salve, ogni tanto ho internet che si blocca,rimane lo schermo fisso sulla pagina per poi sbloccarsi dopo qualche secondo.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21.50.39, on 30/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\SOUNDMAN.EXE
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\microsoft office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Total Security\zatray.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\PROGRA~1\TOTALS~1\MAILFR~1\mantispm.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL

= http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer

\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer

\Toolbar,LinksFolderName =
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} -

C:\Program Files\vShare\vshare_toolbar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet

Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData

\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-

0BBC1D38A37E} - C:\Program Files\Microsoft Office

\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-

D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin

\ssv.dll
O2 - BHO: Total Security Toolbar Registrar - {8A4A36C2-0535-4D2C-

BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField

\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-

8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared

\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}

- C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-

4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion

\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

- C:\Program Files\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

"C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-

9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin

\jp2ssv.dll
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF}

- C:\Program Files\vShare\vshare_toolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} -

"C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Total Security Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-

BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField

\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} -

(no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft

Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows

\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows

\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows

\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies

\KiesTrayAgent.exe






O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple

\Apple Application Support\APSDaemon.exe"






O4 - HKLM\..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField

\ForceField.exe /icon="hidden"
O4 - HKLM\..\Run: [ZoneAlarm] C:\Program Files\Total Security

\zatray.exe
O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software

\Messenger Plus!\PlusService.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External

\FirmwareUpdate\KiesPDLR.exe






O4 - HKCU\..\Run: [Google Update] "C:\Users\roberto\AppData\Local

\Google\Update\GoogleUpdate.exe" /c






O4 - HKCU\..\Run: [Facebook Update] "C:\Users\roberto\AppData\Local

\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar

\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows

\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar

\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows

\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Translate this web page with Babylon -

res://C:\Program Files\Babylon\Babylon-Pro\Utils

\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:

\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion

\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} -

C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer

\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-

D9FCDDC9D600} - C:\Program Files\Windows Live\Writer

\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer

\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-

D9FCDDC9D600} - C:\Program Files\Windows Live\Writer

\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-

5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-

4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-

AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263}

- C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Translate this web page with Babylon - {F72841F0

-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-

Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon -

{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon

\Babylon-Pro\Utils\BabylonIEPI.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files

\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files

\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O16 - DPF: {0AD152FC-3023-43DD-B750-59CA9AC3B8B5} -

http://77.238.10.103/velox/services/static/McciInstaller.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl

Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.c

ab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-

3CB6248B04CD} - C:\Program Files\Microsoft Office

\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-

07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-

6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:

\Program Files\Windows Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files

\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-

AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com -

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service

(AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:

\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. -

C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) -

Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

(file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver

\1150\Intel 32\IDriverT.exe
O23 - Service: Total Security Toolbar IswSvc (IswSvc) - Check Point

Software Technologies - C:\Program Files\CheckPoint\ZAForceField

\IswSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) -

Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service

\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files

\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2

(NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program

Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files

\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common

Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology

Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:

\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies -

C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:

\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:

\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) -

TuneUp Software - C:\Program Files\TuneUp Utilities

2012\TuneUpUtilitiesService32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point

Software Technologies LTD - C:\Program Files\Total Security

\vsmon.exe

--
End of file - 12001 bytes

Ciao, hai dei programmi inutili, troppe toolbar e troppe voci in avvio, ecco il motivo dei tuoi blocchi.
Dovresti eliminare tutti i sw della Toshiba che chiamano utility ma io chiamo inutilità, servono a niente e creano solo intoppi.
Io sostituirei anche Total Security, dovrebbe essere quello di Telecom, e sostituiscilo con MSE, molto meglio.

Chiudi tutti i programmi e disconnesso lanci HJT e clicca sul secondo pulsante: Do a system scan only poi metti la spunta alle voci che ti indico e alla fine clic su Fix checked:


O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} -
C:\Program Files\vShare\vshare_toolbar.dll
O2 - BHO: Total Security Toolbar Registrar - {8A4A36C2-0535-4D2C-
BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField
\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
- C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
"C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF}
- C:\Program Files\vShare\vshare_toolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} -
"C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Total Security Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-
BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField
\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} -(no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft
Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows
\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple
\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software
\Messenger Plus!\PlusService.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\roberto\AppData\Local
\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\roberto\AppData\Local
\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar
\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar
\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-
6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
Poi fai una pulizia con Ccleaner QUI compreso il Registro.
Installa malwarebytes QUI lo aggiorni e poi fai una scansione COMPLETA non veloce, elimina quello che trova.
Fai sapere se c'è qualche miglioramento.

No Total Security non viene toccato, se vuoi cambiarlo lo devi disattivare tu lo puoi rimuovere da installazione applicazioni, prima però devi scaricare il nuovo antivirus, se ti va bene MSE lo puoi scaricare da QUI, poi ti disconneti da internet, rimuovi Total fai una pulizia con Ccleaner compreso il Registro e quindi installi MSE, poi ti colleghi a internet e lo aggiorni, quindi fai una scansione completa.
Alcuni programmi vengono eliminati mentre le voci 04 non toccano i vari programmi ma disattivano solo l'avvio automatico in questo modo si velocizza l'avvio del sistema operativo.
Ciao

Attenzione




http://pc-security.forumattivo.com/t252-total-security-guida-alla-rimozione




Ancora http://rogueantispyware.blogspot.it/2009/03/total-security.html

"Total Security makes it's way from PC to PC with the help of Trojans that display fake security alerts about threats and then installs Total Security without user permission. Once installed, Total Security will scan the computer and display a variety of infections that cannot be removed until the user purchase the program. These infections, though, do not really exist and are being shown to scare people into purchasing the program. "

Ho postato il link per correttezza dell'immagine citata. Braccetto, non ti ho dato nessuna istruzione.


Ciao


P.S. Cmq, nell'articolo non si parlava solo di MBAM.

Cbbusto, mi riferivo alla scansione di MBAM: sono falsi positivi??


Poi, c'è il Total Security della ZoneAlarm distribuito dalla Telecom Italia. Per chi piace.

E' come immaginavo, quindi tranquillo, il tuo Total Security è normale, anch'io ho Alice tutto compreso e potrei installare il pacchetto sicurezza gratuitamente ma preferisco tenere il mio MSE, infatti il pacchetto di sicurezza della Telecom non è il massimo, specialmente se uno lo deve pagare. Vedi tu cosa vuoi fare.
Se il pc va bene e i blocchi non si ripetono direi che sei a posto. Ciao

Io lo tengo perchè è compreso nel prezzo ,era un offerta, il pc è molto più veloce e sembra non avere blocchi.

Grazie per l'aiuto

cmq vi voglio mettere il log di SmitfraudFix :

SmitFraudFix v2.423

Scan done at 15:42:43,89, 01/08/2012
Run from C:\Users\roberto\Desktop\SmitfraudFix
OS: Microsoft Windows [Versione 6.1.7601] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Total Security\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\Explorer.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Total Security\zatray.exe
C:\PROGRA~1\TOTALS~1\MAILFR~1\mantispm.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Users\roberto\Desktop\SmitfraudFix\Policies.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\roberto


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\roberto\AppData\Local\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\roberto\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\roberto\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Pagina iniziale corrente"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"="FencesShellExt"

[HKEY_CLASSES_ROOT\CLSID\{1984DD45-52CF-49cd-AB77-18F378FEA264}\InProcServer32]
@="C:\Program Files\Stardock\Fences\FencesMenu.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1984DD45-52CF-49cd-AB77-18F378FEA264}\InProcServer32]
@="C:\Program Files\Stardock\Fences\FencesMenu.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=""
"LoadAppInit_Dlls"=dword:00000000


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"VMApplet"="SystemPropertiesPerformance.exe /pagefile"
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA Rhine II Fast Ethernet Adapter #2
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2E9D592C-5593-438E-BA71-41E85DEAEC75}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2E9D592C-5593-438E-BA71-41E85DEAEC75}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2E9D592C-5593-438E-BA71-41E85DEAEC75}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Braccetto, ma chi ti ha detto di usare SmitfraudFix?

Questo genere di tool, fix(er), vanno impiegati solo su comando di che conduce la bonifica, e deve aggiungere:
- da dove scaricare il sw
- le istruzioni operative dettagliate
- le avvertenze per eventuali intoppi/difficoltà



Queste "chiavi" sono tutte legittime:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"="FencesShellExt"

[HKEY_CLASSES_ROOT\CLSID\{1984DD45-52CF-49cd-AB77-18F378FEA264}\InProcServer32]
@="C:\Program Files\Stardock\Fences\FencesMenu.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1984DD45-52CF-49cd-AB77-18F378FEA264}\InProcServer32]
@="C:\Program Files\Stardock\Fences\FencesMenu.dll"

L'unico allarme è la superficialità!


Posso affermare ciò che ho scritto perchè ho controllato le CLSID di ognuna delle chiavi! Quindi, nessuna interpretazione.







Braccetto, non era mia intenzione farti usare SmitFraudFix perchè la versione più recente è... abbastanza datata!! Visto e considerato la velocotà con la quale(purtroppo) evolvono i malware non saprei se è un sw attendibile!
Mi ero inserito in questo topic solo richiamare l'attenzione sulla minaccia di (Rogue.TotalSecurity), che non va sottovalutata.