Condividi:        

W32/Blaster.Worm...Urgente!!!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

W32/Blaster.Worm...Urgente!!!

Postdi alessia84 » 11/12/11 14:04

Buonasera ragazzi....

Ho un problemone...da qualche giorno avevo problemi con internet explorer che mi reindirizzava a indirizz diversi da quelli da me immessi... Per mio errore ho sottovalutato la situazione.

Oggi è partita in automatico una scansione Privacy Protection che mi comunica di aver trovato 91 file infetti, e ogni tanto il pc fa un rumore stranissimo e si apre una casella in basso a destra rossa con scritto FIREWALL WARNING...

Non riesco ad aprire il mio antivirus, ne a fare un ripristino di sistema, ne ad accedere su internet perche' tutto viene chiuso con i msg di errore ....exe è infetto da W32/Blaster.worm...

Per favore...mi aiutate a risolvere la situazione =(?
Il pc è nuovo, è un portatile con meno di un anno di vita, e windows 7.

Attendo urgenti istruzioni.......grazie.....
alessia84
Utente Senior
 
Post: 132
Iscritto il: 18/07/06 14:33

Sponsor
 

Re: W32/Blaster.Worm...Urgente!!!

Postdi alessia84 » 11/12/11 14:43

AIUUUUUUUTOOOOOOO!
alessia84
Utente Senior
 
Post: 132
Iscritto il: 18/07/06 14:33

Re: W32/Blaster.Worm...Urgente!!!

Postdi Luke57 » 11/12/11 15:45

Ciao, scarica dds.scr da qui:
http://download.bleepingcomputer.com/sUBs/dds.scr
o da qui
http://download.bleepingcomputer.com/sUBs/dds.com
mettilo sul desktop,
Doppio clic per avviare il file dds.scr, si apre una finestra dos, a fine scansione (molto veloce)si apriranno 2 report,salvali con il nome che hanno e inseriscili su wikisend
http://wikisend.com/

o altro sito di hosting per poterli vedere
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: W32/Blaster.Worm...Urgente!!!

Postdi alessia84 » 11/12/11 16:23

Ciao, nell'attesa ho riavviato in modalità provvisoria, e ho fatto il ripristino di sistema all'8 dicembre. Ho riavviato e non mi da piu gli stessi problemi di prima.
Sono riuscita a installare avast e adesso sta facendo una scansione completa. Fino a ora è al 9% e non ha trovato virus.

Se pero' vado su internet e faccio una ricerca su google, continua a portarmi non al sito in cui io clicco, ma in altri siti di ricerche o di offerte, cosa che prima non succedeva.

Cosa faccio, interrompo la scansione e faccio come mi hai detto tu?
alessia84
Utente Senior
 
Post: 132
Iscritto il: 18/07/06 14:33

Re: W32/Blaster.Worm...Urgente!!!

Postdi Luke57 » 11/12/11 16:34

Ciao, interrompi la scansione ed esegui dds, se non hai problemi a farlo.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: W32/Blaster.Worm...Urgente!!!

Postdi alessia84 » 11/12/11 16:42

Ho difficoltà a scaricarlo, mi si blocca il download... con entrambi i link.
alessia84
Utente Senior
 
Post: 132
Iscritto il: 18/07/06 14:33

Re: W32/Blaster.Worm...Urgente!!!

Postdi Luke57 » 11/12/11 16:51

puoi scaricarlo con un altro computer e inserirlo con una chiavetta? se sì, lo puoi fare
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: W32/Blaster.Worm...Urgente!!!

Postdi alessia84 » 11/12/11 17:04

Si, ho risolto, ho fatto le scansioni e salvato i log.

Dopodicio' sono andata sul sito che mi hai consigliato e ho fatto l'upload del file, lo modifica e mi da una pagina web, ho salvato i link di queste 2 pagine, cosa faccio te li posto qui? Ho sbagliato qualcosa?
alessia84
Utente Senior
 
Post: 132
Iscritto il: 18/07/06 14:33


Re: W32/Blaster.Worm...Urgente!!!

Postdi Luke57 » 11/12/11 17:18

devi inserire il file con l'uploda, copiare e incollare il primo link che ti viene fornito dopo lo scaricamento.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: W32/Blaster.Worm...Urgente!!!

Postdi alessia84 » 11/12/11 17:43

alessia84
Utente Senior
 
Post: 132
Iscritto il: 18/07/06 14:33

Re: W32/Blaster.Worm...Urgente!!!

Postdi alessia84 » 11/12/11 17:44

http://w2.wikisend.com/node-fs/download ... Attach.txt

eccoti il secondo

Spero siano corretti adesso
alessia84
Utente Senior
 
Post: 132
Iscritto il: 18/07/06 14:33

Re: W32/Blaster.Worm...Urgente!!!

Postdi Luke57 » 11/12/11 18:35

Ciao, ma non puoi provarli prima? non riesco a vederli, sono uguli agli altri.......
copiali e incollali in un post a questo punto
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: W32/Blaster.Worm...Urgente!!!

Postdi alessia84 » 11/12/11 18:42

Mi dispiace...ho provato un sacco di volte....

questo è il primo:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by acer at 17:16:39 on 2011-12-11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.3067.1189 [GMT 1:00]
.
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\PROGRA~2\McAfee.com\Agent\mcagent.exe
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\PROGRA~2\McAfee\MSC\mcsvrcnt.exe
c:\PROGRA~2\mcafee\msc\mcupdui.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Windows\system32\svchost.exe"
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5t4751b718
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5t4751b718
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5t4751b718
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uURLSearchHooks: Yahoo! Toolbar con blocco Pop-Up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
uURLSearchHooks: Softonic-IT Toolbar: {e3393495-8103-46a0-8181-270273eddd60} - C:\Program Files (x86)\Softonic-IT\tbSoft.dll
mURLSearchHooks: Softonic-IT Toolbar: {e3393495-8103-46a0-8181-270273eddd60} - C:\Program Files (x86)\Softonic-IT\tbSoft.dll
mWinlogon: Userinit=userinit.exe
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - C:\Program Files (x86)\McAfee\MSK\MskAPBho.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO: Guida per l'accesso a Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Softonic-IT Toolbar: {e3393495-8103-46a0-8181-270273eddd60} - C:\Program Files (x86)\Softonic-IT\tbSoft.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Yahoo! Toolbar con blocco Pop-Up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Softonic-IT Toolbar: {e3393495-8103-46a0-8181-270273eddd60} - C:\Program Files (x86)\Softonic-IT\tbSoft.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Global Registration] "C:\Program Files (x86)\Acer\Registration\GREG.exe" BOOT
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NPSStartup]
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
StartupFolder: C:\Users\acer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
Trusted Zone: adecco.it\www
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/ms ... b56986.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/Shar ... /cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/Me ... b56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9931CF2B-231F-4491-A691-4354474781B9} : NameServer = 151.99.125.1
TCP: Interfaces\{9CFE24E3-89B5-41C5-BB28-82D3D2ADB4FB} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9CFE24E3-89B5-41C5-BB28-82D3D2ADB4FB}\3334F6D6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9CFE24E3-89B5-41C5-BB28-82D3D2ADB4FB}\94E666F637472716461675966496 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9CFE24E3-89B5-41C5-BB28-82D3D2ADB4FB}\C496265627F675966496 : DhcpNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
{02478D38-C3F9-4EFB-9B51-7695ECA05670}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{27B4851A-3207-45A2-B947-BE8AFE6163AB}
{30F9B915-B755-4826-820B-08FBA6BD249D}
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{e3393495-8103-46a0-8181-270273eddd60}
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{e3393495-8103-46a0-8181-270273eddd60}
{30F9B915-B755-4826-820B-08FBA6BD249D}
{8dcb7100-df86-4384-8842-8fa844297b3f}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun-x64: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun-x64: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [NPSStartup]
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-12-11 40384]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-9-29 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2011-9-11 102608]
R2 McProxy;McAfee Proxy Service;C:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-8-22 359952]
R2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-8-22 155456]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-8-7 311592]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-21 62720]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-18 144640]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-22 240160]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-12-11 40384]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-12-11 40384]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [2009-8-22 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Servizio di Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-9 135664]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Servizio Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-9 135664]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-18 50432]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TriDefService;TriDef Service;C:\Program Files (x86)\TriDef 3D\TriDef\Common\TriDefService.exe [2009-9-15 1327104]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-12-11 15:35:15 -------- d-----w- C:\Users\acer\AppData\Local\{5C41C0AE-259A-45F1-8209-B1805601B2A0}
2011-12-11 15:35:03 -------- d-----w- C:\Users\acer\AppData\Local\{7922B9A4-518E-4D2A-918B-AD691B7840A3}
2011-12-11 14:41:09 63568 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-12-11 14:37:46 -------- d-----w- C:\Users\acer\AppData\Local\{173DFB9C-A45A-418A-A5F8-7DD360551E1C}
2011-12-11 14:37:33 -------- d-----w- C:\Users\acer\AppData\Local\{0773AE63-1DE9-45A1-877F-FD9E7DA65DAF}
2011-12-11 09:26:05 -------- d-----w- C:\Users\acer\AppData\Local\{65061BCA-6EEC-4750-94A8-5374D669E6D7}
2011-12-11 09:25:53 -------- d-----w- C:\Users\acer\AppData\Local\{8EFA44D7-A64A-4CE1-8F28-CA11D61F3981}
2011-12-10 16:01:09 -------- d-----w- C:\Users\acer\AppData\Local\{3743136A-88DD-42DE-AF05-C06BBBBC17CA}
2011-12-10 16:00:57 -------- d-----w- C:\Users\acer\AppData\Local\{2FD0309C-0403-48E7-8729-E0E6B41905B5}
2011-12-10 12:49:18 -------- d-----w- C:\Users\acer\AppData\Local\{966DAF2C-B102-4EA8-B3C4-75D000011D0E}
2011-12-10 12:49:02 -------- d-----w- C:\Users\acer\AppData\Local\{2ED015CD-EC07-4930-826B-3713CF3DBAA9}
2011-12-10 11:00:53 -------- d-----w- C:\Users\acer\AppData\Local\{88930173-7190-41D8-B0CC-E68FE4F9E7F8}
2011-12-10 11:00:42 -------- d-----w- C:\Users\acer\AppData\Local\{8814C009-41DE-429B-A4C3-D8325028C91C}
2011-12-10 09:16:02 -------- d-----w- C:\Users\acer\AppData\Local\{F88ECB1F-369D-49E7-A9BE-26A2BD575AF5}
2011-12-10 06:38:55 -------- d-----w- C:\Users\acer\AppData\Local\{A9F93CF2-689F-4D47-9EBF-1237B4E9182D}
2011-12-09 19:59:02 -------- d-----w- C:\Users\acer\AppData\Local\{C949FE81-6547-4860-8555-127D189FCD63}
2011-12-09 19:58:48 -------- d-----w- C:\Users\acer\AppData\Local\{B036C116-2A83-4789-B2B7-95B37AA22921}
2011-12-09 17:47:14 -------- d-----w- C:\Users\acer\AppData\Local\{E0FDAF18-8209-45B2-A4D6-2BE43A821256}
2011-12-09 17:47:01 -------- d-----w- C:\Users\acer\AppData\Local\{BF871EC2-457E-42FF-9B69-640E2B65D985}
2011-12-08 21:43:46 -------- d-----w- C:\Users\acer\AppData\Local\{E0F1A7A3-1963-4B08-9FAD-4140AA03F98C}
2011-12-08 21:43:35 -------- d-----w- C:\Users\acer\AppData\Local\{657CDBBF-76CB-47B4-9492-E4118AB42EE5}
2011-12-08 17:03:07 -------- d-----w- C:\Users\acer\AppData\Local\{3DEBA817-0F58-49F9-A11E-67F235A5AD0E}
2011-12-08 17:02:55 -------- d-----w- C:\Users\acer\AppData\Local\{2DFAB1F5-B2DC-4817-BF2E-7AAF0FB17E58}
2011-12-08 09:57:52 -------- d-----w- C:\Users\acer\AppData\Local\{0C8C9124-C737-4571-8422-63B010EAD524}
2011-12-08 09:57:38 -------- d-----w- C:\Users\acer\AppData\Local\{2B4A9319-C06C-4C01-ACFC-AF23A7CE5B1F}
2011-12-08 08:42:36 -------- d-----w- C:\Users\acer\AppData\Local\{C565BCDF-D510-4C3C-AEEC-913A71B9E66E}
2011-12-07 19:15:16 -------- d-----w- C:\Users\acer\AppData\Local\{87DA1AB0-D81E-4CD7-92FA-57ADEE8FEF71}
2011-12-07 19:15:04 -------- d-----w- C:\Users\acer\AppData\Local\{8E923CD2-B08F-4273-92BD-0415DE7B0F25}
2011-12-07 06:25:10 -------- d-----w- C:\Users\acer\AppData\Local\{6967F469-7BE2-4134-AED8-826C841BB87A}
2011-12-07 06:24:57 -------- d-----w- C:\Users\acer\AppData\Local\{AA9CE58E-487E-4DBA-A3AE-82486D52BB6C}
2011-12-06 22:34:21 -------- d-----w- C:\Users\acer\AppData\Local\{9D175EC9-E488-4089-9F9D-A3DC6B85C7AF}
2011-12-06 22:34:09 -------- d-----w- C:\Users\acer\AppData\Local\{D448F462-1AC3-47DC-9641-1948DB1FDAAD}
2011-12-06 18:38:36 -------- d-----w- C:\Users\acer\AppData\Local\{634FC5B5-791C-4FFB-AAE3-BE1D42EDB853}
2011-12-06 18:38:12 -------- d-----w- C:\Users\acer\AppData\Local\{3E7645E2-9B92-4760-81C8-167824C0ED99}
2011-12-06 16:47:56 -------- d-----w- C:\Users\acer\AppData\Local\{2E83AB41-20FF-4EC5-9BC9-31EAAA1EBF0F}
2011-12-06 16:47:45 -------- d-----w- C:\Users\acer\AppData\Local\{754EACC6-49D9-4BD9-A623-E95C0D51D766}
2011-12-05 20:48:13 -------- d-----w- C:\Users\acer\AppData\Local\{476F1E6F-804B-4A1F-8F59-017E6D369DEB}
2011-12-05 20:48:02 -------- d-----w- C:\Users\acer\AppData\Local\{6B9377C4-B553-46E9-9BE2-176C62447B4D}
2011-12-05 20:33:03 -------- d-----w- C:\Users\acer\AppData\Local\{BDAA49F6-78FB-48FA-925C-A0B7D4681511}
2011-12-05 20:32:49 -------- d-----w- C:\Users\acer\AppData\Local\{9CAE90BC-8B24-444B-A32F-F756DA620CFF}
2011-12-04 18:36:38 -------- d-----w- C:\Users\acer\AppData\Local\{8B1902BC-E875-4F61-9FAC-D9E27DCB55D4}
2011-12-04 18:36:20 -------- d-----w- C:\Users\acer\AppData\Local\{93136573-81C9-4773-8ACA-172A2A46FE4B}
2011-12-04 12:26:37 -------- d-----w- C:\Users\acer\AppData\Local\{B222C9D3-AEAD-4368-AA56-52DF2F3F86DD}
2011-12-04 12:26:26 -------- d-----w- C:\Users\acer\AppData\Local\{150C35A0-8CAC-477A-B853-79E6EABBD1F0}
2011-12-04 12:24:01 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-04 09:20:19 -------- d-----w- C:\Users\acer\AppData\Local\{A3318109-77C5-4761-B1DC-2F9D509045B1}
2011-12-04 09:19:12 -------- d-----w- C:\Users\acer\AppData\Local\{C941D7C2-1E11-4F01-9C3A-C25C06270819}
2011-12-03 12:39:26 -------- d-----w- C:\Users\acer\AppData\Local\{CE113737-3660-4A3F-90EB-8B72A46F98AC}
2011-12-03 12:39:14 -------- d-----w- C:\Users\acer\AppData\Local\{26EEC5FA-45A8-425B-AD3F-0F88AEF70539}
2011-12-03 12:27:04 -------- d-----w- C:\Users\acer\AppData\Local\{CF8E951C-CE2D-4AA1-919B-A305E4DDBF6A}
2011-12-03 12:26:43 -------- d-----w- C:\Users\acer\AppData\Local\{E57BD434-3729-478B-B489-F9661BA72B8D}
2011-12-01 19:59:28 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2011-12-01 19:06:33 -------- d-----w- C:\Users\acer\AppData\Local\{5A1DEB77-D89C-4037-A0E3-4A790F98BA78}
2011-12-01 18:44:27 -------- d-----w- C:\Users\acer\AppData\Local\{F8368842-4F73-4F3A-8BD0-7F90B4E87400}
2011-12-01 18:44:15 -------- d-----w- C:\Users\acer\AppData\Local\{47242D42-CAE0-400E-8E4B-263DFD7FAF93}
2011-12-01 18:28:01 -------- d-----w- C:\Users\acer\AppData\Local\{E4709E13-D885-4FAC-89E1-04E4DD9297AC}
2011-12-01 10:44:53 -------- d-----w- C:\Users\acer\AppData\Local\{0501F388-0FF3-44BA-A72F-E231936EFF3A}
2011-12-01 10:44:17 -------- d-----w- C:\Users\acer\AppData\Local\{DB2C07DD-E00D-46F5-A112-1E4E8E9EF35E}
2011-11-30 20:43:23 -------- d-----w- C:\Users\acer\AppData\Local\{DBE41C1B-E9EE-44E0-80B5-2C56031FE320}
2011-11-30 20:43:10 -------- d-----w- C:\Users\acer\AppData\Local\{2BC7A6E9-BA45-4E8C-97C3-1740FE70C17F}
2011-11-30 19:57:44 -------- d-----w- C:\Users\acer\AppData\Local\{265F6018-C7B0-4BD8-8522-48324C284BE3}
2011-11-30 19:57:32 -------- d-----w- C:\Users\acer\AppData\Local\{1E8D77C3-5264-4982-B236-69CC023E234B}
2011-11-30 12:02:00 -------- d-----w- C:\Users\acer\AppData\Local\{96A0B356-9026-4A5A-BB8A-D403B5CB17F8}
2011-11-30 12:01:47 -------- d-----w- C:\Users\acer\AppData\Local\{E70A7E76-7173-47C1-974F-921BB9C83A46}
2011-11-30 09:16:12 -------- d-----w- C:\Users\acer\AppData\Local\{405F3777-A726-423A-864A-DDE6DD8FB025}
2011-11-29 20:52:43 -------- d-----w- C:\Users\acer\AppData\Local\{75CAC02A-0EBE-4D78-A997-D8517828485E}
2011-11-29 20:27:01 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E43D25DE-E28A-4A11-B6FF-400422D26CA1}\mpengine.dll
2011-11-29 20:22:38 -------- d-----w- C:\Users\acer\AppData\Local\{438E6F39-2274-49AF-A87C-80E6C29862C7}
2011-11-28 20:14:43 -------- d-----w- C:\Users\acer\AppData\Local\{E9868141-B9AE-4246-9DDB-6C428F487411}
2011-11-28 20:14:29 -------- d-----w- C:\Users\acer\AppData\Local\{BCCB2FE5-E07B-4B67-894A-E7921EBE007D}
2011-11-28 18:02:16 -------- d-----w- C:\Users\acer\AppData\Local\{0FD65DB3-B25A-4C74-910A-634770EB57DE}
2011-11-28 18:02:03 -------- d-----w- C:\Users\acer\AppData\Local\{45DA49A3-9B25-449A-987F-AED0CAAA5767}
2011-11-28 06:20:42 -------- d-----w- C:\Users\acer\AppData\Local\{02661B02-B6BC-45E3-BB16-7D08C1D03451}
2011-11-28 06:20:27 -------- d-----w- C:\Users\acer\AppData\Local\{76A7A095-BDB8-4FBC-8C20-C116C9FB8909}
2011-11-27 19:04:51 -------- d-----w- C:\Users\acer\AppData\Local\{58831225-EA86-47B8-8CDB-B70CF082D749}
2011-11-27 19:04:37 -------- d-----w- C:\Users\acer\AppData\Local\{A50246E4-8F6C-476C-A7BF-1388861D89F2}
2011-11-27 16:26:52 -------- d-----w- C:\Users\acer\AppData\Local\{7723871A-6C3B-4CE9-971D-832E04309A21}
2011-11-27 16:26:38 -------- d-----w- C:\Users\acer\AppData\Local\{04F68C04-522B-4E25-ABE1-85A0D41DC63D}
2011-11-26 14:23:08 -------- d-----w- C:\Users\acer\AppData\Local\{964AE3E5-94C5-4132-AA36-51ECF0061F4A}
2011-11-26 14:22:55 -------- d-----w- C:\Users\acer\AppData\Local\{8B90F782-751B-43CB-9676-9966BDEB7669}
2011-11-25 21:52:59 -------- d-----w- C:\Users\acer\AppData\Local\{AA6ACD6D-EF58-4AF3-9688-1881F6C1DB55}
2011-11-25 21:38:16 -------- d-----w- C:\Users\acer\AppData\Local\{ECB11689-E06C-47EF-854B-B24DF445480C}
2011-11-24 18:02:59 -------- d-----w- C:\Users\acer\AppData\Local\{6D2B0F89-49E8-4999-A3C9-CC43CCA33E96}
2011-11-24 18:02:43 -------- d-----w- C:\Users\acer\AppData\Local\{3CFBCF74-03E1-4E2D-9C3B-F805C0704397}
2011-11-23 21:46:47 -------- d-----w- C:\Users\acer\AppData\Local\{9F853DE3-F474-4ABC-A86F-AA6DC2116C7F}
2011-11-23 21:46:35 -------- d-----w- C:\Users\acer\AppData\Local\{9D5C7AA6-B612-4377-A57D-3944A271508E}
2011-11-23 21:40:08 -------- d-----w- C:\Users\acer\AppData\Local\{738FA88D-463C-40A0-A73E-F9591EA8DA36}
2011-11-23 18:38:55 -------- d-----w- C:\Users\acer\AppData\Local\{E25633A9-E741-43F3-B3B3-8512A9CF1544}
2011-11-23 18:38:42 -------- d-----w- C:\Users\acer\AppData\Local\{2FA03B2B-C79A-4597-87C1-05FC81DAA043}
2011-11-21 20:05:10 -------- d-----w- C:\Users\acer\AppData\Local\{B77B6EB6-0B35-4799-8B8C-7EC2CB2C8917}
2011-11-21 20:04:58 -------- d-----w- C:\Users\acer\AppData\Local\{F5E89FDE-52EA-487A-8C62-07AC5D327407}
2011-11-21 19:18:59 -------- d-----w- C:\Users\acer\AppData\Local\{F9F2D3BA-E28E-42C1-9C8A-710454E9F7F1}
2011-11-21 15:44:40 -------- d-----w- C:\Users\acer\AppData\Local\{949317AC-484E-4DA2-AF70-8FC4C241B354}
2011-11-21 15:44:27 -------- d-----w- C:\Users\acer\AppData\Local\{6E007437-CB9E-48F7-8BE3-0C31391D338B}
2011-11-21 10:40:02 -------- d-----w- C:\Users\acer\AppData\Local\{54909FB7-AE15-4B9B-8ABE-D55A49BC7C8D}
2011-11-21 10:39:50 -------- d-----w- C:\Users\acer\AppData\Local\{B4F09113-1AAD-4942-90ED-AB08D347E506}
2011-11-20 11:38:53 -------- d-----w- C:\Users\acer\AppData\Local\{5B09EF92-124A-4C71-9763-CAFC7AA4E0DD}
2011-11-19 14:51:16 -------- d-----w- C:\Users\acer\AppData\Local\{7C158092-AA6D-43EC-80FC-389CE3508DDA}
2011-11-19 14:51:01 -------- d-----w- C:\Users\acer\AppData\Local\{7765CDFA-3B7F-4F82-A122-72B6B2A26D7B}
2011-11-19 14:43:08 -------- d-----w- C:\Users\acer\AppData\Local\{97923F5E-1130-4978-A48E-4687A8C65FBC}
2011-11-19 14:42:56 -------- d-----w- C:\Users\acer\AppData\Local\{4CDA44BC-7EAA-46F8-8DE2-1381EE7A209A}
2011-11-19 14:30:17 -------- d-----w- C:\Users\acer\AppData\Local\{41163CAC-E070-425A-A0B4-690BA7085603}
2011-11-19 06:36:54 -------- d-----w- C:\Users\acer\AppData\Local\{E7D77451-6D06-4D20-9D09-F7419B3D4BD2}
2011-11-19 06:36:40 -------- d-----w- C:\Users\acer\AppData\Local\{7E366CD0-AF61-4988-A25E-F7F5905C71F1}
2011-11-18 18:35:59 -------- d-----w- C:\Users\acer\AppData\Local\{D7D17058-F57A-4521-BE46-43BA697EFD79}
2011-11-18 18:35:47 -------- d-----w- C:\Users\acer\AppData\Local\{5E901E8A-411C-48D9-9C64-CC71842138C3}
2011-11-14 21:13:07 -------- d-----w- C:\Users\acer\AppData\Local\{542BFA89-1779-4A86-AB15-7435B65FE3C2}
2011-11-14 21:12:56 -------- d-----w- C:\Users\acer\AppData\Local\{F9322E70-4F1E-4E47-BAA8-FB0FC15850ED}
2011-11-14 20:29:17 -------- d-----w- C:\Users\acer\AppData\Local\{FC18CF4D-A85C-498A-AE3B-67554EAF5A5E}
2011-11-14 20:29:04 -------- d-----w- C:\Users\acer\AppData\Local\{B649B656-88AD-4B71-BD19-C0B842CE7E90}
2011-11-13 16:33:24 -------- d-----w- C:\Users\acer\AppData\Local\{1CD3D443-A837-452D-B496-C0B4F6C0FDAF}
2011-11-13 16:33:12 -------- d-----w- C:\Users\acer\AppData\Local\{D6E7DF39-0DD3-4B26-8103-27B5832DA089}
2011-11-13 10:00:45 -------- d-----w- C:\Users\acer\AppData\Local\{23138F5B-EE8B-4E9A-B8F0-2059B95F1893}
2011-11-13 10:00:34 -------- d-----w- C:\Users\acer\AppData\Local\{F5D8F488-0D53-4E26-B6DA-612846201396}
2011-11-13 08:06:23 -------- d-----w- C:\Users\acer\AppData\Local\{915E6301-09FC-46E8-8B62-A3725EEED69F}
2011-11-13 08:06:10 -------- d-----w- C:\Users\acer\AppData\Local\{01D894E5-56DF-406A-916A-9564F0F2F99A}
2011-11-12 07:55:08 -------- d-----w- C:\Users\acer\AppData\Local\{E0BC96C5-AA1D-4DEB-82CD-E1A6DC7BAFE5}
2011-11-12 07:54:56 -------- d-----w- C:\Users\acer\AppData\Local\{4BC6261A-89D6-48FF-8AB8-551035F97934}
2011-11-11 20:27:37 -------- d-----w- C:\Users\acer\AppData\Local\{A038C086-10F3-4399-99EC-4CAEB9245F8D}
2011-11-11 20:27:25 -------- d-----w- C:\Users\acer\AppData\Local\{5E8A549F-2228-4A49-96D1-BE5FE4F6063F}
2011-11-11 18:43:51 -------- d-----w- C:\Users\acer\AppData\Local\{90146C05-6249-4840-A034-A7105557003C}
.
==================== Find3M ====================
.
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:09:30 3141120 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 17:17:16,44 ===============


e questo il secondo:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 18/11/2009 00:52:53
System Uptime: 11/12/2011 15:35:40 (2 hours ago)
.
Motherboard: Acer | | JV50
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | U2E1 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 153,73 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP323: 08/12/2011 12:27:16 - Punto di controllo pianificato
RP324: 11/12/2011 15:40:14 - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
3 Internet
abgx360 v1.0.5
Acer Arcade Deluxe
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer GameZone Console
Acer GridVista
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Reader 9.3 - Italiano
Advertising Center
Alice Greenfingers
Amazonia
Any Video Converter 3.2.0
Ask Toolbar
avast! Free Antivirus
Backup Manager Basic
Bing Bar
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner (remove only)
Chicken Invaders 2
Conduit Engine
CyberLink Audio Pack (5.1ch) for TriDefMediaPlayer 1.0
D3DX10
Dairy Dash
Dream Day First Home
DVD Decrypter (Remove Only)
eBay Worldwide
eSobi v2
Farm Frenzy 2
Google Toolbar for Internet Explorer
Google Update Helper
Granny In Paradise
Heroes of Hellas
Identity Card
Java Auto Updater
Java(TM) 6 Update 20
JDownloader
Junk Mail filter update
Launch Manager
McAfee SecurityCenter
Merriam Websters Spell Jam
Mesh Runtime
Messenger Companion
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Italian) 2007
Microsoft Office Excel 2007 Help - Aggiornamento (KB963678)
Microsoft Office Excel MUI (Italian) 2007
Microsoft Office Groove MUI (Italian) 2007
Microsoft Office InfoPath MUI (Italian) 2007
Microsoft Office Language Pack 2007 - Italian/Italiano
Microsoft Office O MUI (Italian) 2007
Microsoft Office OneNote MUI (Italian) 2007
Microsoft Office Outlook 2007 Help - Aggiornamento (KB963677)
Microsoft Office Outlook MUI (Italian) 2007
Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669)
Microsoft Office PowerPoint MUI (Italian) 2007
Microsoft Office PowerPoint Viewer 2007 (Italian)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (Italian) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Italian) 2007
Microsoft Office Shared MUI (Italian) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office SharePoint Designer MUI (Italian) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word 2007 Help - Aggiornamento (KB963665)
Microsoft Office Word MUI (Italian) 2007
Microsoft Office X MUI (Italian) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
Nero 9 Lite
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero Update
neroxml
Norton Online Backup
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
OpenOffice.org 3.2
Pacchetto di compatibilità per Office System 2007
PC Connectivity Solution
Raccolta foto di Windows Live
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Samsung New PC Studio
Samsung S5230 Wallpaper Creator
SamsungConnectivityCableDriver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Skype Toolbars
Skype™ 4.2
Softonic-IT Toolbar
Star Defender 4
TriDef 3D (OEM-A) 1.4.10
TriDef 3D Ignition 2.3.3
TriDef 3D Media Player 6.4.21
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Veetle TV 0.9.18
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (32-bit)
WinZip 14.5
Xvid 1.2.1 final uninstall
Yahoo! Install Manager
Yahoo! Toolbar
Yahoo! Toolbar con blocco Pop-Up
.
==== End Of File ===========================
alessia84
Utente Senior
 
Post: 132
Iscritto il: 18/07/06 14:33

Re: W32/Blaster.Worm...Urgente!!!

Postdi Luke57 » 11/12/11 20:43

Ciao, hai due antivirus (Mcfee e Avast), disattivali, poi scarica combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
salvalo sul desktop e disconnettiti dalla rete
Una volta posizionato il programma sul desktop incolla nello spazio bianco di esegui questo comando in neretto, cosi' com'e':

"%userprofile%\desktop\combofix.exe" /killall <==copia e incolla

Premi OK, partirà la scansione.Durante questa fase non fare assolutamente niente con il pc.
Apparirà una schermata di esonero garanzie sul software-clicca su si,
Apparirà una schermata (solo per chi usa windows xp) per installare la console di ripristino,clicca su no.
Al termine apparirà a schermo il log di combofix che potrai anche trovare in C:\combofix.txt .
Allegalo nel prossimo post.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: W32/Blaster.Worm...Urgente!!!

Postdi alessia84 » 11/12/11 21:16

Ho scaricato combofix, il problema è che parte in automatico la scansione, non mi da la possibilità di inserire quella stringa...si apre la finestrella con lo sfondo blu e dopo in automatico parte la scansione...

p.s. scusa tanto, lo so che vi sto facendo perdere un sacco di tempo...
alessia84
Utente Senior
 
Post: 132
Iscritto il: 18/07/06 14:33

Re: W32/Blaster.Worm...Urgente!!!

Postdi alessia84 » 11/12/11 22:07

Eccolo...Attendo istruzioni...
Prima di scaricare combofix cmq, mi è successa la stessa cosa di oggi pomeriggio, tutto impallato...ho dovuto fare nuovamente il ripristino di sistema.....spero di risolvere prestom, grazie mille.


ComboFix 11-12-10.01 - acer 11/12/2011 21:40:22.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.3067.1761 [GMT 1:00]
Eseguito da: C:\Users\acer\Desktop\ComboFix.exe
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))


C:\install.exe
C:\Program Files (x86)\ClickPotatoLite
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.655.0\firefox\extensions\install.rdf
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.655.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\ProgramData\ClickPotatoLiteSA
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk
C:\Users\acer\AppData\Roaming\.#
C:\Users\acer\AppData\Roaming\ClickPotatoLite
C:\Users\acer\AppData\Roaming\mIRC\logs\status.log
C:\Windows\assembly\tmp\U
C:\Windows\assembly\tmp\U\00000001.@
C:\Windows\assembly\tmp\U\000000c0.@
C:\Windows\assembly\tmp\U\000000cb.@
C:\Windows\assembly\tmp\U\000000cf.@
C:\Windows\assembly\tmp\U\80000000.@
C:\Windows\assembly\tmp\U\800000c0.@
C:\Windows\assembly\tmp\U\800000cb.@
C:\Windows\assembly\tmp\U\800000cf.@
C:\Windows\system32\consrv.dll


((((((((((((((((((((((((( Files Creati Da 2011-11-11 al 2011-12-11 )))))))))))))))))))))))))))))))))))


2011-12-11 20:52:56 . 2011-12-11 20:52:56 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-12-11 20:09:13 . 2010-03-09 11:12:39 121936 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2011-12-11 20:09:13 . 2010-03-09 11:08:33 22096 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2011-12-11 20:09:07 . 2010-03-09 11:09:12 28752 ----a-w- C:\Windows\system32\drivers\aswRdr.sys
2011-12-11 20:08:59 . 2010-03-09 11:12:58 51280 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2011-12-11 20:08:45 . 2010-03-09 11:08:56 63568 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2011-12-11 20:08:00 . 2010-03-09 11:24:23 38848 ----a-w- C:\Windows\SysWow64\avastSS.scr
2011-12-11 20:08:00 . 2010-03-09 11:24:05 153184 ----a-w- C:\Windows\SysWow64\aswBoot.exe
2011-12-04 12:24:01 . 2011-12-04 12:24:01 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-03 12:33:07 . 2011-12-03 12:33:07 -------- d-----w- C:\Windows\system32\Macromed
2011-12-01 19:59:28 . 2011-12-01 19:59:28 -------- d-sh--w- C:\Windows\system32\%APPDATA%
2011-11-29 20:27:01 . 2011-10-07 04:16:03 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E43D25DE-E28A-4A11-B6FF-400422D26CA1}\mpengine.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

2011-10-01 03:21:20 . 2011-10-11 18:30:35 1638912 ----a-w- C:\Windows\system32\mshtml.tlb
2011-10-01 02:59:14 . 2011-10-11 18:30:35 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 16:24:44 . 2011-11-08 22:31:24 1897328 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2011-09-29 04:09:30 . 2011-11-08 22:31:22 3141120 ----a-w- C:\Windows\system32\win32k.sys


((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))


*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e3393495-8103-46a0-8181-270273eddd60}"= "C:\Program Files (x86)\Softonic-IT\tbSoft.dll" [2010-10-18 11:26:38 3908192]

[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 11:26:38 3908192 ----a-w- C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-10-11 15:12:10 1244040 ----a-w- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{e3393495-8103-46a0-8181-270273eddd60}]
2010-10-18 11:26:38 3908192 ----a-w- C:\Program Files (x86)\Softonic-IT\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll" [2010-10-11 15:12:10 1244040]
"{e3393495-8103-46a0-8181-270273eddd60}"= "C:\Program Files (x86)\Softonic-IT\tbSoft.dll" [2010-10-18 11:26:38 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll" [2010-10-18 11:26:38 3908192]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18:12 120104 ----a-w- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Global Registration"="C:\Program Files (x86)\Acer\Registration\GREG.exe" [2009-07-31 06:55:08 2844704]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 05:41:03 39408]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2010-05-13 14:12:40 26192168]
"AutoStartNPSAgent"="C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 17:05:22 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 23:31:08 588648]
"BackupManagerTray"="C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 00:25:56 261888]
"EgisTecLiveUpdate"="C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 21:09:34 199464]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 10:32:20 98304]
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" [2009-08-27 20:48:32 1194504]
"ArcadeDeluxeAgent"="C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-07-31 15:29:12 128296]
"PlayMovie"="C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-04 19:45:00 181480]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 00:57:28 35760]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 14:57:56 948672]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 09:43:18 248040]

C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]
R2 gupdate;Servizio di Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 20:56:23 135664]
R3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 17:44:14 183560]
R3 gupdatem;Servizio Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 20:56:23 135664]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 00:31:46 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;C:\Windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TriDefService;TriDef Service;C:\Program Files (x86)\TriDef 3D\TriDef\Common\TriDefService.exe [2009-09-15 02:55:46 1327104]
R3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 17:10:10 57184]
S1 aswSP;aswSP; [x]
S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [x]
S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-05 19:30:58 844320]
S2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 13:04:50 1150496]
S2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 09:18:54 311592]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-05-04 11:07:22 503080]
S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 00:25:50 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 00:31:58 144640]
S2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 01:47:12 240160]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x]


Contenuto della cartella 'Scheduled Tasks'

2011-12-11 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 20:56:30 . 2010-02-09 20:56:23]

2011-12-11 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 20:56:30 . 2010-02-09 20:56:23]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19:54 137512 ----a-w- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 02:03:32 186904]
"mwlDaemon"="C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-07 09:18:42 349480]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 02:32:06 8060960]
"PLFSetI"="C:\Windows\PLFSetI.exe" [2008-07-29 17:29:26 200704]
"Acer ePower Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-05 19:30:58 828960]
"combofix"="C:\ComboFix\CF11259.3XE" [2009-07-14 01:39:01 344576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

------- Scansione supplementare -------

uStart Page = hxxp://www.google.it/
uLocal Page = C:\Windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5t4751b718
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: adecco.it\www
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9931CF2B-231F-4491-A691-4354474781B9}: NameServer = 151.99.125.1

- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-NPSStartup - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E3393495-8103-46A0-8181-270273EDDD60} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-abgx360 - C:\Users\acer\Desktop\abgx360\uninstall.exe
AddRemove-YInstHelper - C:\Windows\system32\regsvr32
alessia84
Utente Senior
 
Post: 132
Iscritto il: 18/07/06 14:33

Re: W32/Blaster.Worm...Urgente!!!

Postdi Luke57 » 11/12/11 22:52

Ciao, adesso che problemi ha il computer?
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: W32/Blaster.Worm...Urgente!!!

Postdi alessia84 » 12/12/11 09:23

Buongiorno, la cosa che mi succede è che quando faccio qualche ricerca su google, sembra stia caricando la pagina da me richiesta, ma poi vengo in automatico indirizzata ad altre pagine, e dopo un pò va tutto nel pallone..

Questo è successo fino a ieri prima della scansione con combofix, quando ho dovuto rifare ancora una volta il ripristino di sistema.

Il log non fa trasparire alcun virus? tra l'altro avast mi dice che il pc è a posto..
alessia84
Utente Senior
 
Post: 132
Iscritto il: 18/07/06 14:33

Re: W32/Blaster.Worm...Urgente!!!

Postdi Luke57 » 12/12/11 12:44

Ciao, fai anche questo controllo(il tutto ripreso da FDAC, che saluto ;) )

Scarica Kaspersky TDSS Killer:
http://support.kaspersky.com/downloads/ ... killer.exe
● posiziona il file scaricato sul Desktop
● doppio click su TDSSKiller.exe per avviare l'applicazione e successivamente sul pulsante Start Scan

Giunti a questo punto, inizia la scansione del sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure, clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip, clicca quindi su Continua

Una volta terminata la scansione, si presenterà una di queste due opzioni:
● non è necessario il riavvio del sistema: clicca su Report e salva il contenuto in un file di testo
● è necessario riavviare il sistema: clicca su Riavvia ora
● il report del programma da allegare si trova in C:\ in questa forma:
TDSSKiller.[Version]_[Date]_[Time]_log.txt
copialo e incollalo in un post
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "W32/Blaster.Worm...Urgente!!!":

Aiuto urgente!!!
Autore: templare77
Forum: Software Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 10 ospiti