Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Non mi si aggiorna più niente

Non mi si aggiorna più niente Opzioni
Topic Precedente · Topic Sucessivo
jozzz
Inviato: Friday, March 05, 2010 5:09:55 PM
Rank: Member

Iscritto dal : 3/5/2010
Posts: 14
Ciao a tutti sono nuovo ed ho un problema che non riesco a risolvere.
da un paio di giorni non riesco ad aggiornare niente antivirus windows, non mi permette di entrare nei siti degli antivirus ma niente non riesco ad aprirli. per vie traverse ho scaqricato più antispy malwere ho tolto un pò di spazzatura ma il problema reste.
Qualcuno può darmi una mano?
metto il log di hjackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.59.47, on 05/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Programmi\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\ClearApps\Network Inventory Advisor\piaservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&s=0&o=xph&d=0309&m=doa150
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - (no file)
O1 - Hosts: 85.13.206.114 haksjdi262fsf.com
O1 - Hosts: 85.13.206.114 uuu20091124.info
O1 - Hosts: 85.13.206.114 u07012010u.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: Justin.tv Publisher - http://it.justin.tv/plugins/justintv_publisher.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4819DFDF-ABC4-488C-A323-919848C51175} (Conviva LivePass) - http://portal3.rinera.com/download/ConvivaStreamingPlugin-1.7.0.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238722706296
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate1c9b33ed0c5fbb0) (gupdate1c9b33ed0c5fbb0) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Network Inventory Advisor Service by ClearApps Software (piaservice) - Unknown owner - C:\Programmi\ClearApps\Network Inventory Advisor\piaservice.exe
O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\WINDOWS\system32\SUPDSvc.exe
O23 - Service: SBAMSvc - Unknown owner - C:\Programmi\QUAD Utilities\QUAD AntiSpyware\SBAMSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: webserver - Unknown owner - C:\Programmi\webserver\webserver.exe (file missing)

--
End of file - 9301 bytes
Torna in alto
 
Sponsor
Inviato: Friday, March 05, 2010 5:09:55 PM

 
Torna in alto
 
r16
Inviato: Friday, March 05, 2010 5:15:37 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Elimina queste voci di HijackThis:
Se non sai "fixare"le voci,segui questa guida dettagliata: http://www.aiutamici.com/software?ID=11175

O1 - Hosts: 85.13.206.114 haksjdi262fsf.com
O1 - Hosts: 85.13.206.114 uuu20091124.info
O1 - Hosts: 85.13.206.114 u07012010u.com
O16 - DPF: Justin.tv Publisher - http://it.justin.tv/plugins/justintv_publisher.CAB
O16 - DPF: {4819DFDF-ABC4-488C-A323-919848C51175} (Conviva LivePass) - http://portal3.rinera.com/download/ConvivaStreamingPlugin-1.7.0.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O23 - Service: SBAMSvc - Unknown owner - C:\Programmi\QUAD Utilities\QUAD AntiSpyware\SBAMSvc.exe (file missing)

Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.
Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
Torna in alto
 
jozzz
Inviato: Friday, March 05, 2010 5:56:27 PM
Rank: Member

Iscritto dal : 3/5/2010
Posts: 14
ciao grazie per l'aiuto. devoewseguire combofix in modalita provisorua disattivando ripristino sistema
Torna in alto
 
jozzz
Inviato: Friday, March 05, 2010 6:11:15 PM
Rank: Member

Iscritto dal : 3/5/2010
Posts: 14
log combofix

ComboFix 09-11-11.02 - Maupilio 05/03/2010 18.05.31.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1012.533 [GMT 1:00]
Eseguito da: c:\documents and settings\Maupilio\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\QUAD Utilities
c:\programmi\webserver

.
((((((((((((((((((((((((( Files Creati Da 2010-02-05 al 2010-03-05 )))))))))))))))))))))))))))))))))))
.

2010-03-05 15:57 . 2010-03-05 15:57 -------- d-----w- c:\programmi\Trend Micro
2010-03-05 05:07 . 2010-03-05 05:07 1187 ----a-w- C:\FindyKill_Upload_Me_PACKARD-963D634.zip
2010-03-05 04:32 . 2010-03-05 05:07 -------- d-----w- C:\FyK
2010-03-05 00:00 . 2010-03-05 00:00 -------- d-----w- c:\programmi\ClearApps
2010-03-04 23:28 . 2010-03-04 23:28 -------- d-----w- c:\documents and settings\Maupilio\Dati applicazioni\Malwarebytes
2010-03-04 23:28 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-04 23:28 . 2010-03-04 23:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-03-04 23:28 . 2010-03-05 05:56 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-04 23:28 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-04 19:30 . 2010-03-04 19:30 -------- d-----w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\Threat Expert
2010-03-04 16:58 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-04 16:58 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-04 16:58 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-04 16:58 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-04 16:58 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-04 16:58 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-04 16:58 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-04 16:58 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-04 16:58 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-04 16:58 . 2010-03-04 16:58 -------- d-----w- c:\programmi\Alwil Software
2010-03-04 16:58 . 2010-03-04 16:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software
2010-03-04 16:48 . 2010-03-05 15:33 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-03-04 15:56 . 2010-03-04 15:56 206848 ----a-w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\rdr_1267718132.exe
2010-03-04 13:50 . 2010-03-04 13:50 206848 ----a-w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\rdr_1267710620.exe
2010-03-04 03:19 . 2010-03-04 03:19 206848 ----a-w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\rdr_1267672752.exe
2010-03-04 03:07 . 2009-11-20 21:19 201968 ----a-w- c:\windows\system32\Isafprod.dll
2010-03-04 03:07 . 2009-11-20 21:18 95472 ----a-w- c:\windows\system32\Vetredir.dll
2010-03-04 03:07 . 2009-11-20 21:18 128240 ----a-w- c:\windows\system32\Isafeif.dll
2010-03-04 03:07 . 2010-03-04 16:34 -------- d-----w- c:\windows\rnapxs
2010-03-04 02:38 . 2010-03-04 16:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CA
2010-03-04 02:30 . 2010-03-04 02:30 206848 ----a-w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\rdr_1267669816.exe
2010-03-04 02:14 . 2010-03-04 02:14 125952 ----a-w- c:\documents and settings\All Users\Dati applicazioni\ParetoLogic\UUS2\Temp\Update.exe
2010-03-04 02:10 . 2010-03-04 02:28 23072 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-03-04 02:10 . 2010-03-04 02:28 215072 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-04 01:53 . 2010-03-04 02:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ParetoLogic
2010-03-04 01:53 . 2010-03-04 02:23 -------- d-----w- c:\programmi\File comuni\ParetoLogic
2010-03-04 01:53 . 2010-03-04 01:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ParetoLogic Anti-Virus PLUS
2010-03-04 01:36 . 2010-03-04 01:36 -------- d-----w- c:\programmi\CCleaner
2010-03-04 01:19 . 2010-03-04 01:19 206848 ----a-w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\rdr_1267665564.exe
2010-03-03 22:52 . 2010-03-03 22:52 206848 ----a-w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\rdr_1267656758.exe
2010-03-03 22:42 . 2010-03-03 22:42 206848 ----a-w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\rdr_1267656129.exe
2010-03-03 22:33 . 2010-03-03 22:33 206848 ----a-w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\rdr_1267655620.exe
2010-03-03 20:44 . 2010-03-03 20:44 67072 ---h--w- c:\windows\bill103.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 17:03 . 2008-11-10 17:54 94550 ----a-w- c:\windows\system32\perfc010.dat
2010-03-05 17:03 . 2008-11-10 17:54 517008 ----a-w- c:\windows\system32\perfh010.dat
2010-03-05 00:14 . 2009-03-06 17:05 93808 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-04 16:33 . 2010-03-04 12:30 62668 ----a-w- c:\windows\system32\drivers\KmxAgent.asc
2010-03-04 16:26 . 2008-11-10 10:35 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-03-04 02:29 . 2009-06-07 17:31 -------- d-----w- c:\programmi\File comuni\Panda Security
2010-03-04 02:28 . 2010-03-04 02:10 5000 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-04 02:28 . 2010-03-04 02:10 3236 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-03-04 02:26 . 2009-06-07 17:33 -------- d-----w- c:\documents and settings\Maupilio\Dati applicazioni\Panda Security
2010-03-01 08:13 . 2008-11-10 10:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-02-19 17:47 . 2009-04-27 16:51 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-12-31 16:50 . 2008-11-10 17:54 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:06 . 2008-11-10 17:54 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:40 . 2008-11-10 10:10 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2008-11-10 17:53 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:07 . 2008-04-13 18:54 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:07 . 2008-04-13 18:55 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-06 11:49 . 2009-12-08 07:54 52224 ----a-w- c:\documents and settings\Maupilio\Dati applicazioni\Mozilla\Firefox\Profiles\fwvku1b2.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\FFExternalAlert.dll
2009-12-06 11:49 . 2009-12-08 07:54 114688 ----a-w- c:\documents and settings\Maupilio\Dati applicazioni\Mozilla\Firefox\Profiles\fwvku1b2.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\npmozax.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"AzMixerSel"="c:\programmi\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-08-18 817672]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-01-05 413696]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\Internet Explorer\\iexplore.exe"=
"c:\\WINDOWS\\system32\\SUPDSvc.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:GateOKO
"53:TCP"= 53:TCP:webserver

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/03/2010 17.58.29 162512]
R1 o6ko;ML Display Class Docfile Intel;c:\windows\system32\drivers\o6ko.sys [22/05/2007 9.53.35 32768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/03/2010 17.58.30 19024]
R2 ETService;Empowering Technology Service;c:\program files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [06/03/2009 17.49.06 24576]
R2 srvoko6;Security List Class Service Secondary OpcEnum Fonts Control;c:\windows\system32\svchost.exe -k netsvc6 [10/11/2008 18.54.01 14336]
R3 M3000Srv;WebCam;c:\windows\system32\drivers\M3000KNT.sys [06/03/2009 17.44.25 151936]
S2 gupdate1c9b33ed0c5fbb0;Servizio di Google Update (gupdate1c9b33ed0c5fbb0);c:\programmi\Google\Update\GoogleUpdate.exe [02/04/2009 3.57.50 133104]
S2 piaservice;Network Inventory Advisor Service by ClearApps Software;c:\programmi\ClearApps\Network Inventory Advisor\piaservice.exe [09/02/2010 20.09.38 617472]
S2 SSPORT;SSPORT; [x]
S2 webserver;webserver;c:\programmi\webserver\webserver.exe --> c:\programmi\webserver\webserver.exe [?]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [10/11/2008 11.40.00 94608]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [05/03/2010 0.28.45 38224]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [03/05/2009 8.15.40 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [03/05/2009 8.15.41 8320]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [28/05/2009 11.20.49 127656]
S4 SBAMSvc;SBAMSvc;"c:\programmi\QUAD Utilities\QUAD AntiSpyware\SBAMSvc.exe" --> c:\programmi\QUAD Utilities\QUAD AntiSpyware\SBAMSvc.exe [?]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
netsvc6 REG_MULTI_SZ srvoko6

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fce33b3-0fed-11de-9bc1-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14582e27-5f6b-11de-9d82-00234e154f00}]
\Shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17c32f08-0fea-11de-9bbe-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17c32f0b-0fea-11de-9bbe-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c7efce8-7d3f-11de-9dc2-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b37c306-4aed-11de-9d1d-00234e154f00}]
\Shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67046a80-57ea-11de-9d61-00234e154f00}]
\Shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67046a81-57ea-11de-9d61-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73dfbb18-4aef-11de-9d1e-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cd321d6-5b2c-11de-9d71-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cd321d9-5b2c-11de-9d71-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e8209b4-24d2-11de-9c4f-00234e154f00}]
\Shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e8209b5-24d2-11de-9c4f-00234e154f00}]
\Shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91125da8-620f-11de-9d8f-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95de5fde-23e0-11de-9c44-00234e154f00}]
\Shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95de5fdf-23e0-11de-9c44-00234e154f00}]
\Shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1a72886-61a3-11de-9d8d-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9121836-4a26-11de-9d14-00234e154f00}]
\Shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d959c322-4a2b-11de-9d16-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d959c325-4a2b-11de-9d16-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3d902f2-633c-11de-9d92-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3d902f3-633c-11de-9d92-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f237f8cf-0da1-11de-9b9a-00234e154f00}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe92da94-4a2a-11de-9d15-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-02 02:57]

2010-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-02 02:57]

2010-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3095290957-3615762775-570238229-1006Core.job
- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-04-01 12:44]

2010-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3095290957-3615762775-570238229-1006UA.job
- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-04-01 12:44]

2010-03-05 c:\windows\Tasks\User_Feed_Synchronization-{EBA7AF35-4781-4E0E-92E0-6E4104639CA0}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Maupilio\Dati applicazioni\Mozilla\Firefox\Profiles\fwvku1b2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1701838&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic_Italia Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1701838&SearchSource=13
FF - component: c:\documents and settings\Maupilio\Dati applicazioni\Mozilla\Firefox\Profiles\fwvku1b2.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\FFExternalAlert.dll
FF - plugin: c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

URLSearchHooks-{4edd5c14-2d22-4d7a-9748-c975a7fd933b} - (no file)
WebBrowser-{472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
Notify-avldr - avldr.dll
SafeBoot-PskSvcRetail



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-05 18:06
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3240)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-03-05 18.10.10
ComboFix-quarantined-files.txt 2010-03-05 17:10

Pre-Run: 53.592.195.072 byte disponibili
Post-Run: 54.204.788.736 byte disponibili

- - End Of File - - 11533E9CD8E4BA1A9B0202EA44535DCA
Torna in alto
 
jozzz
Inviato: Friday, March 05, 2010 7:14:17 PM
Rank: Member

Iscritto dal : 3/5/2010
Posts: 14
questo è il nuovo log hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.13.33, on 05/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238722706296
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate1c9b33ed0c5fbb0) (gupdate1c9b33ed0c5fbb0) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Network Inventory Advisor Service by ClearApps Software (piaservice) - Unknown owner - C:\Programmi\ClearApps\Network Inventory Advisor\piaservice.exe
O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\WINDOWS\system32\SUPDSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: webserver - Unknown owner - C:\Programmi\webserver\webserver.exe (file missing)

--
End of file - 8146 bytes
Torna in alto
 
r16
Inviato: Friday, March 05, 2010 9:33:24 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Non occorre aprire altri topic, per lo stesso problema.

Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe e poi clicca Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt
Code:
KillAll::

File::
c:\windows\system32\drivers\o6ko.sys

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"=-
"53:TCP"=-

Driver::
o6ko
srvoko6
webserver
SBAMSvc


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
Torna in alto
 
jozzz
Inviato: Friday, March 05, 2010 10:31:57 PM
Rank: Member

Iscritto dal : 3/5/2010
Posts: 14
non mi sta dando più problemi avast si è aggiornato e con una scansione veloce ha tolto un pò di virus, ora aggiorna e riesco ad entrare nei siti antivirus. comunque faccio lo stesso ciò che mi hai detto.
ho provato a fare il fixed di 023 webserver ownknow ma non lo ha cancellato.
comunque grazie mille r16
Torna in alto
 
jozzz
Inviato: Friday, March 05, 2010 10:44:12 PM
Rank: Member

Iscritto dal : 3/5/2010
Posts: 14
ComboFix 09-11-11.02 - Maupilio 05/03/2010 22.36.10.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1012.613 [GMT 1:00]
Eseguito da: c:\documents and settings\Maupilio\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Maupilio\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -

FILE ::
"c:\windows\system32\drivers\o6ko.sys"
.

((((((((((((((((((((((((( Files Creati Da 2010-02-05 al 2010-03-05 )))))))))))))))))))))))))))))))))))
.

2010-03-05 19:28 . 2010-03-05 19:30 -------- d-----w- c:\documents and settings\Administrator
2010-03-05 15:57 . 2010-03-05 15:57 -------- d-----w- c:\programmi\Trend Micro
2010-03-05 05:07 . 2010-03-05 05:07 1187 ----a-w- C:\FindyKill_Upload_Me_PACKARD-963D634.zip
2010-03-05 04:32 . 2010-03-05 05:07 -------- d-----w- C:\FyK
2010-03-05 00:00 . 2010-03-05 00:00 -------- d-----w- c:\programmi\ClearApps
2010-03-04 23:28 . 2010-03-04 23:28 -------- d-----w- c:\documents and settings\Maupilio\Dati applicazioni\Malwarebytes
2010-03-04 23:28 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-04 23:28 . 2010-03-04 23:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-03-04 23:28 . 2010-03-05 05:56 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-04 23:28 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-04 19:30 . 2010-03-04 19:30 -------- d-----w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\Threat Expert
2010-03-04 16:58 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-04 16:58 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-04 16:58 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-04 16:58 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-04 16:58 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-04 16:58 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-04 16:58 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-04 16:58 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-04 16:58 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-04 16:58 . 2010-03-04 16:58 -------- d-----w- c:\programmi\Alwil Software
2010-03-04 16:58 . 2010-03-04 16:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software
2010-03-04 16:48 . 2010-03-05 15:33 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-03-04 03:07 . 2009-11-20 21:19 201968 ----a-w- c:\windows\system32\Isafprod.dll
2010-03-04 03:07 . 2009-11-20 21:18 95472 ----a-w- c:\windows\system32\Vetredir.dll
2010-03-04 03:07 . 2009-11-20 21:18 128240 ----a-w- c:\windows\system32\Isafeif.dll
2010-03-04 03:07 . 2010-03-04 16:34 -------- d-----w- c:\windows\rnapxs
2010-03-04 02:38 . 2010-03-04 16:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CA
2010-03-04 02:14 . 2010-03-04 02:14 125952 ----a-w- c:\documents and settings\All Users\Dati applicazioni\ParetoLogic\UUS2\Temp\Update.exe
2010-03-04 02:10 . 2010-03-04 02:28 23072 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-03-04 02:10 . 2010-03-04 02:28 215072 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-04 01:53 . 2010-03-04 02:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ParetoLogic
2010-03-04 01:53 . 2010-03-04 02:23 -------- d-----w- c:\programmi\File comuni\ParetoLogic
2010-03-04 01:53 . 2010-03-04 01:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ParetoLogic Anti-Virus PLUS
2010-03-04 01:36 . 2010-03-04 01:36 -------- d-----w- c:\programmi\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 21:24 . 2008-11-10 17:54 94550 ----a-w- c:\windows\system32\perfc010.dat
2010-03-05 21:24 . 2008-11-10 17:54 517008 ----a-w- c:\windows\system32\perfh010.dat
2010-03-05 19:24 . 2007-05-22 08:53 104960 ----a-w- c:\windows\system32\o6ko.dll
2010-03-05 00:14 . 2009-03-06 17:05 93808 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-04 16:33 . 2010-03-04 12:30 62668 ----a-w- c:\windows\system32\drivers\KmxAgent.asc
2010-03-04 16:26 . 2008-11-10 10:35 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-03-04 02:29 . 2009-06-07 17:31 -------- d-----w- c:\programmi\File comuni\Panda Security
2010-03-04 02:28 . 2010-03-04 02:10 5000 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-04 02:28 . 2010-03-04 02:10 3236 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-03-04 02:26 . 2009-06-07 17:33 -------- d-----w- c:\documents and settings\Maupilio\Dati applicazioni\Panda Security
2010-03-01 08:13 . 2008-11-10 10:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-02-19 17:47 . 2009-04-27 16:51 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-12-31 16:50 . 2008-11-10 17:54 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:06 . 2008-11-10 17:54 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:40 . 2008-11-10 10:10 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2008-11-10 17:53 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:07 . 2008-04-13 18:54 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:07 . 2008-04-13 18:55 2027520 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-06 11:49 . 2009-12-08 07:54 52224 ----a-w- c:\documents and settings\Maupilio\Dati applicazioni\Mozilla\Firefox\Profiles\fwvku1b2.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\FFExternalAlert.dll
2009-12-06 11:49 . 2009-12-08 07:54 114688 ----a-w- c:\documents and settings\Maupilio\Dati applicazioni\Mozilla\Firefox\Profiles\fwvku1b2.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\npmozax.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-03-05_17.07.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-10 17:53 . 2010-03-05 21:24 72910 c:\windows\system32\perfc009.dat
- 2008-11-10 17:53 . 2010-03-05 17:03 72910 c:\windows\system32\perfc009.dat
+ 2008-11-10 17:53 . 2010-03-05 21:24 445704 c:\windows\system32\perfh009.dat
- 2008-11-10 17:53 . 2010-03-05 17:03 445704 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"AzMixerSel"="c:\programmi\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-08-18 817672]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-01-05 413696]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\Internet Explorer\\iexplore.exe"=
"c:\\WINDOWS\\system32\\SUPDSvc.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/03/2010 17.58.29 162512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/03/2010 17.58.30 19024]
R2 ETService;Empowering Technology Service;c:\program files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [06/03/2009 17.49.06 24576]
R3 M3000Srv;WebCam;c:\windows\system32\drivers\M3000KNT.sys [06/03/2009 17.44.25 151936]
S2 gupdate1c9b33ed0c5fbb0;Servizio di Google Update (gupdate1c9b33ed0c5fbb0);c:\programmi\Google\Update\GoogleUpdate.exe [02/04/2009 3.57.50 133104]
S2 piaservice;Network Inventory Advisor Service by ClearApps Software;c:\programmi\ClearApps\Network Inventory Advisor\piaservice.exe [09/02/2010 20.09.38 617472]
S2 SSPORT;SSPORT; [x]
S2 webserver;webserver;c:\programmi\webserver\webserver.exe --> c:\programmi\webserver\webserver.exe [?]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [10/11/2008 11.40.00 94608]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [03/05/2009 8.15.40 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [03/05/2009 8.15.41 8320]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [28/05/2009 11.20.49 127656]
S4 SBAMSvc;SBAMSvc;"c:\programmi\QUAD Utilities\QUAD AntiSpyware\SBAMSvc.exe" --> c:\programmi\QUAD Utilities\QUAD AntiSpyware\SBAMSvc.exe [?]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
netsvc6 REG_MULTI_SZ srvoko6

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fce33b3-0fed-11de-9bc1-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14582e27-5f6b-11de-9d82-00234e154f00}]
\Shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17c32f08-0fea-11de-9bbe-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17c32f0b-0fea-11de-9bbe-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c7efce8-7d3f-11de-9dc2-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b37c306-4aed-11de-9d1d-00234e154f00}]
\Shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67046a80-57ea-11de-9d61-00234e154f00}]
\Shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67046a81-57ea-11de-9d61-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73dfbb18-4aef-11de-9d1e-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cd321d6-5b2c-11de-9d71-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cd321d9-5b2c-11de-9d71-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e8209b4-24d2-11de-9c4f-00234e154f00}]
\Shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e8209b5-24d2-11de-9c4f-00234e154f00}]
\Shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91125da8-620f-11de-9d8f-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95de5fde-23e0-11de-9c44-00234e154f00}]
\Shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95de5fdf-23e0-11de-9c44-00234e154f00}]
\Shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1a72886-61a3-11de-9d8d-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9121836-4a26-11de-9d14-00234e154f00}]
\Shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d959c322-4a2b-11de-9d16-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d959c325-4a2b-11de-9d16-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3d902f2-633c-11de-9d92-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3d902f3-633c-11de-9d92-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f237f8cf-0da1-11de-9b9a-00234e154f00}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe92da94-4a2a-11de-9d15-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-02 02:57]

2010-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-02 02:57]

2010-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3095290957-3615762775-570238229-1006Core.job
- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-04-01 12:44]

2010-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3095290957-3615762775-570238229-1006UA.job
- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-04-01 12:44]

2010-03-05 c:\windows\Tasks\User_Feed_Synchronization-{EBA7AF35-4781-4E0E-92E0-6E4104639CA0}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Maupilio\Dati applicazioni\Mozilla\Firefox\Profiles\fwvku1b2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1701838&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic_Italia Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1701838&SearchSource=13
FF - component: c:\documents and settings\Maupilio\Dati applicazioni\Mozilla\Firefox\Profiles\fwvku1b2.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\FFExternalAlert.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-05 22:39
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2472)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast5\AvastSvc.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Google\Update\1.2.183.17\GoogleCrashHandler.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
.
**************************************************************************
.
Ora fine scansione: 2010-03-05 22.43.59 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-03-05 21:43
ComboFix2.txt 2010-03-05 17:10

Pre-Run: 54.110.375.936 byte disponibili
Post-Run: 54.104.248.320 byte disponibili

- - End Of File - - 0B6A1632728477E45B033390D6721F5A
Torna in alto
 
r16
Inviato: Friday, March 05, 2010 10:51:38 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Fai cosi:
Scarica e installa Pserv sul desktop:
http://www.p-nand-q.com/download/pserv_cpl/pserv-2.7.exe
Lo lanci da "Tutti programmi" cliccando : "Services & Devices"
Nella schermata che apparirà, cerca e trova il servizio incriminato.
Clicca con il tasto destro sopra il servizio,(Service: webserver ) e scegli : Delete.
Chiudi Pserv.
Riavvia il pc.
Vedi se c'è ancora.
Torna in alto
 
jozzz
Inviato: Friday, March 05, 2010 10:55:37 PM
Rank: Member

Iscritto dal : 3/5/2010
Posts: 14
grazie di cuore veramente a tutto il forum,in particolare a r16.
ciao e grazie
Torna in alto
 
r16
Inviato: Friday, March 05, 2010 11:00:03 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ci sarebbero delle pulizie da fare, ma se hai fretta.....Whistle
Ciao!
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Non mi si aggiorna più niente


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.