pc lento, sopratutto in navigazione.

di **ze.lorenzo** » 19/02/12 18:55

Salve a tutti, mi rivolgo a voi per il seguente problema : il mio pc da qualche giorno si impalla sopratutto in fase di navigazione. Uso firefox.

di **ze.lorenzo** » 19/02/12 18:56

Provo a postare il log salvato di hijackthis

di **ze.lorenzo** » 19/02/12 18:56

grazie mille per l'attenzione a priori

di **ze.lorenzo** » 19/02/12 18:59

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18.52.07, on 19/02/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SITECOM\150N USB Wireless LAN Utility\RtWLan.exe
C:\Programmi\File comuni\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Virtual\Untrusted\C_\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Programmi\securedie\prxtbsec2.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: securedie - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Programmi\securedie\prxtbsec2.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Programmi\securedie\prxtbsec2.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [{DF0871EB-B50B-EC64-2928-50BA5EA1360C}] "C:\Documents and Settings\user\Dati applicazioni\Riusr\abobz.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Sitecom 150N USB Wireless LAN Utility.lnk = C:\Programmi\SITECOM\150N USB Wireless LAN Utility\RtWLan.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img4.orkut.com/activex/10036/photouploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 5578388000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5578341890
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Programmi\File comuni\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

di **FrancescoFDAC** » 20/02/12 13:45

Il PC è infetto.
Scarica Malwarebytes' Anti-Malware - Free Edition: http://www.malwarebytes.org
● doppio click su mbam-setup.exe per avviare il setup
● in fase di installazione, lascia la spunta alle voci b]Aggiorna Malwarebytes' Anti-Malware[/b] e Avvia Malwarebytes' Anti-Malware

Una volta eseguiti i passaggi indicati sopra:
● collega tutte le periferiche esterne che possiedi ( Chiavette USB, HDD Esterni, Lettori MP3... )
● verrà mostrata la schermata principale del tool: al messaggio che appare, clicca sul pulsante No
● clicca sul pulsante Scansione completa, e conferma cliccando il pulsante Scansione
● verrà richiesto quali drive scansionare; selezionali tutti, e clicca nuovamente su Scansione
● attendi pazientemente il termine della scansione
● una volta terminata, clicca sul pulsante OK e Mostra Risultati per visionare il Report
● verrà rilasciato automaticamente un file di testo: salvalo sul Desktop ed allegalo
● assicurati che tutte le voci siano selezionate, e clicca sul pulsante Rimuovi selezionati, in basso a sinistra
● il log può essere visionati cliccando sul tab Log dall'interfaccia principale del programma

Nota - riguardo al programma:
● se MalwareBytes incontrasse delle difficoltà nel rimuovere alcuni file, verranno mostrate delle finestre aggiuntive: clicca sul pulsante OK, e lascia procedere il programma alla disinfezione. Se MalwareBytes chiedesse di riavviare il sistema, fallo immediatamente

di **ze.lorenzo** » 22/02/12 09:39

ho fatto tutto,allafine mi ha chiesto di riavviare il pc, l'ho fatto. Solo che si è bloccato su "avvio di windows in corso " per più di 30 minuti .. a quel punto l'ho riavviato manualmente.
Ho rimosso 26 elementi nocivi ... il pc è comunque impallatissimo.
Che faccio?

di **FrancescoFDAC** » 22/02/12 16:23

Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● posiziona il file scaricato sul Desktop
● disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
● disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un doppio click
● segui le istruzioni che verranno rilasciate per eseguire la scansione
● in caso tu abbia Windows XP, verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare
● senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop: nulla di cui preoccuparsi
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo te
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo

Nota - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
● sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato da te dopo l'utilizzo del software stesso.
Lo stesso vale per me; questo tool non è un giocattolo e non è destinato all'utilizzo quotidiano. Esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
● ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette, Hard Disk Esterni, Lettori MP3...) per prevenire future minacce: quando inserisci una Pendrive, sarai costretto ad avviarla dalle Risorse del computer. Una precauzione in più, una possibile minaccia in meno

di **ze.lorenzo** » 05/03/12 09:58

ciao allego il risultato (premetto che nel frattempo ho disistallato firefox e istallato google chrome e la navigazione è quasi perfetta) ...

ComboFix 12-03-04.02 - user 05/03/2012 9.16.56.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.299 [GMT 1:00]
Eseguito da: c:\documents and settings\user\Documenti\Downloads\ComboFix.exe
AV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
ADS - system32: deleted 0 bytes in 1 streams.
ADS - WINDOWS: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\user\Dati applicazioni\PriceGong
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\1.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\a.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\b.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\c.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\d.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\e.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\f.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\g.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\h.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\i.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\J.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\k.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\l.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\m.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\mru.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\n.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\o.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\p.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\q.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\r.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\s.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\t.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\u.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\v.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\w.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\x.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\y.xml
c:\documents and settings\user\Dati applicazioni\PriceGong\Data\z.xml
c:\documents and settings\user\WINDOWS
c:\windows\unin0410.exe
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
((((((((((((((((((((((((( Files Creati Da 2012-02-05 al 2012-03-05 )))))))))))))))))))))))))))))))))))
.
.
2012-02-27 09:02 . 2012-02-27 09:02 -------- d-----w- c:\documents and settings\user\Impostazioni locali\Dati applicazioni\Google
2012-02-23 22:33 . 2012-02-23 22:33 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-02-23 22:31 . 2012-02-23 22:31 -------- d-sh--w- c:\documents and settings\user\IETldCache
2012-02-23 20:17 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2012-02-23 20:15 . 2011-12-17 19:43 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-02-23 20:15 . 2011-12-17 19:43 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-23 20:15 . 2011-12-17 19:43 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-23 20:10 . 2012-02-23 20:15 -------- dc-h--w- c:\windows\ie8
2012-02-21 07:52 . 2012-02-21 07:52 -------- d-----w- c:\documents and settings\user\Dati applicazioni\Malwarebytes
2012-02-21 07:52 . 2012-02-21 07:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2012-02-21 07:52 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-21 07:52 . 2012-02-21 07:52 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2012-02-20 09:36 . 2012-02-20 17:36 -------- d-----w- c:\windows\SxsCaPendDel
2012-02-20 07:51 . 2011-11-25 21:57 293888 ------w- c:\windows\system32\dllcache\winsrv.dll
2012-02-20 07:51 . 2010-12-20 17:32 551936 ------w- c:\windows\system32\dllcache\oleaut32.dll
2012-02-20 07:50 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2012-02-20 07:50 . 2011-09-28 07:06 603136 ------w- c:\windows\system32\dllcache\crypt32.dll
2012-02-20 07:50 . 2011-01-21 14:44 440832 ------w- c:\windows\system32\dllcache\shimgvw.dll
2012-02-20 07:50 . 2011-11-01 16:07 1288192 ------w- c:\windows\system32\dllcache\ole32.dll
2012-02-20 07:50 . 2010-04-16 15:37 406016 ------w- c:\windows\system32\dllcache\usp10.dll
2012-02-20 07:50 . 2010-11-09 14:51 249856 ------w- c:\windows\system32\dllcache\odbc32.dll
2012-02-20 07:50 . 2010-11-09 14:51 200704 ------w- c:\windows\system32\dllcache\msadox.dll
2012-02-20 07:50 . 2010-11-09 14:51 180224 ------w- c:\windows\system32\dllcache\msadomd.dll
2012-02-20 07:50 . 2010-11-09 14:51 143360 ------w- c:\windows\system32\dllcache\msadco.dll
2012-02-20 07:50 . 2010-11-09 14:51 102400 ------w- c:\windows\system32\dllcache\msjro.dll
2012-02-20 07:50 . 2010-11-09 14:51 536576 ------w- c:\windows\system32\dllcache\msado15.dll
2012-02-20 07:50 . 2009-07-27 23:16 135168 ------w- c:\windows\system32\dllcache\shsvcs.dll
2012-02-20 07:49 . 2011-02-08 13:34 978944 ------w- c:\windows\system32\dllcache\mfc42.dll
2012-02-20 07:49 . 2011-10-18 11:13 186880 ------w- c:\windows\system32\dllcache\encdec.dll
2012-02-20 07:49 . 2009-04-20 17:18 45568 ------w- c:\windows\system32\dllcache\dnsrslvr.dll
2012-02-20 07:47 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2012-02-20 07:47 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2012-02-20 07:47 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2012-02-20 07:45 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2012-02-20 07:45 . 2011-11-20 06:12 60928 ------w- c:\windows\system32\dllcache\packager.exe
2012-02-20 07:43 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-02-20 07:43 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-02-20 07:40 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-02-20 07:40 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-20 07:40 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-20 07:39 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2012-02-19 12:40 . 2012-02-19 12:40 -------- d-----w- c:\windows\system32\wbem\snmp
2012-02-19 12:40 . 2012-02-19 12:40 -------- d-----w- c:\windows\system32\xircom
2012-02-19 12:40 . 2012-02-19 12:40 -------- d-----w- c:\programmi\microsoft frontpage
2012-02-19 11:47 . 2012-02-19 11:47 -------- d-----w- c:\windows\l2schemas
2012-02-19 11:47 . 2012-02-19 11:47 -------- d-----w- c:\windows\system32\bits
2012-02-16 08:32 . 2012-02-16 08:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-16 08:12 . 2012-02-16 08:12 -------- d-----w- c:\documents and settings\user\Impostazioni locali\Dati applicazioni\PackageAware
2012-02-11 14:01 . 2012-02-11 14:01 388096 ----a-r- c:\documents and settings\user\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-11 14:01 . 2012-02-11 14:01 -------- d-----w- c:\programmi\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 17:20 . 2007-01-03 10:52 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:43 . 2007-01-03 10:56 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:43 . 2007-01-03 10:56 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:43 . 2007-01-03 10:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2007-01-03 10:55 385024 ------w- c:\windows\system32\html.iec
2011-12-11 21:58 . 2011-12-11 21:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cd36797a-70f3-4acd-8825-623d3b896881}"= "c:\programmi\securedie\prxtbsec2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd36797a-70f3-4acd-8825-623d3b896881}]
2011-01-17 14:54 175912 ----a-w- c:\programmi\securedie\prxtbsec2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cd36797a-70f3-4acd-8825-623d3b896881}"= "c:\programmi\securedie\prxtbsec2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CD36797A-70F3-4ACD-8825-623D3B896881}"= "c:\programmi\securedie\prxtbsec2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"CnxDslTaskBar"="c:\programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe" [2007-10-31 462848]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Sitecom 150N USB Wireless LAN Utility.lnk - c:\programmi\SITECOM\150N USB Wireless LAN Utility\RtWLan.exe [2011-10-13 991232]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-12-03 08:12 976320 ----a-w- c:\programmi\Epson Software\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX420W Series]
2009-09-14 07:00 200704 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIGCE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Shareaza\\Shareaza.exe"=
"c:\\Programmi\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Programmi\\SITECOM\\150N USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Programmi\\Trust\\Trust MD3100 USB ADSL MODEM\\CnxDslTb.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\programmi\File comuni\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14/05/2009 16.07.14 759048]
R2 BBSvc;Bing Bar Update Service;c:\programmi\Microsoft\BingBar\BBSvc.EXE [21/10/2011 15.23.42 196176]
R2 BBUpdate;BBUpdate;c:\programmi\Microsoft\BingBar\SeaPort.EXE [13/10/2011 17.21.52 249648]
R2 SeaPort_Untrusted_BZ;SeaPort_Untrusted_BZ;c:\virtual\Untrusted\C_\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14/01/2009 17.53.02 226656]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [13/10/2011 18.11.20 606056]
R3 xpsec;Driver IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S0 fxxysn;fxxysn;c:\windows\system32\drivers\cgiqugr.sys --> c:\windows\system32\drivers\cgiqugr.sys [?]
S2 SENS_Untrusted_BZ;Notifica eventi di sistema_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k netsvcs [19/08/2004 14.39.46 14336]
S2 ShellHWDetection_Untrusted_BZ;Rilevamento hardware shell_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\System32\svchost.exe -k netsvcs [19/08/2004 14.39.46 14336]
S2 StiSvc_Untrusted_BZ;Acquisizione di immagini di Windows (WIA)_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k imgsvc [19/08/2004 14.39.46 14336]
S3 BITS_Untrusted_BZ;Servizio trasferimento intelligente in background_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k netsvcs [19/08/2004 14.39.46 14336]
S3 CnxEtP;Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [31/10/2007 19.33.07 60288]
S3 CnxEtU;Trust MD3100 USB ADSL MODEM Loader;c:\windows\system32\drivers\CnxEtU.sys [31/10/2007 19.33.07 646400]
S3 CnxTgN;Trust MD3100 USB ADSL MODEM LAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [31/10/2007 19.33.07 108771]
S3 EventSystem_Untrusted_BZ;Sistema di eventi COM+_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k netsvcs [19/08/2004 14.39.46 14336]
S3 netman_Untrusted_BZ;Connessioni di rete_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\System32\svchost.exe -k netsvcs [19/08/2004 14.39.46 14336]
S3 or8eq7s.sys;or8eq7s.sys;\??\c:\windows\system32\drivers\or8eq7s.sys --> c:\windows\system32\drivers\or8eq7s.sys [?]
S3 usnjsvc_Untrusted_BZ;Servizio Messenger Sharing Folders USN Journal Reader_Untrusted_BZ;c:\virtual\Untrusted\C_\Programmi\Windows Live\Messenger\usnsvc.exe [18/10/2007 11.31.54 98328]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - xcpip
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-764733703-725345543-1003Core.job
- c:\documents and settings\user\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-02-27 09:01]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-764733703-725345543-1003UA.job
- c:\documents and settings\user\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-02-27 09:01]
.
.
------- Scansione supplementare -------
.
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
MSConfigStartUp-JustVoip - c:\programmi\JustVoip.com\JustVoip\JustVoip.exe
MSConfigStartUp-SiteVacuum - c:\programmi\EasySearch\SiteVacuumClient.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Dati applicazioni\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
AddRemove-IW QuickTrade - c:\windows\system32\javaws.exe
AddRemove-Webank T3 - c:\windows\system32\javaws.exe
AddRemove-WeTrade T3 - c:\windows\system32\javaws.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-05 09:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\Programmable]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Control]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\EnableFullPage]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Implemented Categories]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\InprocServer32]
"VRegSpecialValueName"=dword:000000aa
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\MiscStatus]
"VRegSpecialValueName"=dword:000000aa
@="0"
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ProgID]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Programmable]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ToolboxBitmap32]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\TypeLib]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Version]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\VersionIndependentProgID]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
"VRegSpecialValueName"=dword:000000aa
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
"VRegSpecialValueName"=dword:000000aa
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\ControlSet001\HARDWARE PROFILES\CURRENT]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\LocalSystem]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\S-1-5-21-746137067-764733703-725345543-1003\software\Classes]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\07\01\14\096-?"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ñw*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2936)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\AntiVir PersonalEdition Classic\avguard.exe
c:\programmi\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Ora fine scansione: 2012-03-05 09:48:38 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-03-05 08:48
.
Pre-Run: 17.739.124.736 byte disponibili
Post-Run: 19.533.443.072 byte disponibili
.
- - End Of File - - 5CF3824BE3553F1F205F7A002D0EA5BC

di **FrancescoFDAC** » 05/03/12 11:12

Taglia e Incolla ComboFix, da questa posizione;
:\documents and settings\user\Documenti\Downloads\ComboFix.exe
Sul Desktop

Quindi;
Script personalizzato di ComboFix

Avviso: non eseguire ComboFix di tua iniziativa; questo tool non è un giocattolo e non è adatto ad un uso quotidiano.

Apri il Block Note: Start> Tutti i programmi> Accessori> Blocco note
● all'interno del nuovo documento di testo, copia ed incolla le seguenti righe:

Codice: Seleziona tutto: File:: c:\windows\system32\drivers\xpsec.sys c:\windows\system32\drivers\cgiqugr.sys c:\windows\system32\drivers\or8eq7s.sys Registry:: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{cd36797a-70f3-4acd-8825-623d3b896881}"=- [-HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd36797a-70f3-4acd-8825-623d3b896881}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{cd36797a-70f3-4acd-8825-623d3b896881}"=- [-HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CD36797A-70F3-4ACD-8825-623D3B896881}"=- [-HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"=- "65533:TCP"=- "52344:TCP"=- Driver:: xpsec fxxysn or8eq7s.sys

● chiama questo file CFScript.txt, e posizionalo sul Desktop

Molto importante! Disabilita temporaneamente il tuo antivirus e firewall prima di seguire la procedura indicata. Potrebbero infatti interferire con ComboFix o rimuovere alcuni dei suoi file incorporati che possono portare a risultati imprevedibili.
Facendo riferimento all'immagine presente qui sotto, trascina con il puntatore del mouse CFScript.txt sull'icona di ComboFix
ComboFix ora eseguirà una scansione del tuo sistema. Una volta terminata, potrebbe riavviare automaticamente il sistema: in caso contrario, procedi tu manualmente.
A questo punto, il programma produrrà un Report. Copia ed incolla il log nel tuo prossimo post.

Nota - riguardo alla procedura:
● non toccare assolutamente il mouse e la tastiera durante la scansione: potrebbe interrompersi

di **ze.lorenzo** » 05/03/12 21:40

ecco qua ....

ComboFix 12-03-04.02 - user 05/03/2012 20.52.28.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.206 [GMT 1:00]
Eseguito da: c:\documents and settings\user\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\user\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
FILE ::
"c:\windows\system32\drivers\cgiqugr.sys"
"c:\windows\system32\drivers\or8eq7s.sys"
"c:\windows\system32\drivers\xpsec.sys"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_OR8EQ7S.SYS
-------\Service_fxxysn
-------\Service_or8eq7s.sys
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Files Creati Da 2012-02-05 al 2012-03-05 )))))))))))))))))))))))))))))))))))
.
.
2012-02-27 09:02 . 2012-02-27 09:02 -------- d-----w- c:\documents and settings\user\Impostazioni locali\Dati applicazioni\Google
2012-02-23 22:33 . 2012-02-23 22:33 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-02-23 22:31 . 2012-02-23 22:31 -------- d-sh--w- c:\documents and settings\user\IETldCache
2012-02-23 20:17 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2012-02-23 20:15 . 2011-12-17 19:43 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-02-23 20:15 . 2011-12-17 19:43 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-23 20:15 . 2011-12-17 19:43 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-23 20:10 . 2012-02-23 20:15 -------- dc-h--w- c:\windows\ie8
2012-02-21 07:52 . 2012-02-21 07:52 -------- d-----w- c:\documents and settings\user\Dati applicazioni\Malwarebytes
2012-02-21 07:52 . 2012-02-21 07:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2012-02-21 07:52 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-21 07:52 . 2012-02-21 07:52 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2012-02-20 09:36 . 2012-02-20 17:36 -------- d-----w- c:\windows\SxsCaPendDel
2012-02-20 07:51 . 2011-11-25 21:57 293888 ------w- c:\windows\system32\dllcache\winsrv.dll
2012-02-20 07:51 . 2010-12-20 17:32 551936 ------w- c:\windows\system32\dllcache\oleaut32.dll
2012-02-20 07:50 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2012-02-20 07:50 . 2011-09-28 07:06 603136 ------w- c:\windows\system32\dllcache\crypt32.dll
2012-02-20 07:50 . 2011-01-21 14:44 440832 ------w- c:\windows\system32\dllcache\shimgvw.dll
2012-02-20 07:50 . 2011-11-01 16:07 1288192 ------w- c:\windows\system32\dllcache\ole32.dll
2012-02-20 07:50 . 2010-04-16 15:37 406016 ------w- c:\windows\system32\dllcache\usp10.dll
2012-02-20 07:50 . 2010-11-09 14:51 249856 ------w- c:\windows\system32\dllcache\odbc32.dll
2012-02-20 07:50 . 2010-11-09 14:51 200704 ------w- c:\windows\system32\dllcache\msadox.dll
2012-02-20 07:50 . 2010-11-09 14:51 180224 ------w- c:\windows\system32\dllcache\msadomd.dll
2012-02-20 07:50 . 2010-11-09 14:51 143360 ------w- c:\windows\system32\dllcache\msadco.dll
2012-02-20 07:50 . 2010-11-09 14:51 102400 ------w- c:\windows\system32\dllcache\msjro.dll
2012-02-20 07:50 . 2010-11-09 14:51 536576 ------w- c:\windows\system32\dllcache\msado15.dll
2012-02-20 07:50 . 2009-07-27 23:16 135168 ------w- c:\windows\system32\dllcache\shsvcs.dll
2012-02-20 07:49 . 2011-02-08 13:34 978944 ------w- c:\windows\system32\dllcache\mfc42.dll
2012-02-20 07:49 . 2011-10-18 11:13 186880 ------w- c:\windows\system32\dllcache\encdec.dll
2012-02-20 07:49 . 2009-04-20 17:18 45568 ------w- c:\windows\system32\dllcache\dnsrslvr.dll
2012-02-20 07:47 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2012-02-20 07:47 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2012-02-20 07:47 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2012-02-20 07:45 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2012-02-20 07:45 . 2011-11-20 06:12 60928 ------w- c:\windows\system32\dllcache\packager.exe
2012-02-20 07:43 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-02-20 07:43 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-02-20 07:40 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-02-20 07:40 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-20 07:40 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-20 07:39 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2012-02-19 12:40 . 2012-02-19 12:40 -------- d-----w- c:\windows\system32\wbem\snmp
2012-02-19 12:40 . 2012-02-19 12:40 -------- d-----w- c:\windows\system32\xircom
2012-02-19 12:40 . 2012-02-19 12:40 -------- d-----w- c:\programmi\microsoft frontpage
2012-02-19 11:47 . 2012-02-19 11:47 -------- d-----w- c:\windows\l2schemas
2012-02-19 11:47 . 2012-02-19 11:47 -------- d-----w- c:\windows\system32\bits
2012-02-16 08:32 . 2012-02-16 08:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-16 08:12 . 2012-02-16 08:12 -------- d-----w- c:\documents and settings\user\Impostazioni locali\Dati applicazioni\PackageAware
2012-02-11 14:01 . 2012-02-11 14:01 388096 ----a-r- c:\documents and settings\user\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-11 14:01 . 2012-02-11 14:01 -------- d-----w- c:\programmi\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 17:20 . 2007-01-03 10:52 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:43 . 2007-01-03 10:56 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:43 . 2007-01-03 10:56 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:43 . 2007-01-03 10:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2007-01-03 10:55 385024 ------w- c:\windows\system32\html.iec
2011-12-11 21:58 . 2011-12-11 21:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"CnxDslTaskBar"="c:\programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe" [2007-10-31 462848]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Sitecom 150N USB Wireless LAN Utility.lnk - c:\programmi\SITECOM\150N USB Wireless LAN Utility\RtWLan.exe [2011-10-13 991232]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-12-03 08:12 976320 ----a-w- c:\programmi\Epson Software\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX420W Series]
2009-09-14 07:00 200704 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIGCE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Shareaza\\Shareaza.exe"=
"c:\\Programmi\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Programmi\\SITECOM\\150N USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Programmi\\Trust\\Trust MD3100 USB ADSL MODEM\\CnxDslTb.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\programmi\File comuni\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14/05/2009 16.07.14 759048]
R2 BBUpdate;BBUpdate;c:\programmi\Microsoft\BingBar\SeaPort.EXE [13/10/2011 17.21.52 249648]
R2 SeaPort_Untrusted_BZ;SeaPort_Untrusted_BZ;c:\virtual\Untrusted\C_\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14/01/2009 17.53.02 226656]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [13/10/2011 18.11.20 606056]
S2 BBSvc;Bing Bar Update Service;c:\programmi\Microsoft\BingBar\BBSvc.EXE [21/10/2011 15.23.42 196176]
S2 SENS_Untrusted_BZ;Notifica eventi di sistema_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k netsvcs [19/08/2004 14.39.46 14336]
S2 ShellHWDetection_Untrusted_BZ;Rilevamento hardware shell_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\System32\svchost.exe -k netsvcs [19/08/2004 14.39.46 14336]
S2 StiSvc_Untrusted_BZ;Acquisizione di immagini di Windows (WIA)_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k imgsvc [19/08/2004 14.39.46 14336]
S3 BITS_Untrusted_BZ;Servizio trasferimento intelligente in background_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k netsvcs [19/08/2004 14.39.46 14336]
S3 CnxEtP;Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [31/10/2007 19.33.07 60288]
S3 CnxEtU;Trust MD3100 USB ADSL MODEM Loader;c:\windows\system32\drivers\CnxEtU.sys [31/10/2007 19.33.07 646400]
S3 CnxTgN;Trust MD3100 USB ADSL MODEM LAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [31/10/2007 19.33.07 108771]
S3 EventSystem_Untrusted_BZ;Sistema di eventi COM+_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k netsvcs [19/08/2004 14.39.46 14336]
S3 netman_Untrusted_BZ;Connessioni di rete_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\System32\svchost.exe -k netsvcs [19/08/2004 14.39.46 14336]
S3 usnjsvc_Untrusted_BZ;Servizio Messenger Sharing Folders USN Journal Reader_Untrusted_BZ;c:\virtual\Untrusted\C_\Programmi\Windows Live\Messenger\usnsvc.exe [18/10/2007 11.31.54 98328]
.
--- Altri Servizi/Drivers In Memoria ---
.
*Deregistered* - xcpip
*Deregistered* - xpsec
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-764733703-725345543-1003Core.job
- c:\documents and settings\user\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-02-27 09:01]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-764733703-725345543-1003UA.job
- c:\documents and settings\user\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-02-27 09:01]
.
.
------- Scansione supplementare -------
.
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-05 21:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\Programmable]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Control]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\EnableFullPage]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Implemented Categories]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\InprocServer32]
"VRegSpecialValueName"=dword:000000aa
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\MiscStatus]
"VRegSpecialValueName"=dword:000000aa
@="0"
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ProgID]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Programmable]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ToolboxBitmap32]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\TypeLib]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Version]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\VersionIndependentProgID]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
"VRegSpecialValueName"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
"VRegSpecialValueName"=dword:000000aa
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
"VRegSpecialValueName"=dword:000000aa
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\ControlSet001\HARDWARE PROFILES\CURRENT]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\LocalSystem]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\S-1-5-21-746137067-764733703-725345543-1003\software\Classes]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\07\01\14\096-?"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ñw*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3384)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\AntiVir PersonalEdition Classic\avguard.exe
c:\programmi\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Ora fine scansione: 2012-03-05 21:25:59 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-03-05 20:25
ComboFix2.txt 2012-03-05 08:48
.
Pre-Run: 19.565.416.448 byte disponibili
Post-Run: 19.555.540.992 byte disponibili
.
- - End Of File - - 5531076BE57997AC7F1B0BBBAA5EBB07

di **FrancescoFDAC** » 06/03/12 13:53

Allega un log aggiornato di Hijackthis.
Il PC come va?

pc lento, sopratutto in navigazione.

pc lento, sopratutto in navigazione.

Re: pc lento, sopratutto in navigazione.

Re: pc lento, sopratutto in navigazione.

Re: pc lento, sopratutto in navigazione.

Re: pc lento, sopratutto in navigazione.

Re: pc lento, sopratutto in navigazione.

Re: pc lento, sopratutto in navigazione.

Re: pc lento, sopratutto in navigazione.

Re: pc lento, sopratutto in navigazione.

Re: pc lento, sopratutto in navigazione.

Re: pc lento, sopratutto in navigazione.

Topic correlati a "pc lento, sopratutto in navigazione.":

Chi c’è in linea