Condividi:        

pc lento e si blocca viruss!!!!!!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Re: pc lento e si blocca viruss!!!!!!

Postdi Danivan » 02/04/10 16:28

RegUBP2b-Omar.reg C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Snapshots2 Trojan.StartPage.1505 Cancellato.
Il Gioco dei Pacchi.exe.bac_a04456 C:\Documents and Settings\Omar\.housecall6.6\Quarantine Probabile Trojan.Packed.Based Spostato.
A0210040.exe C:\System Volume Information\_restore{53F6FFD0-8D98-4585-8D09-CC1038D8FF12}\RP1057 Probabile DLOADER.Trojan Spostato.
A0210772.reg C:\System Volume Information\_restore{53F6FFD0-8D98-4585-8D09-CC1038D8FF12}\RP1064 Trojan.StartPage.1505 Cancellato.
A0249759.reg C:\System Volume Information\_restore{53F6FFD0-8D98-4585-8D09-CC1038D8FF12}\RP1078 Trojan.StartPage.1505 Cancellato.
A0251833.reg C:\System Volume Information\_restore{53F6FFD0-8D98-4585-8D09-CC1038D8FF12}\RP1078 Trojan.StartPage.1505 Cancellato.
A0251873.reg C:\System Volume Information\_restore{53F6FFD0-8D98-4585-8D09-CC1038D8FF12}\RP1079 Trojan.StartPage.1505 Cancellato.
Danivan
Utente Junior
 
Post: 77
Iscritto il: 26/08/08 19:19

Sponsor
 

Re: pc lento e si blocca viruss!!!!!!

Postdi shel » 02/04/10 16:53

ora ripei il passaggio di prima

vai in C:\ ed elimina il file mbr.log

vai su Start, esegui e digita: C:\mbr.exe -f (fai copia-incolla)

sai dirmi se il pc e' sempre lento? prevx ha trovato qualcosa?
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: pc lento e si blocca viruss!!!!!!

Postdi Danivan » 02/04/10 17:14

ho digitato

C:\mbr.exe -f ecco il risultato
prima prevx 3.0 ha trovato un file nei temporanei di internet , ho cancellato con ccleaner ed ho ripetuto prevx 3.0 , poi non ha trovato piu niente, il pc è un po piu veloce



Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x0BA50E41
malicious code @ sector 0x0BA50E44 !
PE file found in sector at 0x0BA50E5A !
Danivan
Utente Junior
 
Post: 77
Iscritto il: 26/08/08 19:19

Re: pc lento e si blocca viruss!!!!!!

Postdi shel » 02/04/10 19:30

cortesemente mi ripeti la scansione con combofix? ovviamente vai prima in C:\ ed elimina il log della precedente scansione
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: pc lento e si blocca viruss!!!!!!

Postdi Danivan » 02/04/10 21:12

avviato comboFix è apparso un messaggio del tipo:


comboFix ha rilevato che questa macchina non ha la console di ripristino sarebbe bene installarla. Vuoi farlo ora?
ciò richiede una conessione internet.


cosa devo fare???

ecco la scanzione di combofix.


ComboFix 10-03-29.04 - Omar 2010-04-02 21:51:52.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1014.339 [GMT 2:00]
Eseguito da: c:\documents and settings\Omar\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100402-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-03-02 al 2010-04-02 )))))))))))))))))))))))))))))))))))
.

2010-04-01 20:43 . 2010-04-02 15:24 -------- d-----w- c:\documents and settings\Omar\DoctorWeb
2010-04-01 20:10 . 2010-04-01 20:10 53136 ----a-w- c:\windows\system32\PxSecure.dll
2010-04-01 20:10 . 2010-04-01 20:10 47664 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-01 20:10 . 2010-04-01 20:10 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-01 20:10 . 2010-04-01 20:10 24496 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-01 20:10 . 2010-04-01 20:10 -------- d-----w- c:\programmi\Prevx
2010-04-01 20:10 . 2010-04-01 20:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PrevxCSI
2010-04-01 17:34 . 2010-04-01 17:37 -------- d-----w- c:\documents and settings\Omar\Dati applicazioni\Ready
2010-03-31 18:24 . 2010-03-31 18:24 77312 ----a-w- C:\mbr.exe
2010-03-29 18:22 . 2010-01-07 14:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 18:22 . 2010-03-29 18:22 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-29 18:22 . 2010-01-07 14:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 17:09 . 2010-03-29 17:09 388096 ----a-r- c:\documents and settings\Omar\Dati applicazioni\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-29 17:09 . 2010-03-29 17:09 -------- d-----w- c:\programmi\TrendMicro
2010-03-29 09:09 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-03-29 09:01 . 2010-03-29 09:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CA
2010-03-28 21:04 . 2010-04-01 12:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-22 08:36 . 2010-03-22 08:36 -------- d-----w- c:\documents and settings\Omar\Dati applicazioni\Search Settings
2010-03-22 08:33 . 2010-03-22 08:33 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Application Updater
2010-03-22 08:33 . 2010-03-22 08:33 -------- d-----w- c:\programmi\Application Updater
2010-03-20 15:22 . 2009-01-22 13:28 290816 ----a-w- c:\windows\system32\decdll.dll
2010-03-20 15:22 . 2010-03-22 08:32 -------- d-----w- c:\programmi\Free Video Converter
2010-03-20 15:22 . 2010-03-20 15:22 -------- d-----w- c:\documents and settings\Omar\Dati applicazioni\FreeVideoConverter
2010-03-19 20:26 . 2010-03-19 20:26 -------- d-----w- C:\Program Files
2010-03-19 18:32 . 2010-02-24 09:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-19 17:13 . 2010-03-19 17:13 -------- d-----w- c:\documents and settings\Omar\Impostazioni locali\Dati applicazioni\PCHealth
2010-03-19 17:13 . 2010-03-19 17:13 -------- d-----w- c:\programmi\Windows Defender
2010-03-16 20:04 . 2010-03-16 20:04 -------- d-----w- c:\documents and settings\Omar\.drdivx2
2010-03-09 19:28 . 2010-02-12 10:03 293376 ----a-w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 17:37 . 2010-04-01 17:25 -------- d-----w- c:\programmi\ReadyFree
2010-03-28 07:53 . 2006-08-23 03:14 93736 ----a-w- c:\windows\system32\perfc010.dat
2010-03-28 07:53 . 2006-08-23 03:14 510532 ----a-w- c:\windows\system32\perfh010.dat
2010-03-22 08:31 . 2007-01-22 18:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-03-22 08:29 . 2007-01-22 18:04 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-03-10 21:08 . 2008-07-09 19:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-02-28 15:43 . 2006-08-23 15:50 -------- d-----w- c:\programmi\Google
2010-02-25 06:16 . 2006-08-23 03:14 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-20 17:44 . 2006-08-23 15:47 -------- d-----w- c:\programmi\File comuni\Adobe
2010-02-19 23:47 . 2010-02-19 23:47 3604480 -c--a-w- c:\windows\system32\GPhotos.scr
2010-02-19 20:20 . 2010-02-19 20:20 -------- d-----w- c:\documents and settings\Omar\Dati applicazioni\3M
2010-02-19 20:19 . 2010-02-19 20:19 -------- d-----w- c:\programmi\3M
2010-02-19 16:48 . 2008-12-20 14:02 93640 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-19 08:11 . 2006-08-23 13:39 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-19 08:11 . 2009-10-03 13:15 -------- d-----w- c:\programmi\Alice MOBILE
2010-02-03 20:59 . 2006-12-25 18:05 -------- d-----w- c:\programmi\Microsoft Works
.

((((((((((((((((((((((((((((( SnapShot@2010-03-31_15.58.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-02 19:41 . 2010-04-02 19:41 16384 c:\windows\Temp\Perflib_Perfdata_e8.dat
+ 2010-04-02 19:42 . 2010-04-02 19:42 16384 c:\windows\Temp\Perflib_Perfdata_59c.dat
+ 2010-04-01 17:25 . 1998-06-17 22:00 89360 c:\windows\system32\VB5DB.DLL
+ 2010-04-01 17:25 . 1998-08-04 22:00 22016 c:\windows\system32\TABCTIT.DLL
+ 2010-04-01 17:25 . 2004-04-25 18:39 53248 c:\windows\system32\SSubTmr6.dll
+ 2010-04-01 17:25 . 2004-09-27 09:18 24576 c:\windows\system32\ReadyPPC.dll
+ 2010-04-01 17:25 . 2004-09-30 07:41 49152 c:\windows\system32\ReadyGraph.dll
+ 2010-04-01 17:25 . 1998-08-04 22:00 35328 c:\windows\system32\RCHTXIT.DLL
+ 2010-04-01 17:25 . 1998-08-04 22:00 22528 c:\windows\system32\MSMPIIT.DLL
+ 2006-11-07 19:03 . 2010-02-25 06:16 55296 c:\windows\system32\msfeedsbs.dll
- 2006-11-07 19:03 . 2009-12-21 19:06 55296 c:\windows\system32\msfeedsbs.dll
+ 2010-04-01 17:25 . 1998-08-04 22:00 13824 c:\windows\system32\MSCOMIT.DLL
+ 2006-08-23 03:13 . 2010-02-25 06:16 25600 c:\windows\system32\jsproxy.dll
- 2006-08-23 03:13 . 2009-12-21 19:06 25600 c:\windows\system32\jsproxy.dll
+ 2010-04-01 17:25 . 1998-08-04 22:00 15872 c:\windows\system32\INETIT.DLL
- 2009-06-11 19:06 . 2009-12-21 19:06 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-11 19:06 . 2010-02-25 06:16 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2007-05-10 15:28 . 2010-02-25 06:16 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-05-10 15:28 . 2009-12-21 19:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-08-23 03:13 . 2010-02-25 06:16 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2006-08-23 03:13 . 2009-12-21 19:06 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2006-08-23 10:33 . 2008-12-01 14:51 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2006-08-23 10:33 . 2010-04-01 06:24 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2006-08-23 10:33 . 2010-04-01 06:24 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2006-08-23 10:33 . 2008-12-01 14:51 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2006-08-23 10:33 . 2008-12-01 14:51 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-04-01 06:24 . 2010-04-01 06:24 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-03-31 17:37 . 2009-12-21 19:06 12800 c:\windows\ie8updates\KB980182-IE8\xpshims.dll
+ 2010-03-31 17:36 . 2009-12-21 19:06 55296 c:\windows\ie8updates\KB980182-IE8\msfeedsbs.dll
+ 2010-03-31 17:36 . 2009-12-21 19:06 25600 c:\windows\ie8updates\KB980182-IE8\jsproxy.dll
+ 1999-05-24 02:07 . 2000-10-01 22:00 122128 c:\windows\system32\VB6IT.DLL
- 1999-05-24 02:07 . 1999-05-24 02:07 122128 c:\windows\system32\vb6it.dll
+ 2010-04-01 17:25 . 2003-01-26 13:48 147456 c:\windows\system32\ReadyZip.dll
+ 2010-04-01 17:25 . 1998-12-02 07:11 143360 c:\windows\system32\ReadyUnzip.dll
+ 2006-08-23 03:14 . 2010-02-25 06:16 206848 c:\windows\system32\occache.dll
- 2006-08-23 03:14 . 2009-12-21 19:06 206848 c:\windows\system32\occache.dll
+ 2006-08-23 03:14 . 2010-02-25 06:16 611840 c:\windows\system32\mstime.dll
- 2006-08-23 03:14 . 2009-03-08 03:32 611840 c:\windows\system32\mstime.dll
- 2006-11-07 19:03 . 2009-12-21 19:06 594432 c:\windows\system32\msfeeds.dll
+ 2006-11-07 19:03 . 2010-02-25 06:16 594432 c:\windows\system32\msfeeds.dll
+ 2010-04-01 17:25 . 1998-08-04 22:00 150528 c:\windows\system32\MSCMCIT.DLL
+ 2010-04-01 17:25 . 1998-08-04 22:00 113152 c:\windows\system32\MSCH2IT.DLL
+ 2006-08-23 03:13 . 2010-02-25 06:16 184320 c:\windows\system32\iepeers.dll
- 2006-08-23 03:13 . 2009-12-21 19:06 184320 c:\windows\system32\iepeers.dll
- 2006-08-23 03:13 . 2009-12-21 19:06 387584 c:\windows\system32\iedkcs32.dll
+ 2006-08-23 03:13 . 2010-02-25 06:16 387584 c:\windows\system32\iedkcs32.dll
- 2006-08-23 03:13 . 2009-12-21 13:20 173056 c:\windows\system32\ie4uinit.exe
+ 2006-08-23 03:13 . 2010-02-24 09:56 173056 c:\windows\system32\ie4uinit.exe
+ 2006-08-23 12:21 . 2010-04-02 19:40 326704 c:\windows\system32\FNTCACHE.DAT
+ 2007-01-04 14:00 . 2010-02-25 06:16 916480 c:\windows\system32\dllcache\wininet.dll
- 2007-01-04 14:00 . 2009-12-21 19:06 916480 c:\windows\system32\dllcache\wininet.dll
- 2006-10-17 10:04 . 2009-12-21 19:06 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-10-17 10:04 . 2010-02-25 06:16 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-08-23 03:14 . 2010-02-25 06:16 611840 c:\windows\system32\dllcache\mstime.dll
- 2006-08-23 03:14 . 2009-03-08 03:32 611840 c:\windows\system32\dllcache\mstime.dll
- 2007-05-10 15:28 . 2009-12-21 19:06 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-05-10 15:28 . 2010-02-25 06:16 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-06-11 19:06 . 2010-02-25 06:16 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2006-08-23 03:13 . 2009-12-21 19:06 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-08-23 03:13 . 2010-02-25 06:16 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-08-23 03:13 . 2010-02-25 06:16 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-08-23 03:13 . 2009-12-21 19:06 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-08-23 03:13 . 2009-12-21 13:20 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-08-23 03:13 . 2010-02-24 09:56 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-04-13 09:58 . 2010-03-10 21:08 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-04-13 09:58 . 2010-04-01 06:24 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2010-04-01 17:25 . 2004-12-15 14:57 503808 c:\windows\system32\ChilkatFTP.dll
+ 2010-03-31 17:36 . 2009-12-21 19:06 916480 c:\windows\ie8updates\KB980182-IE8\wininet.dll
+ 2010-03-31 17:37 . 2009-05-26 11:41 402296 c:\windows\ie8updates\KB980182-IE8\spuninst\updspapi.dll
+ 2010-03-31 17:37 . 2009-05-26 11:41 233848 c:\windows\ie8updates\KB980182-IE8\spuninst\spuninst.exe
+ 2010-03-31 17:36 . 2009-12-21 19:06 206848 c:\windows\ie8updates\KB980182-IE8\occache.dll
+ 2010-03-31 17:36 . 2009-03-08 03:32 611840 c:\windows\ie8updates\KB980182-IE8\mstime.dll
+ 2010-03-31 17:36 . 2009-12-21 19:06 594432 c:\windows\ie8updates\KB980182-IE8\msfeeds.dll
+ 2010-03-31 17:37 . 2009-12-21 19:06 246272 c:\windows\ie8updates\KB980182-IE8\ieproxy.dll
+ 2010-03-31 17:36 . 2009-12-21 19:06 184320 c:\windows\ie8updates\KB980182-IE8\iepeers.dll
+ 2010-03-31 17:37 . 2009-12-21 19:06 387584 c:\windows\ie8updates\KB980182-IE8\iedkcs32.dll
+ 2010-03-31 17:37 . 2009-12-21 13:20 173056 c:\windows\ie8updates\KB980182-IE8\ie4uinit.exe
+ 2006-08-23 03:14 . 2010-02-25 06:16 1209344 c:\windows\system32\urlmon.dll
+ 2006-08-23 03:14 . 2010-02-25 06:16 5944832 c:\windows\system32\mshtml.dll
+ 2006-10-17 09:57 . 2010-02-25 06:16 1985536 c:\windows\system32\iertutil.dll
- 2006-10-17 09:57 . 2009-12-21 19:06 1985536 c:\windows\system32\iertutil.dll
+ 2007-01-25 12:28 . 2010-02-25 06:16 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2006-08-23 03:14 . 2010-02-25 06:16 5944832 c:\windows\system32\dllcache\mshtml.dll
- 2007-05-10 15:28 . 2009-12-21 19:06 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2007-05-10 15:28 . 2010-02-25 06:16 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2010-03-31 17:36 . 2009-12-21 19:06 1208832 c:\windows\ie8updates\KB980182-IE8\urlmon.dll
+ 2010-03-31 17:36 . 2009-12-21 19:06 5942784 c:\windows\ie8updates\KB980182-IE8\mshtml.dll
+ 2010-03-31 17:36 . 2009-12-21 19:06 1985536 c:\windows\ie8updates\KB980182-IE8\iertutil.dll
+ 2006-11-07 19:03 . 2010-02-25 09:46 11070976 c:\windows\system32\ieframe.dll
+ 2007-05-10 15:28 . 2010-02-25 09:46 11070976 c:\windows\system32\dllcache\ieframe.dll
+ 2010-03-31 17:36 . 2009-12-21 19:06 11070464 c:\windows\ie8updates\KB980182-IE8\ieframe.dll
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-08-21 202024]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-28 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\programmi\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe" [2006-08-10 217088]
"Switcher.exe"="c:\programmi\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"FLMOFFICE4DMOUSE"="c:\programmi\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe" [2006-12-25 370176]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"VAIO Update 2"="c:\programmi\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552]
"USBToolTip"="c:\programmi\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2005-06-13 192512]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-05-27 413696]

c:\documents and settings\Omar\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
wkcalrem.LNK.disabled [2007-1-22 909]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk.disabled [2006-12-27 1748]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 14:11 73728 ------w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk.disabled]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk.disabled
backup=c:\windows\pss\Adobe Gamma Loader.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk.disabled]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk.disabled
backup=c:\windows\pss\Alice ti aiuta.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido di HP Image Zone.lnk.disabled]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio rapido di HP Image Zone.lnk.disabled
backup=c:\windows\pss\Avvio rapido di HP Image Zone.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^BlueSoleil.lnk.disabled]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BlueSoleil.lnk.disabled
backup=c:\windows\pss\BlueSoleil.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk.disabled]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk.disabled
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Post-it® Software Notes Lite.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Post-it® Software Notes Lite.lnk
backup=c:\windows\pss\Post-it® Software Notes Lite.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Omar^Menu Avvio^Programmi^Esecuzione automatica^Stop Dialers.lnk.disabled]
path=c:\documents and settings\Omar\Menu Avvio\Programmi\Esecuzione automatica\Stop Dialers.lnk.disabled
backup=c:\windows\pss\Stop Dialers.lnk.disabledStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Omar^Menu Avvio^Programmi^Esecuzione automatica^Utilità di avvio Click to DVD Modalità automatica.lnk.disabled]
path=c:\documents and settings\Omar\Menu Avvio\Programmi\Esecuzione automatica\Utilità di avvio Click to DVD Modalità automatica.lnk.disabled
backup=c:\windows\pss\Utilità di avvio Click to DVD Modalità automatica.lnk.disabledStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 12:38 49152 ----a-w- d:\hp software update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-06-02 09:13 267048 ----a-w- c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:14 1695232 ----a-w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-08-08 08:25 1828136 -c--a-w- c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 -c--a-w- c:\programmi\File comuni\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 13:12 1414144 -c--a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 08:50 413696 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 09:04 2879488 -c--a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-02-28 15:43 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 18:20 866584 ----a-w- c:\programmi\Windows Defender\MSASCui.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" /background
"NBJ"="c:\programmi\Ahead\Nero BackItUp\NBJ.exe"
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
"SpybotSD TeaTimer"=c:\programmi\Spybot - Search & Destroy\TeaTimer.exe
"swg"=c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Alcmtr"=ALCMTR.EXE
"Apoint"=c:\programmi\Apoint\Apoint.exe
"AzMixerSel"=c:\programmi\Realtek\InstallShield\AzMixerSel.exe
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe"
"ehTray"=c:\windows\ehome\ehtray.exe
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"="d:\hp software update\HPWuSchd2.exe"
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"FLMOFFICE4DMOUSE"=c:\programmi\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"ISBMgr.exe"=c:\programmi\Sony\ISB Utility\ISBMgr.exe
"ISTray"="c:\programmi\Spyware Doctor\pctsTray.exe"
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe"
"Mouse Suite 98 Daemon"=ICO.EXE
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"osCheck"="c:\programmi\Norton AntiVirus\osCheck.exe"
"PrepareYourVAIO"=c:\programmi\Sony\Prepare your VAIO\PYVAlert.exe
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime
"SkyTel"=SkyTel.EXE
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe"
"Switcher.exe"=c:\programmi\Sony\Wireless Switch Setting Utility\Switcher.exe
"VAIO Update 2"="c:\programmi\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Sony\\Click to DVD 2\\CtoDvd.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3788:TCP"= 3788:TCP:Services
"6076:TCP"= 6076:TCP:Services
"4849:TCP"= 4849:TCP:Services
"8198:TCP"= 8198:TCP:Services
"3537:TCP"= 3537:TCP:Services
"5574:TCP"= 5574:TCP:Services
"4084:TCP"= 4084:TCP:Services
"6668:TCP"= 6668:TCP:Services

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2006-12-27 5248]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-04-01 30280]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-25 114768]
R2 Application Updater;Application Updater;c:\programmi\Application Updater\ApplicationUpdater.exe [2009-12-16 375296]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-08-25 20560]
R2 CSIScanner;CSIScanner;c:\programmi\Prevx\prevx.exe [2010-04-01 6259392]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-04-01 47664]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-04-01 24496]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-08-23 226304]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2006-12-27 160640]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-19 135664]
S3 EraserUtilDrv10820;EraserUtilDrv10820;\??\c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilDrv10820.sys --> c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilDrv10820.sys [?]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\Omar\IMPOST~1\Temp\671e2e63.nmc\nse\bin\ndiskio.sys --> c:\docume~1\Omar\IMPOST~1\Temp\671e2e63.nmc\nse\bin\ndiskio.sys [?]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys --> c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys [?]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\DRIVERS\ONDAusbnet.sys --> c:\windows\system32\DRIVERS\ONDAusbnet.sys [?]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\DRIVERS\ONDAusbnmea.sys --> c:\windows\system32\DRIVERS\ONDAusbnmea.sys [?]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\DRIVERS\ONDAusbser6k.sys --> c:\windows\system32\DRIVERS\ONDAusbser6k.sys [?]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys --> c:\windows\system32\drivers\SndTAudio.sys [?]
S3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2009-02-11 3768]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 UnhookMBRS;UnhookMBRS;\??\c:\docume~1\Omar\IMPOST~1\Temp\671e2e63.nmc\nse\bin\unhookmbrs.sys --> c:\docume~1\Omar\IMPOST~1\Temp\671e2e63.nmc\nse\bin\unhookmbrs.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-19 20:12]

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-19 20:12]

2010-04-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2010-04-02 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-04-02 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-04-01 c:\windows\Tasks\User_Feed_Synchronization-{9B4D9B71-1724-4584-A902-18A0D53BB988}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Invia a periferica &Bluetooth... - c:\programmi\D-Link\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
.
.
------- Associazioni dei file -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-02 21:57
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-126629373-1407123585-1270340193-1006\*! V*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:f0,8e,b4,33,2e,53,c4,00
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(496)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\MOUDL32A.DLL
.
Ora fine scansione: 2010-04-02 22:00:05
ComboFix-quarantined-files.txt 2010-04-02 20:00

Pre-Run: 12,925,419,520 byte disponibili
Post-Run: 12,996,009,984 byte disponibili

- - End Of File - - 260B737EE4F235A032B6447DCB1A7BCC
Danivan
Utente Junior
 
Post: 77
Iscritto il: 26/08/08 19:19

Re: pc lento e si blocca viruss!!!!!!

Postdi shel » 03/04/10 09:33

sembra a posto

da quanro rempo notavi questa lentezza? questo Search Settings lo hai installato tu?

c:\documents and settings\Omar\Dati applicazioni\Search Settings
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: pc lento e si blocca viruss!!!!!!

Postdi Danivan » 03/04/10 11:30

il pc va molto meglio,però c:\documents and settings\Omar\Dati applicazioni\Search Settings non l ho installato io....
Danivan
Utente Junior
 
Post: 77
Iscritto il: 26/08/08 19:19

Re: pc lento e si blocca viruss!!!!!!

Postdi shel » 03/04/10 11:47

apri una pagina del blocco note e copia incolla quanto segue;

folder::
c:\documents and settings\Omar\Dati applicazioni\Search Settings


salva la pagina nominandola obligatoriamente in CFScript.txt

a questo punto trascina e lascia il file CFScript.txt sull'icona di combofix
lascialo lavorare fino alla fine e riposta il suo log ..
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: pc lento e si blocca viruss!!!!!!

Postdi Danivan » 03/04/10 12:39

ecco qua



ComboFix 10-03-29.04 - Omar 2010-04-03 13:27:20.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1014.431 [GMT 2:00]
Eseguito da: c:\documents and settings\Omar\Desktop\ComboFix.exe
Opzioni usate :: C:\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100402-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Omar\Dati applicazioni\Search Settings
c:\documents and settings\Omar\Dati applicazioni\Search Settings\kb130\temp\ws-14693.log
c:\documents and settings\Omar\Dati applicazioni\Search Settings\kb130\temp\ws-14695.log
c:\documents and settings\Omar\Dati applicazioni\Search Settings\kb130\temp\ws-14696.log
c:\documents and settings\Omar\Dati applicazioni\Search Settings\kb130\temp\ws-14697.log

.
((((((((((((((((((((((((( Files Creati Da 2010-03-03 al 2010-04-03 )))))))))))))))))))))))))))))))))))
.

2010-04-01 20:43 . 2010-04-02 15:24 -------- d-----w- c:\documents and settings\Omar\DoctorWeb
2010-04-01 20:10 . 2010-04-01 20:10 53136 ----a-w- c:\windows\system32\PxSecure.dll
2010-04-01 20:10 . 2010-04-01 20:10 47664 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-01 20:10 . 2010-04-01 20:10 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-01 20:10 . 2010-04-01 20:10 24496 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-01 20:10 . 2010-04-01 20:10 -------- d-----w- c:\programmi\Prevx
2010-04-01 20:10 . 2010-04-01 20:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PrevxCSI
2010-04-01 17:34 . 2010-04-01 17:37 -------- d-----w- c:\documents and settings\Omar\Dati applicazioni\Ready
2010-03-31 18:24 . 2010-03-31 18:24 77312 ----a-w- C:\mbr.exe
2010-03-29 18:22 . 2010-01-07 14:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 18:22 . 2010-03-29 18:22 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-29 18:22 . 2010-01-07 14:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 17:09 . 2010-03-29 17:09 388096 ----a-r- c:\documents and settings\Omar\Dati applicazioni\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-29 17:09 . 2010-03-29 17:09 -------- d-----w- c:\programmi\TrendMicro
2010-03-29 09:09 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-03-29 09:01 . 2010-03-29 09:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CA
2010-03-28 21:04 . 2010-04-01 12:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-22 08:33 . 2010-03-22 08:33 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Application Updater
2010-03-22 08:33 . 2010-03-22 08:33 -------- d-----w- c:\programmi\Application Updater
2010-03-20 15:22 . 2009-01-22 13:28 290816 ----a-w- c:\windows\system32\decdll.dll
2010-03-20 15:22 . 2010-03-22 08:32 -------- d-----w- c:\programmi\Free Video Converter
2010-03-20 15:22 . 2010-03-20 15:22 -------- d-----w- c:\documents and settings\Omar\Dati applicazioni\FreeVideoConverter
2010-03-19 20:26 . 2010-03-19 20:26 -------- d-----w- C:\Program Files
2010-03-19 18:32 . 2010-02-24 09:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-19 17:13 . 2010-03-19 17:13 -------- d-----w- c:\documents and settings\Omar\Impostazioni locali\Dati applicazioni\PCHealth
2010-03-19 17:13 . 2010-03-19 17:13 -------- d-----w- c:\programmi\Windows Defender
2010-03-16 20:04 . 2010-03-16 20:04 -------- d-----w- c:\documents and settings\Omar\.drdivx2
2010-03-09 19:28 . 2010-02-12 10:03 293376 ----a-w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 17:37 . 2010-04-01 17:25 -------- d-----w- c:\programmi\ReadyFree
2010-03-28 07:53 . 2006-08-23 03:14 93736 ----a-w- c:\windows\system32\perfc010.dat
2010-03-28 07:53 . 2006-08-23 03:14 510532 ----a-w- c:\windows\system32\perfh010.dat
2010-03-22 08:31 . 2007-01-22 18:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-03-22 08:29 . 2007-01-22 18:04 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-03-10 21:08 . 2008-07-09 19:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-02-28 15:43 . 2006-08-23 15:50 -------- d-----w- c:\programmi\Google
2010-02-25 06:16 . 2006-08-23 03:14 916480 ------w- c:\windows\system32\wininet.dll
2010-02-20 17:44 . 2006-08-23 15:47 -------- d-----w- c:\programmi\File comuni\Adobe
2010-02-19 23:47 . 2010-02-19 23:47 3604480 -c--a-w- c:\windows\system32\GPhotos.scr
2010-02-19 20:20 . 2010-02-19 20:20 -------- d-----w- c:\documents and settings\Omar\Dati applicazioni\3M
2010-02-19 20:19 . 2010-02-19 20:19 -------- d-----w- c:\programmi\3M
2010-02-19 16:48 . 2008-12-20 14:02 93640 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-19 08:11 . 2006-08-23 13:39 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-19 08:11 . 2009-10-03 13:15 -------- d-----w- c:\programmi\Alice MOBILE
2010-02-03 20:59 . 2006-12-25 18:05 -------- d-----w- c:\programmi\Microsoft Works
.

((((((((((((((((((((((((((((( SnapShot_2010-04-02_19.57.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-03 11:24 . 2010-04-03 11:24 16384 c:\windows\Temp\Perflib_Perfdata_cc.dat
+ 2010-04-03 11:24 . 2010-04-03 11:24 16384 c:\windows\Temp\Perflib_Perfdata_1cc.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-08-21 202024]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-28 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\programmi\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe" [2006-08-10 217088]
"Switcher.exe"="c:\programmi\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"FLMOFFICE4DMOUSE"="c:\programmi\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe" [2006-12-25 370176]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"VAIO Update 2"="c:\programmi\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552]
"USBToolTip"="c:\programmi\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2005-06-13 192512]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-05-27 413696]

c:\documents and settings\Omar\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
wkcalrem.LNK.disabled [2007-1-22 909]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk.disabled [2006-12-27 1748]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 14:11 73728 ------w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk.disabled]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk.disabled
backup=c:\windows\pss\Adobe Gamma Loader.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk.disabled]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk.disabled
backup=c:\windows\pss\Alice ti aiuta.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido di HP Image Zone.lnk.disabled]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio rapido di HP Image Zone.lnk.disabled
backup=c:\windows\pss\Avvio rapido di HP Image Zone.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^BlueSoleil.lnk.disabled]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BlueSoleil.lnk.disabled
backup=c:\windows\pss\BlueSoleil.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk.disabled]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk.disabled
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Post-it® Software Notes Lite.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Post-it® Software Notes Lite.lnk
backup=c:\windows\pss\Post-it® Software Notes Lite.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Omar^Menu Avvio^Programmi^Esecuzione automatica^Stop Dialers.lnk.disabled]
path=c:\documents and settings\Omar\Menu Avvio\Programmi\Esecuzione automatica\Stop Dialers.lnk.disabled
backup=c:\windows\pss\Stop Dialers.lnk.disabledStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Omar^Menu Avvio^Programmi^Esecuzione automatica^Utilità di avvio Click to DVD Modalità automatica.lnk.disabled]
path=c:\documents and settings\Omar\Menu Avvio\Programmi\Esecuzione automatica\Utilità di avvio Click to DVD Modalità automatica.lnk.disabled
backup=c:\windows\pss\Utilità di avvio Click to DVD Modalità automatica.lnk.disabledStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 12:38 49152 ----a-w- d:\hp software update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-06-02 09:13 267048 ----a-w- c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:14 1695232 ----a-w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-08-08 08:25 1828136 -c--a-w- c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 -c--a-w- c:\programmi\File comuni\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 13:12 1414144 -c--a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 08:50 413696 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 09:04 2879488 -c--a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-02-28 15:43 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 18:20 866584 ----a-w- c:\programmi\Windows Defender\MSASCui.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" /background
"NBJ"="c:\programmi\Ahead\Nero BackItUp\NBJ.exe"
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
"SpybotSD TeaTimer"=c:\programmi\Spybot - Search & Destroy\TeaTimer.exe
"swg"=c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Alcmtr"=ALCMTR.EXE
"Apoint"=c:\programmi\Apoint\Apoint.exe
"AzMixerSel"=c:\programmi\Realtek\InstallShield\AzMixerSel.exe
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe"
"ehTray"=c:\windows\ehome\ehtray.exe
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"="d:\hp software update\HPWuSchd2.exe"
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"FLMOFFICE4DMOUSE"=c:\programmi\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"ISBMgr.exe"=c:\programmi\Sony\ISB Utility\ISBMgr.exe
"ISTray"="c:\programmi\Spyware Doctor\pctsTray.exe"
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe"
"Mouse Suite 98 Daemon"=ICO.EXE
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"osCheck"="c:\programmi\Norton AntiVirus\osCheck.exe"
"PrepareYourVAIO"=c:\programmi\Sony\Prepare your VAIO\PYVAlert.exe
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime
"SkyTel"=SkyTel.EXE
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe"
"Switcher.exe"=c:\programmi\Sony\Wireless Switch Setting Utility\Switcher.exe
"VAIO Update 2"="c:\programmi\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Sony\\Click to DVD 2\\CtoDvd.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3788:TCP"= 3788:TCP:Services
"6076:TCP"= 6076:TCP:Services
"4849:TCP"= 4849:TCP:Services
"8198:TCP"= 8198:TCP:Services
"3537:TCP"= 3537:TCP:Services
"5574:TCP"= 5574:TCP:Services
"4084:TCP"= 4084:TCP:Services
"6668:TCP"= 6668:TCP:Services

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2006-12-27 5248]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-04-01 30280]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-25 114768]
R2 Application Updater;Application Updater;c:\programmi\Application Updater\ApplicationUpdater.exe [2009-12-16 375296]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-08-25 20560]
R2 CSIScanner;CSIScanner;c:\programmi\Prevx\prevx.exe [2010-04-01 6259392]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-04-01 47664]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-04-01 24496]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-08-23 226304]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2006-12-27 160640]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-19 135664]
S3 EraserUtilDrv10820;EraserUtilDrv10820;\??\c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilDrv10820.sys --> c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilDrv10820.sys [?]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\Omar\IMPOST~1\Temp\671e2e63.nmc\nse\bin\ndiskio.sys --> c:\docume~1\Omar\IMPOST~1\Temp\671e2e63.nmc\nse\bin\ndiskio.sys [?]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys --> c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys [?]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\DRIVERS\ONDAusbnet.sys --> c:\windows\system32\DRIVERS\ONDAusbnet.sys [?]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\DRIVERS\ONDAusbnmea.sys --> c:\windows\system32\DRIVERS\ONDAusbnmea.sys [?]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\DRIVERS\ONDAusbser6k.sys --> c:\windows\system32\DRIVERS\ONDAusbser6k.sys [?]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys --> c:\windows\system32\drivers\SndTAudio.sys [?]
S3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2009-02-11 3768]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 UnhookMBRS;UnhookMBRS;\??\c:\docume~1\Omar\IMPOST~1\Temp\671e2e63.nmc\nse\bin\unhookmbrs.sys --> c:\docume~1\Omar\IMPOST~1\Temp\671e2e63.nmc\nse\bin\unhookmbrs.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]

2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-19 20:12]

2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-19 20:12]

2010-04-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2010-04-02 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-04-03 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-04-02 c:\windows\Tasks\User_Feed_Synchronization-{9B4D9B71-1724-4584-A902-18A0D53BB988}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Invia a periferica &Bluetooth... - c:\programmi\D-Link\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-03 13:32
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-126629373-1407123585-1270340193-1006\*! V*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:f0,8e,b4,33,2e,53,c4,00
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\VESWinlogon.dll
.
Ora fine scansione: 2010-04-03 13:35:19
ComboFix-quarantined-files.txt 2010-04-03 11:35
ComboFix2.txt 2010-04-02 20:00

Pre-Run: 12,920,569,856 byte disponibili
Post-Run: 12,927,856,640 byte disponibili

- - End Of File - - 448E8AC5FDB35AE0E4949D9A33E2B6C2
Danivan
Utente Junior
 
Post: 77
Iscritto il: 26/08/08 19:19

Re: pc lento e si blocca viruss!!!!!!

Postdi shel » 03/04/10 13:56

scarica Everything non ha bisogno di instalazione

togli la spunta se ti chiede di installare la toolbar

lancialo e nella finestra in alto digita Search Settings ed elimina tutto cio' che fa riferimento al programma

fai una scansione con virit dopo aver disativato il tuo antivirus e posta il log
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: pc lento e si blocca viruss!!!!!!

Postdi shel » 03/04/10 20:04

scarica OTC by OldTimer

eseguilo
Clicca su CleanUp.
Alla richiesta di riavvio clicca SI

disattiva il ripristino

riavvia il pc

riattiva il ripristino e crea un nuovo punto

fai pulizia con ccleaner e atf cleaner

posta un log di hijackthis e dammi notizie sul tuo pc
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: pc lento e si blocca viruss!!!!!!

Postdi Danivan » 03/04/10 21:55

cosa intendi per disattiva il ripristino


riattiva il ripristino e crea un nuovo punto

serve qualche progrmma?????
Danivan
Utente Junior
 
Post: 77
Iscritto il: 26/08/08 19:19

Re: pc lento e si blocca viruss!!!!!!

Postdi shel » 03/04/10 22:13

leggi qui come procedere
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: pc lento e si blocca viruss!!!!!!

Postdi Danivan » 04/04/10 08:14

ecco fatto. il pc sembra essere tornato alle sue normali funzionalità






Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 09:12, on 2010-04-04
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Application Updater\ApplicationUpdater.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\D-Link\Bluetooth Software\bin\btwdins.exe
C:\Programmi\Prevx\prevx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programmi\Prevx\prevx.exe
C:\VEXPLite\viritsvc.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Sony\ISB Utility\ISBMgr.exe
C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
C:\Programmi\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Programmi\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Everything\Everything.exe
C:\VEXPLite\MONLITE.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\internet explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programmi\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Programmi\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [Switcher.exe] C:\Programmi\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmi\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programmi\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [USBToolTip] "C:\Programmi\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Everything] "C:\Programmi\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLite\MONLITE.EXE
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: wkcalrem.LNK.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\D-Link\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\D-Link\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\D-Link\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{752EB091-24CF-4E49-BE44-1AB6269ED10F}: NameServer = 213.21.141.2 213.21.164.2
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Programmi\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\D-Link\Bluetooth Software\bin\btwdins.exe
O23 - Service: CSIScanner - Prevx - C:\Programmi\Prevx\prevx.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VirIT eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLite\viritsvc.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 13986 bytes
Danivan
Utente Junior
 
Post: 77
Iscritto il: 26/08/08 19:19

Re: pc lento e si blocca viruss!!!!!!

Postdi Alexand3r » 04/04/10 09:18

Innanzitutto Auguri di Buona Pasqua a tutti voi del Forum :)
Ecco i Report di Malwarebytes e Combofix

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Versione database: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/04/2010 0.47.02
mbam-log-2010-04-04 (00-47-02).txt

Tipo di scansione: Scansione completa (C:\|E:\|)
Elementi esaminati: 333786
Tempo trascorso: 1 ore, 53 minuti, 17 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 1
Cartelle infette: 0
File infetti: 3

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\User\otb.exe \s) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
C:\Programmi\Adobe\Adobe Photoshop CS3\Msvcrt.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Programmi\Adobe\Adobe Photoshop CS3\Shfolder.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully.

COMBOFIX

ComboFix 10-04-03.02 - User 04/04/2010 9.55.23.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1462 [GMT 2:00]
Eseguito da: c:\documents and settings\User\Documenti\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-14EF-9D7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-3C24-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AppPatch\AcAdProc.dll
c:\windows\system32\winlogon.bak

.
((((((((((((((((((((((((( Files Creati Da 2010-03-04 al 2010-04-04 )))))))))))))))))))))))))))))))))))
.

2010-04-03 16:34 . 2010-04-03 16:34 -------- d-----w- c:\programmi\Trend Micro
2010-04-03 14:21 . 2010-04-03 14:21 7792 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-31 07:43 . 2010-03-31 07:48 -------- d-----w- c:\programmi\PartyItalia
2010-03-29 18:01 . 2010-03-29 18:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SpeedBit
2010-03-15 17:54 . 2006-05-03 21:53 174592 ------w- c:\windows\system32\framedyn.dll
2010-03-15 17:53 . 2010-04-02 11:11 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-03-15 17:53 . 2006-07-24 15:05 5632 ------w- c:\windows\system32\drivers\StarOpen.sys
2010-03-15 12:55 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-14 13:39 . 2010-03-14 13:39 -------- d-----w- c:\documents and settings\User\dwhelper
2010-03-11 17:05 . 2010-03-11 17:05 -------- d-----w- c:\programmi\Total Uninstall 5
2010-03-11 17:05 . 2010-03-11 17:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Martau
2010-03-10 17:40 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-04 07:57 . 2010-01-19 13:43 521444 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-04-03 21:05 . 2009-08-19 14:52 -------- d-----w- c:\programmi\Google
2010-04-03 20:52 . 2010-01-01 20:40 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-03 20:51 . 2010-04-03 20:51 5918776 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-03 15:17 . 2009-07-30 14:39 -------- d-----w- c:\documents and settings\User\Dati applicazioni\vlc
2010-04-03 09:27 . 2009-12-16 15:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Electronic Arts
2010-04-03 09:26 . 2009-12-16 14:38 -------- d-----w- c:\programmi\Electronic Arts
2010-04-03 09:18 . 2009-07-17 20:09 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-02 17:50 . 2010-01-02 16:21 407960 ----a-w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-02 15:32 . 2009-07-28 15:46 1 ----a-w- c:\documents and settings\User\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-02 11:10 . 2009-11-27 10:10 -------- d-----w- c:\programmi\Creative
2010-04-02 11:04 . 2009-12-16 18:00 -------- d-----w- c:\programmi\DivX
2010-04-02 11:01 . 2009-07-31 08:57 -------- d-----w- c:\programmi\ATI Technologies
2010-04-01 12:39 . 2009-08-31 13:57 4873640 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-04-01 07:30 . 2010-03-01 19:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Autodesk
2010-03-29 22:46 . 2010-01-01 20:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2010-01-01 20:40 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 18:40 . 2010-01-18 14:16 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-03-27 21:47 . 2009-07-17 17:59 -------- d-----w- c:\programmi\uTorrent
2010-03-27 15:47 . 2009-07-17 17:58 -------- d-----w- c:\documents and settings\User\Dati applicazioni\uTorrent
2010-03-08 13:00 . 2010-03-01 19:12 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Autodesk
2010-03-01 19:21 . 2010-03-01 19:21 36864 ----a-w- c:\documents and settings\User\Dati applicazioni\Autodesk\AutoCAD 2010\R18.0\ita\ContextualTabSelectorRules.dll
2010-03-01 19:20 . 2010-03-01 19:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2010-03-01 19:14 . 2010-03-01 19:14 -------- d-----w- c:\programmi\File comuni\Macrovision Shared
2010-02-27 13:19 . 2009-07-31 11:50 -------- d-----w- c:\documents and settings\User\Dati applicazioni\dvdcss
2010-02-25 06:16 . 2004-08-19 12:00 916480 ------w- c:\windows\system32\wininet.dll
2010-02-18 19:17 . 2009-07-28 06:29 -------- d-----w- c:\documents and settings\User\Dati applicazioni\PC Suite
2010-02-18 13:58 . 2010-02-18 13:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\KONAMI
2010-02-13 18:49 . 2010-02-13 18:49 0 ------w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-02-13 18:49 . 2010-02-13 18:49 0 ------w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-02-13 18:49 . 2009-07-28 06:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2010-02-11 14:26 . 2009-07-28 06:29 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Nokia
2010-02-11 14:22 . 2010-02-11 14:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nokia
2010-02-11 14:22 . 2010-02-10 18:07 -------- d-----w- c:\programmi\File comuni\Nokia
2010-02-11 14:22 . 2010-02-10 18:06 -------- d-----w- c:\programmi\Nokia
2010-02-11 14:21 . 2010-02-11 14:21 36864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2010-02-11 14:21 . 2010-02-11 14:21 3351812 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2010-02-11 14:21 . 2010-02-11 14:21 3203453 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2010-02-11 14:21 . 2009-07-28 06:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2010-02-10 18:59 . 2010-02-11 14:22 24419312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_it.exe
2010-02-10 18:07 . 2010-02-10 18:07 -------- d-----w- c:\programmi\File comuni\PCSuite
2010-02-10 18:07 . 2010-02-10 18:07 -------- d-----w- c:\programmi\DIFX
2010-02-10 18:07 . 2010-02-10 18:07 -------- d-----w- c:\programmi\PC Connectivity Solution
2010-02-10 18:06 . 2010-02-10 18:06 95232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2010-02-10 18:06 . 2010-02-10 18:06 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2010-02-10 18:06 . 2010-02-10 18:06 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-02-10 18:06 . 2010-02-10 18:06 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2010-02-10 18:05 . 2010-02-10 18:06 34541248 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_ita_web.exe
2010-02-05 18:05 . 2010-02-02 15:04 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Nero
2010-02-03 12:56 . 2010-01-15 17:05 26176 ------w- c:\windows\system32\hamachi.sys
2010-01-11 17:40 . 2009-07-18 09:18 691696 ------w- c:\windows\system32\drivers\sptd.sys
2010-01-05 18:39 . 2010-01-05 18:38 5415 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-01-05 18:39 . 2009-09-04 09:56 71886 ----a-w- c:\windows\BricoPackUninst.cmd
2010-01-05 18:39 . 2004-08-19 12:00 219648 ------w- c:\windows\system32\uxtheme.dll
.

------- Sigcheck -------

[-] 2009-12-25 . 90F406811EE1EEE294792D00E21CA16C . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2009-11-13 . 1DBD3966123AC2F6ADE783F7F17F8C7F . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"EA Core"="c:\programmi\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Utility Tray.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Avvio^Programmi^Esecuzione automatica^AeroShake.lnk]
path=c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\AeroShake.lnk
backup=c:\windows\pss\AeroShake.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Avvio^Programmi^Esecuzione automatica^Refresh Icon Cache.lnk]
path=c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\Refresh Icon Cache.lnk
backup=c:\windows\pss\Refresh Icon Cache.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Avvio^Programmi^Esecuzione automatica^Styler toolbar.lnk]
path=c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\Styler toolbar.lnk
backup=c:\windows\pss\Styler toolbar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Avvio^Programmi^Esecuzione automatica^Styler.lnk]
path=c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Avvio^Programmi^Esecuzione automatica^VisualTaskTips.lnk]
path=c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\VisualTaskTips.lnk
backup=c:\windows\pss\VisualTaskTips.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Avvio^Programmi^Esecuzione automatica^YzShadow.lnk]
path=c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\YzShadow.lnk
backup=c:\windows\pss\YzShadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ggm]
c:\windows\system32\ggm.exe \u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\programmi\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 02:27 144784 ----a-w- c:\programmi\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 ----a-w- c:\windows\Updreg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Electronic Arts\\EADM\\Core.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
"1708:TCP"= 1708:TCP:Services
"8170:TCP"= 8170:TCP:fnvdbgah
"4144:TCP"= 4144:TCP:Services

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31/07/2008 20.45.42 19592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18/07/2009 11.18.10 691696]
S2 nscxgkpr;Universal Installer;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 Sukoku Service;Sukoku Service; [x]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [24/09/2009 14.38.42 22528]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\programmi\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> c:\programmi\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 fsjyudtnl;fsjyudtnl;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [02/07/2008 14.58.48 25480]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [10/02/2010 20.06.55 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [10/02/2010 20.06.55 8320]
S3 ygnfvzhta;ygnfvzhta;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S4 PskSvcRetailInst;PskSvcRetailInst;c:\docume~1\User\IMPOST~1\Temp\ISSCAN\PskSvc.exe --> c:\docume~1\User\IMPOST~1\Temp\ISSCAN\PskSvc.exe [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nscxgkpr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5570908-e19b-11de-88f3-0017c2ba26e1}]
\Shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f913ec81-14c9-11df-8a18-0017c2ba26e1}]
\Shell\AutoRun\command - G:\Autorun.exe
.
.
------- Scansione supplementare -------
.
uStart Page = www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: {{4B21E152-BA59-4ebf-B522-8C55B265EE1A} - c:\programmi\PartyItalia\PartyPokerIt\RunApp.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\axqs6up4.default\
FF - prefs.js: browser.search.selectedEngine - Trova Rapido
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - component: c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\axqs6up4.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - plugin: c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-USBToolTip - c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
AddRemove-Creative Installer Setup - c:\programmi\Creative\Uninstall\Installer.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-04 10:04
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spyw.sys >>UNKNOWN [0x8A5E5938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf7253cb8
\Driver\atapi -> atapi.sys @ 0xf71e8b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
copy of MBR has been found in sector 0x01D1C06C0
malicious code @ sector 0x01D1C06C3 !
PE file found in sector at 0x01D1C06D9 !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\programmi\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fsjyudtnl]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ygnfvzhta]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nscxgkpr]
"ServiceDll"="c:\windows\system32\bbduiqam.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-602162358-630328440-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008]
"GameDir"="c:\\Documents and Settings\\User\\Documenti\\Sports Interactive\\Football Manager 2008\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\User\\Documenti\\Sports Interactive\\Football Manager 2008"
"SaveDir"="c:\\Documents and Settings\\User\\Documenti\\Sports Interactive\\Football Manager 2008\\"
"LastSaveGame"="c:\\Documents and Settings\\User\\Documenti\\Sports Interactive\\Football Manager 2008\\games\\fiorenza23.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinID"=dword:00000001
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"WindowState"=dword:00000002
"Currency"=dword:0000001c
"WindowHeight"=dword:000001f5
"WindowWidth"=dword:000002e4
"WindowLeft"=dword:0000008e
"WindowTop"=dword:00000086
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""

[HKEY_USERS\S-1-5-21-602162358-630328440-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Clubs]


[HKEY_USERS\S-1-5-21-602162358-630328440-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Players]


[HKEY_USERS\S-1-5-21-602162358-630328440-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Staff]


[HKEY_USERS\S-1-5-21-602162358-630328440-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Rating Coefficients]


[HKEY_USERS\S-1-5-21-602162358-630328440-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"GameDir"="c:\\Documents and Settings\\User\\Documenti\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"="c:\\Documents and Settings\\User\\Documenti\\Sports Interactive\\Football Manager 2009\\shortlists"
"ScreenshotsDir"="c:\\Documents and Settings\\User\\Documenti\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Documents and Settings\\User\\Documenti\\Sports Interactive\\Football Manager 2009\\"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000067
"UniqueID"="15-8280-E85F"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4932)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\InterVideo\DeviceService\DevSvc.exe
c:\programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-04 10:11:21 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-04 08:11
ComboFix2.txt 2010-01-10 18:04
ComboFix3.txt 2010-01-02 11:29

Pre-Run: 7.044.280.320 byte disponibili
Post-Run: 7.008.186.368 byte disponibili

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 5333D4E97E9EA9DFD6CB02CBBDB7376B
Alexand3r
Newbie
 
Post: 8
Iscritto il: 03/04/10 16:42

Re: pc lento e si blocca viruss!!!!!!

Postdi Danivan » 05/04/10 20:15

vorrei sapere se posso cancellare alcuni programmi installati per il ripristino delle funzionalita del pc tipo , prevx, norman, cureit, virit
Danivan
Utente Junior
 
Post: 77
Iscritto il: 26/08/08 19:19

Re: pc lento e si blocca viruss!!!!!!

Postdi shel » 05/04/10 22:28

elimina i tool scaricati con OTC by OldTimer

eseguilo
Clicca su CleanUp.
Alla richiesta di riavvio clicca SI

vai in C:\ ed elimina la cartella qoobox

fai pulizia con ccleaner

se hai ancora problemi sono qui
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: pc lento e si blocca viruss!!!!!!

Postdi Danivan » 06/04/10 17:16

ho lancieto ed eseguito otc.exe, si e riavviato il pc, ma la cartella qooboox non la trovo,ed i programmi sono ancora li.....
Danivan
Utente Junior
 
Post: 77
Iscritto il: 26/08/08 19:19

Re: pc lento e si blocca viruss!!!!!!

Postdi shel » 07/04/10 08:33

la cartella qoobox l'ha eliminata il programmino, quello che rimane puoi disinstallarlo tu
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Precedente

Torna a Sicurezza e Privacy


Topic correlati a "pc lento e si blocca viruss!!!!!!":

Pc si blocca spesso.
Autore: pippocarso!
Forum: Discussioni
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 65 ospiti