Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

qualcosa non quadra.....

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

qualcosa non quadra.....

Messaggioda wilcoy » mer mar 07, 2012 8:56 pm

Solite cose, lentezza di caricamento, programmi che si aprono anch'essi lenti, e soprattutto, nella riproduzione di qualsiasi, audio o video, si incanta. ho fatto diversi controlli, gmer, malwarebytes, kaspersky ed altri....nulla.
qui di seguito posto il log di hijackthis, vediamo se mi date una bella mano....ciao e grazie.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20.51.10, on 07/03/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\tsnpstd3.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\vsnpstd3.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Alwil Software\Avast5\avastUI.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: uTorrentBar_IT Toolbar - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - C:\Programmi\uTorrentBar_IT\tbuTor.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: uTorrentBar_IT Toolbar - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - C:\Programmi\uTorrentBar_IT\tbuTor.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: uTorrentBar_IT Toolbar - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - C:\Programmi\uTorrentBar_IT\tbuTor.dll
O4 - HKLM\..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] "C:\Programmi\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download with GetRight Pro - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{595433C9-C811-4A65-B402-A90A4F8A3EDD}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{C031CAC5-AF25-447B-B0F5-CEF07FB3BB7D}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ABBYY PDF Transformer 3.0 - Servizio Gestione licenze (ABBYY.Licensing.PDFTransformer.Classic.3.0) - ABBYY - C:\Programmi\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\ermanno\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
O23 - Service: Service Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\ermanno\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8680 bytes
Ultima modifica di farbix89 il mer mar 07, 2012 9:05 pm, modificato 1 volta in totale.
Motivazione: aggiunto tag MEMO
Avatar utente
wilcoy
Aficionado
Aficionado
 
Messaggi: 92
Iscritto il: gio nov 29, 2007 9:10 pm
Località: massa

Re: qualcosa non quadra.....

Messaggioda VincenzoGTA » mer mar 07, 2012 10:41 pm

Fixa queste voci:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O4 - HKLM\..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file)

O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) (HKCU)



Controlla i seguenti servizi e se ti sono sconosciuti disinstalla il programma collegato oppure disabilitali e fixali in hijackthis

O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\ermanno\Impostazioni locali\Dati applicazioni\PosService\Pos.exe

O23 - Service: Service Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\ermanno\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe


-Risultano avviati due antivirus, fermane uno e toglilo dall' avvio automatico
-Aggiorna IE
-Disinstalla tutte le toolbar
Avatar utente
VincenzoGTA
Bronze Member
Bronze Member
 
Messaggi: 673
Iscritto il: mar ott 25, 2011 11:17 am

Re: qualcosa non quadra.....

Messaggioda Berga95 » gio mar 08, 2012 12:28 pm

Il problema principale come già detto è la presenza contemporanea di Avast e MSE, e Internet Explorer ancora alla versione 6 [acc2]
Sistema questi problemi e controlla se la situazione migliora [^]
Non è morto ciò che in eterno può attendere - e col passare di strani eoni - anche la morte può morire.
~ H.P. Lovecraft
Avatar utente
Berga95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3342
Iscritto il: sab set 12, 2009 12:56 pm


Re: qualcosa non quadra.....

Messaggioda tecnico24 » ven mar 09, 2012 6:59 pm

Il pc è infetto.
Scarica combofix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

● Scarica combofix dal link postato e salvalo sul desktop
● Disattiva l'antivirus , il firewall e la connessione
● Doppio click su Combofix.exe per avviarlo (Rifiutare la console di ripristino)
Aspettare che combofix faccio il suo lavoro ed al termine (dopo il riavvio) invia il report delle operazioni.
Avatar utente
tecnico24
Senior Member
Senior Member
 
Messaggi: 380
Iscritto il: dom mag 20, 2007 4:31 pm

Re: qualcosa non quadra.....

Messaggioda wilcoy » lun mar 12, 2012 8:25 pm

ho fatto la scansione con combofix ecco il log:


ComboFix 12-03-12.03 - ermanno 12/03/2012 20.11.52.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2485 [GMT 1:00]
Eseguito da: c:\documents and settings\ermanno\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\documents and settings\ermanno\Dati applicazioni\Desktopicon\eBay.ico
c:\documents and settings\ermanno\Dati applicazioni\Desktopicon\uninst.exe
c:\documents and settings\ermanno\Dati applicazioni\OfferBox\config.dat
c:\documents and settings\ermanno\Dati applicazioni\OfferBox\config.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\1.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\a.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\b.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\c.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\d.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\e.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\f.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\g.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\h.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\i.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\J.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\k.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\l.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\m.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\mru.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\n.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\o.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\p.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\q.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\r.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\s.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\t.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\u.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\v.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\w.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\x.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\y.xml
c:\documents and settings\ermanno\Dati applicazioni\PriceGong\Data\z.xml
c:\programmi\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll
C:\VDM18.tmp
C:\VDM19.tmp
C:\VDM25.tmp
C:\VDM26.tmp
C:\VDMC4.tmp
C:\VDMC5.tmp
C:\VDMD5.tmp
C:\VDMD6.tmp
C:\VDMD9.tmp
C:\VDMDA.tmp
c:\windows\IsUn0410.exe
c:\windows\system32\SET60.tmp
c:\windows\system32\SET61.tmp
c:\windows\system32\SET63.tmp
c:\windows\system32\SET64.tmp
c:\windows\system32\SET67.tmp
c:\windows\system32\SET68.tmp
c:\windows\system32\SET6F.tmp
c:\windows\system32\SET80.tmp
c:\windows\system32\SET82.tmp
c:\windows\system32\SET91.tmp
c:\windows\system32\SETC3.tmp
c:\windows\system32\SETCF.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DIAGNOSTICSCAN
-------\Legacy_START1DRIVER
-------\Service_DiagnosticScan
-------\Service_Start1Driver
.
.
((((((((((((((((((((((((( Files Creati Da 2012-02-12 al 2012-03-12 )))))))))))))))))))))))))))))))))))
.
.
2012-03-12 18:50 . 2012-03-12 18:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2012-03-08 17:03 . 2012-03-08 17:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-03-08 17:02 . 2012-03-08 17:02 -------- d-sh--w- c:\documents and settings\ermanno\IETldCache
2012-03-08 16:51 . 2012-03-08 16:52 -------- dc-h--w- c:\windows\ie8
2012-03-08 16:45 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-03-08 16:45 . 2011-12-17 19:43 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-03-08 16:45 . 2011-12-17 19:43 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-03-08 16:45 . 2011-12-17 19:43 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-03-08 16:45 . 2011-12-17 19:43 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-03-08 16:45 . 2011-12-17 19:43 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-03-08 16:45 . 2011-12-17 19:43 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-03-08 16:45 . 2011-12-18 13:43 11082240 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-03-07 19:48 . 2012-03-07 19:48 388096 ----a-r- c:\documents and settings\ermanno\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-07 19:48 . 2012-03-07 19:48 -------- d-----w- c:\programmi\Trend Micro
2012-03-07 19:44 . 2012-03-07 19:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-03-07 19:39 . 2012-03-07 19:39 -------- d-----w- c:\documents and settings\ermanno\Impostazioni locali\Dati applicazioni\PackageAware
2012-03-07 17:50 . 2012-03-07 17:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HitmanPro
2012-02-17 16:30 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-17 16:30 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 00:15 . 2010-06-29 17:56 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2009-06-20 07:41 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-05-29 06:54 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2009-06-20 07:41 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2009-06-20 07:41 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2009-06-20 07:41 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2009-06-20 07:41 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2009-06-20 07:41 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2009-06-20 07:41 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2009-06-20 07:41 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-21 18:08 . 2011-07-10 17:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 17:20 . 2001-08-31 10:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:43 . 2001-08-31 10:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:43 . 2001-08-31 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:43 . 2001-08-31 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2009-06-19 20:16 385024 ------w- c:\windows\system32\html.iec
2012-02-18 06:29 . 2011-09-28 18:34 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}"= "c:\programmi\uTorrentBar_IT\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}]
2010-12-09 11:51 3911776 ----a-w- c:\programmi\uTorrentBar_IT\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}"= "c:\programmi\uTorrentBar_IT\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1}"= "c:\programmi\uTorrentBar_IT\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\programmi\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-06 16858112]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"PosService"="c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe" [2011-12-03 218624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27 17351304 ----a-r- c:\programmi\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Programmi\\CyberLink\\PCM4Everio\\EverioService.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\tvuplayer\\TVUPlayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/01/2011 17.56.10 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [29/05/2011 7.54.19 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20/06/2009 8.41.23 337880]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [13/06/2011 17.15.00 218688]
R2 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0 - Servizio Gestione licenze;c:\programmi\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [01/04/2011 18.41.53 759048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/06/2009 8.41.23 20696]
R2 FastPara;FastPara;c:\windows\system32\drivers\fastpara.sys [20/06/2009 9.07.57 37836]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [13/05/2010 19.34.27 136176]
S2 PowerOffer Service;Pos Service;c:\documents and settings\ermanno\Impostazioni locali\Dati applicazioni\PosService\Pos.exe [10/12/2011 15.31.10 164864]
S2 ServUpdater;Service Updater;c:\documents and settings\ermanno\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe [10/12/2011 15.31.10 156160]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [12/11/2008 14.54.00 37376]
S3 esihdrv;esihdrv;\??\c:\docume~1\ermanno\IMPOST~1\Temp\esihdrv.sys --> c:\docume~1\ermanno\IMPOST~1\Temp\esihdrv.sys [?]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [13/05/2010 19.34.27 136176]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-05-13 18:34]
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-05-13 18:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.findeer.com
uInternet Settings,ProxyOverride = local
IE: Download with GetRight Pro - c:\programmi\GetRight\GRdownload.htm
IE: Open with GetRight Pro Browser - c:\programmi\GetRight\GRbrowse.htm
TCP: Interfaces\{595433C9-C811-4A65-B402-A90A4F8A3EDD}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{C031CAC5-AF25-447B-B0F5-CEF07FB3BB7D}: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\documents and settings\ermanno\Dati applicazioni\Mozilla\Firefox\Profiles\08rmp1cy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.corriere.it/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=
FF - prefs.js: network.proxy.type - 2
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-ABBYY Screenshot Reader Bonus - (no file)
AddRemove-Driver boeder Sm@rtScan - c:\windows\IsUn0410.exe
AddRemove-eBay Icon - c:\documents and settings\ermanno\Dati applicazioni\Desktopicon\uninst.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Dati applicazioni\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-12 20:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
.
C:\avast! sandbox
.
Scansione completata con successo
Files nascosti: 1
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1993962763-1644491937-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7D5EDFD4-8941-9576-07A0-8C69AD5594DE}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaljpgobffnmdllhodabnnbjflobcn"=hex:64,61,6b,68,6d,6e,6b,6c,00,85
"oapmpibffbojigikcmomoahglmmiee"=hex:69,61,6e,68,6f,65,67,62,68,6a,67,6e,6e,69,
61,67,69,63,00,ff
"nafmbipoaamnidgkpfadocedfaak"=hex:69,61,6e,68,6f,65,67,62,68,6a,67,6e,6e,69,
61,67,69,63,00,ff
.
[HKEY_USERS\S-1-5-21-1993962763-1644491937-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FFE3DD19-A219-A690-46E3-A3D9ACC98426}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaanlijlcohhkmaacg"=hex:6b,61,63,6b,63,64,6c,67,66,61,6c,6c,68,67,6b,6e,62,65,
69,6e,6b,6f,00,00
"hagofofjgkhdgcek"=hex:6b,61,63,6b,63,64,6c,67,66,61,6c,6c,68,67,6b,6e,62,65,
69,6e,6b,6f,00,00
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3952)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2012-03-12 20:21:53
ComboFix-quarantined-files.txt 2012-03-12 19:21
ComboFix2.txt 2010-01-03 14:44
ComboFix3.txt 2009-09-30 18:55
.
Pre-Run: 102.709.587.968 byte disponibili
Post-Run: 102.642.135.040 byte disponibili
.
- - End Of File - - 0C1620670FF643E7C0660CE06C38E43B
Avatar utente
wilcoy
Aficionado
Aficionado
 
Messaggi: 92
Iscritto il: gio nov 29, 2007 9:10 pm
Località: massa

Re: qualcosa non quadra.....

Messaggioda The Doctor » mar mar 13, 2012 8:27 am

Ciao Nonno
Avatar utente
The Doctor
MLI Hero
MLI Hero
 
Messaggi: 5553
Iscritto il: mer mar 24, 2010 9:10 am
Località: Fiumicino (Roma)

Re: qualcosa non quadra.....

Messaggioda wilcoy » mar mar 13, 2012 5:47 pm

scusate...farò più attenzione...
Avatar utente
wilcoy
Aficionado
Aficionado
 
Messaggi: 92
Iscritto il: gio nov 29, 2007 9:10 pm
Località: massa

Re: qualcosa non quadra.....

Messaggioda wilcoy » mar mar 13, 2012 5:48 pm

però mi sa tanto che ho ancora il pc infestato...nessuno riesce a darmi una mano?
Avatar utente
wilcoy
Aficionado
Aficionado
 
Messaggi: 92
Iscritto il: gio nov 29, 2007 9:10 pm
Località: massa

Re: qualcosa non quadra.....

Messaggioda tecnico24 » mar mar 13, 2012 6:05 pm

Ciao ,
segui attentamente queste istruzioni:
Scarica il file CFScript.txt che ti ho allegato su wikisend:
http://wikisend.com/download/269012/CFScript.txt

Adesso trascina il file con il tasto sx del mouse nell'icona di combofix a forma di leone.

Attendi il lavoro del programma e al riavvio inviaci il report delle operazioni effettuate.

Esegui AdwCleaner per rimuovere spazzatura dal tuo broswer:
http://www.MegaLab.it/7845/adwcleaner-i ... ri-browser

inviaci anche il suo report.
Avatar utente
tecnico24
Senior Member
Senior Member
 
Messaggi: 380
Iscritto il: dom mag 20, 2007 4:31 pm

Re: qualcosa non quadra.....

Messaggioda wilcoy » mar mar 13, 2012 7:02 pm

ecco il report di combo

ComboFix 12-03-12.03 - ermanno 13/03/2012 18.16.20.5.2 - x86
Eseguito da: c:\documents and settings\ermanno\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\ermanno\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Creato nuovo punto di ripristino
.
FILE ::
"c:\docume~1\ermanno\IMPOST~1\Temp\esihdrv.sys"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Documenti\AppData\PoApp
c:\documents and settings\All Users\Documenti\AppData\PoApp\7z.dll
c:\documents and settings\All Users\Documenti\AppData\PoApp\AppLib.Zip.dll
c:\documents and settings\All Users\Documenti\AppData\PoApp\kw.sdb
c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
c:\documents and settings\All Users\Documenti\AppData\PoApp\PService.exe
c:\documents and settings\All Users\Documenti\AppData\PoApp\RegHandlerDll.dll
c:\documents and settings\All Users\Documenti\AppData\PoApp\settings\settings.ini
c:\documents and settings\ermanno\Impostazioni locali\Dati applicazioni\PosService
c:\documents and settings\ermanno\Impostazioni locali\Dati applicazioni\PosService\7z.dll
c:\documents and settings\ermanno\Impostazioni locali\Dati applicazioni\PosService\AppLib.Zip.dll
c:\documents and settings\ermanno\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
c:\documents and settings\ermanno\Impostazioni locali\Dati applicazioni\PosService\Pos.InstallLog
c:\documents and settings\ermanno\Impostazioni locali\Dati applicazioni\PosService\Pos.InstallState
c:\documents and settings\ermanno\Impostazioni locali\Dati applicazioni\PosService\settings.ini
c:\documents and settings\ermanno\Impostazioni locali\Dati applicazioni\PosService\settings\settings.ini
c:\documents and settings\ermanno\Impostazioni locali\Dati applicazioni\ServUpdater
c:\documents and settings\ermanno\Impostazioni locali\Dati applicazioni\ServUpdater\7z.dll
c:\documents and settings\ermanno\Impostazioni locali\Dati applicazioni\ServUpdater\AppLib.Zip.dll
c:\documents and settings\ermanno\Impostazioni locali\Dati applicazioni\ServUpdater\InstallHelper.exe
c:\documents and settings\ermanno\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
c:\documents and settings\ermanno\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.InstallLog
c:\documents and settings\ermanno\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.InstallState
c:\documents and settings\ermanno\Impostazioni locali\Dati applicazioni\ServUpdater\settings.ini
c:\documents and settings\ermanno\Impostazioni locali\Dati applicazioni\ServUpdater\settings\settings.ini
c:\documents and settings\ermanno\Impostazioni locali\Dati applicazioni\ServUpdater\upd.exe
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ESIHDRV
-------\Legacy_POWEROFFER_SERVICE
-------\Legacy_SERVUPDATER
-------\Service_esihdrv
-------\Service_PowerOffer Service
-------\Service_ServUpdater
.
.
((((((((((((((((((((((((( Files Creati Da 2012-02-13 al 2012-03-13 )))))))))))))))))))))))))))))))))))
.
.
2012-03-12 18:50 . 2012-03-12 18:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2012-03-08 17:03 . 2012-03-08 17:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-03-08 17:02 . 2012-03-08 17:02 -------- d-sh--w- c:\documents and settings\ermanno\IETldCache
2012-03-08 16:51 . 2012-03-08 16:52 -------- dc-h--w- c:\windows\ie8
2012-03-08 16:45 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-03-08 16:45 . 2011-12-17 19:43 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-03-08 16:45 . 2011-12-17 19:43 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-03-08 16:45 . 2011-12-17 19:43 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-03-08 16:45 . 2011-12-17 19:43 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-03-08 16:45 . 2011-12-17 19:43 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-03-08 16:45 . 2011-12-17 19:43 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-03-08 16:45 . 2011-12-18 13:43 11082240 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-03-07 19:48 . 2012-03-07 19:48 388096 ----a-r- c:\documents and settings\ermanno\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-07 19:48 . 2012-03-07 19:48 -------- d-----w- c:\programmi\Trend Micro
2012-03-07 19:44 . 2012-03-07 19:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-03-07 19:39 . 2012-03-07 19:39 -------- d-----w- c:\documents and settings\ermanno\Impostazioni locali\Dati applicazioni\PackageAware
2012-03-07 17:50 . 2012-03-07 17:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HitmanPro
2012-02-17 16:30 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-17 16:30 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 00:15 . 2010-06-29 17:56 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2009-06-20 07:41 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-05-29 06:54 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2009-06-20 07:41 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2009-06-20 07:41 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2009-06-20 07:41 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2009-06-20 07:41 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2009-06-20 07:41 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2009-06-20 07:41 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2009-06-20 07:41 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-21 18:08 . 2011-07-10 17:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 17:20 . 2001-08-31 10:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:43 . 2001-08-31 10:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:43 . 2001-08-31 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:43 . 2001-08-31 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2009-06-19 20:16 385024 ------w- c:\windows\system32\html.iec
2012-02-18 06:29 . 2011-09-28 18:34 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-12_19.18.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-13 17:26 . 2012-03-13 17:26 16384 c:\windows\temp\Perflib_Perfdata_768.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}"= "c:\programmi\uTorrentBar_IT\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}]
2010-12-09 11:51 3911776 ----a-w- c:\programmi\uTorrentBar_IT\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}"= "c:\programmi\uTorrentBar_IT\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1}"= "c:\programmi\uTorrentBar_IT\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\programmi\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-06 16858112]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27 17351304 ----a-r- c:\programmi\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Programmi\\CyberLink\\PCM4Everio\\EverioService.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\tvuplayer\\TVUPlayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/01/2011 17.56.10 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [29/05/2011 7.54.19 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20/06/2009 8.41.23 337880]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [13/06/2011 17.15.00 218688]
R2 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0 - Servizio Gestione licenze;c:\programmi\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [01/04/2011 18.41.53 759048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/06/2009 8.41.23 20696]
R2 FastPara;FastPara;c:\windows\system32\drivers\fastpara.sys [20/06/2009 9.07.57 37836]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [13/05/2010 19.34.27 136176]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [12/11/2008 14.54.00 37376]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [13/05/2010 19.34.27 136176]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-05-13 18:34]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-05-13 18:34]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = local
IE: Download with GetRight Pro - c:\programmi\GetRight\GRdownload.htm
IE: Open with GetRight Pro Browser - c:\programmi\GetRight\GRbrowse.htm
TCP: Interfaces\{595433C9-C811-4A65-B402-A90A4F8A3EDD}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{C031CAC5-AF25-447B-B0F5-CEF07FB3BB7D}: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\documents and settings\ermanno\Dati applicazioni\Mozilla\Firefox\Profiles\08rmp1cy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.corriere.it/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=
FF - prefs.js: network.proxy.type - 2
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-Run-PosService - c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-13 18:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1993962763-1644491937-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7D5EDFD4-8941-9576-07A0-8C69AD5594DE}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaljpgobffnmdllhodabnnbjflobcn"=hex:64,61,6b,68,6d,6e,6b,6c,00,85
"oapmpibffbojigikcmomoahglmmiee"=hex:69,61,6e,68,6f,65,67,62,68,6a,67,6e,6e,69,
61,67,69,63,00,ff
"nafmbipoaamnidgkpfadocedfaak"=hex:69,61,6e,68,6f,65,67,62,68,6a,67,6e,6e,69,
61,67,69,63,00,ff
.
[HKEY_USERS\S-1-5-21-1993962763-1644491937-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FFE3DD19-A219-A690-46E3-A3D9ACC98426}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaanlijlcohhkmaacg"=hex:6b,61,63,6b,63,64,6c,67,66,61,6c,6c,68,67,6b,6e,62,65,
69,6e,6b,6f,00,00
"hagofofjgkhdgcek"=hex:6b,61,63,6b,63,64,6c,67,66,61,6c,6c,68,67,6b,6e,62,65,
69,6e,6b,6f,00,00
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(608)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3208)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Alwil Software\Avast5\AvastSvc.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Ora fine scansione: 2012-03-13 18:32:16 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-03-13 17:32
ComboFix2.txt 2012-03-12 19:21
ComboFix3.txt 2010-01-03 14:44
ComboFix4.txt 2009-09-30 18:55
.
Pre-Run: 102.525.382.656 byte disponibili
Post-Run: 102.503.329.792 byte disponibili
.
- - End Of File - - 93B152D165D9656666349E496172970D


e quello di adw..

# AdwCleaner v1.501 - Logfile created 03/13/2012 at 18:56:58
# Updated 04/03/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : ermanno - ERMANNO2
# Running from : C:\Documents and Settings\ermanno\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\ermanno\Dati applicazioni\OpenCandy

***** [H. Navipromo] *****


***** [Registry] *****

[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2851640
Key Found : HKCU\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Iminent
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\Adobe\OpenCandy
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.2 (it)

Profile : 08rmp1cy.default
File : C:\Documents and Settings\ermanno\Dati applicazioni\Mozilla\Firefox\Profiles\08rmp1cy.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1752 octets] - [13/03/2012 18:56:58]

########## EOF - C:\AdwCleaner[R1].txt - [1880 octets] ##########
Avatar utente
wilcoy
Aficionado
Aficionado
 
Messaggi: 92
Iscritto il: gio nov 29, 2007 9:10 pm
Località: massa

Re: qualcosa non quadra.....

Messaggioda tecnico24 » mar mar 13, 2012 10:54 pm

Disinstalla la utorrent toolbar dal pannello di controllo.

Per il resto il pc è pulito.
Avatar utente
tecnico24
Senior Member
Senior Member
 
Messaggi: 380
Iscritto il: dom mag 20, 2007 4:31 pm

Re: qualcosa non quadra.....

Messaggioda wilcoy » sab mar 17, 2012 12:18 pm

intanto grazie a tutti, soprattuto a tecnico, però, nonostante che dei log che ho inviato sembra a posto, io non ne sono sicuro. cioè, in passato quando avevo preso virus, la cosa che mi ha sempre soprattutto suonare l'allarme era il caricamento, quando il jilnge di xp parte, si incanta, ed adesso succede, può quindi essere un altro il problema? non un virus, chessò un problema hardware?, per il resto non è che vada male, solito caricamento lento e qualche incantata nella riproduzione di musica...che ne dite?
Avatar utente
wilcoy
Aficionado
Aficionado
 
Messaggi: 92
Iscritto il: gio nov 29, 2007 9:10 pm
Località: massa

Re: qualcosa non quadra.....

Messaggioda wilcoy » lun mar 26, 2012 7:10 pm

non riesco proprio a levarci le gambe..dunque, parto dall'idea di non formattare tutto per evitare i soliti problemi.....o perlomeno vorrei lasciare per ultima possibilità. mi sono accorto che in alcuni momenti ho un utilizzo direi esagerato della cpu, in certi momenti 80/85% nonostante abbia solo apeto mozilla e utorrent, con dati di scarico molto limitati.....suggerimenti!?!? [8)]
Avatar utente
wilcoy
Aficionado
Aficionado
 
Messaggi: 92
Iscritto il: gio nov 29, 2007 9:10 pm
Località: massa


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 5 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising