Avere Tanti Programmi Per La Sicurezza Può Creare Problemi?

[Glutammico]

Ciao a tutti!La domanda niubba del titolo è questa:avere installati più programmi,come antivirus,antispyware etc è una cosa positiva,nel senso che la sicurezza aumenta,oppure è inutile,o addirittura dannoso?

Mi sono posto questo problema da quando ho installato sul mio pc Spyware doctor...avevo già Spybot search and destroy,e AVG 8 come antivirus....da allora,vengo tempestato da messggi di errore,tipo "Acces violation at address 694C5405","errore di sistema-codice errore 0x6f8917c2 la memora non poteva essere "written" ",oltre a vari blocchi di generic host process for win 32 service.....cercando sul web,ho scoperto che il primo è probabilmente legato a spybot,il secondo a un tale "Metasploit framework"(che io non ho mai esplicitamente installato)....dopo mille scansioni che non hanno mai trovato nulla di rilevante,inizio a pensare che a darmi problemi non sia qualche malware,ma i suddetti antispyware....è possibile,o è una cavolata?

[dj GCE]

Possibile, ma dipende dai casi...

Sicuramente installare due antivirus è pericolosissimo, perché c'è il rischio che si pianti il pc e si creino conflitti, ma installare due antispyware non dovrebbe essere problematico (a meno che non li hai scelti entrambi con controllo in tempo reale).

[Glutammico]

Ehm...in effetti hanno entrambi una funzione di protezione in tempo reale!...Devo lasciarne attiva solo una?In tal caso,quale dei due mi consigli?

[dj GCE]

Spybot Search & Destroy...

[Glutammico]

Ok,grazie!Ho fatto come mi hai detto...ma continuo a ricevere questo fastidioso messaggio d'errore,insieme a quello di generic host process...il bello è che ho fatto scansioni con spybot,spyware doctor,superantispyware,avg8,sophos antirootkit,sia in modalità normale che provvisoria,ma non ho trovato nulla!!Non riesco davvero a capire quale possa essere il problema...ho anche disattivato il tea timer,per vedere se era questo il problema(ho letto in giro che a molti crea fastidi),e al suo posto ho messo arovax shield,che ho sentito dire funzioni meglio...ma è tutto inutile!

[Glutammico]

Per essere più chiaro,l'errore mi è dato da "Protezione esecuzione programmi" di windows,e dice qualcosa del tipo:"per facilitare la protezione del sistema,generic host process for win32 service è stato chiuso",e quando clicco su "ok" mi compare il classico errore che ho postato in foto....

[$angelique!?]

Ciao Glutammico,

allega un log di hijackthis che gli diamo una controllata

[Glutammico]

Ciao angelique!

Ecco qui il log di Hijack:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17.53.44, on 07/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Programmi\Microsoft IntelliPoint\point32.exe

C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programmi\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\DAEMON Tools Lite\daemon.exe

C:\Programmi\Arovax Shield\ArovaxShield.exe

C:\Programmi\Java\jre6\bin\jqs.exe

C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Programmi\Windows Live\Messenger\msnmsgr.exe

C:\Programmi\Windows Live\Messenger\usnsvc.exe

C:\Programmi\Mozilla Firefox\firefox.exe

F:\Programmi vari\Sicurezza\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talti.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [intelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Arovax Shield] C:\Programmi\Arovax Shield\ArovaxShield.exe -tray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Registration .LNK.disabled

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: NkbMonitor.exe.lnk.disabled

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{FD514888-7D9D-438E-8AB5-069E39D05758}: NameServer = 88.149.128.12,88.149.128.22

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe

--

End of file - 7083 bytes

[$angelique!?]

Il log di hijackthis è pulito, dovresti aggiornare il sistema al SP3

[Glutammico]

Ho installato il SP3 come mi hai consigliato,ma l'errore di generic host process continua ad apparire quasi ad ogni avvio......

[$angelique!?]

Ciao Glutammico,

esegui Combofix, allega il report

[Glutammico]

Ciao!Ho provato ad avviarlo,seguendo le vostre istruzioni....ho aspettato 35 minuti,ma la barra di caricamento(quella che compare appena viene avviato)rimane ferma allo 0....é normale???

EDIT:

Ok ho risolto,dovevo farlo partire con un normale doppio click,senza fare tasto destro->esegui come...

Ecco qui il log di Combofix:

ComboFix 08-12-06.06 - Administrator 2008-12-08 14.36.16.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.2436 [GMT 1:00]

Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe

* Creato nuovo punto di ripristino

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programmi\autorun.inf

c:\windows\IE4 Error Log.txt

c:\windows\system32\1.tmp

.

((((((((((((((((((((((((( Files Creati Da 2008-11-08 al 2008-12-08 )))))))))))))))))))))))))))))))))))

.

2008-12-07 20:27 . 2008-12-07 20:27 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\PCToolsFirewallPlus

2008-12-07 20:20 . 2008-12-07 20:34 <DIR> d-------- c:\programmi\PC Tools Firewall Plus

2008-12-07 20:20 . 2008-12-07 20:20 <DIR> d-------- c:\programmi\File comuni\PC Tools

2008-12-07 20:20 . 2008-07-28 11:29 160,792 --a------ c:\windows\system32\drivers\pctfw2.sys

2008-12-07 20:20 . 2008-07-17 16:53 93,952 --a------ c:\windows\system32\drivers\pctfw.sys

2008-12-07 20:20 . 2008-08-05 15:58 58,136 --a------ c:\windows\system32\drivers\FWAuthdriver.sys

2008-12-07 20:13 . 2008-04-13 19:13 221,184 --a------ c:\windows\system32\wmpns.dll

2008-12-07 20:04 . 2008-12-07 20:04 <DIR> d-------- c:\windows\ServicePackFiles

2008-12-07 20:04 . 2008-04-13 19:14 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe

2008-12-07 13:25 . 2008-12-07 13:25 <DIR> d--h----- c:\windows\system32\GroupPolicy

2008-12-06 23:20 . 2008-12-06 23:20 <DIR> d-------- c:\programmi\Sophos

2008-12-06 23:20 . 2008-12-06 23:20 <DIR> d-------- c:\programmi\Arovax Shield

2008-12-06 23:20 . 2008-12-06 23:20 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Arovax

2008-12-06 22:31 . 2008-12-06 22:31 <DIR> d-------- c:\programmi\SUPERAntiSpyware

2008-12-06 22:31 . 2008-12-06 22:31 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com

2008-12-06 22:31 . 2008-12-06 22:31 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com

2008-12-06 19:07 . 2008-12-06 19:07 <DIR> d-------- c:\windows\Sun

2008-12-06 19:02 . 2008-12-06 19:01 73,728 --a------ c:\windows\system32\javacpl.cpl

2008-12-06 19:01 . 2008-12-06 19:01 <DIR> d-------- c:\programmi\Java

2008-12-06 18:50 . 2008-12-06 19:01 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-03 19:24 . 2008-12-03 19:24 <DIR> d-------- c:\programmi\K-Lite Codec Pack

2008-12-03 17:48 . 2008-12-03 17:48 <DIR> d-------- c:\programmi\FDRLab

2008-11-20 21:44 . 2008-11-20 21:44 42,320 --a------ c:\windows\system32\xfcodec.dll

2008-11-17 16:33 . 2008-12-02 23:07 <DIR> d-------- c:\programmi\Spyware Doctor

2008-11-17 16:33 . 2008-11-17 16:33 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\PC Tools

2008-11-17 16:33 . 2008-08-25 11:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys

2008-11-17 16:33 . 2008-08-25 11:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys

2008-11-17 16:33 . 2008-08-25 11:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys

2008-11-17 16:33 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys

2008-11-15 23:00 . 2008-11-15 23:03 <DIR> d-------- C:\temp

2008-11-15 22:12 . 2008-11-15 22:12 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Media Center Programs

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-08 13:31 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP

2008-12-07 20:25 --------- d--h--w c:\programmi\FX Uninstall Information

2008-12-07 12:11 172,964 --sha-w c:\windows\system32\drivers\fidbox.idx

2008-12-07 12:11 16,965,664 --sha-w c:\windows\system32\drivers\fidbox.dat

2008-12-06 23:41 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy

2008-12-06 23:35 --------- d-----w c:\programmi\Spybot - Search & Destroy

2008-12-06 21:30 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard

2008-12-06 12:44 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Xfire

2008-12-06 11:55 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2008-12-06 11:55 107,832 ----a-w c:\windows\system32\PnkBstrB.exe

2008-12-05 00:47 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Hamachi

2008-12-04 19:44 --------- d-s---w c:\programmi\Xfire

2008-12-03 18:16 --------- d-----w c:\programmi\File comuni\Real

2008-11-26 14:59 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\teamspeak2

2008-11-25 08:45 2,283,027 ----a-w c:\windows\system32\x264vfw.dll

2008-11-24 14:32 57,344 ----a-w c:\windows\system32\ff_vfw.dll

2008-11-15 21:01 --------- d-----w c:\programmi\THQ

2008-11-15 21:00 --------- d--h--w c:\programmi\InstallShield Installation Information

2008-11-06 19:23 --------- d-----w c:\programmi\eMule

2008-10-13 16:16 --------- d-----w c:\programmi\HD Tune

2008-10-13 16:13 --------- d-----w c:\programmi\HDD Health

2008-10-09 17:36 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\WorldShift

2008-10-09 16:16 --------- d-----w c:\programmi\PowerQuest

2008-09-11 09:55 20 ---h--w c:\documents and settings\All Users\Dati applicazioni\PKP_DLec.DAT

2008-09-11 09:55 20 ---h--w c:\documents and settings\All Users\Dati applicazioni\PKP_DLds.DAT

2008-09-10 13:45 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2008-03-02 20:16 1 ----a-w c:\documents and settings\Administrator\SI.bin

2007-12-09 22:32 22,328 ----a-w c:\documents and settings\Administrator\Dati applicazioni\PnkBstrK.sys

2007-06-04 17:44 55,682 ----a-w c:\programmi\data1.hdr

2007-06-04 17:44 12,707,863 ----a-w c:\programmi\data1.cab

2007-05-10 09:11 4,269,032 ----a-w c:\programmi\Autorun.exe

2007-04-10 14:04 2,173 ----a-w c:\programmi\btns.xml

2005-09-26 23:16 229,376 ----a-w c:\windows\system32\config\systemprofile\NTUSER(2).DAT

2006-01-15 15:36 56 --sh--r c:\windows\system32\055BCC23C1.sys

.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

----a-w 81,920 2004-08-22 16:05:02 c:\programmi\D-Tools\bak\daemon.exe

----a-w 151,597 2006-02-03 12:35:09 c:\programmi\File comuni\Real\Update_OB\bak\realsched.exe

----a-w 369,664 2007-03-06 10:24:51 c:\programmi\Grisoft\AVG Free\bak\avgcc.exe

----a-w 281,088 2007-02-26 08:35:30 c:\programmi\Grisoft\AVG Free\bak\avgemc.exe

----a-w 278,528 2005-05-13 22:20:50 c:\programmi\iTunes\bak\iTunesHelper.exe

----a-w 267,048 2008-06-02 09:13:26 c:\programmi\iTunes\iTunesHelper.exe

----a-w 217,088 2005-06-10 09:21:01 c:\programmi\Microsoft IntelliPoint\bak\point32.exe

----a-w 217,088 2005-06-10 09:21:01 c:\programmi\Microsoft IntelliPoint\point32.exe

----a-w 98,304 2005-09-27 13:50:38 c:\programmi\QuickTime\bak\qttask.exe

----a-w 413,696 2008-05-27 08:50:30 c:\programmi\QuickTime\QTTask.exe

----a-w 15,360 2004-08-19 15:39:36 c:\windows\system32\bak\ctfmon.exe

----a-w 15,360 2008-04-13 18:14:04 c:\windows\system32\ctfmon.exe

----a-w 155,648 2001-07-09 10:50:42 c:\windows\system32\bak\NeroCheck.exe

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2008-07-08 486856]

"Arovax Shield"="c:\programmi\Arovax Shield\ArovaxShield.exe" [2007-04-26 1214576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelliPoint"="c:\programmi\Microsoft IntelliPoint\point32.exe" [2005-06-10 217088]

"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]

"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2008-05-27 413696]

"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-06 136600]

"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2008-08-05 2611096]

"SoundMan"="SOUNDMAN.EXE" [2004-02-26 c:\windows\SOUNDMAN.EXE]

"PtiuPbmd"="ptipbm.dll" [2003-01-15 c:\windows\system32\ptipbm.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\

Registration .LNK.disabled [2008-03-02 1155]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\

Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-27 113664]

NkbMonitor.exe.lnk.disabled [2008-01-08 1620]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 15:28 352256 c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^Registration Ghost Recon Advanced Warfighter.LNK]

path=c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\Registration Ghost Recon Advanced Warfighter.LNK

backup=c:\windows\pss\Registration Ghost Recon Advanced Warfighter.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^Registration Ghost Recon Advanced Warfighter.LNK.disabled]

path=c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\Registration Ghost Recon Advanced Warfighter.LNK.disabled

backup=c:\windows\pss\Registration Ghost Recon Advanced Warfighter.LNK.disabledStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"EPSON Stylus DX4400 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "c:\windows\TEMP\E_SC0.tmp" /EF "HKCU"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime

"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programmi\\Diablo II\\Game.exe"=

"c:\\Programmi\\Sierra\\FEARCombat\\FEARMP.exe"=

"c:\\Programmi\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=

"c:\\Programmi\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Programmi\\Xfire\\xfire.exe"=

"c:\\Programmi\\America's Army\\System\\ArmyOps.exe"=

"c:\\Programmi\\BitLord\\BitLord.exe"=

"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=

"c:\\Programmi\\Electronic Arts\\La Battaglia per la Terra di Mezzo II\\game.dat"=

"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=

"c:\\Programmi\\iTunes\\iTunes.exe"=

"c:\\Programmi\\eMule\\emule.exe"=

"c:\\Programmi\\Electronic Arts\\L'Ascesa del Re Stregone\\game.dat"=

"c:\\Programmi\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=

"c:\\Programmi\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=

"c:\\Programmi\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2003-01-07 77056]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-23 97928]

R1 dtd;dtd;\??\c:\programmi\Arovax Shield\dtd.sys [2007-04-24 42112]

R1 pctfw2;pctfw2;\??\c:\windows\system32\drivers\pctfw2.sys [2008-12-07 160792]

R1 SASDIFSV;SASDIFSV;\??\c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]

R1 SASKUTIL;SASKUTIL;\??\c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-23 231704]

R3 FWAuth;FWAuth Driver;\??\c:\windows\system32\drivers\FWAuthDriver.sys [2008-12-07 58136]

S3 ASPI;Advanced SCSI Programming Interface Driver;\??\c:\windows\System32\DRIVERS\ASPI32.sys [2008-05-13 16512]

S3 jatmlano;jatmlano;\??\c:\docume~1\ADMINI~1\IMPOST~1\Temp\jatmlano.sys []

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1.tmp []

S3 SASENUM;SASENUM;\??\c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]

S3 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [2008-11-17 356920]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d95138b2-3a04-11dc-b772-0013d49b6a20}]

\Shell\AutoRun\command - G:\2ifetri.cmd

\Shell\explore\Command - G:\2ifetri.cmd

*Newly Created Service* - PROCEXP90

.

.

------- Supplementare di scansione -------

.

uStart Page = hxxp://www.talti.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {FD514888-7D9D-438E-8AB5-069E39D05758} = 88.149.128.12,88.149.128.22

FireFox -: Profile - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\0rfewehi.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.it/

FF -: plugin - c:\programmi\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - c:\programmi\Java\jre6\bin\new_plugin\npdeploytk.dll

FF -: plugin - c:\programmi\Java\jre6\bin\new_plugin\npjp2.dll

FF -: plugin - c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF -: plugin - c:\programmi\Mozilla Firefox\plugins\npdeploytk.dll

FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-08 14:37:46

Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo

Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\1.tmp"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(1268)

c:\windows\system32\avgrsstx.dll

c:\programmi\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1336)

c:\windows\system32\avgrsstx.dll

.

Ora fine scansione: 2008-12-08 14.39.05

ComboFix-quarantined-files.txt 2008-12-08 13:39:03

ComboFix2.txt 2008-04-12 21:19:38

Pre-Run: 31.362.310.144 byte disponibili

Post-Run: 31,490,781,184 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

243

[$angelique!?]

Con tutti quei programmi di sicurezza installati, hai ancora l'infezione di questa primavera??

Scarica the Avenger

http://swandog46.geekstogo.com/avenger.zip

Lo salvi in una cartella, scompatti il file .zip

Individua avenger.exe, lo avvii

Inserisci questo script nel box bianco

Drivers to disable:

jatmlano

MEMSWEEP2

Registry values to replace with dummy:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Files to delete:

c:\programmi\iTunes\iTunesHelper.exe

c:\programmi\Microsoft IntelliPoint\point32.exe

c:\programmi\QuickTime\QTTask.exe

c:\windows\system32\ctfmon.exe

c:\docume~1\ADMINI~1\IMPOST~1\Temp\jatmlano.sys

C:\WINDOWS\System32\Drivers\MEMSWEEP2.sys

c:\windows\system32\1.tmp

c:\programmi\Autorun.exe

c:\programmi\btns.xml

c:\windows\system32\055BCC23C1.sys

G:\2ifetri.cmd

registry keys to delete:

HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2

HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MEMSWEEP2

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MEMSWEEP2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MEMSWEEP2

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MEMSWEEP2\0000\Control

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MEMSWEEP2\0000\LogConf

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MEMSWEEP2\0000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MEMSWEEP2\0000\LogConf

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MEMSWEEP2\0000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MEMSWEEP2

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MEMSWEEP2\Security

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MEMSWEEP2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MEMSWEEP2\0000\Control

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MEMSWEEP2\0000\LogConf

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MEMSWEEP2\0000

folders to delete:

C:\WINDOWS\temp

C:\WINDOWS\Tasks

Files to move:

c:\programmi\iTunes\bak\iTunesHelper.exe | c:\programmi\iTunes\iTunesHelper.exe

c:\programmi\Microsoft IntelliPoint\bak\point32.exe | c:\programmi\Microsoft IntelliPoint\point32.exe

c:\programmi\QuickTime\bak\qttask.exe | c:\programmi\QuickTime\QTTask.exe

c:\windows\system32\bak\ctfmon.exe | c:\windows\system32\ctfmon.exe

Clicca su Execute

Il pc dovrebbe riavviarsi (se così non fosse, fallo tu)

Posta il log che verrà creato in C:\Avenger

[Glutammico]

Ciao angelique!Scusa il ritardo ma in questi giorni ho avuto un bel pò di problemi di connessione!!

Ma davvero è ancora quell'infezione lì???

Ho esegiuto lo script....al riavvio mi è comparso un bello schermo blu con scritto:

STOP:c000021a Errore grave di sistema

Processo di sistema Window Logon Process terminato in modo inatteso con stato di 0x00000402 (0x00000000 0x00000000)

A parte questo,ecco il log:

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\txosyfnn

*******************

Script file located at: \??\C:\Program Files\ratupetn.txt

Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\D-Tools\daemon.exe deleted successfully.

File C:\Programmi\Grisoft\AVG Free\avgcc.exe deleted successfully.

File C:\Programmi\Grisoft\AVG Free\avgemc.exe deleted successfully.

File C:\Programmi\Microsoft IntelliPoint\point32.exe deleted successfully.

File C:\Programmi\QuickTime\qttask.exe deleted successfully.

File C:\WINDOWS\system32\ctfmon.exe deleted successfully.

File C:\WINDOWS\system32\055BCC23C1.sys deleted successfully.

File C:\Programmi\Autorun.exe deleted successfully.

File C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jatmlano.sys not found!

Deletion of file C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jatmlano.sys failed!

Could not process line:

C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jatmlano.sys

Status: 0xc0000034

Folder C:\WINDOWS\temp deleted successfully.

Folder C:\WINDOWS\Tasks deleted successfully.

File move operation C:\Programmi\D-Tools\bak\daemon.exe|C:\Programmi\D-Tools\daemon.exe completed successfully.

File move operation C:\Programmi\Grisoft\AVG Free\bak\avgcc.exe|C:\Programmi\Grisoft\AVG Free\avgcc.exe completed successfully.

File move operation C:\Programmi\Grisoft\AVG Free\bak\avgemc.exe|C:\Programmi\Grisoft\AVG Free\avgemc.exe completed successfully.

File move operation C:\Programmi\Microsoft IntelliPoint\bak\point32.exe|C:\Programmi\Microsoft IntelliPoint\point32.exe completed successfully.

File move operation C:\Programmi\QuickTime\bak\qttask.exe|C:\Programmi\QuickTime\qttask.exe completed successfully.

File move operation C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe completed successfully.

Completed script processing.

*******************

Finished! Terminate.

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Driver "jatmlano" disabled successfully.

Driver "MEMSWEEP2" disabled successfully.

File "c:\programmi\iTunes\iTunesHelper.exe" deleted successfully.

File "c:\programmi\Microsoft IntelliPoint\point32.exe" deleted successfully.

File "c:\programmi\QuickTime\QTTask.exe" deleted successfully.

File "c:\windows\system32\ctfmon.exe" deleted successfully.

Error: file "c:\docume~1\ADMINI~1\IMPOST~1\Temp\jatmlano.sys" not found!

Deletion of file "c:\docume~1\ADMINI~1\IMPOST~1\Temp\jatmlano.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\System32\Drivers\MEMSWEEP2.sys" not found!

Deletion of file "C:\WINDOWS\System32\Drivers\MEMSWEEP2.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "c:\windows\system32\1.tmp" not found!

Deletion of file "c:\windows\system32\1.tmp" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

File "c:\programmi\Autorun.exe" deleted successfully.

File "c:\programmi\btns.xml" deleted successfully.

File "c:\windows\system32\055BCC23C1.sys" deleted successfully.

Error: could not open file "G:\2ifetri.cmd"

Deletion of file "G:\2ifetri.cmd" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Registry key "HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2" deleted successfully.

Error: registry key "HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MEMSWEEP2" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MEMSWEEP2" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MEMSWEEP2" deleted successfully.

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MEMSWEEP2" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MEMSWEEP2" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MEMSWEEP2\0000\Control" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MEMSWEEP2\0000\Control" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MEMSWEEP2\0000\LogConf" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MEMSWEEP2\0000\LogConf" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MEMSWEEP2\0000" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MEMSWEEP2\0000" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MEMSWEEP2\0000\LogConf" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MEMSWEEP2\0000\LogConf" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MEMSWEEP2\0000" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MEMSWEEP2\0000" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MEMSWEEP2" deleted successfully.

Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MEMSWEEP2\Security" deleted successfully.

Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MEMSWEEP2" deleted successfully.

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MEMSWEEP2\0000\Control" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MEMSWEEP2\0000\Control" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MEMSWEEP2\0000\LogConf" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MEMSWEEP2\0000\LogConf" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MEMSWEEP2\0000" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MEMSWEEP2\0000" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Folder "C:\WINDOWS\temp" deleted successfully.

Folder "C:\WINDOWS\Tasks" deleted successfully.

File move operation "c:\programmi\iTunes\bak\iTunesHelper.exe|c:\programmi\iTunes\iTunesHelper.exe" completed successfully.

File move operation "c:\programmi\Microsoft IntelliPoint\bak\point32.exe|c:\programmi\Microsoft IntelliPoint\point32.exe" completed successfully.

File move operation "c:\programmi\QuickTime\bak\qttask.exe|c:\programmi\QuickTime\QTTask.exe" completed successfully.

File move operation "c:\windows\system32\bak\ctfmon.exe|c:\windows\system32\ctfmon.exe" completed successfully.

Registry value "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

[$angelique!?]

Esegui una scansione online con Kaspersky (su "my computer")ed allega il report

[Glutammico]

Ho fatto la scansione di mycomputer...."no malware has been detected"....

Vuol dire che posso stare tranquillo?? XD

[$angelique!?]

Speriamo!

Eliminiamo tutto quello che hai usato per la pulizia OtCleanit

avvialo con un doppio click e clicca su "cleanup"

conferma l'operazione, e se ti viene chiesto il riavvio acconsenti

Se tra qualche giorno il sistema ti sembra che funzioni correttamente,

Disabilita il Ripristino di configurazione su tutte le unità, riavvia e poi crei un nuovo punto pulito

(nota che questo eliminerà tutti i punti di ripristino, ed eventuali virus in esso contenuti)

[Glutammico]

Fatto!Per ora sembra che il computer vada molto meglio...fra qualche giorno ti farò sapere se la situazione è stabile!!

Nel frattempo,grazie mille per l'aiuto che mi hai dato!!!

P.S.non ho capito bene a cosa server OTcleanit....

EDIT

Ciao angelique!In effetti un problema c'è....Installazione Applicazioni non visualizza più l'elenco completo dei programmi installati...ne compaiono solo alcuni,e per di più non posso fare su di essi nessun tipo di azione(del tipo cambia/rimuovi)...forse è partita qualche chiave di registro?Come posso risolverlo?

[$angelique!?]

OtCleanit serve ad eliminare i tool tipo combofix, avenger...ecc

Il problema del pannello installazioni e applicazioni penso sia il risultato dell'utilizzo del ripristino configurazione di sistema eseguito avanti e indietro...

Se il programma non è in installazioni/applicazioni va reinstallato.