Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Ho veramente bisogno di aiuto

3 pages: [1] 2 3
Ho veramente bisogno di aiuto Opzioni
Topic Precedente · Topic Sucessivo
maximetto
Inviato: Tuesday, April 07, 2009 4:50:12 PM
Rank: AiutAmico

Iscritto dal : 4/7/2009
Posts: 35
Ragazzi mi rivolgo a chiunque possa aiutarmi!
Il pc che non va é ad esclusivo uso di mia moglie , disabile motoria purtroppo, ed è veramente l' unico mezzo che ha per far passare le giornate quando io non ci sono.
Il fatto è che improvvisamente si è rallentato tutto e alcune applicazioni non le apre dando come risposta problema rever.
Posto l' ultimo loc di Hijack confidando nel vostro aiuto !
Grazie


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.49.54, on 07/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ATnotes\ATnotes.exe
C:\Programmi\TuneUp Utilities 2009\MemOptimizer.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\Programmi\Madentec Limited\MagicCursor 2000\MagicCursor2000.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Programmi\IncrediMail\bin\IMApp.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\IncrediMail\bin\IncMail.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Utente\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://gw.aliceadsl.it/minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gw.aliceadsl.it/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Programmi\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATnotes.exe] C:\Programmi\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programmi\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Magic Cursor] C:\Programmi\Madentec Limited\MagicCursor 2000\MagicCursor2000.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All by Gigaget - C:\Programmi\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Programmi\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Alice - {96B09A7F-F8AD-49BC-8DCE-A65329067477} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\programmi\bonjour\mdnsnsp.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1238704379125
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224795443421
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199045564578
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - Unknown owner - C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98d3e29b62924) (gupdate1c98d3e29b62924) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programmi\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 11028 bytes
Torna in alto
 
Sponsor
Inviato: Tuesday, April 07, 2009 4:50:12 PM

 
Torna in alto
 
antonpaco
Inviato: Tuesday, April 07, 2009 5:52:40 PM
Rank: AiutAmico

Iscritto dal : 11/7/2006
Posts: 1,180
spero tanto che qualcuno possa aiutarti, i nostri esperti lo faranno appena potranno, nel frattempo fai una cosa, la scansione di hijack che hai messo nel forum falla analizzare dallo stesso sito, vai su www.hijackthis.de troverai la finestra con "sfoglia" carichi il file e fai "analizza". Puoi anche fare una scansione con malwarebytes che puoi scaricare da www.malwarebytes.org
Torna in alto
 
maximetto
Inviato: Tuesday, April 07, 2009 7:17:55 PM
Rank: AiutAmico

Iscritto dal : 4/7/2009
Posts: 35
Ho controllato il log sul sito e tranne questa riga O9 - Extra button: Alice - {96B09A7F-F8AD-49BC-8DCE-A65329067477} - http://gw.aliceadsl.it/alice (file missing) (HKCU) da eliminare niente di che.
La cosa strana però è che nonostante il firewall di windows sia attivo, a loro non risulta nessun firewall attivo sul sistema.
Cosa potrebbe essere?
Comunque grazie per la cortesia avuta nei nostri confronti !
Torna in alto
 
enigmista63
Inviato: Tuesday, April 07, 2009 8:24:40 PM

Rank: AiutAmico

Iscritto dal : 4/28/2007
Posts: 1,976
Ciao hai scaricato Malwarebutes come consigliato? scaricalo da questo sito,lo installi e fai scansione completa(aggiornarlo sempre prima di scansionare) se rileva qualcosa metti in quarantena e facci sapere,non eliminare nulla.
Torna in alto
 
maximetto
Inviato: Wednesday, April 08, 2009 7:18:26 AM
Rank: AiutAmico

Iscritto dal : 4/7/2009
Posts: 35
Ho fatto la scansione completa e non ha trovato nulla, una cosa però l' ho notata io, cioè ho installato Zone Alarm visto che quello del sistema non risulta attivo dall' esterno e la prima cosa che mi ha detto è che non risulta attivo neanche l' antivirus. (Avast home)
Torna in alto
 
paolopa
Inviato: Wednesday, April 08, 2009 8:52:18 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
intanto che aspetti gli espertiche,sono certo ti risolveranno il problema,fai una scansione con bitdefender online scanner,a me,a volte,ha risolto problemi...
http://www.bitdefender.com/scan8/ie.html
devi farla con internet explorer....poi inizia a pensare ad un firewall alternativo a windows che non è sicuro...in bocca al lupo e buona giornata.
Torna in alto
 
antonpaco
Inviato: Wednesday, April 08, 2009 11:02:36 AM
Rank: AiutAmico

Iscritto dal : 11/7/2006
Posts: 1,180
maximetto, per quanto riguarda il firewall non preoccuparti, non so per quale ragione hijack segnala il firewall di windows come non attivo mentre invece e' attivo, e' normale, non lo fa solo nel tuo caso, non preoccuparti assolutamente.
Torna in alto
 
maximetto
Inviato: Wednesday, April 08, 2009 1:56:58 PM
Rank: AiutAmico

Iscritto dal : 4/7/2009
Posts: 35
antonpaco, grazie per le rassicurazioni, mi hai tolto un gran peso dallo stomaco.
st seguendo il consiglio di paolopa, finita la scansione vi faccio sapere.
Un' ultima cosa, esiste un controllo on line per verificare l' efficacia di firewall e antivirus installati?
Comunque grazie ancora a tutti, è un sollievo sapere che esistono tante BELLE PERSONE.
Torna in alto
 
paolopa
Inviato: Wednesday, April 08, 2009 2:39:48 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
guarda maximetto,sugli antivirus free leggendo in giro mi sembra di capire che agv ed avast siano tra i migliori,sui firewall sono tutti concordi nel dire che quello di windows è pessimo perchè non scansiona le connessioni in uscita,per cui se qualcosa ti si installa sul compiuter puo poi fare cio che vuole,dall inviare dati sensibili all aprire le porte a compagni di merenda...almeno questo è cuio che molti che stimo hanno scritto in questo forum...
Torna in alto
 
wolfestein
Inviato: Wednesday, April 08, 2009 4:08:15 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,948
.....ed è normale che il firewall di Windows sia disattivato quando se ne installa uno esterno.Due firewall attivi farebbero come due galli in un pollaio.
Torna in alto
 
shapiro
Inviato: Wednesday, April 08, 2009 4:25:48 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao maximetto

se ho ben capito non ti funziona ne' il firewall ne' l'antivirus....

forse ci siamo

scarica

http://dc108.4shared.com/download/75022994/b07bff/FindyKill.exe?tsid=20090209-102651-de3379fb


Doppio click sull'icona Findykill per avviare l'installazione:
Inserisci la prima spunta per accettare la licenza e prosegui > Suivant
Clicca su "Si" per destinare una cartella al programma
Clicca su Dèmarrer > Quitter per terminare l'installazione.
Cerca l'icona del programma sul desktop o in programmi ed eseguilo
Ignora l'opzione 1 , fai solo la 2 (invio) per la pulizia.
Il report delle operazioni effettuate lo trovarai in C:\FindyKill.txt
Allega il rapporto nella tua risposta.
Torna in alto
 
maximetto
Inviato: Wednesday, April 08, 2009 6:43:03 PM
Rank: AiutAmico

Iscritto dal : 4/7/2009
Posts: 35
ciao shapiro, questo è il risultato:






----------------- FindyKill V4.707 ------------------

* User : Utente - B2B56501F091439
* executed from : C:\Programmi\FindyKill
* Update on 06/12/08 par Chiquitine29
* Start at 18:21:41 the 08/04/2009
* Windows XP - Internet Explorer 7.0.5730.13


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\TuneUp Utilities 2009\OneClickStarter.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch


»»»» Supression files in C:\WINDOWS\system32


»»»» Supression files in C:\WINDOWS\system32\drivers


»»»» Supression files in C:\Documents and Settings\Utente\Dati applicazioni


»»»» Supression files in C:\DOCUME~1\Utente\IMPOST~1\Temp


»»»» Supression files in C:\Documents and Settings\Utente\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\Documents and Settings\Utente\Documenti\Musica\Fly\AlbumArt_{12BB764B-C788-441F-838A-0B649E2AF714}_Large.jpg
Deleted ! - C:\Documents and Settings\Documents and Settings\Utente\Documenti\Musica\Fly\AlbumArt_{12BB764B-C788-441F-838A-0B649E2AF714}_Small.jpg

--------------- [ Registry / Infected keys ] ----------------


--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

WinDefend - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Unit… fissa


+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\Utente\Desktop\Massimo\File EXE vari\Photoshop CS3\Crack
C:\Documents and Settings\Utente\Desktop\Massimo\File EXE vari\Photoshop CS3\Crack\File Cache
C:\Documents and Settings\Utente\Desktop\Massimo\File EXE vari\Photoshop CS3\Crack\File Photoshop
C:\Documents and Settings\Utente\Desktop\Massimo\File EXE vari\Photoshop CS3\Crack\Istruzioni.txt
C:\Documents and Settings\Utente\Desktop\Massimo\File EXE vari\Photoshop CS3\Crack\Patch Lingua Italiana
C:\Documents and Settings\Utente\Desktop\Massimo\File EXE vari\Photoshop CS3\Crack\File Cache\cache.db
C:\Documents and Settings\Utente\Desktop\Massimo\File EXE vari\Photoshop CS3\Crack\File Photoshop\Photoshop.exe
C:\Documents and Settings\Utente\Desktop\Massimo\File EXE vari\Photoshop CS3\Crack\Patch Lingua Italiana\tw10428.dat
C:\Documents and Settings\Utente\Desktop\Massimo\SDMMC\Pocket_Hack_Master_v4.32.050_WM6_English_Cracked
C:\Documents and Settings\Utente\Desktop\Massimo\SDMMC\Garmin_Mobile_XT_5.00.20_symbian_s60_windows_mobile_mappa_solo_italia_2009_25dicembre\Keygen
C:\Documents and Settings\Utente\Desktop\Massimo\SDMMC\Garmin_Mobile_XT_5.00.20_symbian_s60_windows_mobile_mappa_solo_italia_2009_25dicembre\Keygen\IMEI converter.exe
C:\Documents and Settings\Utente\Desktop\Massimo\SDMMC\Garmin_Mobile_XT_5.00.20_symbian_s60_windows_mobile_mappa_solo_italia_2009_25dicembre\Keygen\keygen_13_0.exe
C:\Documents and Settings\Utente\Desktop\Massimo\SDMMC\Garmin_Mobile_XT_5.00.20_symbian_s60_windows_mobile_mappa_solo_italia_2009_25dicembre\Keygen\readme.txt
C:\Documents and Settings\Utente\Desktop\Massimo\SDMMC\Pocket_Hack_Master_v4.32.050_WM6_English_Cracked\!Serial.txt
C:\Documents and Settings\Utente\Desktop\Massimo\SDMMC\Pocket_Hack_Master_v4.32.050_WM6_English_Cracked\Pocket_Hack_Master.ico
C:\Documents and Settings\Utente\Desktop\Massimo\SDMMC\Pocket_Hack_Master_v4.32.050_WM6_English_Cracked\Pocket_Hack_Master_Setup.INI
C:\Documents and Settings\Utente\Desktop\Massimo\SDMMC\Pocket_Hack_Master_v4.32.050_WM6_English_Cracked\Pocket_Hack_Master_WM6_LXP.CAB
C:\Documents and Settings\Utente\Desktop\Massimo\SDMMC\Pocket_Hack_Master_v4.32.050_WM6_English_Cracked\SetupCE.exe
C:\Documents and Settings\Utente\Desktop\Massimo\UTILITY\Nuova cartella\safecracke_2mxfskkd.jar
C:\Documents and Settings\Utente\Documenti\eMule Downloads\Incoming\AVS Video Converter 6.2.3.314 MultiLanguage Incl. Crack SND by Controller Programmi ITA.rar
C:\Documents and Settings\Utente\Documenti\eMule Downloads\Incoming\Come crackare Adobe Photoshop CS3 - How to crack Adobe Photoshop CS3.txt
C:\Documents and Settings\Utente\Documenti\eMule Downloads\Incoming\Pocket Hack Master v4.32.050 Cracked.zip
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\IM\Runtime\EmoticonCenter\cracker.gif
C:\Documents and Settings\All Users\Dati applicazioni\IncrediMail\Data\Sound\tchaikovsky_the_nutcracker.imw


---------------- ! End of report ! ------------------





Torna in alto
 
shapiro
Inviato: Wednesday, April 08, 2009 7:34:25 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
puoi dirmi se l'antivirus funziona ? quali altri problemi riscontri?


scarica combofix da qui:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Se hai delle icone di collegamento a programmi sul desktop, crea una cartella apposita e copiale al suo interno

Doppio click su combofix.exe e segui le istruzioni passo a passo

Quando avrà finito creerà il log C:\combofix.txt salvalo e postalo come gli altri report.

Nota bene : durante la scansione verranno creati dei file sul desktop e scompariranno le icone, potrebbe succedere che qualche programma ti chiede cosa fare per la rimozione dei drivers, in questo caso accossenti, si tratta probabilmente di drivers infetti.

Il programma creerà la cartella C:\QooBox ed all'interno della stessa verrà posizionato un backup dei files rimossi ed un file di backup del registro di windows chiamato Hiv-backup.

NON TOCCARE MOUSE E TASTIERA durante la scansione.
Torna in alto
 
maximetto
Inviato: Wednesday, April 08, 2009 8:41:30 PM
Rank: AiutAmico

Iscritto dal : 4/7/2009
Posts: 35
Dall' icona risulta attivo, ma non so dirti.
C'è qualche prova da fare per avere una risposta certa?
per il resto i problemi principali sono che non mi va più lo scanner (problemi SERVER OCCUPATO e impossibile trovare sorgente TWAIN),tra l'altro questo problema ce l' ho anche su un altro pc che ho in casa e che nonostante abbia scaricato e installato i nuovi driver, continuano a non andare. In più un rallentamento generale, per aprire la cartella risorse cel computer ci mette 30 secondi quando va bene.
Torna in alto
 
shapiro
Inviato: Wednesday, April 08, 2009 9:03:08 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
maximetto ti ho consigliato la scansione con findkill perche' nel tuo post hai specificato che il tuo antivirus non funzionava

esegui queste operazioni

scarica Ccleaner

http://www.filehippo.com/download_ccleaner/

1) per il download dell'ultima versione clicca a destra in alto sotto la freccia verde
2) installalo
3) clicca su "avvia pulizia", ripeti il procedimento 2 volte

poi

scarica Atfcleaner

http://www.atribune.org/ccount/click.php?id=1

Avvia ATFCleaner.exe con un doppio click

1) seleziona la casella Select All
2) clicca sul pulsante Empty selected
3) aspetta l'avviso Done Cleaning



fai la scansione con combofix come ti ho consigliato nel post precedente, e vediamo se esce fuori qualcosa
Torna in alto
 
maximetto
Inviato: Wednesday, April 08, 2009 9:12:13 PM
Rank: AiutAmico

Iscritto dal : 4/7/2009
Posts: 35
questo è il log di combofix:



ComboFix 09-04-04.01 - Utente 2009-04-08 20.55.43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.2047.1521 [GMT 2:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090408-0] *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino
.
ADS - svchost.exe: deleted 88 bytes in 2 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\struct~.ini
c:\windows\system32\emYUV.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


((((((((((((((((((((((((( Files Creati Da 2009-03-08 al 2009-04-08 )))))))))))))))))))))))))))))))))))
.

2009-04-08 19:54 . 2009-04-08 19:54 <DIR> d--h----- c:\windows\system32\CanonIJ Uninstaller Information
2009-04-08 19:54 . 2009-04-08 19:54 <DIR> d--h----- c:\programmi\CanonBJ
2009-04-08 19:54 . 2006-04-13 09:23 1,134,592 --a------ c:\windows\system32\CNQC2411.DLL
2009-04-08 19:54 . 2006-06-01 12:18 155,648 --a------ c:\windows\system32\CNQL2411.DLL
2009-04-08 19:54 . 2006-02-17 07:44 106,496 --a------ c:\windows\system32\cnqo2411.dll
2009-04-08 19:54 . 2006-04-13 09:23 57,344 --a------ c:\windows\system32\CNQI2411.DLL
2009-04-08 19:20 . 2009-04-08 19:28 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\Uniblue
2009-04-08 18:15 . 2009-04-08 18:25 <DIR> d-------- c:\programmi\FindyKill
2009-04-08 13:14 . 2009-04-08 14:45 <DIR> d-------- c:\windows\BDOSCAN8
2009-04-07 20:57 . 2009-04-07 20:57 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\MailFrontier
2009-04-07 20:57 . 2004-04-27 04:40 11,264 --a------ c:\windows\system32\SpOrder.dll
2009-04-07 20:57 . 2009-04-07 21:00 4,212 ---h----- c:\windows\system32\zllictbl.dat
2009-04-07 20:55 . 2009-04-07 21:18 <DIR> d-------- c:\windows\Internet Logs
2009-04-07 19:41 . 2009-04-07 19:41 <DIR> d-------- C:\OnlineArmor
2009-04-07 17:40 . 2009-04-07 17:40 <DIR> d-------- c:\programmi\SystemRequirementsLab
2009-04-06 14:09 . 2009-04-06 14:13 <DIR> d-------- c:\programmi\Spybot - Search & Destroy
2009-04-06 14:09 . 2009-04-07 20:52 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-04-06 14:00 . 2009-04-06 14:00 <DIR> d-------- c:\programmi\CCleaner
2009-04-06 13:49 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys
2009-04-05 21:21 . 2009-04-05 21:21 61,440 --a------ c:\windows\system32\drivers\kwqzbvba.sys
2009-04-05 19:02 . 2009-04-07 21:23 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-04-05 19:02 . 2009-04-05 19:02 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\Malwarebytes
2009-04-05 19:02 . 2009-04-05 19:02 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-04-05 19:02 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-05 19:02 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-05 15:02 . 2009-04-05 15:02 <DIR> d-------- C:\stdtsa
2009-04-04 08:24 . 2009-04-04 08:26 <DIR> d-------- c:\documents and settings\Utente\.housecall6.6
2009-04-03 21:32 . 2009-04-03 21:34 <DIR> d-------- c:\programmi\Windows Live Safety Center
2009-04-01 19:28 . 2009-04-01 19:28 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Black Blob Studios
2009-04-01 19:27 . 2009-04-01 19:27 <DIR> d-------- c:\programmi\Games
2009-04-01 18:03 . 2009-04-01 18:03 <DIR> d-------- c:\programmi\MSECache
2009-03-28 19:13 . 2005-07-12 14:25 401,408 --a------ c:\windows\system32\pvmjpg30.dll
2009-03-28 19:13 . 2003-04-21 16:11 44,544 --a------ c:\windows\system32\msxml4a.dll
2009-03-28 19:11 . 2006-04-11 16:03 233,472 --------- c:\windows\system32\DiskIO.dll
2009-03-28 19:11 . 2006-04-11 16:03 184,320 --------- c:\windows\system32\RALMain.dll
2009-03-28 19:11 . 2004-01-02 13:28 126,976 --------- c:\windows\system32\AVIPrAx.dll
2009-03-28 19:11 . 2001-12-11 23:21 73,728 --------- c:\windows\system32\MMAviAx.dll
2009-03-28 19:11 . 2007-03-06 18:53 41,984 --a------ c:\windows\system32\cacheX.dll
2009-03-28 19:11 . 2005-12-12 16:57 32,768 --------- c:\windows\system32\MLPagAx.dll
2009-03-28 19:06 . 2004-02-24 13:04 41,219 --a------ c:\windows\RSETPATH.exe
2009-03-28 18:57 . 2006-12-12 12:16 22,528 --a------ c:\windows\system32\drivers\emAudio.sys
2009-03-28 18:19 . 2009-03-28 18:19 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\InstallShield
2009-03-27 19:42 . 2005-12-21 10:14 100,957 --a------ c:\windows\system32\drivers\emDevice.sys
2009-03-27 19:42 . 2006-11-06 14:31 81,920 --a------ c:\windows\system32\PCLECoInst.dll
2009-03-27 19:42 . 2008-04-13 21:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-03-27 19:42 . 2008-04-13 21:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2009-03-27 19:42 . 2005-12-21 10:14 45,056 --a------ c:\windows\system32\emVFW.dll
2009-03-27 19:42 . 2005-12-21 10:14 32,768 --a------ c:\windows\system32\emProp.ax
2009-03-27 19:42 . 2008-04-13 21:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-03-27 19:42 . 2008-04-13 21:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-03-27 19:42 . 2005-12-21 10:14 24,269 --a------ c:\windows\system32\drivers\emStream.sys
2009-03-27 19:42 . 2005-12-21 10:14 9,739 --a------ c:\windows\system32\emUSD.dll
2009-03-27 19:42 . 2005-12-21 10:14 5,245 --a------ c:\windows\system32\drivers\emFilter.sys
2009-03-27 19:42 . 2005-12-21 10:14 4,493 --a------ c:\windows\system32\drivers\emScan.sys
2009-03-27 10:03 . 2009-03-27 10:03 1,253,376 --a------ c:\windows\system32\NvPVEnc.ax
2009-03-27 10:03 . 2009-03-27 10:03 401,408 --a------ c:\windows\system32\nvcuvid.dll
2009-03-26 21:56 . 2009-03-26 21:56 <DIR> dr-h----- c:\documents and settings\Utente\Dati applicazioni\SecuROM
2009-03-26 20:21 . 2009-03-27 20:53 17 --a------ c:\windows\MovingPicture.ini
2009-03-26 20:09 . 2009-04-03 21:21 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\proDAD
2009-03-26 19:41 . 2005-09-24 00:18 171,520 --a------ c:\windows\system32\drivers\MarvinBus.sys
2009-03-26 19:39 . 2009-03-26 19:47 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Pinnacle Studio
2009-03-18 23:18 . 2009-03-18 23:18 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-18 23:18 . 2009-03-18 23:18 1,409 --a------ c:\windows\QTFont.for
2009-03-18 20:55 . 2009-03-18 20:55 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\AVS4YOU
2009-03-18 20:55 . 2009-03-18 20:55 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\AVS4YOU
2009-03-18 20:54 . 2009-01-28 20:49 1,700,352 --a------ c:\windows\system32\GdiPlus.dll
2009-03-18 20:54 . 2009-01-28 20:49 24,576 --a------ c:\windows\system32\msxml3a.dll
2009-03-16 20:07 . 2009-03-16 20:07 <DIR> d-------- C:\fsaua.data
2009-03-11 19:33 . 2009-04-08 16:57 <DIR> d-------- c:\programmi\Atlantis Quest Deluxe
2009-03-11 19:25 . 2009-03-11 19:25 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Playrix Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 17:28 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\DriverScanner
2009-04-07 16:34 --------- d-----w c:\programmi\Canon
2009-04-05 16:34 --------- d-----w c:\programmi\Sophos
2009-04-04 11:02 --------- d-----w c:\programmi\DivX
2009-04-03 19:25 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-04-03 19:25 --------- d-----w c:\programmi\CyberLink
2009-04-03 19:22 --------- d-----w c:\programmi\Pinnacle
2009-04-03 19:21 --------- d-----w c:\programmi\TuneUp Utilities 2009
2009-04-03 18:37 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-04-03 11:11 --------- d-----w c:\programmi\a-squared Free
2009-04-02 16:48 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\Canon
2009-04-02 09:19 --------- d-----w c:\programmi\eMule
2009-03-30 15:13 5,063,168 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2009-03-27 09:22 17,567,744 ----a-w c:\windows\RTHDCPL.EXE
2009-03-27 08:03 6,280,416 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2009-03-26 20:00 --------- d-----w c:\programmi\Unlocker
2009-03-26 17:47 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Pinnacle
2009-03-18 20:58 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\Ahead
2009-03-17 11:58 540,672 ----a-w c:\windows\RtlExUpd.dll
2009-03-10 12:32 2,168,320 ----a-w c:\windows\MicCal.exe
2009-03-08 10:18 --------- d-----w c:\programmi\FaxTalk Communicator
2009-03-02 09:14 57,344 ----a-w c:\windows\ALCMTR.EXE
2009-03-01 09:33 --------- d-----w c:\programmi\micla-multimedia
2009-03-01 09:33 --------- d-----w c:\documents and settings\Utente\Dati applicazioni\MiCla
2009-02-24 11:40 --------- d-----w c:\programmi\Espressioni
2009-02-23 12:01 37,592 ----a-w c:\documents and settings\Utente\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-02-21 20:13 --------- d-sh--w c:\documents and settings\All Users\Dati applicazioni\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-21 19:01 --------- d-----w c:\programmi\Microsoft ActiveSync
2009-02-14 07:47 --------- d-----w c:\programmi\Google
2009-01-21 13:54 1,206,816 ----a-w c:\windows\RtlUpd.exe
2006-01-02 15:01 53,248 ----a-w c:\programmi\mozilla firefox\components\GigagetComponent.dll
2008-12-20 17:05 67,688 ----a-w c:\programmi\mozilla firefox\components\jar50.dll
2008-12-20 17:05 54,368 ----a-w c:\programmi\mozilla firefox\components\jsd3250.dll
2008-12-20 17:05 34,944 ----a-w c:\programmi\mozilla firefox\components\myspell.dll
2008-12-20 17:05 46,712 ----a-w c:\programmi\mozilla firefox\components\spellchk.dll
2008-12-20 17:05 172,136 ----a-w c:\programmi\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ATnotes.exe"="c:\programmi\ATnotes\ATnotes.exe" [2005-01-05 1015808]
"IncrediMail"="c:\programmi\IncrediMail\bin\IncMail.exe" [2009-01-27 251264]
"TuneUp MemOptimizer"="c:\programmi\TuneUp Utilities 2009\MemOptimizer.exe" [2008-12-12 156416]
"H/PC Connection Agent"="c:\programmi\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Magic Cursor"="c:\programmi\Madentec Limited\MagicCursor 2000\MagicCursor2000.exe" [2001-12-17 753153]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"IntelliPoint"="c:\programmi\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2008-08-19 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NVIDIA nTune"="c:\programmi\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
"LaunchList"=c:\programmi\Pinnacle\Studio 11\LaunchList2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"AlcWzrd"=ALCWZRD.EXE
"Pinnacle WebUpdater"="c:\programmi\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"AliceRE_McciTrayApp"=c:\progra~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE
"USB2Check"=RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
"High Definition Audio Property Page Shortcut"=HDAShCut.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-14 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-14 20560]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [2008-04-15 8192]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-02-21 603904]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\system32\drivers\3xHybrid.sys [2007-04-20 827008]
S2 gupdate1c98d3e29b62924;Google Update Service (gupdate1c98d3e29b62924);c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-12 133104]
S3 cusbohcn;cusbohcn;\??\c:\docume~1\Utente\IMPOST~1\Temp\cusbohcn.sys --> c:\docume~1\Utente\IMPOST~1\Temp\cusbohcn.sys [?]
S3 MaplomL;MaplomL; [x]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\16.tmp --> c:\windows\system32\16.tmp [?]
S3 pctvnet;Pinnacle PCTV Ethernet Driver;c:\windows\system32\drivers\pctvnet.sys [2008-02-10 9340]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2008-11-10 17920]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [2008-11-10 61568]
S3 SKYNETU;B2C2 Broadband Receiver USB Adapter;c:\windows\system32\drivers\SkyNETU.sys [2007-03-26 525332]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b04e5db5-0c94-11de-9810-0013d4eea2f6}]
\shell\Setup\command - setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\programmi\File comuni\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2009-04-08 c:\windows\Tasks\Manutenzione in 1 clic.job
- c:\programmi\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 17:20]

2009-04-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-Pinnacle WebUpdater - c:\programmi\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe -s -f=UpdateVersion.xml


.
------- Scansione supplementare -------
.
uStart Page = hxxp://gw.aliceadsl.it/home
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: &Download All by Gigaget - c:\programmi\Giganology\Gigaget\getallurl.htm
IE: &Download by Gigaget - c:\programmi\Giganology\Gigaget\geturl.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\lx8rao3u.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/firefox/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\programmi\Mozilla Firefox\components\GigagetComponent.dll
FF - component: c:\programmi\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 20:59:34
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\16.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,3d,58,28,16,3a,
a6,52,b6,e2,63,26,f1,3f,c8,ff,68,1d,31,f4,88,af,c5,2f,4f,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,7b,64,9a,27,0e,
e4,bd,88,6a,9c,d6,61,af,45,84,18,7d,e6,b3,18,73,c3,d1,47,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,56,e1,f5,a2,ff,
81,8c,cd,ff,7c,85,e0,43,d4,0e,fe,3c,dc,83,35,69,c3,96,d9,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,9b,53,26,b5,bc,
5d,f7,03,86,8c,21,01,be,91,eb,e7,7f,d9,1f,1f,69,db,82,8f,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,b3,fa,0b,8b,ab,
3f,31,b2,f5,1d,4d,73,a8,13,5c,05,13,6d,0b,64,b1,7c,ce,84,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,70,3c,d3,04,a3,
c0,f0,52,df,20,58,62,78,6b,cf,c8,77,4a,c5,3a,4d,06,62,93,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,55,a5,bf,c6,fd,
4b,cf,a1,fb,a7,78,e6,12,2f,9a,ea,c3,9a,d3,d6,81,e8,75,5e,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,24,c1,4d,ec,08,
33,49,b8,01,3a,48,fc,e8,04,4a,f1,05,45,29,46,ad,23,e6,33,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,f9,4c,d2,03,cd,
1a,b6,a9,f6,0f,4e,58,98,5b,89,c9,bb,76,42,c3,c3,fc,97,6d,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,fe,62,d2,41,9b,
48,ef,80,3d,ce,ea,26,2d,45,aa,78,a1,1e,50,74,56,bb,67,71,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,6e,f1,c8,88,70,
08,f3,25,2a,b7,cc,b5,b9,7f,41,e7,a5,47,4b,5f,a1,cd,6b,88,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,67,a4,6f,59,d2,
b2,a8,7b,6c,43,2d,1e,aa,22,2f,9c,55,d9,d9,8d,d7,a2,96,b0,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="86F9063D8FD0CE93C168A53F8B00EB06AB6F183C40CC6A7ABB5226BA93B2C90DB6F76EC12888CE244F0B21BEC83DBEB6DDDE43AF616BAA5D1DA7069A89BB553900012BE11F1097AA93CC00D8F2076AD0EFD5DFB801CEEAE0BEC94D56B7C001CA498396AF5C5407AC9B9F0CCCEA600E973BEA4AE595AB2A2563158A6650CACEDCDC3E0E346953BE615DC894CD325B8E01FA0860383E4A2DFE2F394BB9A9F98240FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CBA7FD869164D6794FEBC9E127BECC74CB2AFA56067C16DD4D58411DE2A38B904106EC3450652ECDBC93AC2C5B0F3B1DF732CFADECD5875530879DC1BAE360E62A08D011CB22DDC1195A460F23288980433349653F3CC9394F7223D8C3C1B1E31ECCE515566E27618826DA569105C41D686A9EFF64E5EA022A5265AD880FEC8787DBE2C2626FE3715BF247E0A4890EC3AE54404F676E4BDBD6F02E11B4F0A2EF43A3D11B49EA16263E0AF582981D91EC42D8D52722947CF5A9D0483601DFBB3977401809B1C7C7D10DDC9260D82809A3F9DE3DD01C684FE1ED750F3AA04A50304DC90816B13D6D2DB1100DF73B6DFEE2BDBFB2EAAD42D36662CDFEB70C1EE88138A4A1CA59A0E713CB9B3FD8BAE696AB9EEDA4F6CFCE527C18BFD289BB851F551F6DD5FC26D90A95B7D1B7FF91E201F51C35DD0B60AE9C4F4CA4AE98A6EDABF0000505CABE9DF121760BFE9D4DC9D640CAB3046EEED04C7F525B7F40F0EAE9F926AFBA8C1929507005180BF2BE70DD5B859D5C7EEBE17AC70B78F91ED638212B2DB8BDD5790DB23DB1C0E0F7BDCAED2D967276F033398B2C3826C8D63619F593C5D8099B12DF14C2577ED64B901587DA6D04E60EB2A105E056BBE399C9EE6F93FDD30FD0ED52BA488797BD2CDBCF03E0A75C83A5F241DF77ABB4AE8BB5348BC803043311BA0EF9AE61CE2F1939A743FA09B6AA605456F0CA021A575555ECA30F90C35DA7AC2B959D6C0A6DB5C4C74703EE9D9517C55CCE925AEBD3CF4420824D509D8A944969853A1AA1CAEE9A3940469ED1269D3448E266D56D31D97A4302EF5A651CF831BB0404580EC0E771A8CF1DC17E0239221221A11F4787BB0CD83276FC81803B7F43718F2CD181F2E4B2AF506BAEA36302187DF59C49442A62EDAAC89B379FBD269F91B8F026E8E2FF6CB8D8890255D1B1D55D748E9E55DD0561D1F419317793CE3564A357015098E00E67DB935DA58B212B52710E8793D7FFBCA25C7F5E4BBCE7440EC315187C25570034BA5A9AAEBCCA064361929B5567379F427014D2D0ADA4B3F8B85BE91F17D72BDC3895188DEB10FB130FD7B5021644CC351056E8A2DA141ED74E6B857D0F7D6C574D874B9FC20C306068E0F559B7A17EE15A0"
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\a-squared Free\a2service.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\programmi\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\programmi\IncrediMail\bin\ImApp.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2009-04-08 21:07:16 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-04-08 19:07:13

Pre-Run: 84.359.921.664 byte disponibili
Post-Run: 84,243,087,360 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=7EL2EN /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=7EL2EN-BAK

340 --- E O F --- 2009-04-07 06:29:02
Torna in alto
 
shapiro
Inviato: Thursday, April 09, 2009 11:46:57 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
analizza questi file in rosso su http://www.virustotal.com/it/


c:\windows\system32\pvmjpg30.dll



c:\windows\RSETPATH.exe


c:\programmi\mozilla firefox\components\spellchk.dll

c:\docume~1\Utente\IMPOST~1\Temp\cusbohcn.sys

c:\windows\system32\16.tmp


disattiva il tuo antivirus

scarica http://downloads1.kaspersky-labs.com/devbuilds/AVPTool/


seleziona la partizione da scansionare e clicca su Scan per avviare la scansione
terminata la scansione, in caso di rilevazione di infezioni, clicca su Neutralize all
si apriranno dei popup dove potrai scegliere se cancellare o disinfettare l'oggetto: metti la spunta su Apply to all e clicca su Quarantine

per salvare il Report che verrà rilasciato, clicca sul tasto Reports - salvalo ed allegalo


spero di sbagliarmi , ma hai tracce del virus bagle
Torna in alto
 
maximetto
Inviato: Thursday, April 09, 2009 6:21:03 PM
Rank: AiutAmico

Iscritto dal : 4/7/2009
Posts: 35
ciao shapiro, grazie per il tempo che mi dedichi, volevo dirti che virustotal è stato 4 ore "fossilizzato" sul primo file, al che ho interrotto e ora faccio la scansione con Karpesky.
Spero di non aver fatto una s......
Ho allargato il controllo anche su due chiavette usb sulle quali in questi giorni avevo salvato alcune cose.
Torna in alto
 
bellabella80
Inviato: Friday, April 10, 2009 12:46:31 PM
Rank: Member

Iscritto dal : 4/3/2009
Posts: 20
Think Think Think Think CIAO SONO NUOVA E ANCHIO HO AVUTO UN PROBLEMA DI QUESTO L'UNCA COSA DA FARE SECONDO ME E SALVARTI I DOCUMENTI CHE TI INTERESSANO E FORMATTARE IL PC PERCHE L'ANTIVIRUS CHE AVEVI NON HA RIUSCITO A BLOCCARE UN VIRUS E QUINDI NON TI FA ACCEDERE NELLA MODALITA NORMALE TI CONSIGLIO FORMATTARELO SENZA PERDERE TEMPO OK CIAO
DA BELLABELLADrool Drool Drool Drool
Torna in alto
 
Utenti presenti in questo topic
Guest

3 pages: [1] 2 3

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Ho veramente bisogno di aiuto


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.