Benvenuto Ospite

Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Richiesta di aiuto (virus) - PC semi-bloccato

2 pages: [1] 2

Richiesta di aiuto (virus) - PC semi-bloccato

Opzioni

Topic Precedente · Topic Sucessivo

ceval

Inviato: Wednesday, April 22, 2009 9:39:45 AM

Rank: Member

Iscritto dal : 11/7/2008
Posts: 18

Buongiorno a tutti,
credo di avere un'infezione da : W32 virut CF secondo il mio antivirus.
Infatti il pc parte ma non carica assolutamente nessuna applicazione, neanche la barra di avvio.
Il tasto dx del mouse non attiva nessuna finestra.
Per avviare qualsiasi programma (e non tutti partono) devo usare il task manager attivandolo con ctrl+alt+del

Qualcuno per favore può darmi indicazioni su come risolvere il problema?
Grazie mille.

Sponsor

Inviato: Wednesday, April 22, 2009 9:39:45 AM

enigmista63

Inviato: Wednesday, April 22, 2009 1:43:21 PM

Rank: AiutAmico

Iscritto dal : 4/28/2007
Posts: 1,976

Ciao posta un log di HIJACKTHIS e indica quale antivirus rileva il virus e in che posizione.

ceval

Inviato: Wednesday, April 22, 2009 3:04:56 PM

Rank: Member

Iscritto dal : 11/7/2008
Posts: 18

Ciao,ecco il log
Antivirus è Symantec
Mi dice che trova w32 virut cf in C/windows/system32
Cosa ne pensi?
Grazie per la collaborazione

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45, on 2009-04-22
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Symantec AntiVirus\DefWatch.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\TEMP\AC9B.tmp
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Outlook Express\msimn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Ospite\Dati applicazioni\Microsoft\Windows\lsass.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\System32\reader_s.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\DOCUME~1\Ospite\IMPOST~1\Temp\q0walum.exe
C:\DOCUME~1\Ospite\IMPOST~1\Temp\q0walum.exe
C:\Documents and Settings\Ospite\reader_s.exe
C:\Programmi\WFlip\WinFlip.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\DOCUME~1\Ospite\IMPOST~1\Temp\1293829904.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\OpenOffice.org 2.2\program\soffice.exe
C:\Programmi\OpenOffice.org 2.2\program\soffice.BIN
C:\_backup\Incomplete\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Ospite\IMPOST~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [] C:\DOCUME~1\Ospite\IMPOST~1\Temp\q0walum.exe
O4 - HKCU\..\Run: [Windows Resurections] C:\DOCUME~1\Ospite\IMPOST~1\Temp\q0walum.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Ospite\reader_s.exe
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Ospite\IMPOST~1\Temp\2019967142.exe
O4 - HKLM\..\Policies\Explorer\Run: [Lsass Service] C:\Documents and Settings\Ospite\Dati applicazioni\Microsoft\Windows\lsass.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Ospite\reader_s.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WinFlip.lnk = C:\Programmi\WFlip\WinFlip.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.adecco.it
O15 - Trusted Zone: http://msn.careerbuilder.it
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-40b71ccaceb5f728.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC6AF621-4E05-4381-A5F0-53122D6C126A}: NameServer = 85.255.112.203
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.143,85.255.112.203
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.143,85.255.112.203
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.143,85.255.112.203
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Programmi\File comuni\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8887 bytes

r16

Inviato: Wednesday, April 22, 2009 5:14:21 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Ciao.
Sei fortemente infettato.
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Prova questo tooll:
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixVirut.com
Ti scrivo le indicazioni cosi come le ha scritte la SYmantec:
Scarica il file FixVirut.com scaricalo sul Desktop:
Fai doppio click sul file FixVirut.com
Fai clic sul pulsante Start, e fai la scansione.
Finita la scansione dovrebbe essere rilasciato un log , postalo qui.
Fai una scansione in Modalità Normale, se non riesce, prova in Modalità Provvisoria.
Posta un nuovo log di HijackThis.

ceval

Inviato: Thursday, April 23, 2009 10:46:00 AM

Rank: Member

Iscritto dal : 11/7/2008
Posts: 18

Ciao,
ho fatto quanto mi hai detto.
Premetto che il lancio di FixVirut è stato fatto in modalità provvisoria(lo richiede il programma)
Lascio i 2 log qui sotto.
Ad ogni modo, il pc sembra avere ancora lo stesso difetto e, l'antivirus che parte in scansione automatica
dà ancora la presenza di:

Backdoor.Trojan (nome file reader_s.exe)
W32.Virut.CF (nome file taskmgr.exe)

e poi si pianta senza continuare la scnsione.

Ecco i log:

Symantec W32.Virut Removal Tool 1.1.2
process: winlogon.exe, thread: 00000228 (terminated)
process: winlogon.exe, thread: 00000270 (terminated)

W32.Virut has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 46461
The number of deleted threat files: 0
The number of threat processes terminated: 0
The number of threat threads terminated: 2
The number of registry entries fixed: 0

The tool initiated a system reboot

LOG Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44, on 2009-04-23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec AntiVirus\DefWatch.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\reader_s.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Ospite\Dati applicazioni\Microsoft\Windows\lsass.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\System32\reader_s.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\DOCUME~1\Ospite\IMPOST~1\Temp\q0walum.exe
C:\DOCUME~1\Ospite\IMPOST~1\Temp\q0walum.exe
C:\Documents and Settings\Ospite\reader_s.exe
C:\Programmi\WFlip\WinFlip.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\DOCUME~1\Ospite\IMPOST~1\Temp\997290796.exe
C:\_backup\Incomplete\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Ospite\IMPOST~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [] C:\DOCUME~1\Ospite\IMPOST~1\Temp\q0walum.exe
O4 - HKCU\..\Run: [Windows Resurections] C:\DOCUME~1\Ospite\IMPOST~1\Temp\q0walum.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Ospite\reader_s.exe
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Ospite\IMPOST~1\Temp\997290796.exe
O4 - HKLM\..\Policies\Explorer\Run: [Lsass Service] C:\Documents and Settings\Ospite\Dati applicazioni\Microsoft\Windows\lsass.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Ospite\reader_s.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WinFlip.lnk = C:\Programmi\WFlip\WinFlip.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.adecco.it
O15 - Trusted Zone: http://msn.careerbuilder.it
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-40b71ccaceb5f728.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC6AF621-4E05-4381-A5F0-53122D6C126A}: NameServer = 85.255.112.203
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.143,85.255.112.203
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.143,85.255.112.203
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.143,85.255.112.203
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
O23 - Service: Servizio COM di masterizzazione CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Programmi\File comuni\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8851 bytes

Cosa ne pensi?

Sono in crisi totale.
Grazie per l'aiuto
Ciao

r16

Inviato: Thursday, April 23, 2009 12:24:38 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Non saltare nessun passaggio.
Assicurati di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) Metti la spunta su: Visualizza file e cartelle nascoste
2) Togli la spunta: nascondi file protetti di sistema (consigliato)

Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Se non sai "fixare"le voci,segui questa guida dettagliata: http://www.aiutaamici.com/software?ID=11175

Avvia in modalità provvisoria http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80122

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Ospite\IMPOST~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [] C:\DOCUME~1\Ospite\IMPOST~1\Temp\q0walum.exe
O4 - HKCU\..\Run: [Windows Resurections] C:\DOCUME~1\Ospite\IMPOST~1\Temp\q0walum.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Ospite\reader_s.exe
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Ospite\IMPOST~1\Temp\997290796.exe
O4 - HKLM\..\Policies\Explorer\Run: [Lsass Service] C:\Documents and Settings\Ospite\Dati applicazioni\Microsoft\Windows\lsass.ex
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Ospite\reader_s.exe (User 'SYSTEM')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O15 - Trusted Zone: http://www.adecco.it
O15 - Trusted Zone: http://msn.careerbuilder.it
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-40b71ccaceb5f728.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC6AF621-4E05-4381-A5F0-53122D6C126A}: NameServer = 85.255.112.203
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.143,85.255.112.203
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.143,85.255.112.203
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.143,85.255.112.203
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll

Trova e cancella i file in rosso:
C:\WINDOWS\System32\reader_s.exe
C:\Documents and Settings\Ospite\Dati applicazioni\Microsoft\Windows\lsass.exe
C:\Documents and Settings\Ospite\reader_s.exe

Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Riavvia il pc.
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO

Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.
Posta un nuovo log di HijackThis

ceval

Inviato: Thursday, April 23, 2009 6:16:18 PM

Rank: Member

Iscritto dal : 11/7/2008
Posts: 18

ciao,
scusa il ritardo, ma tieni presente che il collegamento ad internet è eterno
ci metto circa 30 minuti per arrivare a postare qui.
Ad ogni modo, volendo seguire le tue istruzioni ho subito un problema:
PUNTO 1
NON ho accesso a file e cartelle nascoste, nel senso che la voce Pannello controllo>Opzioni cartella NON C'E'
e quindi non posso spuntare niente.

Per disattivare il ripristino non ho problemi e neanche a fixare.

Ho provato a spuntare e fixare tutto quello che mi hai indicato
Poi ho cancellato i files in rosso (ad eccezione di C:\Document and setting\Ospite\Dati applicazioni\Microsoft\Windows\lsass.exe)
poichè non trovo il percorso (forse è dovuto al punto 1)

Pulito con cleaner
Svuotato tutto
Caricato Malware MA..... non mi parte il programma in nessun modo (neanche mod.provvisoria)
quindi non posso aggiornarlo nè usarlo!!!!
Ad ogni modo ho fatto nuovo log
Eccolo:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38, on 2009-04-23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\_backup\Incomplete\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WinFlip.lnk = C:\Programmi\WFlip\WinFlip.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
O23 - Service: Servizio COM di masterizzazione CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Programmi\File comuni\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe

--
End of file - 5422 bytes

Ad ogni modo il pc ha sempre gli stessi problemi

A proposito, poicè quando lo accendo devo solo usare Task Manager per lanciare i programmi , ho notato che
nei processi è sempre attivo : lsass.exe

Spero di averti dato quadro più preciso perchè non ci capisco + nulla.

Come è possibile che NON ho la possibilità di visualizzare le cartelle e files nascosti?

Quando svuoto la cartella temp mi dice che ci sono 12 files nascosti e mi invita alla loro visione come mi hai detto tu.
Ovviamente se non li setto non posso neanche cancellarli.

AIUTOOOOOOOOOOOOOOOOOOO

ciao

r16

Inviato: Thursday, April 23, 2009 6:25:52 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Ciao.
Hai ragione a urlare aiuto!.
Ti sei beccato il secondo virus (il primo è Conficker) più bastardo della rete.
In pratica attacca tutti gli eseguibili (.exe) che hai nel pc. E non permette di scaricarne altri.
Non puoi terminare il processo lsass.exe in quanto è legittimo, però lo stà usando il virus.
Se lo termini, avrai dei problemi di stabilità.
E' questa un'altra prerogativa di questo virus, per eliminarlo si devono eliminare anche file di sistema legittimi.

Scarica Windows Worms Doors Cleaner (se te lo lascia scaricare)
E' un utile tool per chiudere le seguenti porte e servizi in XP.
http://www.firewallleaktester.com/tools/wwdc.exe
Avvia WWDC, e se compaiono delle voci rosse, cliccaci sopra su tutte per correggerle e poi riavvia il PC.
Avvia nuovamente WWDC e le voci dovrebbero essere tutte verdi.

Proviamo a fare una scansione on-line:
http://www.bitdefender.co.uk/scan_uk/scan8/ie.html
Elimina tutto quello che trova.
Oppure questi:
http://housecall.trendmicro.com/it/

http://www.eset.com/threat-center/cac.php

Se, nella beneaugurata ipotesi che riesci a fare delle scansioni:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.

ceval

Inviato: Friday, April 24, 2009 10:51:39 AM

Rank: Member

Iscritto dal : 11/7/2008
Posts: 18

Ciao
ho effettuato le scansioni come da tue indicazioni.
e ho anche usato WWDC
correggendo quello che era in rosso.
Pare che le scansioni abbiano risolto qualcosa ma non ne sono sicuro
Malwarebytes NON parte assolutamente quindi non posso dare log.
Allego log di Hijach

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45, on 2009-04-24
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec AntiVirus\DefWatch.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\E.tmp
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\WFlip\WinFlip.exe
C:\WINDOWS\system32\wuauclt.exe
C:\_backup\Incomplete\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Ospite\reader_s.exe
O4 - HKUS\S-1-5-21-164099962-543020652-168415630-1005\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-164099962-543020652-168415630-1005\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe" (User '?')
O4 - HKUS\S-1-5-21-164099962-543020652-168415630-1005\..\Run: [reader_s] C:\Documents and Settings\Ospite\reader_s.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-164099962-543020652-168415630-1005 Startup: WinFlip.lnk = C:\Programmi\WFlip\WinFlip.exe (User '?')
O4 - Startup: WinFlip.lnk = C:\Programmi\WFlip\WinFlip.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -
O20 - Winlogon Notify: crypt - C:\WINDOWS\
O23 - Service: Servizio Gateway di livello applicazione (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
O23 - Service: Servizio COM di masterizzazione CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Programmi\File comuni\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Condivisione desktop remoto di NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe (file missing)
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Copia replicata del volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)

--
End of file - 8279 bytes

L'impressione che sono punto e a capo......
Cosa ne dici dell'impossibiltà di opzionare la visualizzazione delle cartelle files nascosti?

Grazie per il tuo tempo

Pensi che si possa fare qualcosa di costruttivo, vista la situazione?

Ciao

r16

Inviato: Friday, April 24, 2009 11:59:08 AM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Ciao.
La visualizzazione dei file e cartelle nascoste, non è un grosso problema.
I file infetti, anche se non li vediamo, si potrebbe eliminarli lo stesso.
Il problema è che non ti lascia scaricare i software per eliminarli.
Proviamo ancora a mano:
Avvia hijackthis,(in modalità normale) metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked:

O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Ospite\reader_s.exe
O4 - HKUS\S-1-5-21-164099962-543020652-168415630-1005\..\Run: [reader_s] C:\Documents and Settings\Ospite\reader_s.exe (User '?')

Segui il percorso, e elimina i file in rosso:
C:\WINDOWS\system32\E.tmp
C:\WINDOWS\System32\reader_s.exe
C:\Documents and Settings\Ospite\reader_s.exe

Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
*********************************************************************************
Prova a vedere se riesci a scaricare, e far partire questi software:
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.
Prova a farlo partire anche in Modalità Provvisoria.
Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
*********************************************************************************
Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto, se non riesci ad aggiornarlo prova a fare la scansione lo stesso) e fai la scansione .
Posta anche il log. (lo trovi sull'icona in alto, con raffigurato un block notes ,con una penna).
*********************************************************************************
Poi, Usa KASPERSKY VIRUS REMOVAL TOOL: clicca qui per il download :
http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/
Compatibilita: Windows XP

scarica la versione del tool più aggiornata rispetto alla data ed ora di pubblicazione

Installa KASPERSKY VIRUS REMOVAL TOOL:
verrà creata una apposta cartella sul Desktop
all’interno della cartella è presente la classica icona (una K) di Kaspersky
clicca sull’icona per lanciare il tool
imposta le aree che intendi scansionare (Startup Objects e Disk boot sector sono impostate di default)
al termine della scansione sarà possibile rimuovere e/o mettere in quarantena i file infetti rilevati
salva il log che verrà rilasciato
*********************************************************************************
Prima di arrenderci, le dobbiamo (se sei d'accordo) provare tutte.

ceval

Inviato: Friday, April 24, 2009 2:34:27 PM

Rank: Member

Iscritto dal : 11/7/2008
Posts: 18

Ciao
seguirò attentamente le tue istruzioni passo passo.
Oggi cercherò di scaricare i programmi indicati
Mi preparerò bene i tools di lavoro
Poichè non sempre sono in uff. non sempre riesco a stare dietro al PC
per cui appena pronto avvierò le procedure (penso Lunedì nella giornata)
Per ora UN GRAZIE INFINITO e , ovviamente sono d'accordo con te di provarle TUTTE
prima di arrendersi.

Ci sentiamo Lun prossimo con i log richiesti e le considerazioni del momento
Buon week end

ceval

Inviato: Friday, April 24, 2009 3:04:02 PM

Rank: Member

Iscritto dal : 11/7/2008
Posts: 18

Per ora, buone nuove
Sono riuscito a scaricare i 3 programmi che mi hai detto.
Ci ri-aggiorniamo a Lunedì così faccio le cose con calma.
Ciaoooooooo

r16

Inviato: Friday, April 24, 2009 10:26:51 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Ciao.
Mi sarebbe piaciuto sapere subito, se almeno 1 partiva.....
Se Virit non parte, prova cosi:
Esegui il file GOTGSOFT.bat nella cartella principale di ViriIt, solitamente questo file, si trova nella cartella VEXPLITE,e tale cartella, si trova in C:\VEXPLITE, e segui le indicazioni a video.
Sperem......

simo95

Inviato: Saturday, April 25, 2009 10:28:49 AM

Rank: AiutAmico

Iscritto dal : 12/4/2008
Posts: 2,008

r16 ha scritto:

Ciao.
Mi sarebbe piaciuto sapere subito, se almeno 1 partiva.....
Se Virit non parte, prova cosi:
Esegui il file GOTGSOFT.bat nella cartella principale di ViriIt, solitamente questo file, si trova nella cartella VEXPLITE,e tale cartella, si trova in C:\VEXPLITE, e segui le indicazioni a video.
Sperem......

te si veneto ancha ti??

ceval

Inviato: Monday, April 27, 2009 5:52:07 PM

Rank: Member

Iscritto dal : 11/7/2008
Posts: 18

CIAO
ho finalmente seguito le tue istruzioni:
1)Fixato le voci
2)Eliminato files
3)Pulito con CCleaner
4)Lanciato COMBOFIX
5)LAnciato VIRIT
6)Lanciato KASPERSKY

Ecco i logs: (per buona misura allego anche quello di Hijackthis) mentre quello di Kaspersky ho dovuto zipparlo
in quanto è un file da 25 Mega in origine.Se ti serve fammi sapere come mandarlo.

COMBOFIX
ComboFix 09-04-24.01 - Ospite 2009-04-27 15:28.4 - NTFSx86
Eseguito da: c:\documents and settings\Ospite\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gxvxcwxdqwhoppjwsftoiquwnkvxeewtjlkll.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcovmtdyxegvhbbaorgipyudjbqycatgif.dll
c:\windows\system32\lcqdmupd.dll
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
.
---- Esecuzione precedente -------
.
c:\windows\system32\bJkQsBeg.ini
c:\windows\system32\bJkQsBeg.ini2
c:\windows\system32\hyyxnebx.ini
c:\windows\system32\wvUoPfeD.dll
c:\windows\Tasks\hrlyohee.job

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_lcldmupd
-------\Legacy_PROTECT
-------\Service_lcldmupd
-------\Service_protect

((((((((((((((((((((((((( Files Creati Da 2009-05-27 al 2009-4-27 )))))))))))))))))))))))))))))))))))
.

2009-04-27 11:40 . 2009-04-27 11:40 244 ---ha-w C:\sqmnoopt01.sqm
2009-04-27 11:40 . 2009-04-27 11:40 232 ---ha-w C:\sqmdata01.sqm
2009-04-27 11:31 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-27 11:31 . 2009-03-06 14:19 286208 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-27 11:31 . 2009-02-09 11:22 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-27 11:31 . 2009-02-09 10:51 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-27 11:31 . 2009-02-09 10:51 734720 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-27 11:31 . 2009-02-09 10:51 683520 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-27 11:31 . 2009-02-09 10:51 736256 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-27 11:31 . 2009-02-09 10:51 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-27 11:31 . 2009-02-09 10:51 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-27 11:31 . 2009-03-27 06:48 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-27 11:31 . 2008-04-21 21:14 219136 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-24 12:28 . 2009-04-24 12:28 244 ---ha-w C:\sqmnoopt00.sqm
2009-04-24 12:28 . 2009-04-24 12:28 232 ---ha-w C:\sqmdata00.sqm
2009-04-24 07:38 . 2009-04-24 08:10 -------- d-----w c:\windows\BDOSCAN8
2009-04-24 07:28 . 2009-04-24 07:28 124 ----a-w c:\windows\system32\A.tmp
2009-04-23 16:25 . 2009-04-23 16:25 -------- d-----w c:\windows\system32\KB905474
2009-04-23 16:25 . 2009-03-10 20:26 1437568 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-04-23 16:25 . 2009-03-10 20:18 454016 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-04-23 16:25 . 2009-02-09 16:51 17140 ----a-w c:\windows\system32\KB905474\wga_eula.txt
2009-04-23 15:48 . 2009-04-23 15:48 61440 ----a-w c:\windows\system32\B.tmp
2009-04-23 15:48 . 2009-04-23 15:48 124 ----a-w c:\windows\system32\7.tmp
2009-04-23 14:16 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-23 14:16 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-23 14:13 . 2009-04-23 14:13 61440 ----a-w c:\windows\system32\8.tmp
2009-04-23 14:11 . 2009-04-23 14:12 124 ----a-w c:\windows\system32\4.tmp
2009-04-23 08:32 . 2009-04-23 08:32 44 ----a-w c:\windows\system32\2.tmp
2009-04-22 07:45 . 2009-04-22 07:45 80 ----a-w c:\windows\system32\40A.tmp
2009-04-21 07:28 . 2009-04-21 07:28 213120 ----a-w c:\windows\system32\dllcache\ndis.sys
2009-04-21 07:27 . 2009-04-21 07:27 0 ----a-w c:\windows\system32\6.tmp
2009-04-21 07:27 . 2009-04-21 07:27 80 ----a-w c:\windows\system32\3.tmp
2009-04-21 07:26 . 2009-04-24 08:04 41472 ----a-w C:\xhodf.exe
2009-04-15 15:43 . 2009-04-15 15:43 -------- d-----w c:\windows\system32\ffdshow
2009-04-15 15:43 . 2007-03-28 14:08 122880 ----a-w c:\windows\system32\stQTSource.ax
2009-04-15 15:43 . 2007-03-28 09:27 364544 ----a-w c:\windows\system32\RealMediaSplitter.ax
2009-04-15 15:43 . 2006-03-11 02:56 438272 ----a-w c:\windows\system32\Mpeg2DecFilter.ax
2009-04-15 15:43 . 2006-03-11 02:48 434176 ----a-w c:\windows\system32\MatroskaSplitter.ax
2009-04-15 15:43 . 2005-07-10 00:12 241664 ----a-w c:\windows\system32\CoreVorbis.ax
2009-04-15 15:43 . 2004-08-17 22:04 217088 ----a-w c:\windows\system32\CoreFLACDecoder.ax
2009-04-14 09:13 . 2009-04-14 09:13 -------- d-----w c:\documents and settings\Ospite\Dati applicazioni\Bluefive software
2009-04-02 08:21 . 2009-04-02 08:21 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-03-30 15:16 . 2009-03-30 15:16 424 ----a-w c:\windows\ODBC.INI
2009-03-30 15:16 . 2007-04-09 11:23 28040 ----a-w c:\windows\system32\mdimon.dll
2009-03-30 06:45 . 2009-03-30 06:45 92160 ----a-w c:\windows\system32\dllcache\lcqdmupd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 13:31 . 2008-11-10 15:40 -------- d-----w c:\programmi\WFlip
2009-04-27 13:31 . 2007-09-21 09:57 -------- d-----w c:\programmi\Symantec AntiVirus
2009-04-24 13:45 . 2007-09-06 11:53 -------- d-----w c:\documents and settings\Ospite\Dati applicazioni\OpenOffice.org2
2009-04-24 08:42 . 2009-04-24 08:21 -------- d-----w c:\programmi\EsetOnlineScanner
2009-04-24 08:04 . 2008-09-23 15:29 524800 ----a-w c:\windows\x2.64.exe
2009-04-24 08:04 . 2008-12-03 15:34 106496 ----a-w c:\windows\unvise32.exe
2009-04-24 08:02 . 2004-09-02 16:48 24576 ----a-w c:\windows\system32\msdtc.exe
2009-04-24 08:01 . 2004-09-02 16:28 37376 ----a-w c:\windows\system32\diskperf.exe
2009-04-24 07:59 . 2007-07-05 20:36 9730560 ----a-w c:\windows\RTLCPL.EXE
2009-04-24 07:59 . 2004-09-02 16:28 169984 ----a-w c:\windows\regedit.exe
2009-04-24 07:59 . 2004-09-02 16:51 169984 ----a-w c:\windows\pchealth\UploadLB\Binaries\uploadm.exe
2009-04-24 07:59 . 2004-09-02 16:51 54272 ----a-w c:\windows\pchealth\helpctr\binaries\notiflag.exe
2009-04-24 07:59 . 2004-09-02 16:51 36864 ----a-w c:\windows\pchealth\helpctr\binaries\hscupd.exe
2009-04-24 07:59 . 2004-09-02 16:51 190464 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
2009-04-24 07:59 . 2004-09-02 16:51 118272 ----a-w c:\windows\pchealth\helpctr\binaries\HelpHost.exe
2009-04-24 07:59 . 2004-09-02 16:51 787968 ----a-w c:\windows\pchealth\helpctr\binaries\helpctr.exe
2009-04-24 07:59 . 2004-09-02 16:51 762880 ----a-w c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2009-04-24 07:59 . 2001-09-18 10:00 57344 ----a-w c:\windows\omniuns.exe
2009-04-24 07:59 . 2004-09-02 18:43 89088 ----a-w c:\windows\notepad.exe
2009-04-24 07:59 . 2001-09-18 10:00 155648 ----a-w c:\windows\omcamcap.exe
2009-04-24 07:59 . 2008-09-23 15:29 88576 ----a-w c:\windows\MOTA113.exe
2009-04-24 07:58 . 2007-07-05 20:36 2178560 ----a-w c:\windows\MicCal.exe
2009-04-24 07:58 . 2008-11-05 15:39 745472 ----a-w c:\windows\iun6002.exe
2009-04-24 07:58 . 2008-01-11 11:48 325120 ----a-w c:\windows\IsUninst.exe
2009-04-24 07:58 . 2004-09-02 17:06 329216 ----a-w c:\windows\IsUn0410.exe
2009-04-24 07:54 . 2004-09-02 16:28 1054720 ----a-w c:\windows\explorer.exe
2009-04-24 07:54 . 2008-01-09 13:01 77824 ----a-w c:\windows\bdoscandel.exe
2009-04-24 07:53 . 2008-10-31 11:38 -------- d-----w c:\programmi\Virtual Dub
2009-04-24 07:53 . 2008-11-09 11:13 -------- d-----w c:\programmi\SUPERAntiSpyware
2009-04-24 07:52 . 2008-11-10 13:13 -------- d-----w c:\programmi\Spybot - Search & Destroy
2009-04-24 07:52 . 2008-11-10 15:52 -------- d-----w c:\programmi\RocketDock
2009-04-24 07:51 . 2008-10-28 08:17 -------- d-----w c:\programmi\RegCleaner
2009-04-24 07:51 . 2007-09-06 11:47 -------- d-----w c:\programmi\OpenOffice.org 2.2
2009-04-24 07:47 . 2008-07-10 15:01 -------- d-----w c:\programmi\Inkscape
2009-04-24 07:47 . 2008-10-20 13:47 -------- d-----w c:\programmi\Haihaisoft Universal Player
2009-04-24 07:47 . 2008-12-09 13:49 -------- d-----w c:\programmi\Flamingo 1.1
2009-04-24 07:46 . 2009-03-23 15:01 -------- d-----w c:\programmi\CDBurnerXP
2009-04-23 14:21 . 2008-10-21 09:32 43174 ----a-w C:\winzip.log
2009-04-23 14:16 . 2009-04-23 14:16 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-22 08:43 . 2009-04-22 08:43 -------- d-----w c:\programmi\Trend Micro
2009-04-22 07:41 . 2009-04-15 11:17 -------- d-----w c:\programmi\Video DVD Maker
2009-04-22 07:41 . 2008-09-01 15:45 -------- d-----w c:\programmi\Totally Free Burner
2009-04-22 07:40 . 2009-01-28 16:08 -------- d-----w c:\programmi\SnapShot
2009-04-22 07:37 . 2009-03-14 10:30 -------- d-----w c:\programmi\LimeWire
2009-04-22 07:31 . 2008-12-30 14:47 -------- d-----w c:\programmi\Free WMV to AVI MPEG Converter
2009-04-22 07:31 . 2009-01-16 09:11 -------- d-----w c:\programmi\Free Video Joiner
2009-04-22 07:31 . 2009-01-02 14:34 -------- d-----w c:\programmi\File Shredder
2009-04-21 15:28 . 2008-11-10 13:13 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-04-21 12:48 . 2008-01-11 11:48 65536 ----a-w c:\windows\system32\HPZipm12.exe
2009-04-21 12:48 . 2007-07-05 20:36 16249344 ----a-w c:\windows\RTHDCPL.EXE
2009-04-21 07:29 . 2004-05-05 09:49 491520 ----a-w c:\windows\system32\hphmon05.exe
2009-04-21 07:28 . 2004-09-02 16:28 213120 ----a-w c:\windows\system32\drivers\ndis.sys
2009-04-21 07:26 . 2008-11-03 16:41 2 ----a-w C:\-1405141347
2009-04-21 07:23 . 2009-02-23 12:03 -------- d-----w c:\documents and settings\Ospite\Dati applicazioni\uTorrent
2009-04-16 13:19 . 2009-04-16 13:10 135 ----a-w C:\VundoFix.txt
2009-04-15 15:43 . 2009-04-15 15:43 -------- d-----w c:\programmi\SourceTec
2009-04-15 08:36 . 2008-02-08 10:35 -------- d-----w c:\documents and settings\PF\Dati applicazioni\OpenOffice.org2
2009-04-10 10:47 . 2008-07-08 12:42 -------- d-----w c:\documents and settings\Ospite\Dati applicazioni\LimeWire
2009-04-08 07:16 . 2004-09-02 16:29 74432 ----a-w c:\windows\system32\perfc010.dat
2009-04-08 07:16 . 2004-09-02 16:29 447874 ----a-w c:\windows\system32\perfh010.dat
2009-04-03 12:50 . 2008-07-09 15:04 105112 ----a-w c:\documents and settings\Ospite\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-03-30 12:45 . 2008-11-10 14:42 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2009-03-27 08:42 . 2009-03-27 08:42 -------- d-----w c:\documents and settings\Ospite\Dati applicazioni\Haihaisoft
2009-03-27 08:42 . 2008-10-20 13:47 -------- d-----w c:\programmi\File comuni\Real
2009-03-26 16:31 . 2009-03-26 16:31 -------- d-----w c:\documents and settings\Ospite\Dati applicazioni\Canneverbe_Limited
2009-03-23 14:45 . 2009-03-05 08:31 -------- d-----w c:\documents and settings\Ospite\Dati applicazioni\Video DVD Maker FREE
2009-03-21 14:06 . 2009-03-21 14:06 1033728 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-19 17:00 . 2008-12-03 11:53 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\InstallShield
2009-03-19 17:00 . 2008-12-10 15:26 -------- d-----w c:\programmi\ASGvis
2009-03-19 17:00 . 2008-10-16 14:42 -------- d-----w c:\programmi\File comuni\InstallShield
2009-03-19 17:00 . 2008-10-07 12:44 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-03-19 08:44 . 2008-10-26 12:13 -------- d-----w c:\programmi\CCleaner
2009-03-19 08:41 . 2009-03-19 08:41 -------- d-----w c:\programmi\Yahoo!
2009-03-14 11:03 . 2008-10-31 11:56 -------- d-----w c:\programmi\MediaCoder
2009-03-06 14:19 . 2004-09-02 16:28 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-05 15:21 . 2007-09-05 15:41 135 ----a-w c:\documents and settings\Ospite\Impostazioni locali\Dati applicazioni\fusioncache.dat
2009-03-05 08:37 . 2009-03-05 08:33 1024000 ----a-w c:\windows\system32\ewmpegco.dll
2009-03-03 00:03 . 2004-09-02 16:29 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 00:03 . 2004-09-02 16:29 826368 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-02 14:18 . 2008-12-30 14:41 -------- d-----w c:\programmi\WMV to AVI MPEG DVD WMV Converter
2009-03-02 14:18 . 2009-01-22 08:21 -------- d-----w c:\programmi\Panda Security
2009-03-02 14:16 . 2005-10-26 20:02 -------- d-----w c:\programmi\File comuni\Adobe
2009-02-28 04:54 . 2004-09-02 16:50 636072 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-02-20 05:14 . 2004-09-02 16:28 161792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2009-02-13 11:18 . 2009-02-13 11:18 65024 ----a-w C:\ATTIVITA'.xls
2009-02-10 17:02 . 2008-10-16 07:30 2069760 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-09 14:04 . 2008-10-16 07:30 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 14:04 . 2004-09-02 16:29 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2008-10-16 07:30 2192768 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 11:23 . 2008-10-16 07:30 2027520 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 11:23 . 2004-08-19 15:34 2027520 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:22 . 2008-10-16 07:30 2148864 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 11:22 . 2004-09-02 16:28 2148864 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:22 . 2004-09-02 16:28 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2004-09-02 16:28 734720 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2004-09-02 16:28 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2004-09-02 16:28 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2004-09-02 16:28 736256 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2004-09-02 16:28 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:39 . 2004-09-02 16:28 35328 ----a-w c:\windows\system32\dllcache\sc.exe
2008-11-05 11:25 . 2008-11-05 11:25 32768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008110520081106\index.dat
2008-11-06 16:31 . 2008-11-06 17:08 32768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008110620081107\index.dat
.

------- Sigcheck -------

[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2009-04-21 07:28 213120 F822B76094D2F27EE01A4399A64EF934 c:\windows\system32\dllcache\ndis.sys
[-] 2009-04-21 07:28 213120 F822B76094D2F27EE01A4399A64EF934 c:\windows\system32\drivers\ndis.sys

[-] 2009-04-24 07:54 1054720 C16EF54E8FB7B8F36F55DA2C47DD3DDC c:\windows\explorer.exe
[-] 2009-04-24 07:59 1054720 C16EF54E8FB7B8F36F55DA2C47DD3DDC c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2009-04-24 08:03 76288 E8C03C8924683C265D4A4AD4B0D7F38B c:\windows\system32\spoolsv.exe

[-] 2009-04-24 08:01 45056 85EC07747CCAAC412064ED171E6AB965 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2009-04-24 08:03 45568 38CD1D18C040C61CC74F3E278BB08D55 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2009-04-21 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-27 125536]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2009-04-21 176128]
"HPHUPD05"="c:\programmi\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2009-04-21 49152]
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe" [2009-04-21 241664]
"HP Software Update"="c:\programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2009-04-21 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2009-04-21 491520]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-04-21 16249344]

c:\documents and settings\Ospite\Menu Avvio\Programmi\Esecuzione automatica\
WinFlip.lnk - c:\programmi\WFlip\WinFlip.exe [2008-11-10 483328]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=svfegu.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SUPERAntiSpyware"=c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SpybotSnD"="c:\programmi\Spybot - Search & Destroy\SpybotSD.exe"
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=

R0 ati3fexx;ati3fexx; [x]
R0 ati4pdxx;ati4pdxx; [x]
R1 8e63f5b;8e63f5b;c:\windows\System32\drivers\8e63f5b.sys [2008-11-05 0]
R1 ethcluoy;ethcluoy; [x]
R1 jpfa543;jpfa543; [x]
R1 oac7173;oac7173; [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
R3 SavRoam;SavRoam;c:\programmi\Symantec AntiVirus\SavRoam.exe [2006-11-27 119392]
S1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944]
S1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-27 101936]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - AFD
*Deregistered* - agp440
*Deregistered* - amdagp
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - Beep
*Deregistered* - Browser
*Deregistered* - ccEvtMgr
*Deregistered* - ccSetMgr
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - DefWatch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTP
*Deregistered* - i2omgmt
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NMSAccessU
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - Pml Driver HPZ12
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SASDIFSV
*Deregistered* - SASKUTIL
*Deregistered* - SAVRT
*Deregistered* - SAVRTPEL
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - sisagp
*Deregistered* - SPBBCSvc
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - Symantec AntiVirus
*Deregistered* - SymEvent
*Deregistered* - SYMTDI
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - viaagp
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WmiApSrv
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
Contenuto della cartella 'Scheduled Tasks'

2009-04-24 c:\windows\Tasks\HP Usg Daily.job
- c:\programmi\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 12:48]

2009-04-24 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-04-27 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-04-27 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-23 20:18]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKU-Default-Run-CTFMON.EXE - c:\windows\system32\CTFMON.EXE
HKU-Default-Run-reader_s - c:\documents and settings\Ospite\reader_s.exe
Notify-crypt - (no file)
SafeBoot-ati3fexx.sys

.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Ospite\Dati applicazioni\Mozilla\Firefox\Profiles\35jgkqz5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - plugin: c:\programmi\Haihaisoft Universal Player\Codec\Plugins\nppl3260.dll
FF - plugin: c:\programmi\Haihaisoft Universal Player\Codec\Plugins\npqtplugin.dll
FF - plugin: c:\programmi\Haihaisoft Universal Player\Codec\Plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 15:31
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3940)
c:\programmi\RocketDock\RocketDock.dll
c:\programmi\WFlip\WFHook.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Symantec Shared\ccSetMgr.exe
c:\programmi\File comuni\Symantec Shared\ccEvtMgr.exe
c:\programmi\Symantec AntiVirus\DefWatch.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\programmi\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\HPZipm12.exe
.
**************************************************************************
.
Ora fine scansione: 2009-04-27 15:34 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-04-27 13:34
ComboFix2.txt 2008-11-09 09:39

Pre-Run: 11,345,743,872 byte disponibili
Post-Run: 11,279,953,920 byte disponibili

434 --- E O F --- 2009-04-27 11:32

VIRIT
VirIT eXplorer Lite Log

27/04/2009 - 15:37:48

[SCANSIONE DEL REGISTRO]
{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} Infetto da Adware.Dealio.A
* * * RIMOSSO * * *

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Snapshots2\RegUBP1-Ospite.reg Infetto da Trojan.StartPage.L
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\WINDOWS\system32\lcqdmupd.dll.vir Infetto da Trojan.Win32.Vundo.FY
* * * RIMOSSO * * *
C:\System Volume Information\_restore{2AE42F14-1080-4262-A7D4-7480E8A114E8}\RP0\A0000025.dll Infetto da Trojan.Win32.Vundo.FY
* * * RIMOSSO * * *
C:\System Volume Information\_restore{2AE42F14-1080-4262-A7D4-7480E8A114E8}\RP0\A0000099.reg Infetto da Trojan.StartPage.L
* * * RIMOSSO * * *
C:\WINDOWS\system32\dllcache\lcqdmupd.dll Infetto da Trojan.Win32.Vundo.FY
* * * RIMOSSO * * *

Chiavi Registro infette: 1.
Files Infetti: 5.
Files Sospetti: 0.
Files Analizzati: 46022.
Files Totali: 46022.
Chiavi Registro rimosse: 1.
Virus Rimossi: 5.

HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20, on 2009-04-27
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Symantec AntiVirus\DefWatch.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec AntiVirus\Rtvscan.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\RocketDock\RocketDock.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\WFlip\WinFlip.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\_backup\Incomplete\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-21-164099962-543020652-168415630-1005\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-164099962-543020652-168415630-1005\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe" (User '?')
O4 - S-1-5-21-164099962-543020652-168415630-1005 Startup: is-Q6DDK.lnk = C:\Documents and Settings\Ospite\Desktop\Virus Removal Tool\is-Q6DDK\startup.exe (User '?')
O4 - S-1-5-21-164099962-543020652-168415630-1005 Startup: WinFlip.lnk = C:\Programmi\WFlip\WinFlip.exe (User '?')
O4 - Startup: is-Q6DDK.lnk = C:\Documents and Settings\Ospite\Desktop\Virus Removal Tool\is-Q6DDK\startup.exe
O4 - Startup: WinFlip.lnk = C:\Programmi\WFlip\WinFlip.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -
O20 - AppInit_DLLs: svfegu.dll
O20 - Winlogon Notify: crypt - C:\WINDOWS\
O23 - Service: Servizio Gateway di livello applicazione (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
O23 - Service: Servizio COM di masterizzazione CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Programmi\File comuni\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Condivisione desktop remoto di NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe (file missing)
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: Copia replicata del volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)

--
End of file - 8306 bytes

CONSIDERAZIONI:
A prima vista, senza entrare nel dettaglio tecnico che lascio a te, l'avvio di XP sembra normale, nel senso
che mi rimanda e apre la pag.iniziale come prima.
La velocità di collegamento è ora normale.
Però nn parte + Firefox (ma nn è un problema...stò usando ieXplorer)
Altre cose non mi sembrano strane.

Tu cosa ne pensi?
Ciao e grazie

ceval

Inviato: Monday, April 27, 2009 6:06:03 PM

Rank: Member

Iscritto dal : 11/7/2008
Posts: 18

Ah, dimenticavo di darti questa indicazione:

se provo a fare :Risorse del Computer/proprietà.....compare scritta : Impossibile trovare il file C:\windows\system32\rundll32.exe Verificare che il percorso......ecc ecc.

Cosa ne dici?

Ciao

r16

Inviato: Monday, April 27, 2009 10:28:28 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Scarica questo:Avenger, scompatta Avenger all'interno di una apposita cartella.
http://swandog46.geekstogo.com/avenger.zip

Avvia AVENGER
Clicca Ok
Inserisci queste righe (fai copia-incolla) nel riquadro bianco: (quelle in neretto)

Files to delete:
c:\windows\system32\A.tmp
c:\windows\system32\B.tmp
c:\windows\system32\7.tmp
c:\windows\system32\8.tmp
c:\windows\system32\4.tmp
c:\windows\system32\2.tmp
c:\windows\system32\6.tmp
c:\windows\system32\3.tmp
C:\xhodf.exe
c:\windows\system32\bJkQsBeg.ini
c:\windows\system32\bJkQsBeg.ini2
c:\windows\system32\hyyxnebx.ini
c:\windows\system32\wvUoPfeD.dll
c:\windows\Tasks\hrlyohee.job

Folders to delete:
c:\windows\BDOSCAN8

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Togli la spunta da Scan for Rootkit
Clicca su Execute e aspetta...
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger.
Fammi un'altra scansione con Combofix, e postami il log.
Fammi una scansione con Malwarebytes e posta il log.( se non parte, prova a disistallarlo e poi reistallarlo.)
Domanda: il Norton lo hai pagato ?

ceval

Inviato: Tuesday, April 28, 2009 5:12:10 PM

Rank: Member

Iscritto dal : 11/7/2008
Posts: 18

Ciao.
Fatto tutto.
Ecco i log:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "c:\windows\system32\A.tmp" deleted successfully.

Error: file "c:\windows\system32\B.tmp" not found!
Deletion of file "c:\windows\system32\B.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\windows\system32\7.tmp" deleted successfully.

Error: file "c:\windows\system32\8.tmp" not found!
Deletion of file "c:\windows\system32\8.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\windows\system32\4.tmp" deleted successfully.
File "c:\windows\system32\2.tmp" deleted successfully.
File "c:\windows\system32\6.tmp" deleted successfully.
File "c:\windows\system32\3.tmp" deleted successfully.
File "C:\xhodf.exe" deleted successfully.

Error: file "c:\windows\system32\bJkQsBeg.ini" not found!
Deletion of file "c:\windows\system32\bJkQsBeg.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\windows\system32\bJkQsBeg.ini2" not found!
Deletion of file "c:\windows\system32\bJkQsBeg.ini2" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\windows\system32\hyyxnebx.ini" not found!
Deletion of file "c:\windows\system32\hyyxnebx.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\windows\system32\wvUoPfeD.dll" not found!
Deletion of file "c:\windows\system32\wvUoPfeD.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\windows\Tasks\hrlyohee.job" not found!
Deletion of file "c:\windows\Tasks\hrlyohee.job" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "c:\windows\BDOSCAN8" deleted successfully.
Registry value "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

ComboFix 09-04-27.04 - Ospite 2009-04-28 16:36.5 - NTFSx86
Eseguito da: c:\documents and settings\Ospite\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\userinit.exe . . . è infetto!!

.
((((((((((((((((((((((((( Files Creati Da 2009-05-28 al 2009-4-28 )))))))))))))))))))))))))))))))))))
.

2009-04-27 13:53 . 2008-07-08 12:54 148496 ----a-w c:\windows\system32\drivers\91598794.sys
2009-04-27 13:48 . 2009-04-27 13:48 -------- d-----w c:\windows\system32\dllcache\BACKUP
2009-04-27 13:35 . 2009-04-27 13:37 41728 ----a-w c:\windows\system32\drivers\VIRAGTLT.SYS
2009-04-27 13:35 . 2009-04-28 14:20 -------- d-----w C:\VEXPLITE
2009-04-27 11:31 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-27 11:31 . 2009-03-06 14:19 286208 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-27 11:31 . 2009-02-09 11:22 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-27 11:31 . 2009-02-09 10:51 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-27 11:31 . 2009-02-09 10:51 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-27 11:31 . 2009-02-09 10:51 683520 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-27 11:31 . 2009-02-09 10:51 734720 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-27 11:31 . 2009-02-09 10:51 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-27 11:31 . 2009-02-09 10:51 736256 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-27 11:31 . 2008-04-21 21:14 219136 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-24 08:21 . 2009-04-24 08:42 -------- d-----w c:\programmi\EsetOnlineScanner
2009-04-23 16:25 . 2009-04-23 16:25 -------- d-----w c:\windows\system32\KB905474
2009-04-23 16:25 . 2009-03-10 20:26 1437568 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-04-23 16:25 . 2009-03-10 20:18 454016 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-04-23 14:16 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-23 14:16 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-23 14:16 . 2009-04-23 14:16 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-22 08:43 . 2009-04-22 08:43 -------- d-----w c:\programmi\Trend Micro
2009-04-21 07:28 . 2009-04-27 14:30 182656 ----a-w c:\windows\system32\dllcache\ndis.sys
2009-04-21 07:28 . 2009-04-27 14:30 182656 ----a-w c:\windows\system32\drivers\ndis.sys
2009-04-15 15:43 . 2009-04-15 15:43 -------- d-----w c:\windows\system32\ffdshow
2009-04-15 15:43 . 2009-04-15 15:43 -------- d-----w c:\programmi\SourceTec
2009-04-15 11:17 . 2009-04-22 07:41 -------- d-----w c:\programmi\Video DVD Maker
2009-04-14 09:13 . 2009-04-14 09:13 -------- d-----w c:\documents and settings\Ospite\Dati applicazioni\Bluefive software
2009-04-02 08:21 . 2009-04-02 08:21 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-03-30 15:16 . 2007-04-09 11:23 28040 ----a-w c:\windows\system32\mdimon.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 14:35 . 2007-09-21 09:57 -------- d-----w c:\programmi\Symantec AntiVirus
2009-04-28 14:11 . 2008-11-10 15:40 -------- d-----w c:\programmi\WFlip
2009-04-24 08:04 . 2008-09-23 15:29 524800 ----a-w c:\windows\x2.64.exe
2009-04-24 08:04 . 2008-12-03 15:34 106496 ----a-w c:\windows\unvise32.exe
2009-04-24 08:02 . 2004-09-02 16:48 24576 ----a-w c:\windows\system32\msdtc.exe
2009-04-24 08:01 . 2004-09-02 16:28 37376 ----a-w c:\windows\system32\diskperf.exe
2009-04-24 07:59 . 2007-07-05 20:36 9730560 ----a-w c:\windows\RTLCPL.EXE
2009-04-24 07:59 . 2004-09-02 16:28 169984 ----a-w c:\windows\regedit.exe
2009-04-24 07:59 . 2004-09-02 16:51 169984 ----a-w c:\windows\pchealth\UploadLB\Binaries\uploadm.exe
2009-04-24 07:59 . 2004-09-02 16:51 54272 ----a-w c:\windows\pchealth\helpctr\binaries\notiflag.exe
2009-04-24 07:59 . 2004-09-02 16:51 36864 ----a-w c:\windows\pchealth\helpctr\binaries\hscupd.exe
2009-04-24 07:59 . 2004-09-02 16:51 190464 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
2009-04-24 07:59 . 2004-09-02 16:51 118272 ----a-w c:\windows\pchealth\helpctr\binaries\HelpHost.exe
2009-04-24 07:59 . 2004-09-02 16:51 787968 ----a-w c:\windows\pchealth\helpctr\binaries\helpctr.exe
2009-04-24 07:59 . 2004-09-02 16:51 762880 ----a-w c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2009-04-24 07:59 . 2001-09-18 10:00 57344 ----a-w c:\windows\omniuns.exe
2009-04-24 07:59 . 2004-09-02 18:43 89088 ----a-w c:\windows\notepad.exe
2009-04-24 07:59 . 2001-09-18 10:00 155648 ----a-w c:\windows\omcamcap.exe
2009-04-24 07:59 . 2008-09-23 15:29 88576 ----a-w c:\windows\MOTA113.exe
2009-04-24 07:58 . 2007-07-05 20:36 2178560 ----a-w c:\windows\MicCal.exe
2009-04-24 07:58 . 2008-11-05 15:39 745472 ----a-w c:\windows\iun6002.exe
2009-04-24 07:58 . 2008-01-11 11:48 325120 ----a-w c:\windows\IsUninst.exe
2009-04-24 07:58 . 2004-09-02 17:06 329216 ----a-w c:\windows\IsUn0410.exe
2009-04-24 07:54 . 2004-09-02 16:28 1054720 ----a-w c:\windows\explorer.exe
2009-04-24 07:54 . 2008-01-09 13:01 77824 ----a-w c:\windows\bdoscandel.exe
2009-04-24 07:53 . 2008-10-31 11:38 -------- d-----w c:\programmi\Virtual Dub
2009-04-24 07:53 . 2008-11-09 11:13 -------- d-----w c:\programmi\SUPERAntiSpyware
2009-04-24 07:52 . 2008-11-10 13:13 -------- d-----w c:\programmi\Spybot - Search & Destroy
2009-04-24 07:52 . 2008-11-10 15:52 -------- d-----w c:\programmi\RocketDock
2009-04-24 07:51 . 2008-10-28 08:17 -------- d-----w c:\programmi\RegCleaner
2009-04-24 07:51 . 2007-09-06 11:47 -------- d-----w c:\programmi\OpenOffice.org 2.2
2009-04-24 07:47 . 2008-07-10 15:01 -------- d-----w c:\programmi\Inkscape
2009-04-24 07:47 . 2008-10-20 13:47 -------- d-----w c:\programmi\Haihaisoft Universal Player
2009-04-24 07:47 . 2008-12-09 13:49 -------- d-----w c:\programmi\Flamingo 1.1
2009-04-24 07:46 . 2009-03-23 15:01 -------- d-----w c:\programmi\CDBurnerXP
2009-04-22 07:45 . 2009-04-22 07:45 80 ----a-w c:\windows\system32\40A.tmp
2009-04-22 07:41 . 2008-09-01 15:45 -------- d-----w c:\programmi\Totally Free Burner
2009-04-22 07:40 . 2009-01-28 16:08 -------- d-----w c:\programmi\SnapShot
2009-04-22 07:37 . 2009-03-14 10:30 -------- d-----w c:\programmi\LimeWire
2009-04-22 07:31 . 2008-12-30 14:47 -------- d-----w c:\programmi\Free WMV to AVI MPEG Converter
2009-04-22 07:31 . 2009-01-16 09:11 -------- d-----w c:\programmi\Free Video Joiner
2009-04-22 07:31 . 2009-01-02 14:34 -------- d-----w c:\programmi\File Shredder
2009-04-21 12:48 . 2008-01-11 11:48 65536 ----a-w c:\windows\system32\HPZipm12.exe
2009-04-21 12:48 . 2007-07-05 20:36 16249344 ----a-w c:\windows\RTHDCPL.EXE
2009-04-21 07:29 . 2004-05-05 09:49 491520 ----a-w c:\windows\system32\hphmon05.exe
2009-04-08 07:16 . 2004-09-02 16:29 74432 ----a-w c:\windows\system32\perfc010.dat
2009-04-08 07:16 . 2004-09-02 16:29 447874 ----a-w c:\windows\system32\perfh010.dat
2009-04-03 12:50 . 2008-07-09 15:04 105112 ----a-w c:\documents and settings\Ospite\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-02 17:06 . 2008-11-04 16:42 1010 ----a-w c:\windows\system32\lcsm.dat
2009-03-27 08:42 . 2008-10-20 13:47 -------- d-----w c:\programmi\File comuni\Real
2009-03-19 17:00 . 2008-12-10 15:26 -------- d-----w c:\programmi\ASGvis
2009-03-19 17:00 . 2008-10-16 14:42 -------- d-----w c:\programmi\File comuni\InstallShield
2009-03-19 17:00 . 2008-10-07 12:44 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-03-19 08:44 . 2008-10-26 12:13 -------- d-----w c:\programmi\CCleaner
2009-03-19 08:41 . 2009-03-19 08:41 -------- d-----w c:\programmi\Yahoo!
2009-03-14 11:03 . 2008-10-31 11:56 -------- d-----w c:\programmi\MediaCoder
2009-03-06 14:19 . 2004-09-02 16:28 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-05 15:21 . 2007-09-05 15:41 135 ----a-w c:\documents and settings\Ospite\Impostazioni locali\Dati applicazioni\fusioncache.dat
2009-03-05 08:37 . 2009-03-05 08:33 1024000 ----a-w c:\windows\system32\ewmpegco.dll
2009-03-03 00:03 . 2004-09-02 16:29 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 14:18 . 2008-12-30 14:41 -------- d-----w c:\programmi\WMV to AVI MPEG DVD WMV Converter
2009-03-02 14:18 . 2009-01-22 08:21 -------- d-----w c:\programmi\Panda Security
2009-03-02 14:16 . 2005-10-26 20:02 -------- d-----w c:\programmi\File comuni\Adobe
2009-02-20 17:08 . 2004-09-02 16:28 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 14:04 . 2004-09-02 16:29 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2004-08-19 15:34 2027520 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:22 . 2004-09-02 16:28 2148864 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:22 . 2004-09-02 16:28 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2004-09-02 16:28 734720 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2004-09-02 16:28 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2004-09-02 16:28 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2004-09-02 16:28 736256 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2004-09-02 16:28 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:57 . 2004-09-02 16:28 56832 ----a-w c:\windows\system32\secur32.dll
.

------- Sigcheck -------

[-] 2009-04-24 07:54 1054720 C16EF54E8FB7B8F36F55DA2C47DD3DDC c:\windows\explorer.exe
[-] 2009-04-24 07:59 1054720 C16EF54E8FB7B8F36F55DA2C47DD3DDC c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2009-04-24 08:03 76288 E8C03C8924683C265D4A4AD4B0D7F38B c:\windows\system32\spoolsv.exe

[-] 2009-04-24 08:01 45056 85EC07747CCAAC412064ED171E6AB965 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2009-04-24 08:03 45568 38CD1D18C040C61CC74F3E278BB08D55 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-04-27_13.31.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-28 14:11 . 2009-04-28 14:11 16384 c:\windows\temp\Perflib_Perfdata_110.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2009-04-21 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-27 125536]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2009-04-21 176128]
"HPHUPD05"="c:\programmi\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2009-04-21 49152]
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe" [2009-04-21 241664]
"HP Software Update"="c:\programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2009-04-21 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2009-04-21 491520]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2009-04-28 258048]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-04-21 16249344]

c:\documents and settings\Ospite\Menu Avvio\Programmi\Esecuzione automatica\
is-Q6DDK.lnk - c:\documents and settings\Ospite\Desktop\Virus Removal Tool\is-Q6DDK\startup.exe [2009-4-27 65536]
WinFlip.lnk - c:\programmi\WFlip\WinFlip.exe [2008-11-10 483328]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3fexx.sys]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SUPERAntiSpyware"=c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SpybotSnD"="c:\programmi\Spybot - Search & Destroy\SpybotSD.exe"
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=

R0 ati3fexx;ati3fexx; [x]
R0 ati4pdxx;ati4pdxx; [x]
R1 8e63f5b;8e63f5b;c:\windows\System32\drivers\8e63f5b.sys [2008-11-05 0]
R1 ethcluoy;ethcluoy; [x]
R1 jpfa543;jpfa543; [x]
R1 oac7173;oac7173; [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
R3 SavRoam;SavRoam;c:\programmi\Symantec AntiVirus\SavRoam.exe [2006-11-27 119392]
S0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.SYS [2009-04-27 41728]
S1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944]
S1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024]
S2 viritsvclite;Virit eXplorer Lite;c:\vexplite\viritsvc.exe [2007-10-10 57344]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-27 101936]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - AFD
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - Beep
*Deregistered* - Browser
*Deregistered* - ccEvtMgr
*Deregistered* - ccSetMgr
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - DefWatch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTP
*Deregistered* - i2omgmt
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NMSAccessU
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - Pml Driver HPZ12
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SASDIFSV
*Deregistered* - SASKUTIL
*Deregistered* - SAVRT
*Deregistered* - SAVRTPEL
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SPBBCSvc
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - Symantec AntiVirus
*Deregistered* - SymEvent
*Deregistered* - SYMTDI
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VIRAGTLT
*Deregistered* - viritsvclite
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WmiApSrv
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
Contenuto della cartella 'Scheduled Tasks'

2009-04-27 c:\windows\Tasks\HP Usg Daily.job
- c:\programmi\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 12:48]

2009-04-24 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-04-28 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-04-28 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-23 20:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Ospite\Dati applicazioni\Mozilla\Firefox\Profiles\35jgkqz5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - plugin: c:\programmi\Haihaisoft Universal Player\Codec\Plugins\nppl3260.dll
FF - plugin: c:\programmi\Haihaisoft Universal Player\Codec\Plugins\npqtplugin.dll
FF - plugin: c:\programmi\Haihaisoft Universal Player\Codec\Plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 16:38
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2840)
c:\programmi\RocketDock\RocketDock.dll
c:\programmi\WFlip\WFHook.dll
.
Ora fine scansione: 2009-04-28 16:39
ComboFix-quarantined-files.txt 2009-04-28 14:39
ComboFix2.txt 2009-04-27 13:34
ComboFix3.txt 2008-11-09 09:39

Pre-Run: 11,055,038,464 byte disponibili
Post-Run: 11,055,353,856 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

362 --- E O F --- 2009-04-27 11:32

Malwarebytes' Anti-Malware 1.36
Versione del database: 1945
Windows 5.1.2600 Service Pack 3

2009-04-28 17:05:16
mbam-log-2009-04-28 (17-05-16).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 120692
Tempo trascorso: 11 minute(s), 10 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 1
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

Risposta: il Norton è ufficiale

Cosa mi dici?

Ciao Grazie

PS. Rispetto a prima, Malwarebytes è partito regolarmente senza ri-installarlo.

ceval

Inviato: Tuesday, April 28, 2009 5:19:57 PM

Rank: Member

Iscritto dal : 11/7/2008
Posts: 18

A proposito... continuo a trovare la risposta : Impossibile trovare il file c\windows\sustem32\rundll32.exe verificare che il percorso e il nome del file siano corretti e ritentare.

Cosa ne pensi? E' sempre lo stesso maledetto virus?
Ciao

Utenti presenti in questo topic

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Richiesta di aiuto (virus) - PC semi-bloccato

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS :

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded