\PowerDVD\Language\Language.exe
"GrooveMonitor"="f:\office12\GrooveMonitor.exe"
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
"RTHDCPL"=RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\IncrediMail\\Bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\Bin\\ImApp.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Programmi\\Kyodai Mahjongg\\kmj.exe"=
"c:\\Programmi\\IncrediMail\\Bin\\ImpCnt.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2011 11.0.2.556\\it\\setup.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"f:\\Office12\\OUTLOOK.EXE"=
"f:\\Office12\\GROOVE.EXE"=
"f:\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Programmi\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Admin\\Dati applicazioni\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\Admin\\Impostazioni locali\\Dati applicazioni\\CrossLoop\\vncviewer.exe"=
"c:\\Documents and Settings\\Admin\\Impostazioni locali\\Dati applicazioni\\CrossLoop\\tvnserver.exe"=
"c:\\Documents and Settings\\Admin\\Impostazioni locali\\Dati applicazioni\\CrossLoop\\CrossLoopConnect.exe"=
"c:\\Programmi\\DownVision\\DownVision.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP"= 5910:TCP:vnc5910
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [09/06/2010 16.43.52 11352]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [09/11/2010 10.36.37 142592]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\programmi\IObit\Advanced SystemCare 4\ASCService.exe [27/04/2011 8.42.39 328536]
R2 CrossLoopService;CrossLoop Service;c:\documents and settings\Admin\Impostazioni locali\Dati applicazioni\CrossLoop\CrossLoopService.exe [06/09/2011 8.52.58 563216]
R2 FreemakeUtilsService;Freemake Service;c:\documents and settings\All Users\Dati applicazioni\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [03/09/2011 9.13.42 74240]
R2 IMFservice;IMF Service;c:\programmi\IObit\IObit Malware Fighter\IMFsrv.exe [19/05/2011 8.42.26 821080]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [07/05/2010 11.06.26 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 19.27.24 19472]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [07/06/2011 18.53.28 30576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [02/03/2011 10.12.04 136176]
S3 __FOX__UNI_DRIVER__;__FOX__UNI_DRIVER__; [x]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/10/2010 17.25.35 1684736]
S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [02/03/2011 10.12.04 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [25/10/2010 13.39.29 41272]
S3 PAC207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [13/10/2010 12.14.48 618112]
S3 RegFilter;RegFilter;c:\programmi\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [10/06/2011 15.51.27 30368]
S3 tvnserver;TightVNC Server;c:\documents and settings\Admin\Impostazioni locali\Dati applicazioni\CrossLoop\tvnserver.exe [06/09/2011 8.52.58 814080]
S3 UrlFilter;UrlFilter;c:\programmi\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [10/06/2011 15.51.27 16080]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; [x]
S4 FileMonitor;FileMonitor;c:\programmi\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [10/06/2011 15.51.27 239472]
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-09-12 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2011-09-03 07:26]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-03-02 08:11]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-03-02 08:11]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-2077806209-682003330-1004Core.job
- c:\documents and settings\Admin\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-07-31 11:13]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-2077806209-682003330-1004UA.job
- c:\documents and settings\Admin\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-07-31 11:13]
.
2011-09-12 c:\windows\Tasks\RegistryBooster.job
- c:\programmi\Uniblue\RegistryBooster\rbmonitor.exe [2011-07-28 13:29]
.
2011-09-12 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2011-02-01 17:17]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://news.google.it/nwshp?hl=it&tab=wn
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Free YouTube Download - c:\documents and settings\Admin\Dati applicazioni\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Admin\Dati applicazioni\Mozilla\Firefox\Profiles\od6f3shp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=106&q=
FF - prefs.js: browser.search.selectedEngine - SpeedBit Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=106&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
SafeBoot-SolutoService
AddRemove-ArcSoft PhotoImpression 3.0 - c:\windows\IsUn0410.exe
AddRemove-Copy Utility - c:\windows\IsUn0410.exe
AddRemove-EPSON Photo Print - c:\windows\IsUn0410.exe
AddRemove-Print Artist - c:\windows\IsUn0410.exe
AddRemove-unInstall AND Route 99 Italia - c:\windows\IsUn0410.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-12 17:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-2077806209-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CBAB3619-048D-D41B-C2AE-04296B63CAE3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oalglijphbkoaiffmgcidnfnnnppdi"=hex:64,61,69,65,70,62,63,68,00,84
"oahhndbbkpmddnapfaiinchbipodgd"=hex:6a,61,6c,65,6b,65,63,6d,69,64,65,65,66,6e,
6a,65,6f,6b,66,62,00,02
"nanfbopkkgmooonoindipkbfgbmh"=hex:6a,61,6c,65,6b,65,63,6d,69,64,65,65,66,6e,
6a,65,6f,6b,66,62,00,02
.
Ora fine scansione: 2011-09-12 17:55:48
ComboFix-quarantined-files.txt 2011-09-12 15:55
.
Pre-Run: 470.933.356.544 byte disponibili
Post-Run: 471.053.950.976 byte disponibili
.
- - End Of File - - 529A059BF052DD02EF6F09AE55D2DD3B
Torna in alto
 
Scilipoti
Inviato: Monday, September 12, 2011 6:02:32 PM
Rank: AiutAmico

Iscritto dal : 1/2/2003
Posts: 68
findykill....non mi riesce
Grazie
Torna in alto
 
shapiro
Inviato: Monday, September 12, 2011 8:25:57 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
scarica TDSSKiller e salvalo sul desktop

Estrai il contenuto sul desktop.Doppio click sull'exe per avviare l'applicazione e poi su start scan.

Se un file infetto viene trovato,l'azione di default sarà cure,clicca su continua.
Se un file sospetto viene trovato,l'azione di default sarà skip,clicca su continua.
Se ti viene chiesto di riavviare il pc completa il processo.Clicca su riavvia ora.
Se nessun riavvio è richiesto clicca su report e salva il contenuto in un file di testo.
Se un riavvio è richiesto il report si trova in C:\folder in questa forma "TDSSKiller.[Version]_[Date]_[Time]_log.txt"

edit

appena finita la scansione vai in pannello di controllo /installazione applicazioni e controlla se hai Fast Browser Search se presente rimuovilo
Torna in alto
 
Scilipoti
Inviato: Tuesday, September 13, 2011 9:25:15 AM
Rank: AiutAmico

Iscritto dal : 1/2/2003
Posts: 68
Buongiorno
TDSSKiller eseguito.............. risultato.............nessun file infetto trovato...Non mi ha chiesto nessun riavvio
Grazie
TDSS rootkit removing tool 2.5.21.0 Sep 10 2011 21:07:05
2011/09/13 09:17:32.0390 2184 ================================================================================
2011/09/13 09:17:32.0390 2184 SystemInfo:
2011/09/13 09:17:32.0390 2184
2011/09/13 09:17:32.0390 2184 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/13 09:17:32.0390 2184 Product type: Workstation
2011/09/13 09:17:32.0390 2184 ComputerName: ADMIN-CD4AF23D3
2011/09/13 09:17:32.0390 2184 UserName: Admin
2011/09/13 09:17:32.0390 2184 Windows directory: C:\WINDOWS
2011/09/13 09:17:32.0390 2184 System windows directory: C:\WINDOWS
2011/09/13 09:17:32.0390 2184 Processor architecture: Intel x86
2011/09/13 09:17:32.0390 2184 Number of processors: 2
2011/09/13 09:17:32.0390 2184 Page size: 0x1000
2011/09/13 09:17:32.0390 2184 Boot type: Normal boot
2011/09/13 09:17:32.0390 2184 ================================================================================
2011/09/13 09:17:34.0859 2184 Initialize success
2011/09/13 09:17:37.0078 3576 ================================================================================
2011/09/13 09:17:37.0078 3576 Scan started
2011/09/13 09:17:37.0078 3576 Mode: Manual;
2011/09/13 09:17:37.0078 3576 ================================================================================
2011/09/13 09:17:40.0500 3576 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/13 09:17:40.0859 3576 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/13 09:17:41.0312 3576 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/13 09:17:41.0546 3576 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2011/09/13 09:17:41.0984 3576 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/13 09:17:43.0453 3576 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/09/13 09:17:45.0093 3576 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/13 09:17:45.0328 3576 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/13 09:17:45.0875 3576 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/13 09:17:46.0109 3576 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/13 09:17:46.0375 3576 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/13 09:17:46.0859 3576 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/13 09:17:47.0125 3576 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/13 09:17:47.0500 3576 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/13 09:17:47.0906 3576 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/13 09:17:48.0140 3576 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/13 09:17:49.0921 3576 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/13 09:17:50.0843 3576 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/13 09:17:51.0875 3576 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/13 09:17:52.0281 3576 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/13 09:17:53.0093 3576 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/13 09:17:53.0531 3576 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/13 09:17:54.0109 3576 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/13 09:17:54.0718 3576 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/13 09:17:54.0890 3576 FileMonitor (105df2089fea245e8f80984ae91158dc) C:\Programmi\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
2011/09/13 09:17:55.0187 3576 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/13 09:17:55.0359 3576 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/13 09:17:55.0609 3576 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/13 09:17:55.0984 3576 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/13 09:17:56.0203 3576 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/13 09:17:56.0437 3576 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/13 09:17:56.0796 3576 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/13 09:17:57.0031 3576 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/13 09:17:57.0421 3576 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/09/13 09:17:57.0781 3576 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/09/13 09:17:57.0984 3576 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/09/13 09:17:58.0328 3576 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/13 09:17:59.0203 3576 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/09/13 09:18:01.0312 3576 ialm (66a685b05066683621920bc14a45cfe8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/09/13 09:18:03.0437 3576 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/13 09:18:06.0109 3576 IntcAzAudAddService (a44c02a9a231dcd776bf55e2a142aa71) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/09/13 09:18:06.0578 3576 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/13 09:18:06.0921 3576 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/13 09:18:07.0171 3576 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/13 09:18:07.0390 3576 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/13 09:18:07.0781 3576 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/13 09:18:08.0015 3576 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/13 09:18:08.0250 3576 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/13 09:18:08.0500 3576 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/13 09:18:08.0828 3576 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/13 09:18:09.0078 3576 kbdhid (4c61c226bdda2ef1672b2c5f4e56625e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/13 09:18:10.0062 3576 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\WINDOWS\system32\DRIVERS\kl1.sys
2011/09/13 09:18:10.0406 3576 kl2 (713576569667ac9e0f8556076004a96b) C:\WINDOWS\system32\DRIVERS\kl2.sys
2011/09/13 09:18:10.0906 3576 KLIF (44ec6b3dbe167c7fa818f9918d2cbf22) C:\WINDOWS\system32\DRIVERS\klif.sys
2011/09/13 09:18:11.0218 3576 klim5 (8d6e11bfa9927978d25b1b8029554f07) C:\WINDOWS\system32\DRIVERS\klim5.sys
2011/09/13 09:18:11.0515 3576 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
2011/09/13 09:18:11.0890 3576 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/13 09:18:12.0218 3576 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/13 09:18:12.0875 3576 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/09/13 09:18:13.0156 3576 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/13 09:18:13.0765 3576 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/13 09:18:14.0390 3576 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/09/13 09:18:15.0218 3576 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/13 09:18:15.0500 3576 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/13 09:18:15.0843 3576 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/13 09:18:16.0375 3576 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/13 09:18:16.0937 3576 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/13 09:18:17.0343 3576 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/13 09:18:17.0734 3576 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\WINDOWS\system32\Drivers\nx6000.sys
2011/09/13 09:18:18.0015 3576 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/13 09:18:18.0250 3576 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/13 09:18:18.0500 3576 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/13 09:18:19.0000 3576 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/13 09:18:19.0562 3576 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/13 09:18:20.0046 3576 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/13 09:18:20.0359 3576 MXOPSWD (c29f284ff7ab4ed38ce419a9424e52a2) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
2011/09/13 09:18:20.0750 3576 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/13 09:18:21.0093 3576 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/13 09:18:21.0406 3576 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/13 09:18:21.0750 3576 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/13 09:18:22.0031 3576 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/13 09:18:22.0296 3576 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/13 09:18:22.0734 3576 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/13 09:18:23.0031 3576 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/13 09:18:23.0265 3576 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/13 09:18:23.0515 3576 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/13 09:18:23.0953 3576 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/13 09:18:24.0296 3576 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/13 09:18:24.0562 3576 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/13 09:18:24.0875 3576 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/13 09:18:25.0296 3576 PAC207 (4a410c7aea51123519c20d43a20bce96) C:\WINDOWS\system32\DRIVERS\PFC027.SYS
2011/09/13 09:18:25.0828 3576 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/13 09:18:26.0078 3576 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/13 09:18:26.0265 3576 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/13 09:18:26.0562 3576 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/13 09:18:27.0062 3576 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/13 09:18:27.0312 3576 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/13 09:18:28.0828 3576 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/13 09:18:29.0046 3576 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/13 09:18:29.0250 3576 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/13 09:18:29.0468 3576 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/13 09:18:30.0781 3576 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/13 09:18:31.0031 3576 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/13 09:18:31.0250 3576 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/13 09:18:31.0437 3576 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/13 09:18:31.0781 3576 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/13 09:18:32.0015 3576 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/13 09:18:32.0312 3576 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/13 09:18:32.0734 3576 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/13 09:18:32.0890 3576 RegFilter (3bc05ec17f0a2bf4f141cb3d3390515e) C:\Programmi\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
2011/09/13 09:18:33.0203 3576 RTLE8023xp (e47c52f0380f0950e2bc9f1bcdc0de9b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/09/13 09:18:33.0968 3576 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/13 09:18:34.0484 3576 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/13 09:18:34.0921 3576 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/13 09:18:35.0156 3576 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/09/13 09:18:35.0718 3576 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/13 09:18:36.0171 3576 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/13 09:18:36.0468 3576 sp_rsdrv2 (8831252bcf05fcfb5abd116a22e552d8) C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2011/09/13 09:18:36.0859 3576 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/13 09:18:37.0218 3576 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/13 09:18:37.0515 3576 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/13 09:18:37.0906 3576 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/13 09:18:38.0156 3576 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/13 09:18:39.0171 3576 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/13 09:18:39.0531 3576 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/13 09:18:39.0968 3576 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/13 09:18:40.0218 3576 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/13 09:18:40.0515 3576 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/13 09:18:41.0078 3576 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/13 09:18:41.0718 3576 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/13 09:18:41.0953 3576 UrlFilter (6a65cd6761337d339001959232233f0d) C:\Programmi\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
2011/09/13 09:18:42.0234 3576 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/13 09:18:42.0515 3576 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/13 09:18:42.0906 3576 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/13 09:18:43.0140 3576 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/13 09:18:43.0390 3576 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/13 09:18:43.0765 3576 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/13 09:18:43.0984 3576 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/13 09:18:44.0187 3576 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/13 09:18:44.0453 3576 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/09/13 09:18:44.0875 3576 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/13 09:18:45.0250 3576 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/13 09:18:45.0593 3576 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/13 09:18:46.0171 3576 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/13 09:18:46.0453 3576 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/09/13 09:18:46.0843 3576 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/13 09:18:47.0125 3576 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/13 09:18:47.0406 3576 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/13 09:18:47.0750 3576 MBR (0x1B8) (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk0\DR0
2011/09/13 09:18:47.0906 3576 MBR (0x1B8) (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk1\DR1
2011/09/13 09:18:48.0078 3576 Boot (0x1200) (463906a0217598d6acceb28157136962) \Device\Harddisk0\DR0\Partition0
2011/09/13 09:18:48.0093 3576 Boot (0x1200) (521550460a129dee0f2cca1da15a97af) \Device\Harddisk1\DR1\Partition0
2011/09/13 09:18:48.0109 3576 ================================================================================
2011/09/13 09:18:48.0109 3576 Scan finished
2011/09/13 09:18:48.0109 3576 ================================================================================
2011/09/13 09:18:48.0109 2372 Detected object count: 0
2011/09/13 09:18:48.0109 2372 Actual detected object count: 0
2011/09/13 09:19:23.0250 1392 Deinitialize success
Torna in alto
 
Scilipoti
Inviato: Tuesday, September 13, 2011 9:44:06 AM
Rank: AiutAmico

Iscritto dal : 1/2/2003
Posts: 68
ribuongiorno.
Allora...ho riprovato di nuovo a fare l'installazione di un gioco (375 mb). Normalmente non parte (cartella scarico..dove è salvato l' exe...non risponde ) Mi fa sparire tutto dal desktop...dopo un po riappare tutto.
Ho disattivato l'antivirus per 15 min......rieseguito l'exe...ed è partito subito...e installato normalmante.
Siccome mi sta scadendo la licenza di Kaspersky...volevo chiedere se vale la pena rinnovarla o usare qualcos' altro
Grazie

dimenticavo....fast browser search...non è presente.
Torna in alto
 
shapiro
Inviato: Tuesday, September 13, 2011 10:29:26 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
bisognerebbe sapere il gioco che si blocca cos'e', se e' un crack possibile che viene bloccato da kaspersky


per ora proseguiamo , ti faccio eliminare alcune delle cose che non devono rimanere nel tuo pc , alle altre ci pensera' malwarebytes

apri una pagina del blocco note e copia incolla quanto segue


Code:
File::
c:\programmi\Ask.com\GenericAskToolbar.dll
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
c:\programmi\Ask.com\UpdateTask.exe


Folder::
c:\programmi\Ask.com

Registry::
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] 
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

RegNull::
[HKEY_USERS\S-1-5-21-854245398-2077806209-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CBAB3619-048D-D41B-C2AE-04296B63CAE3}*]


salva la pagina nominandola obligatoriamente in CFScript.txt
a questo punto trascina e lascia il file CFScript.txt sull'icona di combofix
lascialo lavorare fino alla fine e riposta il suo log ...


Scarica e installa malwarebytes.
http://www.malwarebytes.org/
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto .
Torna in alto
 
Scilipoti
Inviato: Tuesday, September 13, 2011 5:12:13 PM
Rank: AiutAmico

Iscritto dal : 1/2/2003
Posts: 68
Allora...ho fatto CFScript.txt...lo metto sull'icona di combofix...parte e dopo un po mi dice nome ortograficamente non corretto
cosa faccio?????? (scritto come sopra da te evidenziato )
Torna in alto
 
shapiro
Inviato: Tuesday, September 13, 2011 5:29:01 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
forse hai copiato anche Code:


scaricalo da qui e trascinalo col mouse sull'icona di combofix - l'icona deve trovarsi sul desktop- fatto questo lascia che finisca la scansione durante la quale non devi assolutamente toccare niente, nemmeno mouse e tastiera - a fine scansione posta il log
Torna in alto
 
Scilipoti
Inviato: Tuesday, September 13, 2011 5:35:05 PM
Rank: AiutAmico

Iscritto dal : 1/2/2003
Posts: 68
chiedo scusa...errore mio.
fatto...ecco il log
ComboFix 11-09-13.02 - Admin 13/09/2011 17.16.15.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2037.1332 [GMT 2:00]
Eseguito da: c:\documents and settings\Admin\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Admin\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
FILE ::
"c:\programmi\Ask.com\GenericAskToolbar.dll"
"c:\programmi\Ask.com\UpdateTask.exe"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programmi\Ask.com
c:\programmi\Ask.com\assets\oobe\b.png
c:\programmi\Ask.com\assets\oobe\bl.png
c:\programmi\Ask.com\assets\oobe\br.png
c:\programmi\Ask.com\assets\oobe\l.png
c:\programmi\Ask.com\assets\oobe\pointer.png
c:\programmi\Ask.com\assets\oobe\r.png
c:\programmi\Ask.com\assets\oobe\t.png
c:\programmi\Ask.com\assets\oobe\tl.png
c:\programmi\Ask.com\assets\oobe\tr.png
c:\programmi\Ask.com\cobrand.ico
c:\programmi\Ask.com\config.xml
c:\programmi\Ask.com\favicon.ico
c:\programmi\Ask.com\fv_2c.ico
c:\programmi\Ask.com\GenericAskToolbar.dll
c:\programmi\Ask.com\mupcfg.xml
c:\programmi\Ask.com\SaUpdate.exe
c:\programmi\Ask.com\UpdateTask.exe
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
.
.
((((((((((((((((((((((((( Files Creati Da 2011-08-13 al 2011-09-13 )))))))))))))))))))))))))))))))))))
.
.
2011-09-12 15:14 . 2011-09-12 15:24 -------- dc----w- c:\programmi\FindyKill
2011-09-12 07:46 . 2011-09-12 07:46 -------- dc----w- c:\programmi\VirusTotalUploader2
2011-09-11 15:19 . 2011-09-11 15:19 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-09-11 07:45 . 2011-09-11 07:45 -------- dc----w- c:\programmi\ImTOO
2011-09-07 12:58 . 2011-09-07 12:58 -------- dc----w- c:\programmi\File comuni\ANDShared
2011-09-07 12:58 . 2011-09-07 13:01 -------- dc----w- C:\R99itITA
2011-09-07 09:27 . 2011-09-07 09:27 -------- dc----w- c:\programmi\File comuni\SWiSHzone.com
2011-09-07 09:27 . 2011-09-07 09:33 -------- dc----w- c:\programmi\SWiSH Max3
2011-09-07 09:18 . 2011-09-07 09:20 -------- dc----w- c:\programmi\DownVision
2011-09-06 14:39 . 2011-09-06 14:39 -------- dc----w- c:\documents and settings\Admin\Dati applicazioni\gtk-2.0
2011-09-06 14:39 . 2011-09-06 14:39 -------- dc----w- c:\documents and settings\Admin\.thumbnails
2011-09-06 14:30 . 2011-09-06 14:43 -------- dc----w- c:\documents and settings\Admin\.gimp-2.6
2011-09-06 14:20 . 2011-09-06 14:20 -------- dc----w- c:\documents and settings\Admin\Dati applicazioni\AntsSoft
2011-09-06 06:53 . 2011-09-06 06:53 -------- dc----w- c:\documents and settings\LocalService\Dati applicazioni\TightVNC
2011-09-06 06:52 . 2011-09-12 16:22 -------- dc----w- c:\documents and settings\Admin\Impostazioni locali\Dati applicazioni\CrossLoop
2011-09-04 09:13 . 2011-09-04 09:17 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\SpeedBit
2011-09-04 09:13 . 2011-09-04 09:13 -------- dc----w- c:\programmi\File comuni\SpeedBit
2011-09-04 09:13 . 2011-09-04 09:13 84480 ----a-w- c:\windows\system32\EasyHook32.dll
2011-09-04 09:13 . 2011-09-04 09:13 109216 ----a-w- c:\windows\system32\EasyHook64.dll
2011-09-04 09:13 . 2011-09-04 09:18 -------- dc----w- c:\programmi\DAP
2011-09-04 09:09 . 2011-09-04 09:09 -------- dc----w- c:\programmi\SAVERS4FREE.COM
2011-09-03 10:17 . 2011-09-03 10:17 603136 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-09-03 07:42 . 2011-09-03 07:42 -------- dc----w- c:\programmi\Glary Utilities
2011-09-02 07:27 . 2011-09-13 11:59 -------- dc----w- C:\TEMP
2011-08-31 09:34 . 2011-08-31 09:34 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\casualArts
2011-08-31 09:34 . 2011-08-31 09:34 -------- dc----w- c:\documents and settings\Admin\Dati applicazioni\casualArts
2011-08-31 06:31 . 2011-08-31 17:50 -------- dc----w- c:\programmi\Sandboxie
2011-08-28 14:04 . 2011-08-28 14:04 -------- dc----w- c:\programmi\File comuni\Logishrd
2011-08-28 14:03 . 2011-08-28 14:03 -------- dc----w- c:\programmi\Logitech
2011-08-26 18:03 . 2011-08-26 18:04 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2011-08-25 17:00 . 2011-08-25 17:00 -------- dc----w- c:\documents and settings\Admin\Dati applicazioni\GlarySoft
2011-08-25 11:12 . 1997-06-03 07:31 108032 ------w- c:\windows\system32\sh33w32.dll
2011-08-25 07:15 . 2011-08-26 17:54 -------- dc----w- c:\programmi\DVD Cutter Plus
2011-08-25 06:49 . 2011-08-25 07:19 -------- dc----w- c:\programmi\AVS4YOU
2011-08-24 17:07 . 2011-08-24 17:07 -------- dc----w- c:\documents and settings\Admin\Dati applicazioni\HillStoneAnimationStudios
2011-08-23 09:56 . 2011-08-23 09:56 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-23 09:55 . 2011-08-23 09:55 -------- d-----w- c:\windows\The Curse of the Ring
2011-08-23 09:55 . 2011-08-23 09:55 -------- d-----w- c:\windows\Robin's Quest
2011-08-23 09:55 . 2011-08-23 09:55 -------- d-----w- c:\windows\Spirit Seasons
2011-08-23 09:55 . 2011-08-23 09:55 -------- d-----w- c:\windows\Mystic Gateways The Celestial Quest
2011-08-23 09:55 . 2011-08-23 09:55 -------- d-----w- c:\windows\Mystery of Mortlake Mansion
2011-08-23 09:55 . 2011-08-23 09:55 -------- d-----w- c:\windows\Eternal Night - Realm of Souls
2011-08-23 09:55 . 2011-08-23 09:55 -------- d-----w- c:\programmi\Nightmare Realm Collector's Edition
2011-08-23 09:54 . 2011-08-23 09:54 -------- d-----w- c:\windows\Between the Worlds
2011-08-23 09:54 . 2011-08-23 09:54 -------- d-----w- c:\windows\Downtown Secrets
2011-08-23 09:54 . 2011-08-23 09:54 -------- d-----w- c:\windows\Dominic Crane 2 - Dark Mystery Revealed
2011-08-23 08:46 . 2011-08-23 09:54 -------- dc----w- c:\programmi\TuneUp Utilities 2011
2011-08-22 11:23 . 2011-08-22 11:23 -------- dc----w- c:\programmi\VS Revo Group
2011-08-18 08:41 . 2011-08-18 08:41 -------- dc----w- c:\programmi\Digital Photo Software
2011-08-17 17:52 . 2011-08-17 17:52 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Fenomen Games
2011-08-16 17:32 . 2011-08-16 17:32 -------- dc----w- c:\programmi\iWebAlbum
2011-08-15 10:30 . 2011-08-15 13:22 -------- dc----w- c:\documents and settings\Admin\Dati applicazioni\XnView
2011-08-15 10:30 . 2011-08-15 10:30 -------- dc----w- c:\programmi\XnView
2011-08-15 06:50 . 2011-08-15 07:08 -------- dc----w- c:\documents and settings\Admin\Dati applicazioni\Anvsoft
2011-08-15 06:50 . 2011-08-15 07:06 -------- dc----w- c:\programmi\AnvSoft
2011-08-14 17:12 . 2011-08-14 17:15 -------- dc----w- c:\programmi\Notepad++
2011-08-14 17:12 . 2011-08-14 17:15 -------- dc----w- c:\documents and settings\Admin\Dati applicazioni\Notepad++
2011-08-14 16:33 . 2011-08-14 16:33 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\WinMaximizer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2004-08-19 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2004-08-19 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-19 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 17:52 . 2010-10-25 11:39 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2010-10-25 11:39 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10 . 2010-10-11 15:09 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:30 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:30 . 2004-08-19 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:30 . 2004-08-19 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-19 12:00 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-19 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-08-20 16:09 . 2011-08-20 16:09 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\documents and settings\Admin\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\documents and settings\Admin\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\documents and settings\Admin\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\documents and settings\Admin\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\programmi\IncrediMail\bin\IncMail.exe" [2011-07-20 366024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-11-02 365336]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\Admin\Menu Avvio\Programmi\Esecuzione automatica\
Dropbox.lnk - c:\documents and settings\Admin\Dati applicazioni\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Corel MEDIA FOLDERS INDEXER 8.LNK]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 -c--a-w- c:\programmi\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 17:14 1695232 ------w- c:\programmi\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2006-08-11 09:15 81920 -c--a-w- c:\programmi\Maxtor\OneTouch Status\MaxMenuMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 -c--a-w- c:\programmi\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-05-03 09:12 399736 -c--a-w- c:\programmi\uTorrent\uTorrent.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Advanced SystemCare 4"=c:\programmi\IObit\Advanced SystemCare 4\ASCTray.exe
"FTweakFCleaner"=c:\programmi\FCleaner\FCleaner.exe -a
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Google Update"="c:\documents and settings\Admin\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe"
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
"HP Software Update"="c:\programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
"RemoteControl"=c:\programmi\CyberLink\PowerDVD\PDVDServ.exe
"LanguageShortcut"=c:\programmi\CyberLink\PowerDVD\Language\Language.exe
"GrooveMonitor"="f:\office12\GrooveMonitor.exe"
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
"RTHDCPL"=RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\IncrediMail\\Bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\Bin\\ImApp.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Programmi\\Kyodai Mahjongg\\kmj.exe"=
"c:\\Programmi\\IncrediMail\\Bin\\ImpCnt.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2011 11.0.2.556\\it\\setup.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"f:\\Office12\\OUTLOOK.EXE"=
"f:\\Office12\\GROOVE.EXE"=
"f:\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Programmi\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Admin\\Dati applicazioni\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\Admin\\Impostazioni locali\\Dati applicazioni\\CrossLoop\\vncviewer.exe"=
"c:\\Documents and Settings\\Admin\\Impostazioni locali\\Dati applicazioni\\CrossLoop\\tvnserver.exe"=
"c:\\Documents and Settings\\Admin\\Impostazioni locali\\Dati applicazioni\\CrossLoop\\CrossLoopConnect.exe"=
"c:\\Programmi\\DownVision\\DownVision.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP"= 5910:TCP:vnc5910
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [09/06/2010 16.43.52 11352]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [09/11/2010 10.36.37 142592]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\programmi\IObit\Advanced SystemCare 4\ASCService.exe [27/04/2011 8.42.39 328536]
R2 CrossLoopService;CrossLoop Service;c:\documents and settings\Admin\Impostazioni locali\Dati applicazioni\CrossLoop\CrossLoopService.exe [06/09/2011 8.52.58 563216]
R2 FreemakeUtilsService;Freemake Service;c:\documents and settings\All Users\Dati applicazioni\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [03/09/2011 9.13.42 74240]
R2 IMFservice;IMF Service;c:\programmi\IObit\IObit Malware Fighter\IMFsrv.exe [19/05/2011 8.42.26 821080]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [07/05/2010 11.06.26 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 19.27.24 19472]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [07/06/2011 18.53.28 30576]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [25/10/2010 13.39.29 41272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [02/03/2011 10.12.04 136176]
S3 __FOX__UNI_DRIVER__;__FOX__UNI_DRIVER__; [x]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/10/2010 17.25.35 1684736]
S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [02/03/2011 10.12.04 136176]
S3 PAC207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [13/10/2010 12.14.48 618112]
S3 RegFilter;RegFilter;c:\programmi\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [10/06/2011 15.51.27 30368]
S3 tvnserver;TightVNC Server;c:\documents and settings\Admin\Impostazioni locali\Dati applicazioni\CrossLoop\tvnserver.exe [06/09/2011 8.52.58 814080]
S3 UrlFilter;UrlFilter;c:\programmi\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [10/06/2011 15.51.27 16080]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; [x]
S4 FileMonitor;FileMonitor;c:\programmi\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [10/06/2011 15.51.27 239472]
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-09-13 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2011-09-03 07:26]
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-03-02 08:11]
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-03-02 08:11]
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-2077806209-682003330-1004Core.job
- c:\documents and settings\Admin\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-07-31 11:13]
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-2077806209-682003330-1004UA.job
- c:\documents and settings\Admin\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-07-31 11:13]
.
2011-09-13 c:\windows\Tasks\RegistryBooster.job
- c:\programmi\Uniblue\RegistryBooster\rbmonitor.exe [2011-07-28 13:29]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://news.google.it/nwshp?hl=it&tab=wn
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Free YouTube Download - c:\documents and settings\Admin\Dati applicazioni\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Admin\Dati applicazioni\Mozilla\Firefox\Profiles\od6f3shp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=106&q=
FF - prefs.js: browser.search.selectedEngine - SpeedBit Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=106&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-13 17:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
Ora fine scansione: 2011-09-13 17:31:02
ComboFix-quarantined-files.txt 2011-09-13 15:30
.
Pre-Run: 470.293.626.880 byte disponibili
Post-Run: 470.334.402.560 byte disponibili
.
- - End Of File - - B705F8B1457205B5336DD972A760A6E6


sto facendo l'altro ...appena fatto lo invio
Torna in alto
 
Scilipoti
Inviato: Tuesday, September 13, 2011 8:24:07 PM
Rank: AiutAmico

Iscritto dal : 1/2/2003
Posts: 68
ecco il log di malwarebytes

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Versione database: 7695

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13/09/2011 20.20.09
mbam-log-2011-09-13 (20-20-09).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 289620
Tempo impiegato: 2 ore, 54 minuti, 36 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 2

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FX - MP3 Converter (Adware.Agent) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
c:\documents and settings\Admin\documenti\vari prog\mailpv.exe (PUP.MailPassView) -> Quarantined and deleted successfully.
c:\programmi\foxtabaudioconverter\uninstall\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
Torna in alto
 
shapiro
Inviato: Wednesday, September 14, 2011 12:11:14 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Scilipoti siamo quasi alla fine ma vorrei darti un consiglio, meglio se rimuoviamo quel programma (gioco) cinese Kyodai Mahjongg il suo eseguibile sembrerebbe essere poco sicuro

rimuovi la versione di firefox che hai installata e scarica la piu' recente che puoi scaricare anche da qui


Installa Ccleaner

ccleaner

durante l’installazione deseleziona l’opzione per la barra di Yahoo, lo apri, vai in Opzioni>Avanzate, togli la spunta a “Cancella file temp diwindows solo se più vecchi di 48 ore”, poi avvialo, seleziona "Analizza" ed alla fine dell'analisi premi "Avvia pulizia''


clicca su Registro, nella pagina successiva clicca Trova problemi, poi al termine dello scan clicca su Ripara selezionati , risposndi di sì alla richiesta di salvare il backup (salvalo in una cartella a piacimento) poi ripara tutti gli elementi trovati.

scarica atf cleaner

non ha bisogno di installazione

Avvia ATF Cleaner.exe con un doppio click
- clicca sul menu main
- seleziona la casella Select All
- clicca sul pulsante Empty selected
- aspetta l'avviso Done Cleaning.
(se non vuoi eliminare le password togli la spunta)
(se usi opera o firefox,spunta anche le loro sezioni)

Apri il block notes di windows e copia e incolla questo (senza il code mi racomando)


Code:
killAll::

Folder::
c:\\Programmi\\Kyodai Mahjongg

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\Kyodai Mahjongg\\kmj.exe"=-


Driver::
__FOX__UNI_DRIVER__ 



Salva il file nella stessa posizione dove è presente combofix.exe e chiamalo CFScript.txt
Adesso trascina il file CFScript.txt su combofix.exe
Riavvia il pc se ti viene richiesto dal programma.
Riavvia e posta il contenuto del file C:\ComboFix.txt
Torna in alto
 
r16
Inviato: Wednesday, September 14, 2011 6:11:19 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao Shap.
Commenta:
ma vorrei darti un consiglio, meglio se rimuoviamo

Ce ne sono di cose da eliminare, perchè non servono.......Whistle
Spyware Terminator (servizio)
Advanced SystemCare 4
FXDrv32 (questo puzza lontano un miglio)
IObit
Uniblue
Tutta merce amico mio, che serve solo a "intasare" il pc. (oltre a non essere efficiente)
Ciao!
Torna in alto
 
shapiro
Inviato: Wednesday, September 14, 2011 6:20:35 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

ciao r16 avevo gia' visto quel FXDrv32 ma come al solito ci sono opinioni discordanti leggi qui

per le altre vorrei farle disinstallare alla fine
Torna in alto
 
Utenti presenti in questo topic
Guest

3 pages: [1] 2 3

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » applicazioni lente


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.