Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Pagina 1 di 4 1 2 3 ... ultimoultimo
Visualizzazione dei risultati da 1 a 10 su 37

Discussione: CPU spesso al 100%

  1. 04-01-2011, 20:35 #1
    gobas
    gobas non è in linea
    Utente di HTML.it
    Registrato dal
    Jan 2011
    Messaggi
    219

    CPU spesso al 100%

    ciao a tutti, avevo provato a postare in una discussione esistente ma non ho avuto risposta ...deduco che non sia stata l'idea giusta e quindi faccio questo post

    come dicevo nell'altra discussione ultimamente il pc è molto lento e ho notato che spesso la cpu è al 100%

    ho già fatto scansioni con antivirus aggiornato ed originale (kaspersky) e con spy bot e pulizie varie con ccleaner
    qualcosina hanno trovato e un po' è migliorato ma è ancora molto lento

    provo a postare il risultato della scansione fatta con Hijackthis


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21.08.00, on 02/01/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    C:\Programmi\NDAS\System\ndassvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    C:\Programmi\COMODO\COMODO Internet Security\cfp.exe
    C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Spamihilator\spamihilator.exe
    C:\WINDOWS\system32\svchost.exe
    D:\1 Exe senza installazione\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301. 5672\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [avp] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\gobbo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Spamihilator.lnk = C:\Programmi\Spamihilator\spamihilator.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
    O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: &Tastiera Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programmi\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...ash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0F18B03B-8944-4BF2-9DD9-F16451B791CA}: NameServer = 212.216.112.112,212.216.172.62
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll c:\progra~1\kasper~1\kasper~2\mzvkbd3.dll
    O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: a-squared Free Service (a2free) - Unknown owner - c:\programmi\a-squared free\a2service.exe (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: SAMSUNG AllShare Service (AllShare) - Unknown owner - C:\Programmi\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programmi\File comuni\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programmi\MAGIX\Common\Database\bin\fbserver.ex e
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Servizio di Google Update (gupdate1c9d656d03ca85c) (gupdate1c9d656d03ca85c) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Funzionamento NDAS (ndassvc) - XIMETA, Inc. - C:\Programmi\NDAS\System\ndassvc.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\Mabinogi\npkcmsvc.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: UPnPService - Magix AG - C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe

    --
    End of file - 10521 bytes

    spero in un vostro aiuto

    grazie
    Rispondi quotando Rispondi quotando
  2. 05-01-2011, 12:53 #2
    TDL3 Rootkit
    TDL3 Rootkit non è in linea
    Utente bannato
    Registrato dal
    Dec 2010
    Messaggi
    30
    Ciao.
    Rilancia Hijackthis:
    Do a System Scan Only
    spunta la casellina fianco di ogni singola voce che ti indicherò sotto
    ● una volta spuntate le voci:
    chiudi tutte le applicazioni aperte
    chiudi tutte le pagine del browser aperte
    ● in Hijackthis fixa le voci cliccando su Fix checked
    Queste le voci da fixare:

    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\gobbo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
    O4 - Startup: Spamihilator.lnk = C:\Programmi\Spamihilator\spamihilator.exe
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...ash/swflash.cab

    Poi:

    Start esegui e digita:
    sc delete npggsvc service

    Start esegui e digita:
    sc delete npkcmsvc service

    Posta un log aggiornato di HJT e comunica la situazione.
    Di Kaspersky, hai solo Antivirus?

    Disinstalla, da Pannello di Controllo/Installazione Applicazioni:

    Windows Live Toolbar
    Adobe PDF Toolbar
    Rispondi quotando Rispondi quotando
  3. 05-01-2011, 13:55 #3
    gobas
    gobas non è in linea
    Utente di HTML.it
    Registrato dal
    Jan 2011
    Messaggi
    219
    intanto grazissimo della risposta !
    stasera con + calma faccio quello che mi hai detto
    intanto rispondo alla tua domanda

    si..di kasperky ho solo l'antivirus + difesa proattiva
    e poi ho comodo firewall impostato solo come firewall...ho escluso sendbox e defence+

    a proposito di kaspersky ho visto oggi che si è messo a fare un rootkit...xchè ? devo disattivarlo in qualche modo ?

    grazie
    Rispondi quotando Rispondi quotando
  4. 05-01-2011, 14:30 #4
    TDL3 Rootkit
    TDL3 Rootkit non è in linea
    Utente bannato
    Registrato dal
    Dec 2010
    Messaggi
    30
    Si è messo a fare un RootKit?
    Probabilmente volevi dire, che Kaspersky ha rilevato un RootKit.
    Si, neutralizzalo, in qualche modo.
    Intanto, prosegui con la procedura descritta in precedenza.
    Successivamente, andremo avanti, anche con una scansione AntiRootkit, per escluderne la loro eventuale presenza.

    Ciao e buona giornata
    Rispondi quotando Rispondi quotando
  5. 05-01-2011, 20:26 #5
    gobas
    gobas non è in linea
    Utente di HTML.it
    Registrato dal
    Jan 2011
    Messaggi
    219
    ho fatto quello che mi hai detto però:
    spamilator non l'ho tolto xchè mi serve che si avvii quando si avvia il pc (sbaglio?)
    adobe pdf tool bar non la trovo ne con ccleaner ne con installazione applicazioni
    Windows Live Toolbar neanche non la trovo

    posto lo screen dei programmi installati che fra l'altro mi sembra ci siano doppioni o software sostituiti da versioni + recenti

    se mi dai un consiglio x fare un po' di pulizia

    ecco il log nuovo

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 19.20.44, on 05/01/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    C:\Programmi\NDAS\System\ndassvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    C:\Programmi\COMODO\COMODO Internet Security\cfp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    C:\Programmi\Spamihilator\spamihilator.exe
    D:\1 Exe senza installazione\HiJackThis.exe
    C:\Programmi\Macromedia\Fireworks 8\Fireworks.exe
    C:\Programmi\Mozilla Firefox\firefox.exe
    C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301. 5672\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [avp] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKLM\..\Run: [SpybotSnD] "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Spamihilator.lnk = C:\Programmi\Spamihilator\spamihilator.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
    O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: &Tastiera Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programmi\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0F18B03B-8944-4BF2-9DD9-F16451B791CA}: NameServer = 212.216.112.112,212.216.172.62
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll c:\progra~1\kasper~1\kasper~2\mzvkbd3.dll
    O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: a-squared Free Service (a2free) - Unknown owner - c:\programmi\a-squared free\a2service.exe (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: SAMSUNG AllShare Service (AllShare) - Unknown owner - C:\Programmi\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programmi\File comuni\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programmi\MAGIX\Common\Database\bin\fbserver.ex e
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Servizio di Google Update (gupdate1c9d656d03ca85c) (gupdate1c9d656d03ca85c) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Funzionamento NDAS (ndassvc) - XIMETA, Inc. - C:\Programmi\NDAS\System\ndassvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: UPnPService - Magix AG - C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe

    --
    End of file - 9631 bytes

    x il rootkit vedo che ce ne sono spesso e non so come neutralizzarli

    GRAZIE MILLE intanto
    Rispondi quotando Rispondi quotando
  6. 05-01-2011, 20:48 #6
    TDL3 Rootkit
    TDL3 Rootkit non è in linea
    Utente bannato
    Registrato dal
    Dec 2010
    Messaggi
    30
    Ciao.
    Segui questi semplici passi per Disabilitare il Tea Timer di Spybot, che occupa risorse inutili in memoria e va in conflitto con l'antivirus residente, creando instabilità e vistosi e snervanti rallentamenti:

    ● apri Spybot - Modalità - Modalità Avanzata - Utilità - Resident.
    ● deseleziona Attiva il modulo "TeaTimer" di Resident (Protezione di tutte le impostazioni di sistema)
    riavvia il sistema

    Infine:

    Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Nota:
    ● il programma devi scaricarlo preferibilmente con Internet Explorer

    Posiziona ComboFix sul Desktop ed esegui queste operazioni preliminari:
    ● disconnettiti da Internet
    ● sconnetti, fisicamente, il modem/router dal Computer

    E' assolutamente necessario, se attivo:
    disattivare l'Antivirus in uso, dall'icona presente sulla traybar (accanto all'orologio di Windows)
    disattivare il Firewall eventualmente installato, dall'icona presente sulla traybar (accanto all'orologio di Windows)

    Eseguiti i passaggi indicati sopra:
    ● lancia ComboFix con un account con privilegi di Amministratore e segui le istruzioni che verranno rilasciate per eseguire la scansione
    ● verrà richiesta la installazione della Console di ripristino di emergenza: non la installare
    ● senza eseguire nessuna altra operazione, lascia che il tool completi la scansione e la fase di creazione del log

    Note - durante la scansione:
    ● verranno creati alcuni file sul Desktop e poi eliminati
    ● spariranno, per un attimo, tutte le icone presenti sul Desktop
    ● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
    ● il firewall, se attivo, potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
    ● potrebbe apparire sul Desktop l'icona di Internet Explorer, qualora già non ci fosse

    Quando ComboFix avrà concluso l'operazione di scansione:
    ● il sistema verrà riavviato automaticamente (in caso contrario, riavvialo tu)
    ● ricollega, fisicamente, il modem/router al Computer
    ● connettiti a Internet
    ● vai in Disco Locale C:, cerca il log dal nome combofix.txt ed allegalo

    Allega, al termine, oltre al Log di ComboFix, anche uno di Hijackthis aggiornato.
    Rispondi quotando Rispondi quotando
  7. 06-01-2011, 11:43 #7
    gobas
    gobas non è in linea
    Utente di HTML.it
    Registrato dal
    Jan 2011
    Messaggi
    219
    ho fatto quello che mi hai detto....ecco il risultato:
    ComboFix 11-01-05.04 - gobbo 06/01/2011 10.11.14.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2047.1257 [GMT 1:00]
    Eseguito da: c:\documents and settings\gobbo\Desktop\ComboFix.exe
    AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

    ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
    .

    ((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .

    C:\5.exe
    c:\documents and settings\gobbo\Dati applicazioni\wiaserva.log
    c:\documents and settings\gobbo\wjgobxrd.exe
    C:\F.exe
    c:\programmi\Windows Searchqu Toolbar
    c:\programmi\Windows Searchqu Toolbar\del_DM_DLL_18.dll
    c:\programmi\WinPCap
    c:\programmi\WinPCap\install.log
    c:\programmi\WinPCap\rpcapd.exe
    c:\programmi\WinPCap\WinPcapInstall.dll
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\drivers\oreans32.sys
    c:\windows\system32\Packet.dll
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\WanPacket.dll
    c:\windows\system32\wpcap.dll
    c:\windows\UA000106.DLL

    .
    ((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Service_npf
    -------\Legacy_oreans32
    -------\Service_oreans32


    ((((((((((((((((((((((((( Files Creati Da 2010-12-06 al 2011-01-06 )))))))))))))))))))))))))))))))))))
    .

    2011-01-04 17:29 . 2011-01-04 17:29 -------- d-----w- c:\documents and settings\gobbo\Impostazioni locali\Dati applicazioni\PSU
    2011-01-04 17:26 . 2008-04-13 19:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
    2011-01-04 17:26 . 2008-04-13 19:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-01-04 17:12 . 2010-04-06 19:30 138776 ----a-r- c:\windows\system32\TWAINDSM.dll
    2011-01-04 17:12 . 2011-01-04 17:12 -------- d-----w- c:\documents and settings\gobbo\Impostazioni locali\Dati applicazioni\S2PC
    2011-01-04 17:10 . 2010-04-20 00:28 484656 ----a-w- c:\windows\ssndii.exe
    2011-01-04 17:10 . 2011-01-04 17:10 -------- d-----w- c:\programmi\SamsungPrinterLiveUpdate
    2011-01-04 17:10 . 2009-10-28 15:20 21776 ----a-w- c:\windows\system32\msxml2a.dll
    2011-01-04 17:10 . 2011-01-04 17:10 -------- d-----w- c:\windows\Samsung
    2011-01-04 17:10 . 2010-04-20 00:28 116016 ----a-w- c:\windows\Wiainst.exe
    2011-01-04 17:10 . 2010-03-10 07:31 138240 ----a-r- c:\windows\system32\SaXPUIEx.dll
    2011-01-04 17:10 . 2009-11-17 00:15 49152 ----a-r- c:\windows\system32\Ssusbpn.dll
    2011-01-04 17:10 . 2009-10-28 15:20 81920 ----a-w- c:\windows\system32\ssdevm.dll
    2011-01-04 17:10 . 2010-03-10 07:31 197632 ----a-r- c:\windows\system32\SaXPWIA.dll
    2011-01-04 17:10 . 2010-03-10 07:31 87552 ----a-r- c:\windows\system32\SaXPSTI.dll
    2011-01-04 17:10 . 2010-03-10 07:31 117248 ----a-r- c:\windows\system32\SaXPIPH.dll
    2011-01-04 17:10 . 2010-03-10 07:31 140288 ----a-r- c:\windows\system32\SaXPEH.dll
    2011-01-04 17:08 . 2009-11-19 09:17 26624 ----a-w- c:\windows\system32\ssb3ml3.dll
    2011-01-04 17:07 . 2009-11-19 09:17 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\ssb3mpc. dll
    2011-01-04 17:07 . 2009-11-19 09:16 151552 ----a-w- c:\windows\system32\ssb3mci.exe
    2011-01-04 17:07 . 2009-11-19 09:16 65536 ----a-w- c:\windows\system32\ssb3mci.dll
    2011-01-02 11:49 . 2011-01-03 17:41 -------- d-----w- c:\programmi\Spybot - Search & Destroy
    2010-12-29 19:48 . 2010-12-29 19:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NVIDIA Corporation
    2010-12-29 19:40 . 2010-12-29 19:40 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2010-12-29 19:39 . 2010-12-29 19:40 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2010-12-29 19:39 . 2010-12-29 19:39 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2010-12-29 19:36 . 2010-10-22 06:23 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2010-12-29 19:36 . 2010-10-22 06:23 813672 ----a-w- c:\windows\system32\nvgenco32.dll
    2010-12-29 19:36 . 2010-10-22 06:23 888424 ----a-w- c:\windows\system32\nvdispco32.dll
    2010-12-29 19:36 . 2010-10-22 06:23 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
    2010-12-29 19:36 . 2010-10-22 06:23 2293194 ----a-w- c:\windows\system32\nvdata.bin
    2010-12-29 19:36 . 2010-10-22 06:23 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
    2010-12-29 19:36 . 2010-10-22 06:23 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
    2010-12-29 19:35 . 2010-12-29 19:48 -------- d-----w- c:\programmi\NVIDIA Corporation
    2010-12-29 19:00 . 2010-12-29 19:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
    2010-12-29 18:50 . 2010-12-29 18:50 -------- d-----w- c:\programmi\DAEMON Tools Lite
    2010-12-28 11:40 . 2010-12-28 11:41 -------- d-----w- c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP
    2010-12-18 09:46 . 2010-12-18 10:19 -------- d-----w- c:\programmi\Viva Media
    2010-12-16 17:25 . 2011-01-04 17:26 -------- d-----w- c:\windows\LastGood
    2010-12-16 11:21 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2010-12-16 11:19 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2010-12-15 18:00 . 2010-12-29 18:30 -------- d--h--w- c:\programmi\FX Uninstall Information
    2010-12-14 21:01 . 2010-12-14 21:01 -------- d-----w- c:\documents and settings\gobbo\Dati applicazioni\GlarySoft
    2010-12-14 20:02 . 2010-12-14 20:03 -------- d-----w- c:\programmi\Glary Utilities
    2010-12-14 19:25 . 2010-12-14 19:25 -------- d-----w- c:\documents and settings\gobbo\Dati applicazioni\ComodoGroup
    2010-12-13 19:16 . 2010-12-13 19:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IObit
    2010-12-13 18:11 . 2010-11-23 19:33 4012424 ----a-w- c:\windows\system32\GameMon.des
    2010-12-12 15:24 . 2010-12-12 15:24 -------- d-----w- c:\documents and settings\gobbo\Dati applicazioni\ijjigame
    2010-12-09 20:30 . 2010-12-09 20:30 -------- d-----w- c:\programmi\Hewlett-Packard
    2010-12-08 18:24 . 2010-12-08 18:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Fun4IM
    2010-12-08 18:18 . 2010-12-08 18:18 -------- d-----w- c:\programmi\icons
    2010-12-07 23:22 . 2010-12-07 23:22 -------- d--h--w- c:\windows\PIF
    2010-12-07 22:44 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
    2010-12-07 22:26 . 2010-12-07 22:26 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-12-07 22:24 . 2010-12-07 22:32 -------- d-----w- c:\documents and settings\gobbo\Dati applicazioni\DAEMON Tools Lite
    2010-12-07 22:24 . 2010-12-07 22:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    2010-11-18 18:12 . 2007-04-11 12:11 86016 ----a-w- c:\windows\system32\isign32.dll
    2010-11-06 00:21 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:21 . 2004-08-19 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:21 . 2004-08-19 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:26 . 2004-08-19 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2004-08-19 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2010-10-28 13:13 . 2004-08-19 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 14:05 . 2004-08-19 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    2010-10-22 06:23 . 2008-01-14 13:49 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
    2010-10-22 06:23 . 2007-12-05 00:41 4882432 ----a-w- c:\windows\system32\nvcuda.dll
    2010-10-22 06:23 . 2008-01-14 13:49 1462272 ----a-w- c:\windows\system32\nvapi.dll
    2010-10-22 06:23 . 2007-06-28 16:43 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2010-10-22 06:23 . 2007-06-28 16:43 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
    2010-10-16 11:05 . 2010-10-16 11:05 81920 ----a-w- c:\windows\system32\nvwddi.dll
    2010-10-16 11:05 . 2010-10-16 11:05 335872 ----a-w- c:\windows\system32\nvrsar.dll
    2010-10-16 11:05 . 2010-10-16 11:05 331776 ----a-w- c:\windows\system32\nvrshe.dll
    2010-10-16 11:05 . 2010-10-16 11:05 286720 ----a-w- c:\windows\system32\nvrsfr.dll
    2010-10-16 11:05 . 2010-10-16 11:05 282624 ----a-w- c:\windows\system32\nvrses.dll
    2010-10-16 11:05 . 2010-10-16 11:05 282624 ----a-w- c:\windows\system32\nvrsel.dll
    2010-10-16 11:05 . 2010-10-16 11:05 278528 ----a-w- c:\windows\system32\nvrsde.dll
    2010-10-16 11:05 . 2010-10-16 11:05 274432 ----a-w- c:\windows\system32\nvrsnl.dll
    2010-10-16 11:05 . 2010-10-16 11:05 274432 ----a-w- c:\windows\system32\nvrsesm.dll
    2010-10-16 11:05 . 2010-10-16 11:05 270336 ----a-w- c:\windows\system32\nvrsru.dll
    2010-10-16 11:05 . 2010-10-16 11:05 270336 ----a-w- c:\windows\system32\nvrsptb.dll
    2010-10-16 11:05 . 2010-10-16 11:05 266240 ----a-w- c:\windows\system32\nvrsko.dll
    2010-10-16 11:05 . 2010-10-16 11:05 262144 ----a-w- c:\windows\system32\nvrshu.dll
    2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrstr.dll
    2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrssl.dll
    2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrssk.dll
    2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrsth.dll
    2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrssv.dll
    2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrsda.dll
    2010-10-16 11:05 . 2010-10-16 11:05 249856 ----a-w- c:\windows\system32\nvrsfi.dll
    2010-10-16 11:05 . 2010-10-16 11:05 249856 ----a-w- c:\windows\system32\nvrseng.dll
    2010-10-16 11:05 . 2010-10-16 11:05 249856 ----a-w- c:\windows\system32\nvrscs.dll
    2010-10-16 11:05 . 2010-10-16 11:05 229376 ----a-w- c:\windows\system32\nvrszhc.dll
    2010-10-16 11:05 . 2010-10-16 11:05 126976 ----a-w- c:\windows\system32\nvrszht.dll
    2010-10-16 11:05 . 2010-10-16 11:05 282624 ----a-w- c:\windows\system32\nvrsit.dll
    2010-10-16 11:05 . 2010-10-16 11:05 277608 ----a-w- c:\windows\system32\nvmccs.dll
    2010-10-16 11:05 . 2010-10-16 11:05 274432 ----a-w- c:\windows\system32\nvrspt.dll
    2010-10-16 11:05 . 2010-10-16 11:05 270336 ----a-w- c:\windows\system32\nvrsja.dll
    2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrspl.dll
    2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrsno.dll
    2010-10-16 11:05 . 2010-10-16 11:05 156776 ----a-w- c:\windows\system32\nvsvc32.exe
    2010-10-16 11:05 . 2010-10-16 11:05 145000 ----a-w- c:\windows\system32\nvcolor.exe
    2010-10-16 11:05 . 2010-10-16 11:05 13851752 ----a-w- c:\windows\system32\nvcpl.dll
    2010-10-16 11:05 . 2010-10-16 11:05 110696 ----a-w- c:\windows\system32\nvmctray.dll
    2010-10-15 18:18 . 2010-10-15 18:18 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
    2010-10-15 18:18 . 2010-10-15 18:18 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
    2010-10-15 18:09 . 2010-10-15 18:05 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
    .
    Rispondi quotando Rispondi quotando
  8. 06-01-2011, 11:46 #8
    gobas
    gobas non è in linea
    Utente di HTML.it
    Registrato dal
    Jan 2011
    Messaggi
    219
    continua...
    ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* i valori vuoti & legittimi/default non sono visualizzati.
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2004-07-28 77824]
    "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
    "avp"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-08-18 340520]
    "COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2010-09-28 2500552]
    "NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2010-10-16 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
    "nwiz"="c:\programmi\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
    "SpybotSnD"="c:\programmi\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\gobbo\Menu Avvio\Programmi\Esecuzione automatica\
    Spamihilator.lnk - c:\programmi\Spamihilator\spamihilator.exe [2010-10-30 1512448]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WudfSvc]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Acrobat Speed Launcher.lnk]
    backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
    c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer [X]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS12 Preload

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3200 Scan2PC]
    2010-05-18 06:46 1989120 ----a-w- c:\windows\twain_32\Samsung\SCX3200\Scan2Pc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
    2008-04-23 01:08 483328 ----a-w- c:\programmi\Adobe\Acrobat 7.0\Distillr\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-01-11 20:16 39792 ----a-w- c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-16 20:04 1164584 ----a-w- c:\programmi\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
    2010-03-01 12:00 9216928 ----a-w- c:\programmi\Innovative Solutions\DriverMax\devices.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
    2010-03-01 12:00 9216928 ----a-w- c:\programmi\Innovative Solutions\DriverMax\devices.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-10-31 08:08 135664 ----atw- c:\documents and settings\gobbo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    2001-11-15 17:08 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb0 4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2006-01-12 14:40 155648 ----a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2010-10-16 11:05 13851752 ----a-w- c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2010-10-16 11:05 110696 ----a-w- c:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
    2010-06-04 11:22 618496 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-10-11 03:17 149280 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Programmi\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Programmi\\Messenger\\msmsgs.exe"=
    "c:\\Programmi\\BitTorrent\\bittorrent.exe"=
    "c:\\Programmi\\uTorrent\\uTorrent.exe"=
    "c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Programmi\\Skype\\Phone\\Skype.exe"=
    "c:\\Programmi\\Spamihilator\\spamihilator.exe "=
    "c:\\Programmi\\Spamihilator\\cdcc.exe"=
    "c:\\Programmi\\Spamihilator\\dccproc.exe"=
    "c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
    "c:\\Programmi\\Samsung\\SAMSUNG PC Share Manager\\WiselinkPro.exe"=
    "c:\\Programmi\\Samsung\\SAMSUNG PC Share Manager\\http_ss_win_pro.exe"=
    "c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
    "c:\\WINDOWS\\twain_32\\Samsung\\SCX3200\\Scan2Pc. exe"=
    "c:\\WINDOWS\\twain_32\\Samsung\\SCX3200\\Sscan2io .exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R0 CFRPD;CFRPD;c:\windows\system32\drivers\CFRPD.sys [04/08/2009 19.50.56 56736]
    R0 iteraid;ITERAID_Service_Install;c:\windows\system3 2\drivers\iteraid.sys [15/04/2007 11.11.12 24971]
    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 17.29.38 36880]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07/12/2010 23.26.00 691696]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [04/06/2010 10.55.58 239240]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [01/06/2010 18.00.22 25240]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [19/08/2004 13.00.00 14336]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 16.06.48 32272]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18.39.44 19472]
    S2 a2free;a-squared Free Service;"c:\programmi\a-squared free\a2service.exe" --> c:\programmi\a-squared free\a2service.exe [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
    S2 gupdate1c9d656d03ca85c;Servizio di Google Update (gupdate1c9d656d03ca85c);c:\programmi\Google\Updat e\GoogleUpdate.exe [16/05/2009 19.47.49 133104]
    S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPO RT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
    S3 AllShare;SAMSUNG AllShare Service;c:\programmi\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [16/07/2010 17.23.30 6638080]
    S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\ appliand.sys --> c:\windows\system32\DRIVERS\appliand.sys [?]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fb server.exe [10/01/2010 19.19.56 1527900]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [21/08/2010 18.19.37 137344]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [21/08/2010 18.19.40 8320]
    S3 NTProcDrv;Process creation detector for NT.;\??\d:\1 andrea\Giochi\Silkroad\sroboten1.54\NtProcDrv.sys --> d:\1 andrea\Giochi\Silkroad\sroboten1.54\NtProcDrv.sys [?]
    S3 UPnPService;UPnPService;c:\programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [02/06/2010 7.59.31 544768]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
    S3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [23/03/2007 1.00.14 30032]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contenuto della cartella 'Scheduled Tasks'

    2010-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

    2011-01-06 c:\windows\Tasks\GlaryInitialize.job
    - c:\programmi\Glary Utilities\initialize.exe [2010-12-14 09:47]

    2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\programmi\Google\Update\GoogleUpdate.exe [2009-05-16 18:47]

    2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\programmi\Google\Update\GoogleUpdate.exe [2009-05-16 18:47]

    2011-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1580818891-725345543-1004Core.job
    - c:\documents and settings\gobbo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-10-31 08:08]

    2011-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1580818891-725345543-1004UA.job
    - c:\documents and settings\gobbo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-10-31 08:08]
    .
    .
    ------- Scansione supplementare -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: Convert link target to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: {0F18B03B-8944-4BF2-9DD9-F16451B791CA} = 212.216.112.112,212.216.172.62
    FF - ProfilePath - c:\documents and settings\gobbo\Dati applicazioni\Mozilla\Firefox\Profiles\q8926lr0.def ault\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1529850&SearchSource=3&q={s earchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/webhp?rls=ig
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1529850&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\programmi\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    .
    - - - - CHIAVI ORFANE RIMOSSE - - - -

    HKLM-Run-NWEReboot - (no file)
    Notify-AtiExtEvent - (no file)
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    MSConfigStartUp-nwiz - nwiz.exe



    ************************************************** ************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-06 10:24
    Windows 5.1.2600 Service Pack 3 NTFS

    scansione processi nascosti ...

    scansione entrate autostart nascoste ...

    Scansione files nascosti ...

    Scansione completata con successo
    Files nascosti: 0

    ************************************************** ************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\v sdatant]
    "ImagePath"=""
    Rispondi quotando Rispondi quotando
  9. 06-01-2011, 11:49 #9
    gobas
    gobas non è in linea
    Utente di HTML.it
    Registrato dal
    Jan 2011
    Messaggi
    219
    continua...
    --------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\h–€|ÿÿÿÿ¤•€|ù•9~*]
    "0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
    .
    --------------------- Dlls caricate dai processi in esecuzione ---------------------

    - - - - - - - > 'explorer.exe'(2008)
    c:\windows\system32\WININET.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
    c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
    c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
    c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Altri processi in esecuzione ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\programmi\COMODO\COMODO Internet Security\cmdagent.exe
    c:\programmi\NDAS\System\ndassvc.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\SOUNDMAN.EXE
    c:\windows\ALCWZRD.EXE
    c:\windows\system32\RUNDLL32.EXE
    .
    ************************************************** ************************
    .
    Ora fine scansione: 2011-01-06 10:30:56 - Il pc è stato riavviato
    ComboFix-quarantined-files.txt 2011-01-06 09:30

    Pre-Run: 18.615.152.640 byte disponibili
    Post-Run: 18.467.741.696 byte disponibili

    - - End Of File - - 6EC78DF362D7DB505CD3932B1D90F4A5

    e questo è il log di HijackThis

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10.48.35, on 06/01/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\NDAS\System\ndassvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Programmi\Spamihilator\spamihilator.exe
    C:\WINDOWS\explorer.exe
    C:\Programmi\Microsoft Office\Office12\WINWORD.EXE
    C:\Programmi\Microsoft\Office Live\OfficeLiveSignIn.exe
    C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    C:\Programmi\COMODO\COMODO Internet Security\cfp.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Programmi\Mozilla Firefox\firefox.exe
    C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
    D:\1 Exe senza installazione\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301. 5672\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [avp] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKLM\..\Run: [SpybotSnD] "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Spamihilator.lnk = C:\Programmi\Spamihilator\spamihilator.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
    O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: &Tastiera Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programmi\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0F18B03B-8944-4BF2-9DD9-F16451B791CA}: NameServer = 212.216.112.112,212.216.172.62
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: a-squared Free Service (a2free) - Unknown owner - c:\programmi\a-squared free\a2service.exe (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: SAMSUNG AllShare Service (AllShare) - Unknown owner - C:\Programmi\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programmi\File comuni\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programmi\MAGIX\Common\Database\bin\fbserver.ex e
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Servizio di Google Update (gupdate1c9d656d03ca85c) (gupdate1c9d656d03ca85c) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Funzionamento NDAS (ndassvc) - XIMETA, Inc. - C:\Programmi\NDAS\System\ndassvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: UPnPService - Magix AG - C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe

    --
    End of file - 9142 bytes

    spero di avere fatto tutto giusto

    grazie ancora dell'aiuto !!
    Rispondi quotando Rispondi quotando
  10. 06-01-2011, 12:00 #10
    TDL3 Rootkit
    TDL3 Rootkit non è in linea
    Utente bannato
    Registrato dal
    Dec 2010
    Messaggi
    30
    Ciao.

    Disinstalla:
    Spybot - Search & Destroy
    Viva Media
    LastGood
    a-squared Free

    Il PC come va, attualmente?

    Puoi fare questo controllo aggiuntivo, per escludere la presenza di MBR Rootkit?
    Scarica Stealth MBR rootkit detector: http://www2.gmer.net/mbr/mbr.exe
    ● mettilo direttamente nella Directory C:\
    riavvia il sistema in Modalità Provvisoria: http://windows.microsoft.com/it-IT/w...r-in-safe-mode
    ● Start - Esegui - digita C:\mbr.exe e clicca su OK
    ● la scansione dura 1 secondo
    ● recati in C:/ e allega il file mbr.txt per un controllo
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved.