Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
pagine al rallentatore
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
klaus124
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 12/03/07 12:08
Messaggi: 106
Residenza: ROMA

MessaggioInviato: 24 Mag 2008 12:48    Oggetto: pagine al rallentatore Rispondi citando

buongiorno, ho acceso ora il pc e per navigare è meglio che affitto una barca a motore tutto molto lento vi posto il log, mi ci date un occhiata?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.42.46, on 24/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\COMODO\Firewall\cmdagent.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\COMODO\Firewall\cfp.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\Programmi\hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\StarModem\StarModem USB Network\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Programmi\ERUNT\AUTOBACK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1208598239640
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Programmi\COMODO\Firewall\cmdagent.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe

--
End of file - 4361 bytes
grazie e un saluto
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...

MessaggioInviato: 24 Mag 2008 20:29    Oggetto: Rispondi citando

Fai queste pulizie generiche:
  • Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
  • Fai una scansione cone Norman Malware Cleaner.
    • Scarica il programma
    • Avvia il pc in modalità provvisoria.
    • Avvia Norman Malware Cleaner e fagli fare la scansione completa.
    • Alla fine della scansione viene generato un log sul desktop chiamato NFix_2008-MM-gg_hh-mm-ss.log.

  • Riavvia il computer in modalità normale
  • Segui le istruzioni di questo topic per eseguire combofix.
  • Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
    • Carica il log di Norman Malware Cleaner su FreeFileHosting come indicato qui e posta il link che ti viene assegnato
    • Il log di Combofix generalmente non è molto lungo, quindi postalo direttamente nel messaggio
Top
Profilo Invia messaggio privato
klaus124
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 12/03/07 12:08
Messaggi: 106
Residenza: ROMA

MessaggioInviato: 29 Mag 2008 09:11    Oggetto: Rispondi citando

eccolo il log di norman NFix_2008-05-28_12-10-11.log
Top
Profilo Invia messaggio privato
klaus124
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 12/03/07 12:08
Messaggi: 106
Residenza: ROMA

MessaggioInviato: 29 Mag 2008 11:41    Oggetto: Rispondi citando

ecco ComboFix 08-05-28.4 - user 2008-05-29 11.14.19.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.647 [GMT 2:00]
Eseguito da: C:\Documents and Settings\user\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\user\Dati applicazioni\inst.exe
C:\WINDOWS\Downloaded Program Files\Quarantine
C:\WINDOWS\system32\deposit.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-04-28 al 2008-05-29 )))))))))))))))))))))))))))))))))))
.

2008-05-26 19:13 . 2008-05-26 19:15 <DIR> d-------- C:\Programmi\Photo Story 3 for Windows
2008-05-26 17:29 . 2008-05-26 17:29 <DIR> d-------- C:\Programmi\File comuni\EZB Systems
2008-05-26 17:28 . 2008-05-26 17:29 <DIR> d-------- C:\Programmi\UltraISO
2008-05-26 16:39 . 2008-05-26 16:39 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\PrevxCSI
2008-05-25 17:07 . 2008-05-25 17:07 <DIR> d-------- C:\Programmi\Tall Emu
2008-05-25 17:07 . 2008-05-25 17:07 <DIR> d-------- C:\Programmi\OnlineArmor
2008-05-25 17:07 . 2008-05-29 11:08 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\OnlineArmor
2008-05-25 17:07 . 2008-05-25 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\OnlineArmor
2008-05-25 17:07 . 2008-04-17 05:25 80,584 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-05-25 17:07 . 2008-04-17 05:25 32,456 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-05-25 17:07 . 2008-04-17 05:25 28,872 --a------ C:\WINDOWS\system32\drivers\oanet.sys
2008-05-24 20:58 . 2008-05-29 10:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-24 20:58 . 2008-05-24 20:58 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-24 16:27 . 2008-05-24 16:27 <DIR> d-------- C:\Programmi\Audacity
2008-05-24 16:05 . 2008-05-26 11:17 <DIR> d-------- C:\Programmi\AoA Audio Extractor
2008-05-23 11:59 . 2008-05-23 11:59 <DIR> d-------- C:\Programmi\FDRLab
2008-05-22 11:28 . 2008-05-22 11:28 <DIR> d-------- C:\Programmi\SomePDF
2008-05-20 10:10 . 2008-05-20 10:12 <DIR> d-------- C:\Programmi\TBFDropZone
2008-05-20 10:10 . 2008-05-20 10:10 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\Axosoft
2008-05-19 13:44 . 2008-05-19 13:42 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-05-19 13:44 . 2008-05-19 13:42 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-05-19 13:44 . 2008-05-19 13:42 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-05-19 13:42 . 2008-05-19 14:14 <DIR> d-------- C:\Programmi\ESET
2008-05-18 17:34 . 2008-05-18 17:34 78,440 --a------ C:\Documents and Settings\All Users\Dati applicazioni\firstlsp.reg.dat
2008-05-17 19:37 . 2008-05-17 19:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TechSmith
2008-05-17 19:34 . 2008-05-17 19:34 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-05-17 19:34 . 2008-03-12 02:37 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-05-17 19:33 . 2008-05-17 19:33 <DIR> d-------- C:\Programmi\TechSmith
2008-05-17 19:33 . 2008-05-17 19:33 <DIR> d-------- C:\Programmi\File comuni\TechSmith Shared
2008-05-17 15:05 . 2008-05-17 15:06 <DIR> d-------- C:\Programmi\Image Mender
2008-05-16 12:12 . 2008-05-16 12:12 <DIR> d-------- C:\Programmi\File Renamer Deluxe
2008-05-16 12:12 . 2008-05-16 12:12 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\Kristanix Software
2008-05-14 16:24 . 2008-05-14 16:25 <DIR> d-------- C:\Documents and Settings\video
2008-05-14 15:10 . 2008-05-14 15:10 <DIR> d-------- C:\Programmi\File comuni\Reallusion
2008-05-14 14:12 . 2008-05-14 14:12 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\Reallusion
2008-05-14 14:11 . 2008-05-14 15:16 <DIR> d-------- C:\Programmi\Reallusion
2008-05-14 13:37 . 2008-05-18 10:57 <DIR> d-------- C:\Programmi\PhotoScape
2008-05-14 13:25 . 2008-05-15 16:29 <DIR> d-------- C:\Programmi\Keronsoft
2008-05-12 10:19 . 2008-05-12 10:19 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-10 17:01 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-10 17:01 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-10 15:53 . 2008-05-10 15:54 <DIR> d-------- C:\Programmi\SopCast
2008-05-09 10:34 . 2008-05-09 10:34 <DIR> d-------- C:\Programmi\ImageBadger
2008-05-09 10:34 . 2008-05-09 10:34 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\ImageBadger
2008-05-06 16:04 . 2008-05-06 16:04 <DIR> d-------- C:\Programmi\IDM Computer Solutions
2008-05-06 16:04 . 2008-05-06 16:04 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\IDMComp
2008-05-05 12:07 . 2008-05-05 12:07 <DIR> d-------- C:\Programmi\Notepad++
2008-05-05 12:07 . 2008-05-05 12:08 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\Notepad++
2008-05-04 14:51 . 2008-05-04 14:51 <DIR> d-------- C:\Programmi\HotHotSoftwareFullVersion
2008-05-04 14:51 . 2000-07-15 00:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-05-02 13:46 . 2008-05-02 13:46 <DIR> d-------- C:\Programmi\Program Files
2008-04-30 18:03 . 2008-04-30 18:03 <DIR> d-------- C:\Programmi\TVAnts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 08:53 524,288 ----a-w C:\WINDOWS\system32\drivers\CnxE2FS.bin
2008-05-28 10:48 --------- d-----w C:\Programmi\EULAlyzer
2008-05-26 15:33 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-05-26 15:33 --------- d-----w C:\Programmi\SpywareBlaster
2008-05-26 15:25 --------- d-----w C:\Programmi\eMule
2008-05-25 13:54 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Comodo
2008-05-18 15:04 395,744 ----a-w C:\WINDOWS\system32\drivers\timntr.sys
2008-05-18 15:04 39,264 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-05-18 15:03 114,048 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-05-16 15:22 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2008-05-14 13:10 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-13 09:34 --------- d-----w C:\Programmi\a-squared Free
2008-05-11 13:37 --------- d-----w C:\Programmi\MSN Messenger
2008-05-10 15:01 --------- d-----w C:\Programmi\Malwarebytes' Anti-Malware
2008-05-08 09:03 --------- d-----w C:\Programmi\vso
2008-05-08 09:03 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Vso
2008-05-04 15:19 --------- d-----w C:\Programmi\Foxit Software
2008-04-28 16:30 --------- d-----w C:\Programmi\TVUPlayer
2008-04-28 16:30 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\TVU Networks
2008-04-28 16:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\TVU Networks
2008-04-25 15:18 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Any Video Converter
2008-04-25 15:16 --------- d-----w C:\Programmi\Mozilla Sunbird
2008-04-22 18:48 --------- d-----w C:\Programmi\Google
2008-04-22 08:23 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\GRETECH
2008-04-21 14:03 --------- d-----w C:\Programmi\File comuni\AVSMedia
2008-04-21 13:55 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\AVS4YOU
2008-04-21 13:55 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\AVS4YOU
2008-04-21 11:33 --------- d-----w C:\Programmi\Java
2008-04-21 11:32 --------- d-----w C:\Programmi\File comuni\Java
2008-04-21 09:33 --------- d-----w C:\Programmi\RogueRemover FREE
2008-04-19 09:54 --------- d-----w C:\Programmi\Opera
2008-04-17 09:15 --------- d-----w C:\Programmi\Clickster
2008-04-15 10:52 --------- d-----w C:\Programmi\Runtime Software
2008-04-15 10:12 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\DeepBurner
2008-04-15 07:31 --------- d-----w C:\Programmi\Lavasoft
2008-04-14 08:32 --------- d-----w C:\Programmi\DVD slideshow GUI
2008-04-11 09:18 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Malwarebytes
2008-04-11 09:18 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-04-11 07:40 --------- d-----w C:\Programmi\Microsoft Bootvis
2008-04-11 07:11 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Lavasoft
2008-04-10 10:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-04-10 10:28 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-04-10 08:29 61,440 ----a-w C:\WINDOWS\system32\drivers\sulysbq.sys
2008-04-09 15:05 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-04-09 15:03 --------- d-----w C:\Programmi\WinSnap
2008-04-08 14:50 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Auslogics
2008-04-06 16:19 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\TERMINAL Studio
2008-04-05 13:57 --------- d-----w C:\Programmi\EvilLyrics
2008-04-05 11:18 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Winamp
2008-04-05 11:13 --------- d-----w C:\Programmi\Winamp
2008-04-05 10:00 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Talkback
2008-04-05 09:43 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\ProcessLasso
2008-04-04 11:58 --------- d-----w C:\Programmi\Konvertor
2008-04-04 09:36 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\BitTorrent
2008-04-02 10:17 --------- d-----w C:\Programmi\SUPERAntiSpyware
2008-04-02 10:16 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-03-30 11:11 --------- d-----w C:\Programmi\MP3Gain
2008-03-28 14:18 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-03-28 14:18 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2008-03-25 18:09 385,024 ----a-w C:\WINDOWS\system32\Uninstall Netlog Photo Tool.exe
2008-03-25 08:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-15 15:12 77,312 ----a-w C:\WINDOWS\ua2.dll
2008-03-12 18:27 50,520 ----a-w C:\WINDOWS\system32\csvidcap.dll
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-19 11:23 47,360 ----a-w C:\Documents and Settings\user\Dati applicazioni\pcouffin.sys
2007-12-26 17:28 502,055 ----a-w C:\Programmi\gmer.zip
2007-12-25 10:44 122,168 ----a-w C:\Programmi\modalità provv BootSafe.exe
2006-05-24 14:38 233,472 ----a-w C:\Programmi\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-18 15:00 204,895 ----a-w C:\Programmi\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 12:41 77,824 ----a-w C:\Programmi\mozilla firefox\plugins\ctframeplayerobject.dll
2006-05-18 14:59 426,081 ----a-w C:\Programmi\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 10:19 458,752 ----a-w C:\Programmi\mozilla firefox\plugins\imagickrt.dll
2006-04-10 16:35 139,264 ----a-w C:\Programmi\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 09:10 204,800 ----a-w C:\Programmi\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 09:42 106,496 ----a-w C:\Programmi\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 09:22 212,992 ----a-w C:\Programmi\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 09:21 167,936 ----a-w C:\Programmi\mozilla firefox\plugins\RLVoiceUnpacker.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"CnxTrApp"="C:\Programmi\StarModem\StarModem USB Network\CnxTrApp.dll" [2003-07-07 11:38 247296]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 13:36 229376]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-05-19 13:42 949376]
"OnlineArmor GUI"="C:\Programmi\Tall Emu\Online Armor\oaui.exe" [2008-04-17 05:25 5545536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

C:\Documents and Settings\user\Menu Avvio\Programmi\Esecuzione automatica\
ERUNT AutoBackup.lnk - C:\Programmi\ERUNT\AUTOBACK.EXE [2005-10-20 13:04:08 38912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"WRP"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2008-04-17 05:25 671432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Tutorial_SW.lnk]
backup=C:\WINDOWS\pss\Tutorial_SW.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Watch.lnk]
backup=C:\WINDOWS\pss\Watch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Avvio^Programmi^Esecuzione automatica^MRU-Blaster Scheduler.lnk]
backup=C:\WINDOWS\pss\MRU-Blaster Scheduler.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Avvio^Programmi^Esecuzione automatica^MRU-Blaster Silent Clean.lnk]
backup=C:\WINDOWS\pss\MRU-Blaster Silent Clean.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Avvio^Programmi^Esecuzione automatica^Secunia PSI (RC1).lnk]
backup=C:\WINDOWS\pss\Secunia PSI (RC1).lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
c:\programmi\grisoft\avg anti-spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0wl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-06-28 22:05 344064 C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-09-08 12:06 94208 C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-19 15:39 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:21 1694208 c:\windows\$hf_mig$\kb887472\sp2qfe\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 13:54 5674352 C:\Programmi\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 03:08 2512392 C:\WINDOWS\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
-ra------ 2006-01-30 18:00 98304 C:\Programmi\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxCSI]
C:\Programmi\PrevxCSI\prevxcsi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra------ 2005-06-20 12:53 1056768 C:\Programmi\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 C:\Programmi\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-03-09 19:02 1481968 C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 19:19 15872 C:\Programmi\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 20:49 36352 C:\Programmi\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"usnjsvc"=3 (0x3)
"a2free"=2 (0x2)
"ose"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmi\\eMule\\emule.exe"=

R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2008-04-17 05:25]
R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2008-04-17 05:25]
R1 OAnet;OAnet;C:\WINDOWS\system32\drivers\OAnet.sys [2008-04-17 05:25]
R2 SvcOnlineArmor;Online Armor;"C:\Programmi\Tall Emu\Online Armor\oasrv.exe" [2008-04-17 05:25]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 11:26:04
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\Documents and Settings\NetworkService\mc21.tmp"
.
Ora fine scansione: 2008-05-29 11.29.31
ComboFix-quarantined-files.txt 2008-05-29 09:29:22

6 Directory 90,384,297,984 byte disponibili
9 Directory 90,374,647,808 byte disponibili

265 --- E O F --- 2008-05-14 17:17:34
grazie
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...

MessaggioInviato: 29 Mag 2008 12:58    Oggetto: Rispondi citando

Norman ha cancellato un paio di virus e sistemato una chiave di registro.

Combofix ha cancellato alcuni files sospetti.

Crea un file di testo con le seguenti istruzioni:
Codice:
File::
C:\WINDOWS\system32\drivers\sulysbq.sys
C:\Documents and Settings\NetworkService\mc21.tmp

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0wl]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"=-

Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:

Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro. Wink
Posta i logs aggiornati di combofix e di hijackthis


Ho notato che hai installato Online Armor Firewall. Io l'ho provato su un pc (non proprio recente) e ho notato un notevole rallentamento all'avvio del sistema. Sono tornato a usare ZoneAlarm.
Probabilmente va configurato meglio, ma non ho avuto tempo da dedicargli.
Top
Profilo Invia messaggio privato
klaus124
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 12/03/07 12:08
Messaggi: 106
Residenza: ROMA

MessaggioInviato: 29 Mag 2008 19:41    Oggetto: Rispondi citando

eccoli e grazie tante ComboFix 08-05-28.4 - user 2008-05-29 19.31.07.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.631 [GMT 2:00]
Eseguito da: C:\Documents and Settings\user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\NetworkService\mc21.tmp
C:\WINDOWS\system32\drivers\sulysbq.sys
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\sulysbq.sys

.
((((((((((((((((((((((((( Files Creati Da 2008-04-28 al 2008-05-29 )))))))))))))))))))))))))))))))))))
.

2008-05-26 19:13 . 2008-05-26 19:15 <DIR> d-------- C:\Programmi\Photo Story 3 for Windows
2008-05-26 17:29 . 2008-05-26 17:29 <DIR> d-------- C:\Programmi\File comuni\EZB Systems
2008-05-26 17:28 . 2008-05-26 17:29 <DIR> d-------- C:\Programmi\UltraISO
2008-05-26 16:39 . 2008-05-26 16:39 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\PrevxCSI
2008-05-24 20:58 . 2008-05-29 10:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-24 20:58 . 2008-05-24 20:58 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-24 16:27 . 2008-05-24 16:27 <DIR> d-------- C:\Programmi\Audacity
2008-05-24 16:05 . 2008-05-26 11:17 <DIR> d-------- C:\Programmi\AoA Audio Extractor
2008-05-23 11:59 . 2008-05-23 11:59 <DIR> d-------- C:\Programmi\FDRLab
2008-05-22 11:28 . 2008-05-22 11:28 <DIR> d-------- C:\Programmi\SomePDF
2008-05-20 10:10 . 2008-05-20 10:12 <DIR> d-------- C:\Programmi\TBFDropZone
2008-05-20 10:10 . 2008-05-20 10:10 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\Axosoft
2008-05-19 13:44 . 2008-05-19 13:42 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-05-19 13:44 . 2008-05-19 13:42 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-05-19 13:44 . 2008-05-19 13:42 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-05-19 13:42 . 2008-05-19 14:14 <DIR> d-------- C:\Programmi\ESET
2008-05-18 17:34 . 2008-05-18 17:34 78,440 --a------ C:\Documents and Settings\All Users\Dati applicazioni\firstlsp.reg.dat
2008-05-17 19:37 . 2008-05-17 19:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TechSmith
2008-05-17 19:34 . 2008-05-17 19:34 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-05-17 19:34 . 2008-03-12 02:37 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-05-17 19:33 . 2008-05-17 19:33 <DIR> d-------- C:\Programmi\TechSmith
2008-05-17 19:33 . 2008-05-17 19:33 <DIR> d-------- C:\Programmi\File comuni\TechSmith Shared
2008-05-17 15:05 . 2008-05-17 15:06 <DIR> d-------- C:\Programmi\Image Mender
2008-05-16 12:12 . 2008-05-16 12:12 <DIR> d-------- C:\Programmi\File Renamer Deluxe
2008-05-16 12:12 . 2008-05-16 12:12 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\Kristanix Software
2008-05-14 16:24 . 2008-05-14 16:25 <DIR> d-------- C:\Documents and Settings\video
2008-05-14 15:10 . 2008-05-14 15:10 <DIR> d-------- C:\Programmi\File comuni\Reallusion
2008-05-14 14:12 . 2008-05-14 14:12 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\Reallusion
2008-05-14 14:11 . 2008-05-14 15:16 <DIR> d-------- C:\Programmi\Reallusion
2008-05-14 13:37 . 2008-05-18 10:57 <DIR> d-------- C:\Programmi\PhotoScape
2008-05-14 13:25 . 2008-05-15 16:29 <DIR> d-------- C:\Programmi\Keronsoft
2008-05-12 10:19 . 2008-05-12 10:19 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-10 17:01 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-10 17:01 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-10 15:53 . 2008-05-10 15:54 <DIR> d-------- C:\Programmi\SopCast
2008-05-09 10:34 . 2008-05-09 10:34 <DIR> d-------- C:\Programmi\ImageBadger
2008-05-09 10:34 . 2008-05-09 10:34 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\ImageBadger
2008-05-06 16:04 . 2008-05-06 16:04 <DIR> d-------- C:\Programmi\IDM Computer Solutions
2008-05-06 16:04 . 2008-05-06 16:04 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\IDMComp
2008-05-05 12:07 . 2008-05-05 12:07 <DIR> d-------- C:\Programmi\Notepad++
2008-05-05 12:07 . 2008-05-05 12:08 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\Notepad++
2008-05-04 14:51 . 2008-05-04 14:51 <DIR> d-------- C:\Programmi\HotHotSoftwareFullVersion
2008-05-04 14:51 . 2000-07-15 00:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-05-02 13:46 . 2008-05-02 13:46 <DIR> d-------- C:\Programmi\Program Files
2008-04-30 18:03 . 2008-04-30 18:03 <DIR> d-------- C:\Programmi\TVAnts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 17:23 524,288 ----a-w C:\WINDOWS\system32\drivers\CnxE2FS.bin
2008-05-29 15:41 --------- d-----w C:\Programmi\eMule
2008-05-29 10:03 --------- d-----w C:\Programmi\Ashampoo
2008-05-28 10:48 --------- d-----w C:\Programmi\EULAlyzer
2008-05-26 15:33 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-05-26 15:33 --------- d-----w C:\Programmi\SpywareBlaster
2008-05-25 13:54 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Comodo
2008-05-18 15:04 395,744 ----a-w C:\WINDOWS\system32\drivers\timntr.sys
2008-05-18 15:04 39,264 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-05-18 15:03 114,048 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-05-16 15:22 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2008-05-14 13:10 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-13 09:34 --------- d-----w C:\Programmi\a-squared Free
2008-05-11 13:37 --------- d-----w C:\Programmi\MSN Messenger
2008-05-10 15:01 --------- d-----w C:\Programmi\Malwarebytes' Anti-Malware
2008-05-08 09:03 --------- d-----w C:\Programmi\vso
2008-05-08 09:03 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Vso
2008-05-04 15:19 --------- d-----w C:\Programmi\Foxit Software
2008-04-28 16:30 --------- d-----w C:\Programmi\TVUPlayer
2008-04-28 16:30 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\TVU Networks
2008-04-28 16:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\TVU Networks
2008-04-25 15:18 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Any Video Converter
2008-04-25 15:16 --------- d-----w C:\Programmi\Mozilla Sunbird
2008-04-22 18:48 --------- d-----w C:\Programmi\Google
2008-04-22 08:23 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\GRETECH
2008-04-21 14:03 --------- d-----w C:\Programmi\File comuni\AVSMedia
2008-04-21 13:55 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\AVS4YOU
2008-04-21 13:55 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\AVS4YOU
2008-04-21 11:33 --------- d-----w C:\Programmi\Java
2008-04-21 11:32 --------- d-----w C:\Programmi\File comuni\Java
2008-04-21 09:33 --------- d-----w C:\Programmi\RogueRemover FREE
2008-04-19 09:54 --------- d-----w C:\Programmi\Opera
2008-04-15 10:52 --------- d-----w C:\Programmi\Runtime Software
2008-04-15 10:12 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\DeepBurner
2008-04-15 07:31 --------- d-----w C:\Programmi\Lavasoft
2008-04-14 08:32 --------- d-----w C:\Programmi\DVD slideshow GUI
2008-04-11 09:18 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Malwarebytes
2008-04-11 09:18 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-04-11 07:40 --------- d-----w C:\Programmi\Microsoft Bootvis
2008-04-11 07:11 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Lavasoft
2008-04-10 10:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-04-10 10:28 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-04-09 15:05 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-04-09 15:03 --------- d-----w C:\Programmi\WinSnap
2008-04-08 14:50 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Auslogics
2008-04-06 16:19 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\TERMINAL Studio
2008-04-05 13:57 --------- d-----w C:\Programmi\EvilLyrics
2008-04-05 11:18 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Winamp
2008-04-05 11:13 --------- d-----w C:\Programmi\Winamp
2008-04-05 10:00 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Talkback
2008-04-05 09:43 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\ProcessLasso
2008-04-04 11:58 --------- d-----w C:\Programmi\Konvertor
2008-04-04 09:36 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\BitTorrent
2008-04-02 10:17 --------- d-----w C:\Programmi\SUPERAntiSpyware
2008-04-02 10:16 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-03-30 11:11 --------- d-----w C:\Programmi\MP3Gain
2008-03-28 14:18 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-03-28 14:18 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2008-03-25 18:09 385,024 ----a-w C:\WINDOWS\system32\Uninstall Netlog Photo Tool.exe
2008-03-25 08:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-15 15:12 77,312 ----a-w C:\WINDOWS\ua2.dll
2008-03-12 18:27 50,520 ----a-w C:\WINDOWS\system32\csvidcap.dll
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-19 11:23 47,360 ----a-w C:\Documents and Settings\user\Dati applicazioni\pcouffin.sys
2007-12-26 17:28 502,055 ----a-w C:\Programmi\gmer.zip
2007-12-25 10:44 122,168 ----a-w C:\Programmi\modalità provv BootSafe.exe
2006-05-24 14:38 233,472 ----a-w C:\Programmi\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-18 15:00 204,895 ----a-w C:\Programmi\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 12:41 77,824 ----a-w C:\Programmi\mozilla firefox\plugins\ctframeplayerobject.dll
2006-05-18 14:59 426,081 ----a-w C:\Programmi\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 10:19 458,752 ----a-w C:\Programmi\mozilla firefox\plugins\imagickrt.dll
2006-04-10 16:35 139,264 ----a-w C:\Programmi\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 09:10 204,800 ----a-w C:\Programmi\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 09:42 106,496 ----a-w C:\Programmi\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 09:22 212,992 ----a-w C:\Programmi\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 09:21 167,936 ----a-w C:\Programmi\mozilla firefox\plugins\RLVoiceUnpacker.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-29_11.27.37,75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-29 08:53:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-29 17:23:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"CnxTrApp"="C:\Programmi\StarModem\StarModem USB Network\CnxTrApp.dll" [2003-07-07 11:38 247296]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 13:36 229376]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-05-19 13:42 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

C:\Documents and Settings\user\Menu Avvio\Programmi\Esecuzione automatica\
ERUNT AutoBackup.lnk - C:\Programmi\ERUNT\AUTOBACK.EXE [2005-10-20 13:04:08 38912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"WRP"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Tutorial_SW.lnk]
backup=C:\WINDOWS\pss\Tutorial_SW.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Watch.lnk]
backup=C:\WINDOWS\pss\Watch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Avvio^Programmi^Esecuzione automatica^MRU-Blaster Scheduler.lnk]
backup=C:\WINDOWS\pss\MRU-Blaster Scheduler.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Avvio^Programmi^Esecuzione automatica^MRU-Blaster Silent Clean.lnk]
backup=C:\WINDOWS\pss\MRU-Blaster Silent Clean.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Avvio^Programmi^Esecuzione automatica^Secunia PSI (RC1).lnk]
backup=C:\WINDOWS\pss\Secunia PSI (RC1).lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
c:\programmi\grisoft\avg anti-spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-06-28 22:05 344064 C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-09-08 12:06 94208 C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-19 15:39 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:21 1694208 c:\windows\$hf_mig$\kb887472\sp2qfe\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 13:54 5674352 C:\Programmi\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 03:08 2512392 C:\WINDOWS\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
-ra------ 2006-01-30 18:00 98304 C:\Programmi\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxCSI]
C:\Programmi\PrevxCSI\prevxcsi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra------ 2005-06-20 12:53 1056768 C:\Programmi\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 C:\Programmi\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-03-09 19:02 1481968 C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 19:19 15872 C:\Programmi\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 20:49 36352 C:\Programmi\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"usnjsvc"=3 (0x3)
"a2free"=2 (0x2)
"ose"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmi\\eMule\\emule.exe"=


.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 19:35:46
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-05-29 19.36.54
ComboFix-quarantined-files.txt 2008-05-29 17:36:51
ComboFix2.txt 2008-05-29 09:29:35

6 Directory 90,325,766,144 byte disponibili
9 Directory 90,332,745,728 byte disponibili

251 --- E O F --- 2008-05-14 17:17:34
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.40.05, on 29/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Programmi\hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\StarModem\StarModem USB Network\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Programmi\ERUNT\AUTOBACK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe

--
End of file - 3484 bytes
Top
Profilo Invia messaggio privato
klaus124
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 12/03/07 12:08
Messaggi: 106
Residenza: ROMA

MessaggioInviato: 29 Mag 2008 19:44    Oggetto: Rispondi citando

ho disinstallato armor mi succhiava tantissima cpu per ora ho quello di windows poi domani metto comodo 3 sempre se me lo fa installare devo pri ma pulire tutto per bene hai qualche dritta per un firewall free? grazie tante sei fortissimo.
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...

MessaggioInviato: 29 Mag 2008 20:31    Oggetto: Rispondi

Sicuramente, Comodo (se te la cavi bene con l'inglese) o ZoneAlarm Free (in italiano). Wink
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi