Condividi:        

Come faccio a togliere uno spyware dal mio computer?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Come faccio a togliere uno spyware dal mio computer?

Postdi jessie » 21/01/10 00:04

Ciao a tutti. Sono disperata! Ho lasciato il portatile in mano a mio padre per un giorno (che si ostina a usare Internet Explorer), e l'ho ripreso che continuava ad apparirmi un messaggio fastidiosissimo che veniva fuori in continuazione: 'Internet Explorer ha smesso di funzionare' (ma non avevo aperto IE).
E ogni tanto mi si apriva una pagina di internet.
Ho pensato che fosse uno spyware quindi ho guardato Windows Defender, ma mi dice 'Windows Defender user interface ha smesso di funzionare', e l'errore numero 0x80000003.
Ho provato con Spybot, ma non mi si apre. Avg (l'antivirus che avevo prima, versione 7.5), mi dice che i componenti non sono attivi.
L'antivirus 'di riserva', cioè avast, non mi trova nulla...
Altri antispyware non mi funzionano proprio.
Ho provato a vedere se qualcuno aveva il mio stesso problema, ma niente...
Qualcuno sa cosa è successo al mio computer?? E' veramente uno spyware secondo voi? E...COSA FACCIOOOO?!?! :-?
jessie
Utente Junior
 
Post: 11
Iscritto il: 20/01/10 23:50

Sponsor
 

Re: Come faccio a togliere uno spyware dal mio computer?

Postdi shel » 21/01/10 00:17

ciao

riesci a far partire hijackthis?

scaricalo da qui....se non riesci a farlo potrebbe essere il bagle

http://www.trendsecure.com/portal/en-US ... kthis.php#
e mettilo nella directory C dove avrai preparato una cartella con il suo nome.
Lanci l'eseguibile e clicchi su " do a system scan and save a log" alla fine salvi questo file con estensione *.TXT e lo alleghi ad un post sul forum.
shel
Utente Senior
 
Post: 1233
Iscritto il: 29/08/08 22:56

Re: Come faccio a togliere uno spyware dal mio computer?

Postdi jessie » 21/01/10 13:53

Inutile dire che ci capisco ben poco xD
comunque questo è ciò che mi viene fuori (spero sia quello che intendevi tu):


Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12.43.34, on 21/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HiJack This\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtorr.dll
O3 - Toolbar: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtorr.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Cami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8262 bytes
jessie
Utente Junior
 
Post: 11
Iscritto il: 20/01/10 23:50

Re: Come faccio a togliere uno spyware dal mio computer?

Postdi shel » 21/01/10 17:38

riesegui la scansione con HijackThis, metti la spunta al fianco dei valori e premi fix checked

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)


O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Cami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)


Riavvia il computer in modalità provvisoria: all'avvio del pc, prima che inizi a caricare Windows, premi ripetutamente F8. Uscirà la finestra del menu Opzioni avanzate di Windows => scegli modalità provvisoria (usa il tasto freccia ^)

se non riesci ad entrare in provvisoria, esegui la scansione da modalita' normale


Scarica
http://www.tgsoft.it/italy/download.htm

aggiornalo e fai una scansione completa

Posta anche il log. lo trovi sull'icona in alto, con raffigurato un block notes
shel
Utente Senior
 
Post: 1233
Iscritto il: 29/08/08 22:56

Re: Come faccio a togliere uno spyware dal mio computer?

Postdi jessie » 22/01/10 17:21

Ok. Fatta la scansione con il programmino che mi hai consigliato (troppo scenico! Sono rimasta 5 minuti buoni a fissare come una cretina le cartellette che si aprivano xD).
Ho salvato il file, eccolo qui:



VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
[Hidden Services]
H8SRTd.sys - \systemroot\system32\drivers\H8SRTyaucbcboqd.sys

VIRUS ATTIVO IN MEMORIA: (Rootkit \SYSTEMROOT\SYSTEM32\DRIVERS\H8SRTYAUCBCBOQD.SYS) Trojan.Win32.Rootkit.GG
--------------------------------------------------------
22/01/2010 - 14:58:44

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: Non analizzato, mancano i privilegi di amministratore
BOOT SECTOR: OK

C:\FPC\2.2.4\bin\i386-win32\fpc.exe Possibile variante da Trojan.Win32.Agent.AG
C:\FPC\2.2.4\bin\i386-win32\gecho.exe Possibile variante da Trojan.Win32.PurityScan.B
C:\FPC\2.2.4\bin\i386-win32\h2paspp.exe Possibile variante da Trojan.Win32.Agent.Gen
C:\FPC\2.2.4\bin\i386-win32\plex.exe Possibile variante da Trojan.Win32.Agent.AG

Chiavi Registro infette: 0.
Files Infetti: 4.
Files Sospetti: 0.
Files Analizzati: 3369.
Files Totali: 3369.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

[SCANSIONE DELLA MEMORIA]
[Hidden Services]
H8SRTd.sys - \systemroot\system32\drivers\H8SRTyaucbcboqd.sys

VIRUS ATTIVO IN MEMORIA: (Rootkit \SYSTEMROOT\SYSTEM32\DRIVERS\H8SRTYAUCBCBOQD.SYS) Trojan.Win32.Rootkit.GG
--------------------------------------------------------
22/01/2010 - 15:00:02

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: Non analizzato, mancano i privilegi di amministratore
BOOT SECTOR: OK

C:\FPC\2.2.4\bin\i386-win32\fpc.exe Possibile variante da Trojan.Win32.Agent.AG
C:\FPC\2.2.4\bin\i386-win32\gecho.exe Possibile variante da Trojan.Win32.PurityScan.B
C:\FPC\2.2.4\bin\i386-win32\h2paspp.exe Possibile variante da Trojan.Win32.Agent.Gen
C:\FPC\2.2.4\bin\i386-win32\plex.exe Possibile variante da Trojan.Win32.Agent.AG

[D:]
MASTER BOOT RECORD: Non analizzato, mancano i privilegi di amministratore
BOOT SECTOR: OK


[E:]


Chiavi Registro infette: 0.
Files Infetti: 4.
Files Sospetti: 0.
Files Analizzati: 163636.
Files Totali: 163636.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
jessie
Utente Junior
 
Post: 11
Iscritto il: 20/01/10 23:50

Re: Come faccio a togliere uno spyware dal mio computer?

Postdi shel » 22/01/10 20:23

hai delle belle infezioni, complimenti

scarica sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- disconnetiti da internet
- disattiva l'antivirus
- esegui ComboFix.exe
- digita 1
- segui le instruzioni
- finita la scansione portati in C:\ e copia/incolla, nella tua prossima risposta, il contenuto del file di testo Combofix.txt
shel
Utente Senior
 
Post: 1233
Iscritto il: 29/08/08 22:56

Re: Come faccio a togliere uno spyware dal mio computer?

Postdi jessie » 22/01/10 23:46

Eccoti i risultati di combofix.
Comunque ora windows defender e spybot funzionano.



ComboFix 10-01-20.05 - Cami 22/01/2010 22.13.51.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.2037.1305 [GMT 1:00]
Eseguito da: c:\users\Cami\Downloads\ComboFix.exe
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2117425737-3525717995-1239272366-1000
c:\$recycle.bin\S-1-5-21-2117425737-3525717995-1239272366-1001
c:\$recycle.bin\S-1-5-21-2117425737-3525717995-1239272366-1004
c:\$recycle.bin\S-1-5-21-2117425737-3525717995-1239272366-1005
c:\$recycle.bin\S-1-5-21-2117425737-3525717995-1239272366-500
c:\$recycle.bin\S-1-5-21-3172158568-1187208210-2442577599-500
c:\program files\Java\jre6\bin\jucheck.exe
c:\programdata\h8srtmainqt.dll
c:\users\Cami\AppData\Roaming\inst.exe
c:\windows\system32\ciadvs.exe
c:\windows\system32\copia_regedit.reg
c:\windows\system32\drivers\H8SRTYAUCBCBOQD.SYS.VIR
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\H8SRTnbqnkpvicr.dat
c:\windows\system32\H8SRTnpnvukddvl.dll
c:\windows\system32\H8SRTofbppgpmiw.dll
c:\windows\system32\h8srtshsyst.dll
c:\windows\system32\H8SRTwbecxbeven.dll
c:\windows\system32\H8SRTxvxspebrjr.dll
.
---- Esecuzione precedente -------
.
c:\$recycle.bin\S-1-5-21-2117425737-3525717995-1239272366-1000
c:\$recycle.bin\S-1-5-21-2117425737-3525717995-1239272366-1001
c:\$recycle.bin\S-1-5-21-2117425737-3525717995-1239272366-1004
c:\$recycle.bin\S-1-5-21-2117425737-3525717995-1239272366-1005
c:\$recycle.bin\S-1-5-21-2117425737-3525717995-1239272366-500
c:\$recycle.bin\S-1-5-21-3172158568-1187208210-2442577599-500
c:\program files\Java\jre6\bin\jucheck.exe
c:\programdata\h8srtmainqt.dll
c:\users\Cami\AppData\Roaming\inst.exe
c:\windows\system32\ciadvs.exe
c:\windows\system32\copia_regedit.reg
c:\windows\system32\drivers\H8SRTYAUCBCBOQD.SYS.VIR
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\H8SRTnbqnkpvicr.dat
c:\windows\system32\H8SRTnpnvukddvl.dll
c:\windows\system32\H8SRTofbppgpmiw.dll
c:\windows\system32\h8srtshsyst.dll
c:\windows\system32\H8SRTwbecxbeven.dll
c:\windows\system32\H8SRTxvxspebrjr.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_H8SRTd.sys
-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys
-------\Service_H8SRTd.sys


((((((((((((((((((((((((( Files Creati Da 2009-12-22 al 2010-01-22 )))))))))))))))))))))))))))))))))))
.

2010-01-22 20:59 . 2009-12-16 11:44 834048 ----a-w- c:\windows\system32\wininet.dll
2010-01-22 20:59 . 2009-12-18 13:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-22 20:53 . 2010-01-22 20:53 -------- d-----w- c:\users\Gae e Linda\AppData\Roaming\Spyware Terminator
2010-01-22 20:11 . 2010-01-22 20:11 -------- d-----w- c:\users\Gae e Linda\AppData\Local\Temp(10)
2010-01-22 20:11 . 2010-01-22 20:11 -------- d-----w- c:\users\Cami\AppData\Local\Temp(4)
2010-01-22 13:57 . 2010-01-22 15:04 3156 ----a-w- C:\prgmonsp.bin
2010-01-22 13:51 . 2010-01-22 20:20 -------- d-----w- C:\VEXPLite
2010-01-22 13:51 . 2010-01-22 13:51 -------- dc-h--w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}
2010-01-22 13:50 . 2010-01-22 13:50 -------- d-----w- c:\users\Cami\AppData\Local\PackageAware
2010-01-21 20:05 . 2010-01-22 20:20 -------- d-----w- c:\program files\WinClamAVShield
2010-01-21 20:04 . 2010-01-21 20:04 -------- d-----w- c:\program files\Crawler
2010-01-21 20:03 . 2010-01-22 12:51 -------- d-----w- c:\users\Cami\AppData\Roaming\Spyware Terminator
2010-01-21 20:03 . 2010-01-21 20:03 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-01-21 20:03 . 2010-01-22 21:06 -------- d-----w- c:\programdata\Spyware Terminator
2010-01-21 20:03 . 2010-01-22 20:20 -------- d-----w- c:\program files\Spyware Terminator
2010-01-21 19:49 . 2010-01-22 20:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-21 11:59 . 2010-01-21 11:59 0 ----a-w- c:\windows\nsreg.dat
2010-01-20 22:31 . 2010-01-20 22:32 -------- d-----w- c:\program files\HiJack This
2010-01-20 14:12 . 2010-01-20 14:12 -------- d-----w- C:\$AVG
2010-01-20 14:12 . 2010-01-21 21:24 -------- d-----w- c:\programdata\avg9
2010-01-17 20:43 . 2010-01-17 20:43 -------- d-----w- c:\program files\NCH Software
2010-01-15 22:26 . 2010-01-15 22:26 -------- d-----w- c:\users\Cami\AppData\Roaming\Sibelius Software
2010-01-15 22:11 . 2010-01-15 22:11 -------- d-----w- c:\programdata\Musicnotes
2010-01-13 07:55 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 07:55 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 19:20 . 2010-01-22 20:53 -------- d-----w- c:\users\Gae e Linda\Tracing
2010-01-02 13:39 . 2010-01-03 23:54 -------- d-----w- c:\users\Cami\Tracing
2010-01-01 13:47 . 2010-01-01 13:47 -------- d-----w- c:\users\Gae e Linda\AppData\Roaming\WNR
2009-12-30 14:00 . 2009-12-30 14:00 -------- d-----w- c:\users\Cami\AppData\Local\Microsoft Games
2009-12-30 14:00 . 2010-01-22 15:03 1356 ----a-w- c:\users\Cami\AppData\Local\d3d9caps.dat
2009-12-25 23:48 . 2009-12-25 23:48 -------- d-----w- c:\program files\Veoh Networks
2009-12-24 23:52 . 2009-12-24 23:52 -------- d-----w- c:\users\Cami\AppData\Roaming\WNR
2009-12-24 23:52 . 2009-12-24 23:52 -------- d-----w- c:\programdata\WNR
2009-12-24 18:23 . 2002-07-17 09:03 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2009-12-24 18:23 . 2002-07-17 07:53 16877 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2009-12-24 10:58 . 2009-12-24 10:58 -------- d-----w- c:\users\Cami\AppData\Roaming\NCH Software
2009-12-24 10:46 . 2010-01-17 20:43 -------- d-----w- c:\programdata\NCH Swift Sound
2009-12-24 10:46 . 2010-01-17 20:43 -------- d-----w- c:\users\Cami\AppData\Roaming\NCH Swift Sound
2009-12-24 10:45 . 2010-01-17 20:43 -------- d-----w- c:\program files\NCH Swift Sound

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-22 21:06 . 2008-07-29 11:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-22 15:39 . 2009-12-13 14:17 1 ----a-w- c:\users\Cami\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-22 15:12 . 2010-01-22 15:12 721904 ----a-w- c:\windows\system32\drivers\SPTD.SYS.TMP
2010-01-22 10:30 . 2009-11-05 20:53 141760 ----a-w- c:\users\Gae e Linda\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-21 22:00 . 2009-07-21 11:20 -------- d-----w- c:\programdata\avg8
2010-01-21 20:03 . 2010-01-21 20:03 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-01-21 20:03 . 2010-01-21 20:03 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-01-21 19:49 . 2009-12-13 13:23 -------- d-----w- c:\users\Cami\AppData\Roaming\BitTorrent
2010-01-21 14:55 . 2008-09-10 20:15 -------- d-----w- c:\program files\eMule
2010-01-21 14:54 . 2007-07-16 08:26 -------- d-----w- c:\program files\Microsoft Works
2010-01-20 22:49 . 2009-12-13 11:29 141760 ----a-w- c:\users\Cami\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-20 22:32 . 2010-01-20 22:32 388096 ----a-r- c:\users\Cami\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-19 21:19 . 2009-11-20 19:00 1 ----a-w- c:\users\Gae e Linda\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-18 22:22 . 2006-11-06 01:52 672620 ----a-w- c:\windows\system32\perfh010.dat
2010-01-18 22:22 . 2006-11-06 01:52 125054 ----a-w- c:\windows\system32\perfc010.dat
2010-01-14 10:12 . 2009-10-02 17:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 20:49 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-11 17:07 . 2010-01-22 13:51 2856026 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\vnlt6565.exe
2010-01-11 09:22 . 2010-01-22 13:51 352256 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\BB22A901\76AC2E42\Scan.dll
2010-01-07 15:44 . 2010-01-22 13:51 274432 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\D89A54DE\76AC2E42\MONLITE.exe
2009-12-24 18:01 . 2007-07-16 08:08 -------- d-----w- c:\programdata\Roxio
2009-12-20 15:39 . 2009-12-20 15:39 0 ----a-w- c:\users\Cami\AppData\Roaming\wklnhst.dat
2009-12-20 15:39 . 2009-12-20 15:39 -------- d-----w- c:\users\Cami\AppData\Roaming\Template
2009-12-19 21:54 . 2009-12-16 17:23 -------- d-----w- c:\program files\XviD
2009-12-19 21:51 . 2009-12-19 21:51 -------- d-----w- c:\users\Cami\AppData\Roaming\FreeVideoConverter
2009-12-19 19:23 . 2009-12-19 19:23 407304 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-19 18:39 . 2009-12-19 18:39 -------- d-----w- c:\program files\ffdshow
2009-12-18 15:48 . 2009-12-18 15:48 -------- d-----w- c:\users\Cami\AppData\Roaming\HpUpdate
2009-12-18 10:18 . 2010-01-22 13:51 122880 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\361580F9\76AC2E42\viritupg.dll
2009-12-17 16:15 . 2009-12-17 16:11 -------- d-----w- c:\users\Cami\AppData\Roaming\Orbit
2009-12-17 16:11 . 2009-12-17 16:11 -------- d-----w- c:\users\Cami\AppData\Roaming\GrabPro
2009-12-16 18:56 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-12-15 22:03 . 2009-12-15 22:03 -------- d-----w- c:\users\Cami\AppData\Roaming\Apple Computer
2009-12-15 15:22 . 2009-12-15 15:22 -------- d-----w- c:\users\Cami\AppData\Roaming\Nvu
2009-12-15 13:33 . 2009-12-15 13:32 -------- d-----w- c:\program files\DVD Decrypter
2009-12-15 13:20 . 2008-06-18 10:56 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-15 13:14 . 2009-12-13 15:12 -------- d-----w- c:\users\Cami\AppData\Roaming\Roxio
2009-12-13 22:14 . 2009-12-13 22:14 -------- d-----w- c:\users\Cami\AppData\Roaming\Media Player Classic
2009-12-13 22:07 . 2009-12-13 22:07 -------- d-----w- c:\users\Cami\AppData\Roaming\VistaCodecs
2009-12-13 22:07 . 2009-10-12 12:46 -------- d-----w- c:\programdata\VistaCodecs
2009-12-13 22:06 . 2009-12-13 22:06 -------- d-----w- c:\program files\VistaCodecPack
2009-12-13 21:58 . 2009-12-13 21:58 47360 ----a-w- c:\users\Cami\AppData\Roaming\pcouffin.sys
2009-12-13 21:58 . 2009-12-13 21:58 47360 ----a-w- c:\users\Cami\AppData\Roaming\pcouffin.sys
2009-12-13 21:58 . 2009-12-13 21:58 -------- d-----w- c:\users\Cami\AppData\Roaming\Vso
2009-12-13 21:10 . 2009-12-13 21:10 -------- d-----w- c:\users\Gae e Linda\AppData\Roaming\CyberLink
2009-12-13 21:09 . 2009-12-13 21:09 -------- d-----w- c:\users\Gae e Linda\AppData\Roaming\HP
2009-12-13 20:25 . 2009-12-13 20:25 -------- d-----w- c:\users\Gae e Linda\AppData\Roaming\Roxio
2009-12-13 14:57 . 2009-12-13 14:57 -------- d-----w- c:\users\Cami\AppData\Roaming\CyberLink
2009-12-13 14:56 . 2009-12-13 14:56 -------- d-----w- c:\users\Cami\AppData\Roaming\HP
2009-12-13 14:16 . 2009-12-13 14:16 -------- d-----w- c:\users\Cami\AppData\Roaming\OpenOffice.org
2009-12-13 13:23 . 2009-12-13 13:23 -------- d-----w- c:\program files\BitTorrent
2009-12-10 13:27 . 2009-11-27 18:59 264 ----a-w- c:\users\Gae e Linda\AppData\Roaming\wklnhst.dat
2009-12-10 13:19 . 2009-12-10 13:19 -------- d-----w- c:\users\Gae e Linda\AppData\Roaming\Template
2009-12-10 12:26 . 2007-07-16 08:41 -------- d-----w- c:\program files\Google
2009-12-09 22:29 . 2007-07-16 07:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-09 22:25 . 2007-07-16 07:27 -------- d-----w- c:\program files\CONEXANT
2009-12-04 21:06 . 2008-07-24 17:52 -------- d-----w- c:\program files\Common Files\Real
2009-11-28 20:38 . 2009-11-28 20:38 -------- d-----w- c:\users\Gae e Linda\AppData\Roaming\Apple Computer
2009-11-27 14:10 . 2010-01-22 13:51 69632 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\__Nas01_sviluppo_varie\Setup\VIRITLite\Files\viritsvc.exe
2009-11-27 14:06 . 2010-01-22 13:51 815104 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\5BF53870\76AC2E42\viritexp.exe
2009-11-26 17:04 . 2009-11-26 17:04 -------- d-----w- c:\users\Gae e Linda\AppData\Roaming\HpUpdate
2009-11-25 14:24 . 2009-11-25 14:24 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbEC74.tmp.exe
2009-11-24 19:40 . 2009-11-24 19:40 -------- d-----w- c:\program files\iPodLibrary
2009-11-24 19:40 . 2009-11-24 19:40 286720 ------w- c:\windows\Setup1.exe
2009-11-24 19:40 . 2009-11-24 19:40 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-11-11 07:53 . 2010-01-22 13:51 45312 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\931FE753\76AC2E42\VIRAGTLT.sys
2009-11-11 07:53 . 2010-01-22 13:51 45312 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\277632B2\76AC2E42\VIRAGTLT.sys
2009-11-11 07:53 . 2009-11-11 07:53 45312 --s-a-w- c:\windows\system32\drivers\VIRAGTLT.sys
2009-11-09 12:31 . 2009-12-11 22:54 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-11 22:54 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-11 22:54 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-08 15:40 . 2010-01-22 13:51 49152 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\22028FD3\76AC2E42\tgdlg.dll
2009-10-29 09:17 . 2009-11-26 17:03 2048 ----a-w- c:\windows\system32\tzres.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-01-21 3037696]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-11-07 159744]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-28 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-06-11 184320]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-04 198160]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-01-21 2166784]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2010-01-07 274432]

c:\users\Cami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\users\Gae e Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-12-16 962663]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Camilla^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\Camilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoclk]
2003-01-30 07:48 143360 ----a-w- c:\windows\autoclk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 12:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-04-19 11:26 484904 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-09 11:55 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-10 14:12 317128 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):95,1d,50,49,af,58,ca,01

R0 vburner;vburner;c:\windows\System32\drivers\vburner.sys [20/09/2008 14.05.35 15872]
R0 VIRAGTLT;VIRAGTLT;c:\windows\System32\drivers\VIRAGTLT.sys [11/11/2009 8.53.20 45312]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [21/01/2010 21.03.58 142592]
R2 viritsvclite;VirIT eXplorer Lite;c:\vexplite\viritsvc.exe [27/11/2009 15.10.32 69632]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [21/01/2010 20.49.44 1153368]
S3 FontCache;Servizio cache tipi di carattere Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [14/06/2008 13.58.42 21504]
S3 MusCDriverV32;MusCDriverV32;c:\windows\System32\drivers\MusCDriverV32.sys [19/09/2008 21.11.40 23096]
S3 MusCVideo32;MusCVideo32;c:\windows\System32\drivers\MusCVideo32.sys [19/09/2008 21.11.40 3768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-22 c:\windows\Tasks\User_Feed_Synchronization-{CA4C5C0E-EB80-4FDE-A704-0566AD934C09}.job
- c:\windows\system32\msfeedssync.exe [2008-06-14 07:33]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Cami\AppData\Roaming\Mozilla\Firefox\Profiles\fc2uunsw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL -
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-cliconfg64 - c:\users\Cami\AppData\Local\Temp\cliconfg64.exe
AddRemove-Works2006Setup - c:\program files\Microsoft Works Suite 2006\Setup\Launcher.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-22 22:31
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys spdp.sys >>UNKNOWN [0x851D5938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x885a5d24
\Driver\ACPI -> acpi.sys @ 0x82e12d68
\Driver\atapi -> 0x8521e1f8
\Driver\iaStor -> iaStor.sys @ 0x82f696d0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-22 22:40:25 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-22 21:40

Pre-Run: 41.132.322.816 byte disponibili
Post-Run: 41.179.287.552 byte disponibili

- - End Of File - - 06A3784E27CA9C9C90D29EAFE6C33E7B
jessie
Utente Junior
 
Post: 11
Iscritto il: 20/01/10 23:50

Re: Come faccio a togliere uno spyware dal mio computer?

Postdi shel » 22/01/10 23:59

analizza su virus total questo , potrebbe esere infezione, uso il condizionale

c:\users\Gae e Linda\AppData\Local\GDIPFONTCACHEV1.DAT

per maggior sicurezza Scarica MBR:EXE direttamente nella Directory C:\
http://www2.gmer.net/mbr/mbr.exe
Da Start - Esegui - digita C:\mbr.exe e clicca su OK

Posta il log che troverai in C:\ come mbr.log
shel
Utente Senior
 
Post: 1233
Iscritto il: 29/08/08 22:56

Re: Come faccio a togliere uno spyware dal mio computer?

Postdi shel » 23/01/10 00:01

edit

MBR:EXE eseguilo da provvisoria
shel
Utente Senior
 
Post: 1233
Iscritto il: 29/08/08 22:56

Re: Come faccio a togliere uno spyware dal mio computer?

Postdi jessie » 23/01/10 00:34

Non riesco ad aprire il file mbr.exe. Da modalità provvisoria, su esegui, clicco ok, poi mi si apre la finestra di conferma. schiaccio su esegui ma non mi si apre niente. ho provato a vedere su C e in effetti c'è un file log salvato. è questo:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

a questo punto non so proprio cosa dire... conclusioni????
jessie
Utente Junior
 
Post: 11
Iscritto il: 20/01/10 23:50

Re: Come faccio a togliere uno spyware dal mio computer?

Postdi shel » 23/01/10 00:51

e' tutto a posto, l'mbr e' pulito, era solo una mia precauzione

hai controllato questo file su virus total? analizzalo anche qui

http://virscan.org/report/ecea4eed1b6f3 ... 82577.html


c:\users\Gae e Linda\AppData\Local\GDIPFONTCACHEV1.DAT
shel
Utente Senior
 
Post: 1233
Iscritto il: 29/08/08 22:56

Re: Come faccio a togliere uno spyware dal mio computer?

Postdi jessie » 23/01/10 00:59

Ok, con antivirus total è risultato pulito.. idem per l'altro sito...
Quindi in teoria non è un virus.. no??
Però, paradossalmente, anche se sono infetta come dici tu, mi funzia tutto!! Il computer ha iniziato ad andare come si deve da quando ho fatto la scansione con virit explorer.
jessie
Utente Junior
 
Post: 11
Iscritto il: 20/01/10 23:50

Re: Come faccio a togliere uno spyware dal mio computer?

Postdi shel » 23/01/10 01:06

dobbiamo finire, non esultare altrimenti.....torna ;)
scarica http://www.filehippo.com/download_ccleaner/

1) per il download dell'ultima versione clicca a destra in alto sotto la freccia verde
2) installalo (senza la toolbar aggiuntiva)
3) clicca su "avvia pulizia", ripeti il procedimento 2 volte

clicca su Registro, nella pagina successiva clicca Trova problemi, poi al termine dello scan clicca su Ripara selezionati , risposndi di sì alla richiesta di salvare il backup (salvalo in una cartella a piacimento) poi ripara tutti gli elementi trovati.

scarica http://www.atribune.org/ccount/click.php?id=1


Avvia ATFCleaner.exe con un doppio click

1.1) seleziona la casella Select All
2.1) clicca sul pulsante Empty selected
3.1) aspetta l'avviso Done Cleaning
(se usi opera o firefox,spunta anche le loro sezioni)


postami un log di hijackthis e dimmi al momento quali problemi riscontri
shel
Utente Senior
 
Post: 1233
Iscritto il: 29/08/08 22:56

Re: Come faccio a togliere uno spyware dal mio computer?

Postdi jessie » 23/01/10 17:32

Fatto tutto. CCleaner l'avevo già installato da un pò..
Eccoti qui la scansione finale.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 16.29.43, on 23/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\VEXPLite\MONLITE.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\HiJack This\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtorr.dll
O3 - Toolbar: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtorr.dll
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLite\MONLITE.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VirIT eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLite\viritsvc.exe

--
End of file - 8109 bytes
jessie
Utente Junior
 
Post: 11
Iscritto il: 20/01/10 23:50

Re: Come faccio a togliere uno spyware dal mio computer?

Postdi jessie » 23/01/10 17:34

Al momento non riscontro nessun problema. Tutto regolare.
jessie
Utente Junior
 
Post: 11
Iscritto il: 20/01/10 23:50

Re: Come faccio a togliere uno spyware dal mio computer?

Postdi shel » 23/01/10 19:58

Avvia Hijack e clicca su "do a system scan only"
Metti la spunta a queste voci e clicca su "fix checked"

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
shel
Utente Senior
 
Post: 1233
Iscritto il: 29/08/08 22:56

Re: Come faccio a togliere uno spyware dal mio computer?

Postdi jessie » 24/01/10 20:14

Fatto. La voce R3 però non c'era... quindi ho tolto solo l'altra.
jessie
Utente Junior
 
Post: 11
Iscritto il: 20/01/10 23:50

Re: Come faccio a togliere uno spyware dal mio computer?

Postdi shel » 24/01/10 22:01

Scarica TDSSKiller

http://support.kaspersky.com/downloads/ ... killer.zip

Apri la cartella TDSSKiller, doppio click sul file TDSSKiller e segui le istruzioni a video.
shel
Utente Senior
 
Post: 1233
Iscritto il: 29/08/08 22:56

Re: Come faccio a togliere uno spyware dal mio computer?

Postdi jessie » 28/01/10 17:16

Ok!! Fatto..
jessie
Utente Junior
 
Post: 11
Iscritto il: 20/01/10 23:50

Re: Come faccio a togliere uno spyware dal mio computer?

Postdi shel » 28/01/10 17:19

risolto? hai ancora il problema di prima?
shel
Utente Senior
 
Post: 1233
Iscritto il: 29/08/08 22:56

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "Come faccio a togliere uno spyware dal mio computer?":


Chi c’è in linea

Visitano il forum: pippo26 e 7 ospiti