Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

pc lento... Opzioni
RIOLOTERME
Inviato: Monday, December 31, 2012 6:39:37 PM
Rank: AiutAmico

Iscritto dal : 7/26/2007
Posts: 1,016
ce' qualcosa che non va secondo voi ?

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.38.23, on 31/12/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19222)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DAEMON Tools Pro\DTAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Users\d\Desktop\security e pulizia\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/11
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [ROUTE66Sync] C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe -runinbackground
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\d\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\aestsrv.exe (file missing)
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Unknown owner - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (file missing)
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\STacSV.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE (file missing)
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 7255 bytes
Sponsor
Inviato: Monday, December 31, 2012 6:39:37 PM

 
shapiro
Inviato: Monday, December 31, 2012 7:19:38 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


ciao la lentezza puo' essere sintomo di molte cose non solo virus, prova a fare questa scansione

Scarica OTL e salvalo sul desktop

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta su minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend,
RIOLOTERME
Inviato: Monday, December 31, 2012 7:47:56 PM
Rank: AiutAmico

Iscritto dal : 7/26/2007
Posts: 1,016
shapiro
Inviato: Monday, December 31, 2012 8:34:30 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
e' un'infezione da Ukash (virus Polizia di Stato) e zero access, ti faccio rimuovere i file piu' pericolosi al resto pensera' combofix


segui in ordine questi passaggi

apri otl e copia questo codice nello spazio bianco





Code:
:OTL
IE - HKU\S-1-5-21-4035194570-713429218-943882460-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627"
FF - prefs.js..browser.search.order.1: "Ask.com"
[2011/01/10 21.20.22 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/07/14 19.23.49 | 000,000,270 | RHS- | C] () -- C:\ProgramData\ntuser.pol
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C31F31E6

:Files
C:\ProgramData\0tbpw.pad
C:\Users\All Users\PhotoSi\MyComposer\{FCF8CD21-1869-4F8A-8962-21F04F84899B}\Data\Products\ShirtRFull\L
C:\Users\All Users\PhotoSi\MyComposer\{FCF8CD21-1869-4F8A-8962-21F04F84899B}\Data\Products\ShirtVFull\L
C:\Windows\assembly\Desktop.ini
C:\Users\d\AppData\Roaming\Babylon


clicca su RUN FIX e allega il log che rilascia


scarica combofix sul desktop

alla richiesta se vuoi installare la recovery console clicca su NO

esegui ComboFix.exe

segui le instruzioni

finita la scansione portati in C:\ e allega nella tua prossima risposta, il contenuto del file di testo Combofix.txt

come usare correttamente combofix




RIOLOTERME
Inviato: Tuesday, January 01, 2013 12:28:39 PM
Rank: AiutAmico

Iscritto dal : 7/26/2007
Posts: 1,016
ORA E' UNA BOMBA!!!!!!! GRAZIEEEEEEEEEEEEEEE

ComboFix 13-01-01.02 - d 01/01/2013 11.00.31.7.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.39.1040.18.2010.869 [GMT 1:00]
Eseguito da: c:\users\d\Desktop\combofix3.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: PC Tools Firewall Plus *Enabled* {7352CBFB-3EEC-25C5-276E-DC9378FC688F}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\016060e8-e1de-4d82-bd11-b667007b1f12.dll
c:\programdata\PCDr\6032\AddOnDownloaded\08c66698-ac37-420c-8ea0-a63d0e691e3a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\1d151f53-1500-414d-85b4-ab85d24f0785.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4011a5cd-1208-467b-b149-4c0534295875.dll
c:\programdata\PCDr\6032\AddOnDownloaded\62089595-46e8-4c4f-9d7b-48be969390bb.dll
c:\programdata\PCDr\6032\AddOnDownloaded\788ad19e-7745-402f-a5a5-20d2ab8b5f1b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\918ee45c-eb0a-4e61-97ad-c1849c2623ee.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b0654984-096d-4244-a127-3364577b6279.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b72409f9-df97-4592-bbfd-fff1ce0a9559.dll
c:\programdata\PCDr\6032\AddOnDownloaded\bbd4d2b0-9dc6-46d0-a352-dbcd92f63c4d.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-12-01 al 2013-01-01 )))))))))))))))))))))))))))))))))))
.
.
2013-01-01 10:16 . 2013-01-01 10:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-01-01 10:16 . 2013-01-01 10:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-01 09:48 . 2013-01-01 09:48 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A76106F2-2165-42A8-B97C-8C81501237D5}\MpKsl57b6313d.sys
2013-01-01 09:45 . 2013-01-01 09:45 -------- d-----w- C:\_OTL
2012-12-31 21:22 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A76106F2-2165-42A8-B97C-8C81501237D5}\mpengine.dll
2012-12-09 21:05 . 2012-12-09 21:05 -------- d-----w- c:\users\d\AppData\Local\Macromedia
2012-12-09 20:55 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-12-09 20:55 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-12-09 20:55 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-12-09 20:55 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-12-09 20:55 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-12-09 20:55 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-12-09 20:55 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-12-09 20:55 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-12-09 20:55 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-12-09 20:54 . 2012-12-12 01:28 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 01:28 . 2011-07-21 05:50 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-28 20:56 . 2012-11-28 20:56 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{822A85A0-C5BE-4EF0-8BF5-DAF0513E2642}\gapaengine.dll
2012-11-08 18:00 . 2011-07-16 14:57 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-01-26 09:11 . 2011-09-03 18:38 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
2012-12-05 18:53 . 2012-12-05 18:52 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\d\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\d\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\d\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-08-17 4527424]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-01 39408]
"Facebook Update"="c:\users\d\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-30 21432]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-02 399736]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 200704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-09 154136]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"ROUTE66Sync"="c:\program files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe" [2010-12-17 168448]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-23 16:22 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
[HKLM\~\startupfolder\C:^Users^d^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk]
path=c:\users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
backup=c:\windows\pss\ctfmon.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-05-30 01:18 21432 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\aestsrv.exe [x]
R3 1235621709;Virtual Bus for Microsoft ACPI-Compliant System; [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MPKSL57B6313D
*NewlyCreated* - MPKSLA779DC78
*Deregistered* - MBAMSwissArmy
*Deregistered* - MpKsla779dc78
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-09 01:28]
.
2013-01-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4035194570-713429218-943882460-1000Core.job
- c:\users\d\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-26 22:34]
.
2013-01-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4035194570-713429218-943882460-1000UA.job
- c:\users\d\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-26 22:34]
.
2013-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-21 05:50]
.
2013-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-21 05:50]
.
2012-12-31 c:\windows\Tasks\User_Feed_Synchronization-{394D75E6-28B0-4CFD-9190-57F44A92F065}.job
- c:\windows\system32\msfeedssync.exe [2012-04-12 08:09]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page =
uInternet Settings,ProxyOverride = *.local
IE: Aggiungi a PDF esistente - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti destinazione link in Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\d\AppData\Roaming\Mozilla\Firefox\Profiles\8jovl3l7.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.it/
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKCU-Run-AdobeBridge - (no file)
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-01 12:05
Windows 6.0.6002 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\Root\*PNPa114\0000]
@DACL=(02 0000)
"Service"="1235621709"
"ClassGUID"="{4D36E97D-E325-11CE-BFC1-08002BE10318}"
"Class"="System"
"DeviceDesc"="PCI bus"
shapiro
Inviato: Tuesday, January 01, 2013 6:09:24 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

ci sono dei driver poco sicuri fammi queste due scansioni


scarica TDSSKiller sul desktop ed estrai il contenuto

Start > Esegui > copia/incolla il seguente comando e dai OK.

"%userprofile%\Desktop\TDSSKiller.exe"

Clicca su Start Scan.
Se c’è un’infezione, l'azione di default sarà cure. Clicca su continua.
Se c’è il sospetto di un’infezione, l'azione di default sarà skip. Clicca su continua.
Se viene richiesto il riavvio, accetta.
Il rapporto si troverà in C:, sotto queste sembianze: TDSSKiller.[Version]_[Date]_[Time]_log.txt
Se non è stato richiesto il riavvio, chiudi e clicca su report. Salva il contenuto in un file di testo e allegalo



scarica sul desktop MBRCheck
Chiudi tutti i programmi.
Doppio click su MBRCheck, che hai scaricato sul desktop, ed eseguilo.
Attendi la fine della scansione.
Finita la scansione (dura pochissimo) ti apparira' nella finestra una di queste due scritte

Found non-standard or infected MBR.

Oppure:

Windows xp MBR code detected.

Dimmi quale della due ti compare.

Allega i rapporti come hai fatto con otl e postami anche la scansione delle eliminazioni di otl lo trovi nella stessa cartella del programma

RIOLOTERME
Inviato: Tuesday, January 01, 2013 6:32:31 PM
Rank: AiutAmico

Iscritto dal : 7/26/2007
Posts: 1,016
shapiro
Inviato: Wednesday, January 02, 2013 12:25:14 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

Scarica e installa malwarebytes
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto .
RIOLOTERME
Inviato: Thursday, January 03, 2013 1:27:15 PM
Rank: AiutAmico

Iscritto dal : 7/26/2007
Posts: 1,016
grazie 1000!!nn ha rilevato minacce il pc e' una bomba !!!meglio di prima ancora.
shapiro
Inviato: Friday, January 04, 2013 5:57:04 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


apri otl e clicca su cleanup verra' rimosso combofix e lo stesso otl


Installa Ccleaner

ccleaner

durante l’installazione deseleziona l’opzione per la barra di Yahoo, lo apri, vai in Opzioni>Avanzate, togli la spunta a “Cancella file temp diwindows solo se più vecchi di 48 ore”, poi avvialo, seleziona "Analizza" ed alla fine dell'analisi premi "Avvia pulizia''


clicca su Registro, nella pagina successiva clicca Trova problemi, poi al termine dello scan clicca su Ripara selezionati , risposndi di sì alla richiesta di salvare il backup (salvalo in una cartella a piacimento) poi ripara tutti gli elementi trovati.

scarica http://www.atribune.org/ccount/click.php?id=1

non ha bisogno di installazione

Avvia ATF Cleaner.exe con un doppio click

- clicca sul menu main
- seleziona la casella Select All
- clicca sul pulsante Empty selected
- aspetta l'avviso Done Cleaning.
(se non vuoi eliminare le password togli la spunta)
(se usi opera o firefox,spunta anche le loro sezioni)


disattiva il ripristino

riavvia

riattivalo e crea un nuovo punto


svuota la cartella prefetch ( non eliminarla)

se non noti malfunzionamenti la discussione e' chiusa




RIOLOTERME
Inviato: Sunday, January 13, 2013 3:07:07 PM
Rank: AiutAmico

Iscritto dal : 7/26/2007
Posts: 1,016
lo vedi pulito????


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.06.24, on 13/01/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19222)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DAEMON Tools Pro\DTAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Users\d\Desktop\security e pulizia\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.iminent.com/?appId=8F1B22A8-D7A5-4E9F-8B3D-BCADFDF40429
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/11
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: TBSB01620 - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files\IMinent Toolbar\tbcore3.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: IMinent Toolbar - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [ROUTE66Sync] C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe -runinbackground
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [SPUpdSentinel] "C:\Program Files\Common Files\Umbrella\Umbrella_bkp.exe" c
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\d\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: SProtection - Iminent - C:\Program Files\Common Files\Umbrella\Umbrella.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 6853 bytes
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.