Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » finestre explorer inaspettate

2 pages: 1 [2]
finestre explorer inaspettate Opzioni
Topic Precedente · Topic Sucessivo
enigmista63
Inviato: Friday, April 24, 2009 12:54:52 AM

Rank: AiutAmico

Iscritto dal : 4/28/2007
Posts: 1,976
La situazione e' strana mi spiego meglio,in genere gli aggiornamenti del sistema operativo vengono rilasciati da microsoft una volta al mese vanno scaricati ed installati,questo se la funzione e' impostata su AUTOMATICI oppure COME LA UTILIZZO IO su AVVISAMI ,MA NON SCARICARE E NON INSTALLARE,sono io che decido quali installare, adesso volevo sapere,il venditore ti ha rilasciato un cd con il sistema operativo originale e con il codice da inserire in caso di formattazione? Visto il problema ho l'impressione che il tuo pc aveva gli aggiornamenti disabilitati,nel frattempo se vuoi disabilitarli vai in PANNELLO DI CONTROLLO-CENTRO SICUREZZA PC-AGGIORNAMENTI AUTOMATICI E SPUNTA DISATTIVA AGGIORNAMENTI AUTOMATICI. Ricordati che un sistema operativo non originale ,ma sopratutto la mancanza degli aggiornamenti comporta un grosso problema alla sicurezza del tuo pc,e' vulnerabile alle infezioni.
Torna in alto
 
Londonmad
Inviato: Friday, April 24, 2009 1:28:51 AM
Rank: AiutAmico

Iscritto dal : 8/5/2007
Posts: 37
ok questo è risolto,aspetto il controllo dell'ultimo log postato dopo scansione con combofix.
grazie mille
Londonmad
Torna in alto
 
r16
Inviato: Friday, April 24, 2009 12:14:27 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Se non posti il log di Combofix (non quello di HijackThis) come faccio a sapere cosa ha eliminato.
Il log lo trovi in : C:\ComboFix.txt.
Torna in alto
 
Londonmad
Inviato: Friday, April 24, 2009 1:03:11 PM
Rank: AiutAmico

Iscritto dal : 8/5/2007
Posts: 37
salve posto nuovamente il log vi chiedo se cortesemente potreste dargli uno sguardo se ho ancora file infetti.grazie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.01.20, on 24/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\ATKGFNEX\GFNEXSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Programmi\ASUS\ATK Media\DMEDIA.EXE
C:\Programmi\ATKOSD2\ATKOSD2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Atheros\ACU.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\eMule AdunanzA\eMule_AdnzA.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RemoteControl8] C:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] C:\Programmi\CyberLink\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Programmi\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ATKOSD2] "C:\Programmi\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ACU] C:\Programmi\Atheros\ACU.exe -nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222190610717
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Servizio di configurazione Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Programmi\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 9123 bytes
Torna in alto
 
Londonmad
Inviato: Friday, April 24, 2009 1:12:46 PM
Rank: AiutAmico

Iscritto dal : 8/5/2007
Posts: 37
ecco il log di combofix..scusate nn avevo capito che dovevo postare questo...aspetto notizie grazie

ComboFix 09-04-23.A3 - Utente 24/04/2009 13.06.48.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1441 [GMT 2:00]
Eseguito da: c:\documents and settings\Utente\Documenti\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-05-24 al 2009-4-24 )))))))))))))))))))))))))))))))))))
.

2009-04-24 10:37 . 2009-04-24 10:37 -------- d-----w c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\WMTools Downloaded Files
2009-04-23 21:54 . 2009-04-23 21:54 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-04-23 21:53 . 2009-04-23 21:53 -------- d-----w c:\windows\system32\xircom
2009-04-23 21:53 . 2009-04-23 21:53 -------- d-----w c:\programmi\microsoft frontpage
2009-04-23 16:19 . 2009-04-23 16:19 -------- d-----w c:\programmi\Trend Micro
2009-04-23 11:28 . 2009-04-23 11:28 -------- d-----w c:\documents and settings\Utente\Dati applicazioni\Malwarebytes
2009-04-23 11:28 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-23 11:28 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-23 11:28 . 2009-04-23 11:28 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-23 11:28 . 2009-04-23 11:28 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-04-21 17:07 . 2005-08-16 10:23 38422 ----a-w c:\windows\system32\drivers\StMp3Rec.sys
2009-04-21 17:07 . 2009-04-21 17:07 -------- d-----w c:\programmi\Creative
2009-04-16 11:37 . 2009-01-09 19:19 1090181 ------w c:\windows\system32\dllcache\ntprint.cat
2009-04-16 11:37 . 2009-03-06 14:19 286208 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-16 11:37 . 2009-02-09 11:22 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-16 11:37 . 2009-02-09 10:51 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 11:37 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 11:37 . 2009-02-09 10:51 734720 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 11:37 . 2009-02-09 10:51 683520 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 11:37 . 2009-02-09 10:51 736256 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 11:37 . 2009-02-09 10:51 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 11:37 . 2009-02-09 10:51 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 11:37 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-16 11:32 . 2009-03-27 06:48 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 11:32 . 2008-04-21 21:14 219136 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-16 11:28 . 2009-04-16 11:28 -------- d-----w c:\programmi\eMule AdunanzA
2009-04-10 10:58 . 2009-04-14 09:43 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-10 10:58 . 2009-04-14 09:43 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-10 10:57 . 2009-04-24 10:23 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-04-10 10:57 . 2009-04-23 23:29 3164 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-10 10:57 . 2009-04-23 23:29 311264 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-10 10:57 . 2009-04-23 23:29 1824288 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-10 10:57 . 2009-04-23 23:29 17428 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-10 10:57 . 2009-04-10 10:57 -------- d-----w c:\programmi\Kaspersky Lab
2009-04-08 15:53 . 2009-04-08 16:10 -------- d-----w c:\windows\SxsCaPendDel
2009-04-08 13:43 . 2009-04-08 13:43 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-04-08 13:43 . 2009-04-10 10:54 -------- d-----w c:\programmi\SUPERAntiSpyware
2009-04-08 13:43 . 2009-04-08 13:43 -------- d-----w c:\documents and settings\Utente\Dati applicazioni\SUPERAntiSpyware.com
2009-04-08 13:38 . 2009-04-08 13:38 -------- d-----w c:\documents and settings\Utente\DoctorWeb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 11:06 . 2008-09-28 17:09 -------- d-----w c:\documents and settings\Utente\Dati applicazioni\Skype
2009-04-24 10:22 . 2008-09-28 17:22 -------- d-----w c:\documents and settings\Utente\Dati applicazioni\skypePM
2009-04-23 16:58 . 2009-02-22 13:40 -------- d-----w c:\programmi\uusee
2009-04-23 16:55 . 2001-08-31 12:00 85330 ----a-w c:\windows\system32\perfc010.dat
2009-04-23 16:55 . 2001-08-31 12:00 492504 ----a-w c:\windows\system32\perfh010.dat
2009-04-16 15:53 . 2008-09-23 17:24 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-04-14 09:43 . 2008-01-29 16:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-08 16:12 . 2008-09-23 16:36 66904 ----a-w c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-08 13:36 . 2008-09-25 15:11 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-03-25 10:56 . 2008-09-25 15:11 -------- d-----w c:\programmi\Spybot - Search & Destroy
2009-03-25 10:53 . 2008-09-25 14:08 -------- d-----w c:\programmi\CCleaner
2009-03-21 14:06 . 2009-03-21 14:06 1033728 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-06 14:19 . 2008-04-13 17:13 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2008-09-23 16:21 826368 ------w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:03 . 2008-03-01 12:58 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-28 04:54 . 2008-09-23 16:21 636072 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-27 09:27 . 2009-02-27 09:27 487979 ----a-w c:\windows\system32\imagens1234.exe
2009-02-26 22:15 . 2008-09-23 16:20 -------- d-----w c:\programmi\Microsoft Silverlight
2009-02-20 10:20 . 2008-09-23 16:21 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2008-09-23 16:21 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2008-09-23 16:21 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-10 17:02 . 2009-01-25 00:06 2069760 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-09 14:04 . 2009-01-25 00:06 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 14:04 . 2008-04-13 16:50 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2009-01-25 00:06 2192768 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 11:23 . 2009-01-25 00:06 2027520 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 11:23 . 2008-04-13 18:55 2027520 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:22 . 2009-01-25 00:06 2148864 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 11:22 . 2008-04-13 16:54 2148864 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:22 . 2008-04-13 17:14 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2008-04-13 17:13 734720 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2008-04-13 17:13 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2008-04-13 17:13 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2008-04-13 17:13 736256 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2001-08-31 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-04 09:50 . 2009-02-04 09:50 24576 ----a-w c:\windows\system32\nsis_loader.dll
2009-02-03 19:57 . 2009-02-03 19:57 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:57 . 2008-04-13 17:13 56832 ----a-w c:\windows\system32\secur32.dll
.

------- Sigcheck -------

[-] 2008-04-30 11:56 1571840 3316C8A8EC07A9D4C0BE10310809A9E5 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-04-23_21.54.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-24 10:22 . 2009-04-24 10:22 16384 c:\windows\Temp\Perflib_Perfdata_f08.dat
+ 2008-09-05 22:30 . 2009-02-06 10:35 1486208 c:\windows\system32\LegitCheckControl.DLL
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"="c:\programmi\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\programmi\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"ATKMEDIA"="c:\programmi\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ATKOSD2"="c:\programmi\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1024000]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ACU"="c:\programmi\Atheros\ACU.exe" [2007-10-23 376921]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-01-11 136600]
"WinampAgent"="c:\programmi\Winamp\winampa.exe" [2008-08-03 36352]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-04-10 201992]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-06-20 16872448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]

c:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\
CCC.lnk - c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-7-17 49152]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:*:Disabled:emule_tcp
"4672:UDP"= 4672:UDP:emule_udp

S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-04-14 33808]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
S3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2007-07-03 57344]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff093cc4-8af0-11dd-95a7-001fc6547c15}]
\Shell\Auto\command - Long.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Long.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-04-23 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-04-24 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-24 13:08
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(352)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(9808)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Ora fine scansione: 2009-04-24 13.10.19
ComboFix-quarantined-files.txt 2009-04-24 11:10
ComboFix2.txt 2009-04-23 21:57

Pre-Run: 65.755.312.128 byte disponibili
Post-Run: 65.804.464.128 byte disponibili

197 --- E O F --- 2009-04-23 17:11
Torna in alto
 
r16
Inviato: Friday, April 24, 2009 7:21:23 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
C'è ancora qualcosa da levare:

Apri un file di testo sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt


Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff093cc4-8af0-11dd-95a7-001fc6547c15}]

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
Torna in alto
 
RIOLOTERME
Inviato: Friday, April 24, 2009 8:35:43 PM
Rank: AiutAmico

Iscritto dal : 7/26/2007
Posts: 1,016
il mio r16
Torna in alto
 
Londonmad
Inviato: Friday, April 24, 2009 8:42:43 PM
Rank: AiutAmico

Iscritto dal : 8/5/2007
Posts: 37
ecco il log dopo l'operazione che mi hai detto di fare

ComboFix 09-04-23.A3 - Utente 24/04/2009 20.37.30.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1351 [GMT 2:00]
Eseguito da: c:\documents and settings\Utente\Documenti\ComboFix.exe
Opzioni usate :: c:\documents and settings\Utente\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-05-24 al 2009-4-24 )))))))))))))))))))))))))))))))))))
.

2009-04-24 18:26 . 2008-04-13 17:13 21504 ----a-w c:\windows\system32\hidserv.dll
2009-04-24 18:26 . 2008-04-13 17:13 21504 ----a-w c:\windows\system32\dllcache\hidserv.dll
2009-04-24 10:37 . 2009-04-24 10:37 -------- d-----w c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\WMTools Downloaded Files
2009-04-23 21:54 . 2009-04-23 21:54 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-04-23 21:53 . 2009-04-23 21:53 -------- d-----w c:\windows\system32\xircom
2009-04-23 21:53 . 2009-04-23 21:53 -------- d-----w c:\programmi\microsoft frontpage
2009-04-23 16:19 . 2009-04-23 16:19 -------- d-----w c:\programmi\Trend Micro
2009-04-23 11:28 . 2009-04-23 11:28 -------- d-----w c:\documents and settings\Utente\Dati applicazioni\Malwarebytes
2009-04-23 11:28 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-23 11:28 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-23 11:28 . 2009-04-23 11:28 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-23 11:28 . 2009-04-23 11:28 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-04-21 17:07 . 2005-08-16 10:23 38422 ----a-w c:\windows\system32\drivers\StMp3Rec.sys
2009-04-21 17:07 . 2009-04-21 17:07 -------- d-----w c:\programmi\Creative
2009-04-16 11:37 . 2009-01-09 19:19 1090181 ------w c:\windows\system32\dllcache\ntprint.cat
2009-04-16 11:37 . 2009-03-06 14:19 286208 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-16 11:37 . 2009-02-09 11:22 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-16 11:37 . 2009-02-09 10:51 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 11:37 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 11:37 . 2009-02-09 10:51 734720 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 11:37 . 2009-02-09 10:51 683520 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 11:37 . 2009-02-09 10:51 736256 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 11:37 . 2009-02-09 10:51 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 11:37 . 2009-02-09 10:51 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 11:37 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-16 11:32 . 2009-03-27 06:48 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 11:32 . 2008-04-21 21:14 219136 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-16 11:28 . 2009-04-16 11:28 -------- d-----w c:\programmi\eMule AdunanzA
2009-04-10 10:58 . 2009-04-14 09:43 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-10 10:58 . 2009-04-14 09:43 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-10 10:57 . 2009-04-24 10:23 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-04-10 10:57 . 2009-04-23 23:29 3164 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-10 10:57 . 2009-04-23 23:29 311264 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-10 10:57 . 2009-04-23 23:29 1824288 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-10 10:57 . 2009-04-23 23:29 17428 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-10 10:57 . 2009-04-10 10:57 -------- d-----w c:\programmi\Kaspersky Lab
2009-04-08 15:53 . 2009-04-08 16:10 -------- d-----w c:\windows\SxsCaPendDel
2009-04-08 13:43 . 2009-04-08 13:43 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-04-08 13:43 . 2009-04-10 10:54 -------- d-----w c:\programmi\SUPERAntiSpyware
2009-04-08 13:43 . 2009-04-08 13:43 -------- d-----w c:\documents and settings\Utente\Dati applicazioni\SUPERAntiSpyware.com
2009-04-08 13:38 . 2009-04-08 13:38 -------- d-----w c:\documents and settings\Utente\DoctorWeb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 11:06 . 2008-09-28 17:09 -------- d-----w c:\documents and settings\Utente\Dati applicazioni\Skype
2009-04-24 10:22 . 2008-09-28 17:22 -------- d-----w c:\documents and settings\Utente\Dati applicazioni\skypePM
2009-04-23 16:58 . 2009-02-22 13:40 -------- d-----w c:\programmi\uusee
2009-04-23 16:55 . 2001-08-31 12:00 85330 ----a-w c:\windows\system32\perfc010.dat
2009-04-23 16:55 . 2001-08-31 12:00 492504 ----a-w c:\windows\system32\perfh010.dat
2009-04-16 15:53 . 2008-09-23 17:24 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-04-14 09:43 . 2008-01-29 16:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-08 16:12 . 2008-09-23 16:36 66904 ----a-w c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-08 13:36 . 2008-09-25 15:11 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-03-25 10:56 . 2008-09-25 15:11 -------- d-----w c:\programmi\Spybot - Search & Destroy
2009-03-25 10:53 . 2008-09-25 14:08 -------- d-----w c:\programmi\CCleaner
2009-03-21 14:06 . 2009-03-21 14:06 1033728 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-06 14:19 . 2008-04-13 17:13 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2008-09-23 16:21 826368 ------w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:03 . 2008-03-01 12:58 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-28 04:54 . 2008-09-23 16:21 636072 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-27 09:27 . 2009-02-27 09:27 487979 ----a-w c:\windows\system32\imagens1234.exe
2009-02-26 22:15 . 2008-09-23 16:20 -------- d-----w c:\programmi\Microsoft Silverlight
2009-02-20 10:20 . 2008-09-23 16:21 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2008-09-23 16:21 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2008-09-23 16:21 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-10 17:02 . 2009-01-25 00:06 2069760 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-09 14:04 . 2009-01-25 00:06 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 14:04 . 2008-04-13 16:50 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2009-01-25 00:06 2192768 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 11:23 . 2009-01-25 00:06 2027520 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 11:23 . 2008-04-13 18:55 2027520 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:22 . 2009-01-25 00:06 2148864 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 11:22 . 2008-04-13 16:54 2148864 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:22 . 2008-04-13 17:14 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2008-04-13 17:13 734720 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2008-04-13 17:13 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2008-04-13 17:13 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2008-04-13 17:13 736256 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2001-08-31 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-04 09:50 . 2009-02-04 09:50 24576 ----a-w c:\windows\system32\nsis_loader.dll
2009-02-03 19:57 . 2009-02-03 19:57 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:57 . 2008-04-13 17:13 56832 ----a-w c:\windows\system32\secur32.dll
.

------- Sigcheck -------

[-] 2008-04-30 11:56 1571840 3316C8A8EC07A9D4C0BE10310809A9E5 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-04-23_21.54.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-24 10:22 . 2009-04-24 10:22 16384 c:\windows\Temp\Perflib_Perfdata_f08.dat
+ 2008-09-05 22:30 . 2009-02-06 10:35 1486208 c:\windows\system32\LegitCheckControl.DLL
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"="c:\programmi\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\programmi\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"ATKMEDIA"="c:\programmi\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ATKOSD2"="c:\programmi\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1024000]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ACU"="c:\programmi\Atheros\ACU.exe" [2007-10-23 376921]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-01-11 136600]
"WinampAgent"="c:\programmi\Winamp\winampa.exe" [2008-08-03 36352]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-04-10 201992]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-06-20 16872448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]

c:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\
CCC.lnk - c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-7-17 49152]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:*:Disabled:emule_tcp
"4672:UDP"= 4672:UDP:emule_udp

S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-04-14 33808]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
S3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2007-07-03 57344]


--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - HIDSERV

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff093cc4-8af0-11dd-95a7-001fc6547c15}]
\Shell\Auto\command - Long.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Long.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-04-24 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-04-24 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-24 20:39
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(352)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(25612)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Ora fine scansione: 2009-04-24 20.41.12
ComboFix-quarantined-files.txt 2009-04-24 18:41
ComboFix2.txt 2009-04-24 11:10
ComboFix3.txt 2009-04-23 21:57

Pre-Run: 65.713.381.376 byte disponibili
Post-Run: 65.767.960.576 byte disponibili

204 --- E O F --- 2009-04-23 17:11
Torna in alto
 
r16
Inviato: Friday, April 24, 2009 8:59:48 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Mi dispiace, bisogna ripeterla:
Apri un file di testo sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt


Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff093cc4-8af0-11dd-95a7-001fc6547c15}]

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
*********************************************************************************
Poi:
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected
Riferisci se riscontri problemi.
Torna in alto
 
cbbusto
Inviato: Friday, April 24, 2009 10:21:39 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Scusa londonmad se mi inserisco,

richiesta per r16: appena hai un po di tempo ti sarei grato se potresti dare una controllata al log di miciotta
postato nel suo topic "avvio lento di xp" avendolo consigliato io.
Ti ringrazio anticipatamente, ciao
Torna in alto
 
Londonmad
Inviato: Saturday, April 25, 2009 12:34:31 PM
Rank: AiutAmico

Iscritto dal : 8/5/2007
Posts: 37
ok operazione effettuata. l'unico problema che nella cartella temp mi dice che due file nominati dfcf3f nn li riesce ad eliminare, per il resto ho eliminato i file nella cartella prefertch, ho eliminato gli ads con hijack.
che faccio ti mando il log con hijack o con combofix.
grazie ancora
Torna in alto
 
r16
Inviato: Saturday, April 25, 2009 3:50:04 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Mi interessa il log di Combofix. (Se hai eseguito le istruzioni del post sopra)
Il pc funziona bene?
Torna in alto
 
Londonmad
Inviato: Sunday, April 26, 2009 1:55:18 PM
Rank: AiutAmico

Iscritto dal : 8/5/2007
Posts: 37
ciao r16 ecco il mio ultimo report di combofix...cmq il pc sembra vadi bene
grazie ancora per l'aiuto.

ComboFix 09-04-23.A3 - Utente 25/04/2009 12.10.23.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1423 [GMT 2:00]
Eseguito da: c:\documents and settings\Utente\Documenti\ComboFix.exe
Opzioni usate :: c:\documents and settings\Utente\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-05-25 al 2009-4-25 )))))))))))))))))))))))))))))))))))
.

2009-04-24 18:26 . 2008-04-13 17:13 21504 ----a-w c:\windows\system32\hidserv.dll
2009-04-24 18:26 . 2008-04-13 17:13 21504 ----a-w c:\windows\system32\dllcache\hidserv.dll
2009-04-24 10:37 . 2009-04-24 10:37 -------- d-----w c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\WMTools Downloaded Files
2009-04-23 21:54 . 2009-04-23 21:54 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-04-23 21:53 . 2009-04-23 21:53 -------- d-----w c:\windows\system32\xircom
2009-04-23 21:53 . 2009-04-23 21:53 -------- d-----w c:\programmi\microsoft frontpage
2009-04-23 16:19 . 2009-04-23 16:19 -------- d-----w c:\programmi\Trend Micro
2009-04-23 11:28 . 2009-04-23 11:28 -------- d-----w c:\documents and settings\Utente\Dati applicazioni\Malwarebytes
2009-04-23 11:28 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-23 11:28 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-23 11:28 . 2009-04-23 11:28 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-23 11:28 . 2009-04-23 11:28 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-04-21 17:07 . 2005-08-16 10:23 38422 ----a-w c:\windows\system32\drivers\StMp3Rec.sys
2009-04-21 17:07 . 2009-04-21 17:07 -------- d-----w c:\programmi\Creative
2009-04-16 11:37 . 2009-01-09 19:19 1090181 ------w c:\windows\system32\dllcache\ntprint.cat
2009-04-16 11:37 . 2009-03-06 14:19 286208 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-16 11:37 . 2009-02-09 11:22 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-16 11:37 . 2009-02-09 10:51 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 11:37 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 11:37 . 2009-02-09 10:51 734720 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 11:37 . 2009-02-09 10:51 683520 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 11:37 . 2009-02-09 10:51 736256 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 11:37 . 2009-02-09 10:51 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 11:37 . 2009-02-09 10:51 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 11:37 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-16 11:32 . 2009-03-27 06:48 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 11:32 . 2008-04-21 21:14 219136 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-16 11:28 . 2009-04-16 11:28 -------- d-----w c:\programmi\eMule AdunanzA
2009-04-10 10:58 . 2009-04-14 09:43 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-10 10:58 . 2009-04-14 09:43 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-10 10:57 . 2009-04-25 09:52 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-04-10 10:57 . 2009-04-24 22:26 3164 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-10 10:57 . 2009-04-24 22:26 311264 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-10 10:57 . 2009-04-24 22:26 1824288 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-10 10:57 . 2009-04-24 22:26 17428 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-10 10:57 . 2009-04-10 10:57 -------- d-----w c:\programmi\Kaspersky Lab
2009-04-08 15:53 . 2009-04-08 16:10 -------- d-----w c:\windows\SxsCaPendDel
2009-04-08 13:43 . 2009-04-08 13:43 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-04-08 13:43 . 2009-04-10 10:54 -------- d-----w c:\programmi\SUPERAntiSpyware
2009-04-08 13:43 . 2009-04-08 13:43 -------- d-----w c:\documents and settings\Utente\Dati applicazioni\SUPERAntiSpyware.com
2009-04-08 13:38 . 2009-04-08 13:38 -------- d-----w c:\documents and settings\Utente\DoctorWeb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 09:52 . 2008-09-28 17:22 -------- d-----w c:\documents and settings\Utente\Dati applicazioni\skypePM
2009-04-25 09:52 . 2008-09-28 17:09 -------- d-----w c:\documents and settings\Utente\Dati applicazioni\Skype
2009-04-23 16:58 . 2009-02-22 13:40 -------- d-----w c:\programmi\uusee
2009-04-23 16:55 . 2001-08-31 12:00 85330 ----a-w c:\windows\system32\perfc010.dat
2009-04-23 16:55 . 2001-08-31 12:00 492504 ----a-w c:\windows\system32\perfh010.dat
2009-04-16 15:53 . 2008-09-23 17:24 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-04-14 09:43 . 2008-01-29 16:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-08 16:12 . 2008-09-23 16:36 66904 ----a-w c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-08 13:36 . 2008-09-25 15:11 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-03-25 10:56 . 2008-09-25 15:11 -------- d-----w c:\programmi\Spybot - Search & Destroy
2009-03-25 10:53 . 2008-09-25 14:08 -------- d-----w c:\programmi\CCleaner
2009-03-21 14:06 . 2009-03-21 14:06 1033728 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-06 14:19 . 2008-04-13 17:13 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2008-09-23 16:21 826368 ------w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:03 . 2008-03-01 12:58 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-28 04:54 . 2008-09-23 16:21 636072 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-27 09:27 . 2009-02-27 09:27 487979 ----a-w c:\windows\system32\imagens1234.exe
2009-02-26 22:15 . 2008-09-23 16:20 -------- d-----w c:\programmi\Microsoft Silverlight
2009-02-20 10:20 . 2008-09-23 16:21 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2008-09-23 16:21 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2008-09-23 16:21 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-10 17:02 . 2009-01-25 00:06 2069760 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-09 14:04 . 2009-01-25 00:06 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 14:04 . 2008-04-13 16:50 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2009-01-25 00:06 2192768 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 11:23 . 2009-01-25 00:06 2027520 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 11:23 . 2008-04-13 18:55 2027520 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:22 . 2009-01-25 00:06 2148864 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 11:22 . 2008-04-13 16:54 2148864 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:22 . 2008-04-13 17:14 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2008-04-13 17:13 734720 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2008-04-13 17:13 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2008-04-13 17:13 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2008-04-13 17:13 736256 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2001-08-31 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-04 09:50 . 2009-02-04 09:50 24576 ----a-w c:\windows\system32\nsis_loader.dll
2009-02-03 19:57 . 2009-02-03 19:57 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:57 . 2008-04-13 17:13 56832 ----a-w c:\windows\system32\secur32.dll
.

------- Sigcheck -------

[-] 2008-04-30 11:56 1571840 3316C8A8EC07A9D4C0BE10310809A9E5 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-04-23_21.54.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-25 09:52 . 2009-04-25 09:52 16384 c:\windows\Temp\Perflib_Perfdata_4d4.dat
+ 2008-09-05 22:30 . 2009-02-06 10:35 1486208 c:\windows\system32\LegitCheckControl.DLL
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2009-01-11 09:03 34816 ----a-w c:\programmi\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2009-01-11 09:03 73728 ----a-w c:\programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"="c:\programmi\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\programmi\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"ATKMEDIA"="c:\programmi\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ATKOSD2"="c:\programmi\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1024000]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ACU"="c:\programmi\Atheros\ACU.exe" [2007-10-23 376921]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-01-11 136600]
"WinampAgent"="c:\programmi\Winamp\winampa.exe" [2008-08-03 36352]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-04-10 201992]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-06-20 16872448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]

c:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\
CCC.lnk - c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-7-17 49152]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"= "c:\programmi\Microsoft Office\Office12\GrooveShellExtensions.dll" [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"= {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - c:\windows\system32\webcheck.dll [2009-02-20 233472]
"WPDShServiceObj"= {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll [2007-01-19 133632]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:*:Disabled:emule_tcp
"4672:UDP"= 4672:UDP:emule_udp

S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-04-14 33808]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
S3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2007-07-03 57344]

.
Contenuto della cartella 'Scheduled Tasks'

2009-04-24 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-04-25 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\Messenger\msmsgs.exe
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FILECO~1\System\OLEDB~1\MSDAIPP.DLL
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FILECO~1\System\OLEDB~1\MSDAIPP.DLL
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FILECO~1\System\OLEDB~1\MSDAIPP.DLL
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FILECO~1\System\OLEDB~1\MSDAIPP.DLL
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FILECO~1\System\OLEDB~1\MSDAIPP.DLL
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FILECO~1\System\OLEDB~1\MSDAIPP.DLL
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FILECO~1\System\OLEDB~1\MSDAIPP.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\FILECO~1\Skype\SKYPE4~1.DLL
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-25 12:12
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(328)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(13708)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Ora fine scansione: 2009-04-25 12.14.01
ComboFix-quarantined-files.txt 2009-04-25 10:13
ComboFix2.txt 2009-04-24 18:41
ComboFix3.txt 2009-04-24 11:10
ComboFix4.txt 2009-04-23 21:57

Pre-Run: 65.706.024.960 byte disponibili
Post-Run: 65.731.895.296 byte disponibili

222 --- E O F --- 2009-04-23 17:11
Torna in alto
 
r16
Inviato: Sunday, April 26, 2009 3:26:25 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ok, adesso sei a posto.
Disinstalla combofix in questo modo:
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di combofix (qoobox)
Ciao.
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: 1 [2]

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » finestre explorer inaspettate


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.