chribio
02-11-2011, 16:01
Ciao a tutti,volevo chiedere un aiutone perche',pur capendoci abbastanza di programmi per pc e cose ad esso collegate,non mi ritrovo piu' col mio vecchio ed unico pc (almeno per ora !).
Ho un pc della HP ita 350.it XP,comprato nel 2004,in questi anni e' stato assai usato (tra Emule,molte cose varie scaricate,qualche piccolo cambio di pezzi non piu' funzionanti in modo efficente e altro),ora dopo aver fatto la solita Formattazione (che non facevo da almeno 2 anni).mi ritrovo con uno strano suo comportamento pero' non riesco a capire se e' un problema di virus in generale o ahime' o pensato alla scheda madre che incomincia a partire (anche quella Crying or Very sad ).
Mi spiego meglio:fino a qualche ora fa (tentandole tutte),avevo come antivirus Avira e come firewall,Private Firewall ma sembrava che stranamente ndassero come in conflitto fra loro e spesso dovevo riavviare il pc causa ovviamente cpu al 100% quasi in maniera continua.
Ho scaricato tutto l'indispensabile anche per vedere di capire se era effettivamente un problema di strano conflitto fra i due programmi ma sembra un tentativo vano:in internet giro tranquillamente,non ci sono rallentamenti strani e la cpu e' bella tranquilla (da quando li ho tolti entrambi ...ed ora sto' in Rete con solamente il Windows firewall Rolling Eyes ).
Dunque,Avira mi segnalava 2 malware tolti ieri pomeriggio,prima di aver fatto delle scannerizzazioni anche con Kaspersky che mi trovo' 3 giorni fa un paio di virus che in qualche modo sono riuscito a debellare !
Il problema diciamo dopo aver formattato cioe' 7 gg. fa,si e' presentato ca.4 gg. fa e tra vari cambi di antivirus e programmi che secondo me non hanno segnalato nulla di virale (Combofix,vundofix,findykill,Come2...,Smitfraud),da quello che ho capito nessuno di questi non ha segnalato nulla di minaccioso.
Superantispyware aveva trovato 3 adware abbastanza famosi e poi stati debellati.
Non so',dovrei allegarVi qualche Rapporto di questi programmi per farVi capire meglio la cosa ??!!
Diciamo che per ora sarebbe tutto tranquillo pero' le cose che mi fanno un po' drizzare le antenne sono le seguenti:
Process scanner che non riesce a fare il collegamento con il proprio server (potrebbe essere inesistente il suo server o bloccato da un virus).
Difficolta' persistente a chiudere il pc in maniera normale senza doverlo fare cliccando manualmente il pulsante di chiusura !
Ora la cosa che mi rompe di piu':quando tento di fare il setup (sempre funzionato) del mio vecchio Fifa Football 2004,s'impampina al 3° passaggio e l'icona della clessidra per il caricamento sparisce e da li' incomincia ad andare al 100% la cpu !
Questo gioco e' sempre andato benone nel caricamento e non capisco proprio come mai da quando ho formattato il setup non parta in maniera regolare.
Non voglio ancora formattare (anche perche' gia' prima sbadatamente ho perso delle cose importanti),ho provato ad usare qualche programmino per capire qualcosa del servizio "SVCHOST.EXE" (scritto sempre in piccolo cmq),ma non c'ho capito molto.
Ho scritto di questo servizio del pc,perche' spesso Kaspersky mi segnalava problemi dentro questo processo (oltre che in Explorer.exe),ma alla fine si e' tutto rimesso a posto (cosi' sembrerebbe),ma siccome me ne ritrovo sul taskmanager 6 processi mi sembrano un po' troppi (ma so' che potrebbe essere normale ma a memoria non me ne ricordavo cosi' tanti !!!Embarassed ).
Altro,non mi sembra di poter aggiungere,insomma ditemi Voi cosa potrei fare,potrei allegarVi come detto qualche report (se qualcuno gentilmente mi spiegasse come fare??!!)
Grazie a chi sara' ad aiutarmi !
AGGIUNGO VARI REPORT SCANNERIZZAZIONI.
combofix:
ComboFix 11-10-26.03 - Proprietario 27/10/2011 21.52.58.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1279.758 [GMT 2:00]
Eseguito da: c:\documents and settings\Proprietario\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {7C926E7F-F290-0012-866E-927CB0222500}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5C49-7C92-0300-000000000000}
AV: ThreatFire *Disabled/Updated* {67B2B9A1-25C8-4057-962D-807958FFC9E3}
FW: Privatefirewall *Enabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((( Files Creati Da 2011-09-27 al 2011-10-27 )))))))))))))))))))))))))))))))))))
.
.
2011-10-26 16:11 . 2011-10-26 16:11 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\uTorrent
2011-10-26 14:17 . 2011-10-26 14:17 -------- d-sh--w- c:\documents and settings\Proprietario\PrivacIE
2011-10-25 16:05 . 2011-07-21 10:26 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-25 16:05 . 2011-07-21 10:26 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-25 16:05 . 2010-06-17 13:28 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-10-25 16:05 . 2010-06-17 13:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-10-25 15:23 . 2011-10-25 15:23 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\ID Vault
2011-10-25 15:16 . 2011-10-25 15:18 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\ID Vault
2011-10-25 15:09 . 2011-10-25 15:09 41648 ----a-w- c:\windows\_SETUPD_.EXE
2011-10-25 15:04 . 2011-10-26 15:13 -------- d-----w- c:\windows\Internet Logs
2011-10-25 09:56 . 2011-07-16 14:17 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-10-25 09:50 . 2011-10-04 21:19 16573579 ----a-w- C:\K-Lite_Codec_Pack_780_Full.exe
2011-10-24 15:38 . 2011-10-24 15:38 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-10-24 10:28 . 2011-10-24 10:28 -------- d-----w- c:\windows\Sun
2011-10-24 08:44 . 2011-10-24 08:44 -------- d-----w- c:\windows\l2schemas
2011-10-24 08:44 . 2011-10-24 08:44 -------- d-----w- c:\windows\system32\bits
2011-10-24 08:28 . 2008-04-13 07:36 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2011-10-24 08:28 . 2008-04-13 09:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2011-10-24 08:24 . 2006-12-28 10:01 19569 ----a-w- c:\windows\005233_.tmp
2011-10-24 07:14 . 2011-10-24 07:14 -------- d-----w- C:\9e6c6789b14cefadaeae32ca9111b0
2011-10-24 07:11 . 2011-10-24 07:11 -------- d-----w- C:\53fb2f7f6fff3990ad0496ed
2011-10-24 06:42 . 2011-10-24 06:42 -------- d-----w- C:\068b4b45c06a86a339ad2821707f20
2011-10-23 21:09 . 2011-10-23 21:10 -------- d-----w- C:\320f69b02e3487250dfe11
2011-10-23 19:10 . 2011-10-26 09:49 -------- d-----w- c:\documents and settings\Proprietario\dwhelper
2011-10-23 16:03 . 2011-10-23 16:03 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Identities
2011-10-23 16:03 . 2011-10-23 16:03 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Ahead
2011-10-23 09:53 . 2002-11-15 02:15 12640 ------w- c:\windows\system32\drivers\itchfltr.sys
2011-10-23 09:53 . 2002-11-08 09:50 41420 ------w- c:\windows\system32\drivers\Lhidusb.sys
2011-10-23 09:53 . 2002-11-08 09:50 14156 ----a-w- c:\windows\system32\drivers\LCcfltr.sys
2011-10-23 06:52 . 2011-10-23 06:52 -------- d-sh--w- c:\documents and settings\Proprietario\IETldCache
2011-10-22 22:22 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-10-22 22:18 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-10-22 22:18 . 2011-10-22 22:23 -------- d-----w- C:\a63529e0b395e3852c905f84646f71
2011-10-22 19:54 . 2011-10-22 20:00 -------- dc-h--w- c:\windows\ie8
2011-10-22 19:39 . 2011-09-14 13:58 225592 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2011-10-22 15:30 . 2011-10-22 15:30 -------- d-----w- C:\Accesso
2011-10-22 15:14 . 2011-10-22 15:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-22 15:11 . 2011-10-22 15:11 -------- d-----w- C:\OpenOffice.org 3.3 (it) Installation Files
2011-10-22 15:04 . 2011-01-19 22:10 155536928 ----a-w- C:\OOo_3.3.0_Win_x86_install-wJRE_it.exe
2011-10-22 11:55 . 2011-10-22 11:55 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\SvchostViewer
2011-10-22 11:14 . 2010-05-20 14:34 120832 ----a-w- C:\Svchost Viewer.exe
2011-10-22 07:01 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-10-21 21:08 . 2011-10-21 21:09 -------- d-----w- C:\VirtualDub 1.6.18
2011-10-21 21:04 . 2011-10-21 21:04 -------- d-----w- C:\oldver
2011-10-21 20:04 . 2011-10-21 20:06 -------- d-----w- C:\I386
2011-10-21 19:54 . 2011-10-26 14:14 -------- d--h--w- c:\windows\system32\config\systemprofile\Impostazioni locali
2011-10-21 19:54 . 2011-10-25 08:57 -------- dcsh--r- c:\windows\system32\dllcache
2011-10-21 19:54 . 2011-10-21 20:02 -------- d--h--r- c:\windows\system32\config\systemprofile\Dati applicazioni
2011-10-21 19:54 . 2011-10-21 20:02 -------- d-----r- c:\windows\system32\config\systemprofile\Menu Avvio
2011-10-21 19:29 . 2003-01-20 23:08 3360 ----a-w- c:\windows\system\SYSTEM.DRV
2011-10-21 19:29 . 2008-04-13 17:13 86528 ----a-w- c:\windows\system32\wbem\stdprov.dll
2011-10-21 19:29 . 2011-02-17 13:18 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-10-21 19:29 . 2008-04-13 16:56 73472 ----a-w- c:\windows\system32\drivers\sr.sys
2011-10-21 19:27 . 2003-01-20 23:00 73664 ----a-w- c:\windows\system\MCIAVI.DRV
2011-10-21 19:26 . 2008-04-13 09:41 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
2011-10-21 17:05 . 2011-10-25 08:38 -------- d--h--w- c:\windows\$hf_mig$
2011-10-21 17:02 . 2011-10-27 18:51 -------- d-----w- C:\foto-4
2011-10-21 16:12 . 2010-01-14 14:08 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2011-10-21 16:12 . 2010-01-14 14:08 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2011-10-21 16:12 . 2010-01-14 14:08 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2011-10-21 15:34 . 2011-10-21 15:34 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\SlimWare Utilities Inc
2011-10-21 15:11 . 2011-10-21 15:11 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\PackageAware
2011-10-21 15:04 . 2009-08-24 20:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2011-10-21 14:03 . 2011-10-21 14:03 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Privatefirewall
2011-10-21 14:02 . 2011-10-21 14:02 -------- d-----w- c:\documents and settings\LocalService\Menu Avvio
2011-10-21 14:01 . 2011-10-22 22:40 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2011-10-21 13:48 . 2011-10-22 19:23 -------- d-----w- c:\windows\ServicePackFiles
2011-10-21 13:45 . 2004-07-17 09:40 19528 ----a-w- c:\windows\002183_.tmp
2011-10-21 13:43 . 2011-10-24 08:07 -------- d-----w- c:\windows\EHome
2011-10-21 13:41 . 2011-10-27 18:01 -------- d-----w- C:\SETUP PC
2011-10-21 13:40 . 2011-09-15 13:23 130360 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2011-10-21 12:20 . 2008-04-13 16:53 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-10-21 12:20 . 2001-08-30 18:41 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-10-21 12:20 . 2008-04-13 09:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-10-21 12:20 . 2008-04-13 09:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-10-21 12:19 . 2008-04-13 09:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2011-10-21 12:19 . 2008-04-13 10:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2011-10-21 12:19 . 2008-04-13 09:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2011-10-21 12:19 . 2008-04-13 09:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2011-10-21 12:19 . 2008-04-13 07:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2011-10-21 12:19 . 2008-04-13 09:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2011-10-21 12:19 . 2008-04-13 09:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2011-10-21 12:19 . 2008-04-13 10:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2011-10-21 12:04 . 2011-10-21 12:04 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Mozilla
2011-10-21 11:53 . 2011-10-21 14:05 -------- d-----w- C:\RegSeeker_1.55
2011-10-21 11:29 . 2003-01-01 19:55 -------- d-----w- c:\windows\system32\config\systemprofile\.javaws
2011-10-21 11:29 . 2002-10-01 07:22 9856 ----a-w- c:\windows\system32\drivers\pfc.sys
2011-10-21 11:29 . 2003-04-03 09:09 49152 ----a-w- c:\windows\system32\cpuinf32.dll
2011-10-21 11:28 . 1995-07-31 11:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2011-10-21 11:26 . 2008-04-13 10:19 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2011-10-21 11:26 . 2008-04-13 09:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2011-10-21 11:24 . 2003-01-01 19:55 -------- d-----w- c:\documents and settings\Default User\.javaws
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-22 15:13 . 2011-10-22 15:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-21 12:13 . 2011-10-21 12:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-04 08:00 . 2011-10-25 09:56 74752 ----a-w- c:\windows\system32\ff_vfw.dll
2011-09-26 09:41 . 2011-10-21 19:28 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2008-07-29 17:59 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2011-10-21 19:28 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-06 14:10 . 2011-10-21 19:30 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:41 . 2011-10-21 19:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2011-10-21 19:27 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2011-10-21 19:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2011-10-21 13:49 385024 ----a-w- c:\windows\system32\html.iec
2011-09-29 07:23 . 2011-10-21 12:04 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-02 835654]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Home Theater SchSvr"="c:\programmi\File comuni\InterVideo\SchSvr\SchSvr.exe" [2003-08-08 155648]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Privatefirewall"="c:\programmi\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2011-10-21 3065568]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM(135)
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [21/10/2011 18.12.01 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [21/10/2011 18.12.01 59664]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 18.27.02 12880]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 23.55.22 67664]
R2 !SASCORE;SAS Core Service;c:\programmi\SUPERAntiSpyware\SASCore.exe [12/08/2011 1.38.07 116608]
R2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;c:\programmi\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerProcessMonitor32.sys [21/10/2011 17.03.48 12696]
R2 PFNet;Privacyware network service;c:\programmi\Privacyware\Privatefirewall 7.0\pfsvc.exe [21/10/2011 21.57.00 379328]
R2 ThreatFire;ThreatFire;c:\programmi\ThreatFire\TFService.exe service --> c:\programmi\ThreatFire\TFService.exe service [?]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [22/10/2011 21.39.34 225592]
R3 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [21/10/2011 15.40.17 130360]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [21/10/2011 18.12.01 33552]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 IDVaultSvc;IDVault Service;"c:\programmi\ID Vault\IDVaultSvc.exe" --> c:\programmi\ID Vault\IDVaultSvc.exe [?]
S3 PPEMSCAN;Protector Plus Email Scan Driver;\??\c:\protector plus\PPEMSCAN.sys --> c:\protector plus\PPEMSCAN.sys [?]
S3 PPFW;Protector Plus FireWall Driver;\??\c:\protector plus\PPFW.sys --> c:\protector plus\PPFW.sys [?]
S3 WO_LiveService;Ashampoo LiveTuner Service;c:\programmi\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe [21/10/2011 17.03.48 885160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\programmi\File comuni\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-10-27 c:\windows\Tasks\RegistryBooster.job
- c:\programmi\Uniblue\RegistryBooster\rbmonitor.exe [2011-10-21 09:48]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it.ask.com/?l=dis&o=14672
uDefault_Search_URL = hxxp://srch-it9.hpwis.com/
mSearch Bar = hxxp://srch-it9.hpwis.com/
FF - ProfilePath - c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\bdrh6lt8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU2&o=14670&locale=it_IT&apn_uid=56d8e3e5-95bb-4c97-b1fd-c0fb29bcbbc8&apn_ptnrs=T8&apn_sauid=5314FBCB-FB97-4C88-8175-D0EDE8BD5FE2&apn_dtid=YYYYYYYYIT&&q=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-{782DDB70-3DF4-4366-00BF-E3767BCD173B} - c:\programmi\EA SPORTS\FIFA 2004\EAUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-27 22:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\EN]
@DACL=(02 0000)
"OnLineServicesDirName"="Online Services"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\FR]
@DACL=(02 0000)
"OnLineServicesDirName"="Services en ligne"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\MX]
@DACL=(02 0000)
"OnLineServicesDirName"="Servicios en línea"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NL]
@DACL=(02 0000)
"OnLineServicesDirName"="Online Services"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NW]
@DACL=(02 0000)
"OnLineServicesDirName"="Online tjenster"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SP]
@DACL=(02 0000)
"OnLineServicesDirName"="Servicios en línea"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SW]
@DACL=(02 0000)
"OnLineServicesDirName"="Online tjänster"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\UK]
@DACL=(02 0000)
"OnLineServicesDirName"="Online services"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\US]
@DACL=(02 0000)
"OnLineServicesDirName"="Online Services"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(592)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\programmi\ThreatFire\TFNI.dll
c:\programmi\ThreatFire\TFMon.dll
c:\programmi\ThreatFire\TFRK.dll
c:\programmi\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(648)
c:\programmi\ThreatFire\TFWAH.dll
.
- - - - - - - > 'explorer.exe'(1272)
c:\windows\system32\WININET.dll
c:\programmi\ThreatFire\TfWah.dll
c:\windows\system32\nView.dll
c:\windows\system32\NVWRSIT.DLL
c:\programmi\ThreatFire\TFNI.dll
c:\programmi\ThreatFire\TFMon.dll
c:\programmi\ThreatFire\TFRK.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\Nero\Nero 7\InCD\InCDsrv.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Avira\AntiVir Desktop\avshadow.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\windows\System32\nvsvc32.exe
c:\programmi\ThreatFire\TFService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Ora fine scansione: 2011-10-27 22:37:17 - Il pc č stato riavviato
ComboFix-quarantined-files.txt 2011-10-27 20:36
ComboFix2.txt 2011-10-26 14:14
.
Pre-Run: 5.791.862.784 byte disponibili
Post-Run: 5.791.195.136 byte disponibili
.
- - End Of File - - C740CCBF989D42E91CCD6581D647C23C
SMITFRAUD:
SmitFraudFix v2.423
Scan done at 12.53.20,20, 29/10/2011
Run from C:\Documents and Settings\Proprietario\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix
»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix
VUNDOFIX:
VundoFix V7.0.6
Scan started at 12.56.36 29/10/2011
Listing files found while scanning....
No infected files were found.
LISTA "SVCHOST.EXE" presenti su pc:
Report generated on : 27/10/2011 20.04.57
OS : Microsoft Windows XP Home Edition
Services running on NOME-1M3B12I2GP :
-----------------------------------------------------
svchost instance running:
• Utilitŕ di avvio processo server DCOM
• Servizi terminal
svchost instance running:
• RPC (Remote Procedure Call)
svchost instance running:
• Audio Windows
• Servizio trasferimento intelligente in background
• Browser di computer
• CryptSvc
• Client DHCP
• Servizio di segnalazione errori
• Sistema di eventi COM+
• Compatibilitŕ di Cambio rapido utente
• Guida in linea e supporto tecnico
• HID Input Service
• Server
• Workstation
• Connessioni di rete
• NLA (Network Location Awareness)
• Connection Manager di Accesso remoto
• Utilitŕ di pianificazione
• Secondary Logon
• Notifica eventi di sistema
• Windows Firewall / Condivisione connessione Internet (ICS)
• Rilevamento hardware shell
• Servizio Ripristino configurazione di sistema
• Telefonia
• Temi
• Manutenzione collegamenti distribuiti client
• Ora di Windows
• Strumentazione gestione Windows
• Centro sicurezza PC
• Automatic Updates
• Zero Configuration reti senza fili
svchost instance running:
• Client DNS
svchost instance running:
• Helper NetBIOS di TCP/IP
• Servizio di rilevamento SSDP
svchost instance running:
• WebClient
-----------------------------------------------------
System is running : 36 service(s)
in a total of : 6 svchost.exe process(es)
AGGIUNGO ANCHE UNO STRANO REPORT RIGUARDANTE IL MIO PC GAME,NON RICORDO DA QUALE PROGRAMMA E' STATO ESTRATTO,COMUNQUE SE SERVE A CAPIRE COME MAI NON PARTE O FORSE SE C'E' QUALCOSA CHE NON VA'.
Started: Thu Oct 27 17:32:02 2011
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
Started: Thu Oct 27 17:57:49 2011
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
Started: Thu Oct 27 18:43:04 2011
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
Started: Thu Oct 27 20:06:33 2011
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
Started: Fri Oct 28 12:36:29 2011
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
Started: Fri Oct 28 18:11:39 2011
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
Started: Fri Oct 28 18:20:21 2011
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
Started: Sat Oct 29 14:11:02 2011
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
Started: Sat Oct 29 15:19:12 2011
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
Scusate in aggiunta posto il report di Hijackthis,del quale ho tolto una voce al punto 2 del BHO che finiva con "no name o simile" che leggendo in giro ho capito che in questi casi si possono togliere perche' sono delle voci che gia' da se' si capisce che sono causa di problematiche varie,il resto e' tutto cosi' com'era !
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:25:28, on 29/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\ThreatFire\TFService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\File comuni\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Java\jre6\bin\java.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.ask.com/?l=dis&o=14672
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-it9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Programmi\File comuni\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ThreatFire - PC Tools - C:\Programmi\ThreatFire\TFService.exe
O23 - Service: Ashampoo LiveTuner Service (WO_LiveService) - Unknown owner - C:\Programmi\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe
--
End of file - 5128 bytes
Rolling Eyes Aggiungo una cosa strana che ho appena scoperto per merito di CCleaner ma che purtroppo mi tocca copiare a mano causa copia/incolla che in questo caso non funziona.
Mi ha trovato anche 2 chiavi risalenti appunto al mio gioco del calcio e cioe' queste :
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\FIFA2004.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{782DDB70-3DF4-4366-00BF-E3767BCD173B}
Qualcuno ci capisce qualcosa,magari e' per questo che non mi parte il gioco e la cpu sale al 100% ??!! :cry:
Ho un pc della HP ita 350.it XP,comprato nel 2004,in questi anni e' stato assai usato (tra Emule,molte cose varie scaricate,qualche piccolo cambio di pezzi non piu' funzionanti in modo efficente e altro),ora dopo aver fatto la solita Formattazione (che non facevo da almeno 2 anni).mi ritrovo con uno strano suo comportamento pero' non riesco a capire se e' un problema di virus in generale o ahime' o pensato alla scheda madre che incomincia a partire (anche quella Crying or Very sad ).
Mi spiego meglio:fino a qualche ora fa (tentandole tutte),avevo come antivirus Avira e come firewall,Private Firewall ma sembrava che stranamente ndassero come in conflitto fra loro e spesso dovevo riavviare il pc causa ovviamente cpu al 100% quasi in maniera continua.
Ho scaricato tutto l'indispensabile anche per vedere di capire se era effettivamente un problema di strano conflitto fra i due programmi ma sembra un tentativo vano:in internet giro tranquillamente,non ci sono rallentamenti strani e la cpu e' bella tranquilla (da quando li ho tolti entrambi ...ed ora sto' in Rete con solamente il Windows firewall Rolling Eyes ).
Dunque,Avira mi segnalava 2 malware tolti ieri pomeriggio,prima di aver fatto delle scannerizzazioni anche con Kaspersky che mi trovo' 3 giorni fa un paio di virus che in qualche modo sono riuscito a debellare !
Il problema diciamo dopo aver formattato cioe' 7 gg. fa,si e' presentato ca.4 gg. fa e tra vari cambi di antivirus e programmi che secondo me non hanno segnalato nulla di virale (Combofix,vundofix,findykill,Come2...,Smitfraud),da quello che ho capito nessuno di questi non ha segnalato nulla di minaccioso.
Superantispyware aveva trovato 3 adware abbastanza famosi e poi stati debellati.
Non so',dovrei allegarVi qualche Rapporto di questi programmi per farVi capire meglio la cosa ??!!
Diciamo che per ora sarebbe tutto tranquillo pero' le cose che mi fanno un po' drizzare le antenne sono le seguenti:
Process scanner che non riesce a fare il collegamento con il proprio server (potrebbe essere inesistente il suo server o bloccato da un virus).
Difficolta' persistente a chiudere il pc in maniera normale senza doverlo fare cliccando manualmente il pulsante di chiusura !
Ora la cosa che mi rompe di piu':quando tento di fare il setup (sempre funzionato) del mio vecchio Fifa Football 2004,s'impampina al 3° passaggio e l'icona della clessidra per il caricamento sparisce e da li' incomincia ad andare al 100% la cpu !
Questo gioco e' sempre andato benone nel caricamento e non capisco proprio come mai da quando ho formattato il setup non parta in maniera regolare.
Non voglio ancora formattare (anche perche' gia' prima sbadatamente ho perso delle cose importanti),ho provato ad usare qualche programmino per capire qualcosa del servizio "SVCHOST.EXE" (scritto sempre in piccolo cmq),ma non c'ho capito molto.
Ho scritto di questo servizio del pc,perche' spesso Kaspersky mi segnalava problemi dentro questo processo (oltre che in Explorer.exe),ma alla fine si e' tutto rimesso a posto (cosi' sembrerebbe),ma siccome me ne ritrovo sul taskmanager 6 processi mi sembrano un po' troppi (ma so' che potrebbe essere normale ma a memoria non me ne ricordavo cosi' tanti !!!Embarassed ).
Altro,non mi sembra di poter aggiungere,insomma ditemi Voi cosa potrei fare,potrei allegarVi come detto qualche report (se qualcuno gentilmente mi spiegasse come fare??!!)
Grazie a chi sara' ad aiutarmi !
AGGIUNGO VARI REPORT SCANNERIZZAZIONI.
combofix:
ComboFix 11-10-26.03 - Proprietario 27/10/2011 21.52.58.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1279.758 [GMT 2:00]
Eseguito da: c:\documents and settings\Proprietario\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {7C926E7F-F290-0012-866E-927CB0222500}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5C49-7C92-0300-000000000000}
AV: ThreatFire *Disabled/Updated* {67B2B9A1-25C8-4057-962D-807958FFC9E3}
FW: Privatefirewall *Enabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((( Files Creati Da 2011-09-27 al 2011-10-27 )))))))))))))))))))))))))))))))))))
.
.
2011-10-26 16:11 . 2011-10-26 16:11 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\uTorrent
2011-10-26 14:17 . 2011-10-26 14:17 -------- d-sh--w- c:\documents and settings\Proprietario\PrivacIE
2011-10-25 16:05 . 2011-07-21 10:26 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-25 16:05 . 2011-07-21 10:26 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-25 16:05 . 2010-06-17 13:28 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-10-25 16:05 . 2010-06-17 13:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-10-25 15:23 . 2011-10-25 15:23 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\ID Vault
2011-10-25 15:16 . 2011-10-25 15:18 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\ID Vault
2011-10-25 15:09 . 2011-10-25 15:09 41648 ----a-w- c:\windows\_SETUPD_.EXE
2011-10-25 15:04 . 2011-10-26 15:13 -------- d-----w- c:\windows\Internet Logs
2011-10-25 09:56 . 2011-07-16 14:17 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-10-25 09:50 . 2011-10-04 21:19 16573579 ----a-w- C:\K-Lite_Codec_Pack_780_Full.exe
2011-10-24 15:38 . 2011-10-24 15:38 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-10-24 10:28 . 2011-10-24 10:28 -------- d-----w- c:\windows\Sun
2011-10-24 08:44 . 2011-10-24 08:44 -------- d-----w- c:\windows\l2schemas
2011-10-24 08:44 . 2011-10-24 08:44 -------- d-----w- c:\windows\system32\bits
2011-10-24 08:28 . 2008-04-13 07:36 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2011-10-24 08:28 . 2008-04-13 09:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2011-10-24 08:24 . 2006-12-28 10:01 19569 ----a-w- c:\windows\005233_.tmp
2011-10-24 07:14 . 2011-10-24 07:14 -------- d-----w- C:\9e6c6789b14cefadaeae32ca9111b0
2011-10-24 07:11 . 2011-10-24 07:11 -------- d-----w- C:\53fb2f7f6fff3990ad0496ed
2011-10-24 06:42 . 2011-10-24 06:42 -------- d-----w- C:\068b4b45c06a86a339ad2821707f20
2011-10-23 21:09 . 2011-10-23 21:10 -------- d-----w- C:\320f69b02e3487250dfe11
2011-10-23 19:10 . 2011-10-26 09:49 -------- d-----w- c:\documents and settings\Proprietario\dwhelper
2011-10-23 16:03 . 2011-10-23 16:03 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Identities
2011-10-23 16:03 . 2011-10-23 16:03 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Ahead
2011-10-23 09:53 . 2002-11-15 02:15 12640 ------w- c:\windows\system32\drivers\itchfltr.sys
2011-10-23 09:53 . 2002-11-08 09:50 41420 ------w- c:\windows\system32\drivers\Lhidusb.sys
2011-10-23 09:53 . 2002-11-08 09:50 14156 ----a-w- c:\windows\system32\drivers\LCcfltr.sys
2011-10-23 06:52 . 2011-10-23 06:52 -------- d-sh--w- c:\documents and settings\Proprietario\IETldCache
2011-10-22 22:22 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-10-22 22:18 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-10-22 22:18 . 2011-10-22 22:23 -------- d-----w- C:\a63529e0b395e3852c905f84646f71
2011-10-22 19:54 . 2011-10-22 20:00 -------- dc-h--w- c:\windows\ie8
2011-10-22 19:39 . 2011-09-14 13:58 225592 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2011-10-22 15:30 . 2011-10-22 15:30 -------- d-----w- C:\Accesso
2011-10-22 15:14 . 2011-10-22 15:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-22 15:11 . 2011-10-22 15:11 -------- d-----w- C:\OpenOffice.org 3.3 (it) Installation Files
2011-10-22 15:04 . 2011-01-19 22:10 155536928 ----a-w- C:\OOo_3.3.0_Win_x86_install-wJRE_it.exe
2011-10-22 11:55 . 2011-10-22 11:55 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\SvchostViewer
2011-10-22 11:14 . 2010-05-20 14:34 120832 ----a-w- C:\Svchost Viewer.exe
2011-10-22 07:01 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-10-21 21:08 . 2011-10-21 21:09 -------- d-----w- C:\VirtualDub 1.6.18
2011-10-21 21:04 . 2011-10-21 21:04 -------- d-----w- C:\oldver
2011-10-21 20:04 . 2011-10-21 20:06 -------- d-----w- C:\I386
2011-10-21 19:54 . 2011-10-26 14:14 -------- d--h--w- c:\windows\system32\config\systemprofile\Impostazioni locali
2011-10-21 19:54 . 2011-10-25 08:57 -------- dcsh--r- c:\windows\system32\dllcache
2011-10-21 19:54 . 2011-10-21 20:02 -------- d--h--r- c:\windows\system32\config\systemprofile\Dati applicazioni
2011-10-21 19:54 . 2011-10-21 20:02 -------- d-----r- c:\windows\system32\config\systemprofile\Menu Avvio
2011-10-21 19:29 . 2003-01-20 23:08 3360 ----a-w- c:\windows\system\SYSTEM.DRV
2011-10-21 19:29 . 2008-04-13 17:13 86528 ----a-w- c:\windows\system32\wbem\stdprov.dll
2011-10-21 19:29 . 2011-02-17 13:18 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-10-21 19:29 . 2008-04-13 16:56 73472 ----a-w- c:\windows\system32\drivers\sr.sys
2011-10-21 19:27 . 2003-01-20 23:00 73664 ----a-w- c:\windows\system\MCIAVI.DRV
2011-10-21 19:26 . 2008-04-13 09:41 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
2011-10-21 17:05 . 2011-10-25 08:38 -------- d--h--w- c:\windows\$hf_mig$
2011-10-21 17:02 . 2011-10-27 18:51 -------- d-----w- C:\foto-4
2011-10-21 16:12 . 2010-01-14 14:08 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2011-10-21 16:12 . 2010-01-14 14:08 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2011-10-21 16:12 . 2010-01-14 14:08 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2011-10-21 15:34 . 2011-10-21 15:34 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\SlimWare Utilities Inc
2011-10-21 15:11 . 2011-10-21 15:11 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\PackageAware
2011-10-21 15:04 . 2009-08-24 20:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2011-10-21 14:03 . 2011-10-21 14:03 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Privatefirewall
2011-10-21 14:02 . 2011-10-21 14:02 -------- d-----w- c:\documents and settings\LocalService\Menu Avvio
2011-10-21 14:01 . 2011-10-22 22:40 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2011-10-21 13:48 . 2011-10-22 19:23 -------- d-----w- c:\windows\ServicePackFiles
2011-10-21 13:45 . 2004-07-17 09:40 19528 ----a-w- c:\windows\002183_.tmp
2011-10-21 13:43 . 2011-10-24 08:07 -------- d-----w- c:\windows\EHome
2011-10-21 13:41 . 2011-10-27 18:01 -------- d-----w- C:\SETUP PC
2011-10-21 13:40 . 2011-09-15 13:23 130360 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2011-10-21 12:20 . 2008-04-13 16:53 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-10-21 12:20 . 2001-08-30 18:41 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-10-21 12:20 . 2008-04-13 09:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-10-21 12:20 . 2008-04-13 09:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-10-21 12:19 . 2008-04-13 09:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2011-10-21 12:19 . 2008-04-13 10:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2011-10-21 12:19 . 2008-04-13 09:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2011-10-21 12:19 . 2008-04-13 09:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2011-10-21 12:19 . 2008-04-13 07:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2011-10-21 12:19 . 2008-04-13 09:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2011-10-21 12:19 . 2008-04-13 09:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2011-10-21 12:19 . 2008-04-13 10:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2011-10-21 12:04 . 2011-10-21 12:04 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Mozilla
2011-10-21 11:53 . 2011-10-21 14:05 -------- d-----w- C:\RegSeeker_1.55
2011-10-21 11:29 . 2003-01-01 19:55 -------- d-----w- c:\windows\system32\config\systemprofile\.javaws
2011-10-21 11:29 . 2002-10-01 07:22 9856 ----a-w- c:\windows\system32\drivers\pfc.sys
2011-10-21 11:29 . 2003-04-03 09:09 49152 ----a-w- c:\windows\system32\cpuinf32.dll
2011-10-21 11:28 . 1995-07-31 11:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2011-10-21 11:26 . 2008-04-13 10:19 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2011-10-21 11:26 . 2008-04-13 09:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2011-10-21 11:24 . 2003-01-01 19:55 -------- d-----w- c:\documents and settings\Default User\.javaws
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-22 15:13 . 2011-10-22 15:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-21 12:13 . 2011-10-21 12:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-04 08:00 . 2011-10-25 09:56 74752 ----a-w- c:\windows\system32\ff_vfw.dll
2011-09-26 09:41 . 2011-10-21 19:28 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2008-07-29 17:59 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2011-10-21 19:28 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-06 14:10 . 2011-10-21 19:30 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:41 . 2011-10-21 19:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2011-10-21 19:27 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2011-10-21 19:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2011-10-21 13:49 385024 ----a-w- c:\windows\system32\html.iec
2011-09-29 07:23 . 2011-10-21 12:04 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-02 835654]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Home Theater SchSvr"="c:\programmi\File comuni\InterVideo\SchSvr\SchSvr.exe" [2003-08-08 155648]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Privatefirewall"="c:\programmi\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2011-10-21 3065568]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM(135)
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [21/10/2011 18.12.01 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [21/10/2011 18.12.01 59664]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 18.27.02 12880]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 23.55.22 67664]
R2 !SASCORE;SAS Core Service;c:\programmi\SUPERAntiSpyware\SASCore.exe [12/08/2011 1.38.07 116608]
R2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;c:\programmi\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerProcessMonitor32.sys [21/10/2011 17.03.48 12696]
R2 PFNet;Privacyware network service;c:\programmi\Privacyware\Privatefirewall 7.0\pfsvc.exe [21/10/2011 21.57.00 379328]
R2 ThreatFire;ThreatFire;c:\programmi\ThreatFire\TFService.exe service --> c:\programmi\ThreatFire\TFService.exe service [?]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [22/10/2011 21.39.34 225592]
R3 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [21/10/2011 15.40.17 130360]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [21/10/2011 18.12.01 33552]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 IDVaultSvc;IDVault Service;"c:\programmi\ID Vault\IDVaultSvc.exe" --> c:\programmi\ID Vault\IDVaultSvc.exe [?]
S3 PPEMSCAN;Protector Plus Email Scan Driver;\??\c:\protector plus\PPEMSCAN.sys --> c:\protector plus\PPEMSCAN.sys [?]
S3 PPFW;Protector Plus FireWall Driver;\??\c:\protector plus\PPFW.sys --> c:\protector plus\PPFW.sys [?]
S3 WO_LiveService;Ashampoo LiveTuner Service;c:\programmi\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe [21/10/2011 17.03.48 885160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\programmi\File comuni\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-10-27 c:\windows\Tasks\RegistryBooster.job
- c:\programmi\Uniblue\RegistryBooster\rbmonitor.exe [2011-10-21 09:48]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it.ask.com/?l=dis&o=14672
uDefault_Search_URL = hxxp://srch-it9.hpwis.com/
mSearch Bar = hxxp://srch-it9.hpwis.com/
FF - ProfilePath - c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\bdrh6lt8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU2&o=14670&locale=it_IT&apn_uid=56d8e3e5-95bb-4c97-b1fd-c0fb29bcbbc8&apn_ptnrs=T8&apn_sauid=5314FBCB-FB97-4C88-8175-D0EDE8BD5FE2&apn_dtid=YYYYYYYYIT&&q=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-{782DDB70-3DF4-4366-00BF-E3767BCD173B} - c:\programmi\EA SPORTS\FIFA 2004\EAUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-27 22:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\EN]
@DACL=(02 0000)
"OnLineServicesDirName"="Online Services"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\FR]
@DACL=(02 0000)
"OnLineServicesDirName"="Services en ligne"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\MX]
@DACL=(02 0000)
"OnLineServicesDirName"="Servicios en línea"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NL]
@DACL=(02 0000)
"OnLineServicesDirName"="Online Services"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NW]
@DACL=(02 0000)
"OnLineServicesDirName"="Online tjenster"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SP]
@DACL=(02 0000)
"OnLineServicesDirName"="Servicios en línea"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SW]
@DACL=(02 0000)
"OnLineServicesDirName"="Online tjänster"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\UK]
@DACL=(02 0000)
"OnLineServicesDirName"="Online services"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\US]
@DACL=(02 0000)
"OnLineServicesDirName"="Online Services"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(592)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\programmi\ThreatFire\TFNI.dll
c:\programmi\ThreatFire\TFMon.dll
c:\programmi\ThreatFire\TFRK.dll
c:\programmi\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(648)
c:\programmi\ThreatFire\TFWAH.dll
.
- - - - - - - > 'explorer.exe'(1272)
c:\windows\system32\WININET.dll
c:\programmi\ThreatFire\TfWah.dll
c:\windows\system32\nView.dll
c:\windows\system32\NVWRSIT.DLL
c:\programmi\ThreatFire\TFNI.dll
c:\programmi\ThreatFire\TFMon.dll
c:\programmi\ThreatFire\TFRK.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\Nero\Nero 7\InCD\InCDsrv.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Avira\AntiVir Desktop\avshadow.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\windows\System32\nvsvc32.exe
c:\programmi\ThreatFire\TFService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Ora fine scansione: 2011-10-27 22:37:17 - Il pc č stato riavviato
ComboFix-quarantined-files.txt 2011-10-27 20:36
ComboFix2.txt 2011-10-26 14:14
.
Pre-Run: 5.791.862.784 byte disponibili
Post-Run: 5.791.195.136 byte disponibili
.
- - End Of File - - C740CCBF989D42E91CCD6581D647C23C
SMITFRAUD:
SmitFraudFix v2.423
Scan done at 12.53.20,20, 29/10/2011
Run from C:\Documents and Settings\Proprietario\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix
»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix
VUNDOFIX:
VundoFix V7.0.6
Scan started at 12.56.36 29/10/2011
Listing files found while scanning....
No infected files were found.
LISTA "SVCHOST.EXE" presenti su pc:
Report generated on : 27/10/2011 20.04.57
OS : Microsoft Windows XP Home Edition
Services running on NOME-1M3B12I2GP :
-----------------------------------------------------
svchost instance running:
• Utilitŕ di avvio processo server DCOM
• Servizi terminal
svchost instance running:
• RPC (Remote Procedure Call)
svchost instance running:
• Audio Windows
• Servizio trasferimento intelligente in background
• Browser di computer
• CryptSvc
• Client DHCP
• Servizio di segnalazione errori
• Sistema di eventi COM+
• Compatibilitŕ di Cambio rapido utente
• Guida in linea e supporto tecnico
• HID Input Service
• Server
• Workstation
• Connessioni di rete
• NLA (Network Location Awareness)
• Connection Manager di Accesso remoto
• Utilitŕ di pianificazione
• Secondary Logon
• Notifica eventi di sistema
• Windows Firewall / Condivisione connessione Internet (ICS)
• Rilevamento hardware shell
• Servizio Ripristino configurazione di sistema
• Telefonia
• Temi
• Manutenzione collegamenti distribuiti client
• Ora di Windows
• Strumentazione gestione Windows
• Centro sicurezza PC
• Automatic Updates
• Zero Configuration reti senza fili
svchost instance running:
• Client DNS
svchost instance running:
• Helper NetBIOS di TCP/IP
• Servizio di rilevamento SSDP
svchost instance running:
• WebClient
-----------------------------------------------------
System is running : 36 service(s)
in a total of : 6 svchost.exe process(es)
AGGIUNGO ANCHE UNO STRANO REPORT RIGUARDANTE IL MIO PC GAME,NON RICORDO DA QUALE PROGRAMMA E' STATO ESTRATTO,COMUNQUE SE SERVE A CAPIRE COME MAI NON PARTE O FORSE SE C'E' QUALCOSA CHE NON VA'.
Started: Thu Oct 27 17:32:02 2011
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
Started: Thu Oct 27 17:57:49 2011
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
Started: Thu Oct 27 18:43:04 2011
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
Started: Thu Oct 27 20:06:33 2011
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
Started: Fri Oct 28 12:36:29 2011
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
Started: Fri Oct 28 18:11:39 2011
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
Started: Fri Oct 28 18:20:21 2011
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
Started: Sat Oct 29 14:11:02 2011
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
Started: Sat Oct 29 15:19:12 2011
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
SOFTWARE\Electronic Arts\EA SPORTS\FIFA 2004\ergc - key registry
2J7FUQG9FMH6HHDTDG4F - key value
Scusate in aggiunta posto il report di Hijackthis,del quale ho tolto una voce al punto 2 del BHO che finiva con "no name o simile" che leggendo in giro ho capito che in questi casi si possono togliere perche' sono delle voci che gia' da se' si capisce che sono causa di problematiche varie,il resto e' tutto cosi' com'era !
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:25:28, on 29/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\ThreatFire\TFService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\File comuni\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Java\jre6\bin\java.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.ask.com/?l=dis&o=14672
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-it9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Programmi\File comuni\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ThreatFire - PC Tools - C:\Programmi\ThreatFire\TFService.exe
O23 - Service: Ashampoo LiveTuner Service (WO_LiveService) - Unknown owner - C:\Programmi\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe
--
End of file - 5128 bytes
Rolling Eyes Aggiungo una cosa strana che ho appena scoperto per merito di CCleaner ma che purtroppo mi tocca copiare a mano causa copia/incolla che in questo caso non funziona.
Mi ha trovato anche 2 chiavi risalenti appunto al mio gioco del calcio e cioe' queste :
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\FIFA2004.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{782DDB70-3DF4-4366-00BF-E3767BCD173B}
Qualcuno ci capisce qualcosa,magari e' per questo che non mi parte il gioco e la cpu sale al 100% ??!! :cry: