www.MegaLab.it

da **prik** » lun nov 23, 2009 5:33 pm

salve a tutti [ciao]

era da un po' di tempo che non davo una controllata al mio pc con hijackthis e siccome so usare il programma ma non so interpretarne i risultati, volevo gentilmente affidarmi a qualcuno più esperto di me che mi sappia dire se c'è (e quanta) "spazzatura" o file comunque pericolosi sul mio pc che è davvero molto lento (anche se credo sia un problema di ram, ho disinstallato indesign e illustrator ma la situazione non é migliorata).
Qui potete trovare il logfile:

Logfile of HijackThis v1.99.1
Scan saved at 17.28.19, on 23/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Java\jre6\bin\jucheck.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
D:\set antivirus manuale\Rootkit Removers 8-in-1.exe
C:\DOCUME~1\ds\IMPOST~1\Temp\ir_ext_temp_0\autorun.exe
C:\DOCUME~1\ds\IMPOST~1\Temp\ir_ext_temp_0\AutoPlay\Docs\HijackThis 1.99.1\HijackThis 1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {2DCDFA26-DFC1-44C4-B47B-06BBAC9E50A6} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [tafml] c:\documents and settings\ds\impostazioni locali\dati applicazioni\tafml.exe tafml
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://orizzontiinfiniti.spaces.live.co ... nPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

da **Seba:-)** » lun nov 23, 2009 6:10 pm

Dovresti fixare questa voce, deve essere il rimasuglio di qualche virus:

Codice: Seleziona tutto: O4 - HKCU\..\Run: [tafml] c:\documents and settings\ds\impostazioni locali\dati applicazioni\tafml.exe tafml

Per il resto pare apposto ma per un controllo più approfondito è meglio dare una controllatina con ComboFix.

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:

Codice: Seleziona tutto: [LOG]qui va inserito il log[/LOG]

da **prik** » mar nov 24, 2009 7:38 pm

ecco il log di combo fix:

ComboFix 09-11-23.05 - ds 24/11/2009 18.22.35.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.153 [GMT 1:00]
Eseguito da: c:\documents and settings\ds\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091124-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\windows\system32\muzapp.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-10-24 al 2009-11-24 )))))))))))))))))))))))))))))))))))
.

2009-11-11 10:13 . 2009-11-24 16:04 79488 ----a-w- c:\documents and settings\ds\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-03 20:13 . 2009-11-03 20:13 -------- d-----w- c:\programmi\iPod
2009-11-03 20:11 . 2009-11-03 20:15 -------- d-----w- c:\programmi\iTunes
2009-11-03 19:58 . 2009-11-03 19:58 79144 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-28 20:11 . 2009-10-28 20:11 -------- d-----w- c:\programmi\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-22 20:38 . 2007-09-11 17:04 55200 ----a-w- c:\documents and settings\ds\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-22 20:33 . 2007-09-14 16:01 -------- d-----w- c:\programmi\File comuni\Adobe
2009-11-18 19:50 . 2009-09-22 20:19 -------- d-----w- c:\documents and settings\ds\Dati applicazioni\LimeWire
2009-11-16 20:21 . 2007-09-11 11:45 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-11-14 19:12 . 2009-06-09 17:55 -------- d-----w- c:\documents and settings\ds\Dati applicazioni\Azureus
2009-11-14 16:04 . 2009-06-09 17:54 -------- d-----w- c:\programmi\Vuze
2009-11-04 19:00 . 2007-09-12 15:55 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-11-03 20:13 . 2007-09-12 15:48 -------- d-----w- c:\programmi\File comuni\Apple
2009-10-28 19:32 . 2007-09-12 13:00 -------- d-----w- c:\programmi\MSN Messenger
2009-10-25 13:52 . 2001-08-31 12:00 80268 ----a-w- c:\windows\system32\perfc010.dat
2009-10-25 13:52 . 2001-08-31 12:00 481664 ----a-w- c:\windows\system32\perfh010.dat
2009-10-22 18:09 . 2009-10-22 18:09 -------- d-----w- c:\programmi\RocketDock
2009-10-02 18:50 . 2009-10-02 18:50 34132 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-30 15:38 . 2009-02-08 17:48 -------- d-----w- c:\programmi\Microsoft
2009-09-11 14:17 . 2004-08-19 13:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-19 13:39 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:26 . 2004-08-19 13:39 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:26 . 2004-08-19 13:39 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:26 . 2004-08-19 13:39 17408 ------w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9" [X]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Share-to-Web Namespace Daemon"="c:\programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-08-15 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2007-9-12 212992]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\BitTornado\\btdownloadgui.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [07/01/2009 13.56.42 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/01/2009 13.56.43 20560]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\programmi\PixiePack Codec Pack\InstallerHelper.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://yahoo.it/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\ds\Dati applicazioni\Mozilla\Firefox\Profiles\jm3lti3o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://it.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{2DCDFA26-DFC1-44C4-B47B-06BBAC9E50A6} - (no file)
BHO-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKLM-Run-NWEReboot - (no file)
HKLM-Explorer_Run-q2QXFtsnCR - c:\documents and settings\All Users\Dati applicazioni\pknoruxc\juryhwhy.exe
AddRemove-Alice ti aiuta - c:\progra~1\ALICET~1\Uninstall.exe AliceRE
AddRemove-HijackThis - c:\docume~1\ds\IMPOST~1\Temp\ir_ext_temp_0\AutoPlay\Docs\HijackThis 1.99.1\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-24 18:35
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Ora fine scansione: 2009-11-24 18:44
ComboFix-quarantined-files.txt 2009-11-24 17:44

Pre-Run: 41.974.394.880 byte disponibili
Post-Run: 41.974.616.064 byte disponibili

- - End Of File - - 5505BD9CDAA4C5DBD513DCA1F175135F

da **Seba:-)** » mar nov 24, 2009 7:58 pm

OK, i LOG sono apposto, comunque se il tuo PC è tanto lento, puoi togliere qualche applicazione inutile dall'avvio.

Codice: Seleziona tutto: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programmi\Java\jre6\bin\jusched.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\Bonjour\mDNSResponder.exe C:\Programmi\Java\jre6\bin\jucheck.exe

Ad-Aware io lo disinstallerei proprio, è un programma lento e poco affidabile, puoi rimpiazzarlo con l'ottimo MalwareBytes'.

da **prik** » gio nov 26, 2009 10:00 am

e come li tolgo? con Avenger?

da **Seba:-)** » gio nov 26, 2009 1:40 pm

prik ha scritto:e come li tolgo? con Avenger?

No, fixa le voci direttamente con HijackThis o rimuovile dall'avvio automatico tramite Strat -> Esegui -> msconfig -> Avvio e togli la spunta dalle relative checkbox.
Ad-Aware invece rimuovilo proprio da Installazione applicazioni.

www.MegaLab.it

logfile di controllo

logfile di controllo

Re: logfile di controllo

Re: logfile di controllo

Re: logfile di controllo

Re: logfile di controllo

Re: logfile di controllo

Chi c’è in linea