Come bloccare l'apertura di pagine indesiderate - Sicurezza VIRUS

Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Come bloccare l'apertura di pagine indesiderate

Come bloccare l'apertura di pagine indesiderate

Opzioni

Topic Precedente · Topic Sucessivo

gargamella56

Inviato: Wednesday, February 04, 2009 1:03:47 PM

Rank: Newbie

Iscritto dal : 2/4/2009
Posts: 0

Per favore potreste consiglirmi un programma che blocca l'apertura di pagine indesiderate? Ho scaricato ed installato win defender,pero' quelle le pagine continuano ad aprirsi.Grazie mill!

Torna in alto

Sponsor

Inviato: Wednesday, February 04, 2009 1:03:47 PM

Torna in alto

r16

Inviato: Wednesday, February 04, 2009 1:05:53 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Posta un log di hijackthis.
http://www.aiutaamici.com/software?ID=11175

Torna in alto

gargamella56

Inviato: Wednesday, February 04, 2009 2:19:16 PM

Rank: Newbie

Iscritto dal : 2/4/2009
Posts: 0

Grazie,in serata lo faro' Angel

Torna in alto

gargamella56

Inviato: Wednesday, February 04, 2009 10:35:25 PM

Rank: Newbie

Iscritto dal : 2/4/2009
Posts: 0

r16 ha scritto:

Posta un log di hijackthis.
http://www.aiutaamici.com/software?ID=11175

Ecco il log,come mi hai chiesto, controllalo pr favore,troppe pagine si aprono all'improvviso. Grazie!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.28.37, on 04/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\Programmi\Windows Defender\MsMpEng.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
F:\Programmi\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Programmi\Java\jre6\bin\jqs.exe
F:\Programmi\File comuni\LightScribe\LSSrvc.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\Mixer.exe
F:\WINDOWS\System32\svchost.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Programmi\Java\jre6\bin\jusched.exe
F:\WINDOWS\system32\DHTray.exe
F:\WINDOWS\system32\A0380mon.exe
F:\Programmi\Canon\MyPrinter\BJMyPrt.exe
F:\Programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe
F:\Programmi\Netropa\Touch Manager\TouchMgr.exe
F:\Programmi\File comuni\Real\Update_OB\realsched.exe
F:\Programmi\Netropa\Touch Manager\MEDIACTR.EXE
F:\Programmi\Windows Defender\MSASCui.exe
F:\WINDOWS\system32\ctfmon.exe
F:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Programmi\Netropa\Touch Manager\MMUSBKB2.EXE
F:\documents and settings\fili\impostazioni locali\dati applicazioni\earhhdt.exe
F:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
F:\Programmi\WinZip\WZQKPICK.EXE
F:\Programmi\OpenOffice.org 2.4\program\soffice.exe
F:\Programmi\OpenOffice.org 2.4\program\soffice.BIN
F:\WINDOWS\System32\wbem\wmiapsrv.exe
F:\Programmi\PC Connectivity Solution\ServiceLayer.exe
F:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
F:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
F:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\incomedia\WebSite.exe
F:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
F:\Programmi\Alwil Software\Avast4\ashWebSv.exe
F:\Programmi\CrossLoop\CrossLoopConnect.exe
F:\Programmi\CrossLoop\winvnc.exe
D:\incomedia\ImPreview.exe
F:\Programmi\Internet Explorer\IEXPLORE.EXE
F:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\programmi\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Update] ssms.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DHTray] F:\WINDOWS\system32\DHTray.exe
O4 - HKLM\..\Run: [A0380mon] F:\WINDOWS\system32\A0380mon.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] F:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] F:\Programmi\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "F:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "F:\Programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Touch Manager] F:\Programmi\Netropa\Touch Manager\TouchMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "F:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [Windows Update] ssms.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [earhhdt] "f:\documents and settings\fili\impostazioni locali\dati applicazioni\earhhdt.exe" earhhdt
O4 - HKCU\..\Run: [PC Suite Tray] "F:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [swg] F:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: html2pop3.lnk = F:\Programmi\html2pop3\html2pop3.bat
O4 - Startup: OpenOffice.org 2.4.lnk = F:\Programmi\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://F:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232042159125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232042147671
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - F:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9434 bytes

Torna in alto

r16

Inviato: Wednesday, February 04, 2009 10:54:49 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Ciao.
Si effettivamente ci sono delle infezioni.
Esegui queste indicazioni:
Assicurati di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) Metti la spunta su: Visualizza file e cartelle nascoste
2) Togli la spunta: nascondi file protetti di sistema (consigliato)

Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Se non sai "fixare"le voci,segui questa guida dettagliata: http://www.aiutaamici.com/software?ID=11175

Avvia in modalità provvisoria http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80122

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [Windows Update] ssms.exe
O4 - HKLM\..\RunServices: [Windows Update] ssms.exe
O4 - HKCU\..\Run: [earhhdt] "f:\documents and settings\fili\impostazioni locali\dati applicazioni\earhhdt.exe" earhhdt
Trova e cancella i file in rosso:
f:\documents and settings\fili\impostazioni locali\dati applicazioni\earhhdt.exe
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Riavvia il computer.
*********************************************************************************************************
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
*********************************************************************************************************
Poi esegui alla lettera queste indicazioni:

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, digita (oppure, copia ed incolla) questo comando: Combofix /u e premi invio poi cancella le cartelle in "C" di combofix (qoobox)

Torna in alto

gargamella56

Inviato: Wednesday, February 04, 2009 11:18:37 PM

Rank: Newbie

Iscritto dal : 2/4/2009
Posts: 0

Grazie r16,ti faro' sapere.Domani mi mettero' al lavoro.Ancora grazie!

Torna in alto

peronblack

Inviato: Wednesday, February 04, 2009 11:28:13 PM

Rank: AiutAmico

Iscritto dal : 11/3/2008
Posts: 915

gargamella56 ha scritto:

Per favore potreste consiglirmi un programma che blocca l'apertura di pagine indesiderate? Ho scaricato ed installato win defender,pero' quelle le pagine continuano ad aprirsi.Grazie mill!

Prova a metterti opera che nn si aprono mai ecco il link:
http://software.aiutamici.com/software?ID=11292

Forum: Http://mcminecraftcreep.altervista.org/
Youtube: Http://Youtube.it/mcminecraftgreeper
Facebook: http://www.facebook.com/pages/Multigaming-Creeper/206307562741464
Twitter Peronblack: http://twitter.com/Peronblack

Torna in alto

gargamella56

Inviato: Thursday, February 05, 2009 2:26:06 PM

Rank: Newbie

Iscritto dal : 2/4/2009
Posts: 0

Ho fatto quanto mi hai sugerito, ecco il log di combofix. Ancora grazie. Devo fare altro ?

ComboFix 09-02-04.04 - Fili 2009-02-05 14.10.03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1535.1167 [GMT 1:00]
Eseguito da: f:\documents and settings\Fili\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090204-0] *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\documents and settings\All Users\Desktop\webmediaplayer.lnk
f:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer
f:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Condizioni generali.url
f:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Disinstalla.lnk
f:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Riservatezza.url
f:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\WebMediaPlayer.lnk
f:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Website.url
f:\documents and settings\Fili\Dati applicazioni\ShoppingReport
f:\documents and settings\Fili\Dati applicazioni\ShoppingReport\cs\Config.xml
f:\documents and settings\Fili\Dati applicazioni\ShoppingReport\cs\db\Aliases.dbs
f:\documents and settings\Fili\Dati applicazioni\ShoppingReport\cs\db\Sites.dbs
f:\documents and settings\Fili\Dati applicazioni\ShoppingReport\cs\dwld\WhiteList.xip
f:\documents and settings\Fili\Dati applicazioni\ShoppingReport\cs\report\aggr_storage.xml
f:\documents and settings\Fili\Dati applicazioni\ShoppingReport\cs\report\send_storage.xml
f:\documents and settings\Fili\Dati applicazioni\ShoppingReport\cs\res1\WhiteList.dbs
f:\documents and settings\Fili\Impostazioni locali\Dati applicazioni\earhhdt.dat
f:\documents and settings\Fili\Impostazioni locali\Dati applicazioni\earhhdt_nav.dat
f:\documents and settings\Fili\Impostazioni locali\Dati applicazioni\earhhdt_navps.dat
f:\programmi\ShoppingReport
f:\programmi\webmediaplayer
f:\programmi\webmediaplayer\resources\wmp_translation_file.xml
f:\programmi\webmediaplayer\skins\classic.skn
f:\programmi\webmediaplayer\sqlite3.dll
f:\programmi\webmediaplayer\uninst.exe
f:\programmi\webmediaplayer\WebMediaPlayer.exe
f:\windows\system32\AVSredirect.dll
f:\windows\system32\axtovlmmj.exe
f:\windows\system32\xy.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-01-05 al 2009-02-05 )))))))))))))))))))))))))))))))))))
.

2009-02-04 22:28 . 2009-02-04 22:28 <DIR> d-------- f:\programmi\Trend Micro
2009-02-04 12:27 . 2009-02-04 12:27 <DIR> d-------- f:\programmi\Windows Defender
2009-02-04 10:53 . 2009-02-04 10:53 <DIR> d-------- f:\documents and settings\Fili\Dati applicazioni\Printer Info Cache
2009-02-04 10:37 . 2009-02-04 11:48 <DIR> d-------- f:\documents and settings\Fili\Dati applicazioni\U3
2009-02-04 09:32 . 2009-02-04 09:32 <DIR> d-------- f:\programmi\html2pop3
2009-02-03 15:55 . 2009-02-03 17:34 <DIR> d-------- f:\programmi\WebSite X5 Evolution
2009-02-03 00:21 . 1997-07-19 17:00 604,432 --a------ f:\windows\system32\COMCTL32.OCX
2009-02-03 00:21 . 1998-03-13 11:06 389,120 --a------ f:\windows\system32\Atx32.ocx
2009-02-03 00:21 . 2005-08-23 14:54 388,608 --a------ f:\windows\system32\3DABM8U.OCX
2009-02-03 00:21 . 1997-03-21 10:51 346,112 --a------ f:\windows\system32\PPRO100.DLL
2009-02-03 00:21 . 1997-03-21 15:05 154,528 --a------ f:\windows\system32\PPRO100.OCX
2009-02-03 00:21 . 1997-10-24 16:19 78,336 --a------ f:\windows\system32\ATX32PIC.DLL
2009-02-03 00:21 . 1997-11-11 16:10 28,160 --a------ f:\windows\system32\ATX32OLE.DLL
2009-02-03 00:18 . 1998-03-04 21:32 237,568 --a------ f:\windows\system32\CompPl32.dll
2009-02-03 00:18 . 2008-03-20 16:25 185,856 --a------ f:\windows\system32\iwpsetup.exe
2009-02-03 00:18 . 1997-11-05 20:03 90,624 --a------ f:\windows\system32\CPWCTL32.OCX
2009-02-03 00:18 . 1997-01-16 00:00 29,696 --a------ f:\windows\system32\VB5STKIT.DLL
2009-02-03 00:18 . 1997-01-16 13:42 6,114 --a------ f:\windows\system32\SHELLLNK.TLB
2009-02-01 17:27 . 2009-02-01 17:28 <DIR> d-------- f:\windows\system32\Adobe
2009-02-01 16:39 . 2002-08-30 18:47 929,844 --a------ f:\windows\system32\Mfc42d.dll
2009-02-01 16:39 . 2000-07-15 15:00 434,252 --a------ f:\windows\system32\Msvcrtd.dll
2009-02-01 16:32 . 2009-02-02 08:54 <DIR> d-------- f:\windows\Downloaded Installations
2009-02-01 09:30 . 2008-03-21 13:57 14,640 --------- f:\windows\system32\spmsgXP_2k3.dll
2009-02-01 09:30 . 2009-02-01 09:30 0 --ah----- f:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-01 09:30 . 2009-02-01 09:30 0 --ah----- f:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-01 09:28 . 2009-02-01 09:38 <DIR> d-------- f:\documents and settings\Fili\Dati applicazioni\Nokia
2009-02-01 09:27 . 2009-02-01 09:27 <DIR> d-------- f:\programmi\File comuni\PCSuite
2009-02-01 09:27 . 2009-02-01 09:27 <DIR> d-------- f:\programmi\File comuni\Nokia
2009-02-01 09:26 . 2009-02-01 09:26 <DIR> d-------- f:\programmi\PC Connectivity Solution
2009-02-01 09:26 . 2008-09-15 07:29 1,112,288 --a------ f:\windows\system32\wdfcoinstaller01007.dll
2009-02-01 09:26 . 2008-09-15 07:56 659,968 --a------ f:\windows\system32\nmwcdcocls.dll
2009-02-01 09:26 . 2008-09-15 07:56 22,016 --a------ f:\windows\system32\drivers\ccdcmbo.sys
2009-02-01 09:26 . 2008-08-26 09:26 18,816 --a------ f:\windows\system32\drivers\pccsmcfd.sys
2009-02-01 09:26 . 2008-09-15 07:56 17,664 --a------ f:\windows\system32\drivers\ccdcmb.sys
2009-02-01 09:26 . 2008-09-15 07:56 8,064 --a------ f:\windows\system32\drivers\usbser_lowerflt.sys
2009-02-01 09:25 . 2009-02-01 09:27 <DIR> d-------- f:\programmi\Nokia
2009-02-01 09:23 . 2009-02-01 09:23 <DIR> d-------- f:\documents and settings\All Users\Dati applicazioni\Installations
2009-01-31 21:33 . 2009-01-31 21:33 <DIR> d-------- f:\programmi\DIFX
2009-01-31 21:31 . 2009-02-01 09:27 <DIR> d----c--- f:\windows\system32\DRVSTORE
2009-01-31 21:31 . 2009-02-01 09:30 <DIR> d-------- f:\documents and settings\Fili\Dati applicazioni\PC Suite
2009-01-31 21:31 . 2009-02-01 09:30 <DIR> d-------- f:\documents and settings\All Users\Dati applicazioni\PC Suite
2009-01-31 21:30 . 2009-02-01 09:12 <DIR> d-------- f:\documents and settings\All Users\Dati applicazioni\Downloaded Installations
2009-01-31 21:28 . 2008-04-13 19:45 26,112 --a------ f:\windows\system32\drivers\usbser.sys
2009-01-31 21:28 . 2008-04-13 19:45 26,112 --a--c--- f:\windows\system32\dllcache\usbser.sys
2009-01-31 21:27 . 2009-01-31 21:27 0 --ah----- f:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-31 21:27 . 2009-01-31 21:27 0 --ah----- f:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-01-26 15:52 . 2009-01-26 15:52 <DIR> d-------- f:\programmi\Windows Media Connect 2
2009-01-26 15:49 . 2009-01-26 15:49 <DIR> d-------- f:\windows\system32\LogFiles
2009-01-26 15:49 . 2009-02-01 09:31 <DIR> d-------- f:\windows\system32\drivers\UMDF
2009-01-26 09:12 . 2009-01-26 09:12 424 --a------ f:\windows\ODBC.INI
2009-01-26 09:11 . 2007-04-09 13:23 28,040 --a------ f:\windows\system32\mdimon.dll
2009-01-26 09:10 . 2009-01-26 09:10 <DIR> d-------- f:\programmi\Microsoft.NET
2009-01-26 09:08 . 2009-01-26 09:10 <DIR> d-------- f:\windows\SHELLNEW
2009-01-25 17:36 . 2009-01-25 17:36 <DIR> d-------- f:\programmi\eRightSoft
2009-01-25 10:23 . 2009-01-25 10:23 <DIR> d-------- f:\windows\system32\IOSUBSYS
2009-01-25 10:23 . 2008-07-31 23:17 9,200 --------- f:\windows\system32\drivers\cdralw2k.sys
2009-01-25 10:23 . 2008-07-31 23:17 9,072 --------- f:\windows\system32\drivers\cdr4_xp.sys
2009-01-23 21:41 . 2009-01-23 21:42 <DIR> d-------- f:\programmi\File comuni\Adobe
2009-01-23 21:39 . 2009-01-24 07:57 <DIR> d-------- f:\documents and settings\All Users\Dati applicazioni\NOS
2009-01-22 07:02 . 2009-01-22 07:02 <DIR> d-------- f:\windows\system32\3Planesoft
2009-01-22 07:02 . 2009-01-22 07:02 <DIR> d-------- f:\programmi\The Lost Watch 3D Screensaver
2009-01-22 07:02 . 2009-01-22 07:02 <DIR> d-------- f:\programmi\3Planesoft Screensaver Manager
2009-01-21 16:36 . 2009-01-21 16:36 <DIR> d-------- f:\documents and settings\All Users\Dati applicazioni\wmp
2009-01-21 15:35 . 2009-01-25 01:10 <DIR> d-------- f:\windows\system32\NtmsData
2009-01-20 21:29 . 2002-09-10 13:00 10,129,408 --a--c--- f:\windows\system32\dllcache\hwxkor.dll
2009-01-20 21:28 . 2009-01-20 21:28 25 --a------ f:\windows\cdplayer.ini
2009-01-20 21:26 . 2001-08-30 23:07 8,704 --a------ f:\windows\system32\kbdjpn.dll
2009-01-20 21:26 . 2001-08-30 23:07 8,704 --a--c--- f:\windows\system32\dllcache\kbdjpn.dll
2009-01-20 21:26 . 2001-08-30 23:07 8,192 --a------ f:\windows\system32\kbdkor.dll
2009-01-20 21:26 . 2001-08-30 23:07 8,192 --a--c--- f:\windows\system32\dllcache\kbdkor.dll
2009-01-20 21:26 . 2008-04-14 03:12 6,144 --a------ f:\windows\system32\kbd106.dll
2009-01-20 21:26 . 2001-08-17 22:55 6,144 --a------ f:\windows\system32\kbd101c.dll
2009-01-20 21:26 . 2001-08-17 22:55 6,144 --a------ f:\windows\system32\kbd101b.dll
2009-01-20 21:26 . 2008-04-14 03:12 6,144 --a--c--- f:\windows\system32\dllcache\kbd106.dll
2009-01-20 21:26 . 2001-08-17 22:55 6,144 --a--c--- f:\windows\system32\dllcache\kbd101c.dll
2009-01-20 21:26 . 2001-08-17 22:55 6,144 --a--c--- f:\windows\system32\dllcache\kbd101b.dll
2009-01-20 21:26 . 2001-08-17 22:55 5,632 --a------ f:\windows\system32\kbd103.dll
2009-01-20 21:26 . 2001-08-17 22:55 5,632 --a--c--- f:\windows\system32\dllcache\kbd103.dll
2009-01-20 12:02 . 2009-01-20 12:02 <DIR> d-------- f:\documents and settings\Fili\Dati applicazioni\Canon
2009-01-20 11:50 . 2009-01-20 11:50 <DIR> d-------- f:\programmi\File comuni\xing shared
2009-01-20 11:49 . 2009-01-20 11:49 <DIR> d-------- f:\programmi\Real
2009-01-20 00:36 . 2009-01-20 11:50 <DIR> d-------- f:\programmi\File comuni\Real
2009-01-19 17:01 . 2009-01-19 17:01 164 --a------ f:\windows\wininit.ini
2009-01-19 16:57 . 2009-01-19 16:57 3,882 --a------ f:\windows\mozver.dat
2009-01-19 16:09 . 2009-02-01 17:28 <DIR> d-------- f:\programmi\Google
2009-01-19 09:51 . 2008-10-16 21:04 6,066,176 -----c--- f:\windows\system32\dllcache\ieframe.dll
2009-01-19 09:51 . 2007-04-17 10:32 2,455,488 -----c--- f:\windows\system32\dllcache\ieapfltr.dat
2009-01-19 09:51 . 2007-03-08 06:11 1,032,192 -----c--- f:\windows\system32\dllcache\ieframe.dll.mui
2009-01-19 09:51 . 2008-10-16 21:04 459,264 -----c--- f:\windows\system32\dllcache\msfeeds.dll
2009-01-19 09:51 . 2008-10-16 21:04 383,488 -----c--- f:\windows\system32\dllcache\ieapfltr.dll
2009-01-19 09:51 . 2008-10-16 21:04 267,776 -----c--- f:\windows\system32\dllcache\iertutil.dll
2009-01-19 09:51 . 2008-10-16 21:04 63,488 -----c--- f:\windows\system32\dllcache\icardie.dll
2009-01-19 09:51 . 2008-10-16 21:04 52,224 -----c--- f:\windows\system32\dllcache\msfeedsbs.dll
2009-01-19 09:51 . 2008-10-16 14:11 13,824 -----c--- f:\windows\system32\dllcache\ieudinit.exe
2009-01-19 09:31 . 2009-01-19 09:31 13,646 --a------ f:\windows\system32\wpa.bak
2009-01-19 08:37 . 2009-01-19 08:37 <DIR> d-------- f:\windows\system32\it
2009-01-19 08:37 . 2009-01-19 08:37 <DIR> d-------- f:\windows\l2schemas
2009-01-19 08:08 . 2009-01-19 11:13 <DIR> d-------- f:\windows\system32\it-it
2009-01-18 13:07 . 1998-01-23 12:20 305,152 --a------ f:\windows\IsUn0410.exe
2009-01-18 11:56 . 2008-04-14 03:12 13,463,552 --a--c--- f:\windows\system32\dllcache\hwxjpn.dll
2009-01-18 11:55 . 2006-10-18 21:47 991,744 -----c--- f:\windows\system32\dllcache\drmv2clt.dll
2009-01-17 14:10 . 2009-02-03 21:41 <DIR> d-------- f:\programmi\eMule
2009-01-17 01:51 . 2009-01-25 17:37 <DIR> d-------- F:\Program Files
2009-01-17 01:51 . 1996-07-18 14:06 297,472 --a------ f:\windows\uninst.exe
2009-01-17 01:50 . 2009-01-17 01:50 <DIR> d-------- f:\documents and settings\Fili\WINDOWS
2009-01-17 00:06 . 2009-01-17 00:06 <DIR> d-------- f:\programmi\Microsoft CAPICOM 2.1.0.2
2009-01-16 18:54 . 2008-12-13 07:36 3,593,216 --a--c--- f:\windows\system32\dllcache\mshtml.dll
2009-01-16 18:54 . 2008-08-14 14:22 2,192,896 -----c--- f:\windows\system32\dllcache\ntoskrnl.exe
2009-01-16 18:54 . 2008-08-14 14:22 2,148,864 -----c--- f:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-16 18:54 . 2008-08-14 14:22 2,069,760 -----c--- f:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-16 18:54 . 2008-08-14 14:22 2,027,520 -----c--- f:\windows\system32\dllcache\ntkrpamp.exe
2009-01-16 18:54 . 2008-09-15 16:24 1,846,400 -----c--- f:\windows\system32\dllcache\win32k.sys
2009-01-16 18:53 . 2008-04-11 20:04 691,712 -----c--- f:\windows\system32\dllcache\inetcomm.dll
2009-01-16 18:53 . 2008-10-24 12:21 455,296 -----c--- f:\windows\system32\dllcache\mrxsmb.sys
2009-01-16 18:53 . 2008-10-15 17:36 337,408 -----c--- f:\windows\system32\dllcache\netapi32.dll
2009-01-16 18:53 . 2008-12-11 11:57 333,952 -----c--- f:\windows\system32\dllcache\srv.sys
2009-01-16 18:53 . 2008-05-01 15:34 331,776 -----c--- f:\windows\system32\dllcache\msadce.dll
2009-01-16 18:53 . 2008-10-03 11:02 247,326 -----c--- f:\windows\system32\dllcache\strmdll.dll
2009-01-16 18:53 . 2008-05-08 15:02 203,136 -----c--- f:\windows\system32\dllcache\rmcast.sys
2009-01-16 17:26 . 2009-01-16 17:26 <DIR> d-------- f:\documents and settings\Fili\Dati applicazioni\CD-LabelPrint
2009-01-16 14:05 . 2009-02-05 14:08 <DIR> d-------- f:\documents and settings\Fili\Dati applicazioni\OpenOffice.org2
2009-01-16 01:09 . 2009-01-16 01:09 <DIR> d-------- f:\documents and settings\Fili\Dati applicazioni\Ahead
2009-01-16 01:02 . 2009-01-16 01:03 <DIR> d-------- f:\programmi\OpenOffice.org 2.4
2009-01-16 01:01 . 2009-01-16 01:01 <DIR> d-------- f:\programmi\File comuni\Java
2009-01-16 00:52 . 2009-02-04 11:22 116 --a------ f:\windows\NeroDigital.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-15 15:52 --------- d-----w f:\programmi\Alwil Software
2009-01-15 14:33 --------- d-----w f:\programmi\microsoft frontpage
2009-01-15 14:32 558,142 ----a-w f:\windows\java\Packages\CN3TVZPF.ZIP
2009-01-15 14:32 155,995 ----a-w f:\windows\java\Packages\CSHB3D3B.ZIP
2009-01-15 14:27 --------- d-----w f:\programmi\Servizi in linea
2009-01-05 22:33 3,751,995 ----a-w f:\windows\system32\GPhotos.scr
2008-12-11 10:57 333,952 ----a-w f:\windows\system32\drivers\srv.sys
2008-12-02 21:37 49,480 ----a-w f:\windows\system32\sirenacm.dll
2006-05-03 10:06 163,328 --sh--r f:\windows\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r f:\windows\system32\msfDX.dll
2008-03-16 13:30 216,064 --sh--r f:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PC Suite Tray"="f:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"swg"="f:\programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-02-01 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="f:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"avast!"="f:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SunJavaUpdateSched"="f:\programmi\Java\jre6\bin\jusched.exe" [2009-01-15 136600]
"DHTray"="f:\windows\system32\DHTray.exe" [2007-06-19 331776]
"A0380mon"="f:\windows\system32\A0380mon.exe" [2007-03-22 16384]
"CanonSolutionMenu"="f:\programmi\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="f:\programmi\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="f:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="f:\programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"NeroFilterCheck"="f:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Touch Manager"="f:\programmi\Netropa\Touch Manager\TouchMgr.exe" [2000-08-08 618496]
"TkBellExe"="f:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-01-20 185896]
"Adobe Reader Speed Launcher"="f:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nwiz"="nwiz.exe" [2003-10-06 f:\windows\system32\nwiz.exe]
"C-Media Mixer"="Mixer.exe" [2002-10-15 f:\windows\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

f:\documents and settings\Fili\Menu Avvio\Programmi\Esecuzione automatica\
html2pop3.lnk - f:\programmi\html2pop3\html2pop3.bat [2009-02-04 154]
OpenOffice.org 2.4.lnk - f:\programmi\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

f:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
WinZip Quick Pick.lnk - f:\programmi\WinZip\WZQKPICK.EXE [2009-01-15 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"f:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Programmi\\CrossLoop\\CrossLoopConnect.exe"=
"d:\\incomedia\\WebSite.exe"=

R1 aswSP;avast! Self Protection;f:\windows\system32\drivers\aswSP.sys [2009-01-15 111184]
R1 msikbd2k;Multimedia Keyboard Filter Driver;f:\windows\system32\drivers\Msikbd2k.sys [2009-01-15 6725]
R2 aswFsBlk;aswFsBlk;f:\windows\system32\drivers\aswFsBlk.sys [2009-01-15 20560]
R2 WinDefend;Windows Defender;f:\programmi\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 A0380VID;USB2.0 PC Camera;f:\windows\system32\drivers\A0380Vid.sys [2009-01-15 3927808]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74005e53-ed47-11dd-adc5-0019666238ac}]
\Shell\Auto\command - E:\UFO.exe
\Shell\AutoRun\command - f:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-02-05 f:\windows\Tasks\MP Scheduled Scan.job
- f:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Add to Google Photos Screensa&ver - f:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\micros~1\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://f:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://f:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 14:12:27
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="F?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Ora fine scansione: 2009-02-05 14.15.34
ComboFix-quarantined-files.txt 2009-02-05 13:14:32

Pre-Run: 11.057.004.544 byte disponibili
Post-Run: 11,044,147,200 byte disponibili

267 --- E O F --- 2009-01-28 08:22:54

Torna in alto

r16

Inviato: Thursday, February 05, 2009 6:31:02 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Si, ci sarebbe anche un troyan che "dorme", e stà aspettando di essere svegliato da una chiavetta USB.
Esegui queste operazioni:

Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe\ Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74005e53-ed47-11dd-adc5-0019666238ac}]

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
*********************************************************************************************************
Bisogna disattivare momentaneamente il riconoscimento automatico delle periferiche USB;
serve il programma TweakUI scaricabile in questa pagina (lo trovi sulla destra verso metà pagina) e installalo:
http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx
Una volta installato, eseguilo e procedi con questi passaggi:

clicca sul simbolo + la sezione My Computer
clicca sul simbolo [+] la sottosezione Autoplay
Spostati in Types
Togli il segno di spunta a Enable Autoplay for removable drives
Clicca su Apply
Chiudi TweakUI

Da questo momento tutti gli apparati USB smetteranno di avviarsi automaticamente.
Inserisci le tue chiavette e fai una scansione delle stesse, con il tuo antivirus.
Quando sei sicuro che tutto è a posto, puoi riabilitare l'avvio automatico, rifacendo lo stesso percorso che ti ho indicato.
Per scansionare la o le chiavette apri "Risorse del computer" clicca con il tasto DESTRO su "Disco rimovibile" e scegli "scansiona con Avast!.
Poi:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.malwarebytes.org/
Prima di fare la scansione AGGIORNALO.
Esegui una scansione completa del sistema e, una volta terminata la scansione,assicurati che tutti i files evidenziati, siano selezionati, e clicca Rimuovi Selezionati
Posta il log.
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
E dimmi se il problema è risolto.

Torna in alto

gargamella56

Inviato: Thursday, February 05, 2009 10:34:08 PM

Rank: Newbie

Iscritto dal : 2/4/2009
Posts: 0

Ok, fatto tutto ti mando il log....grazie per la gentilezza

Malwarebytes' Anti-Malware 1.33
Versione del database: 1732
Windows 5.1.2600 Service Pack 3

2009-02-05 22:26:38
mbam-log-2009-02-05 (22-26-38).txt

Tipo di scansione: Scansione completa (C:\|D:\|F:\|)
Elementi scansionati: 89354
Tempo trascorso: 1 hour(s), 8 minute(s), 18 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 2
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\Windows Update (Backdoor.Bot) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
Applause

Torna in alto

r16

Inviato: Thursday, February 05, 2009 11:12:06 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Ehm.... mi manca il log di Combofix per vedere se le modifiche sono esatte.
Sicuro di avere fatto tutto?
Anche la pulizia delle chiavette?

Torna in alto

gargamella56

Inviato: Thursday, February 05, 2009 11:41:56 PM

Rank: Newbie

Iscritto dal : 2/4/2009
Posts: 0

Vero!!.. scusa, cmq anche le chiavette.

ComboFix 09-02-04.04 - Fili 2009-02-05 23:24:39.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1535.1038 [GMT 1:00]
Eseguito da: F:\Documents and Settings\Fili\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090205-1] *On-access scanning enabled* (Updated)

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-01-05 al 2009-02-05 )))))))))))))))))))))))))))))))))))
.

2009-02-05 21:15 . 2009-02-05 21:15 <DIR> d-------- F:\Programmi\Malwarebytes' Anti-Malware
2009-02-05 21:15 . 2009-02-05 21:15 <DIR> d-------- F:\Documents and Settings\Fili\Dati applicazioni\Malwarebytes
2009-02-05 21:15 . 2009-02-05 21:15 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2009-02-05 21:15 . 2009-01-14 16:11 38,496 --a------ F:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-02-05 21:15 . 2009-01-14 16:11 15,504 --a------ F:\WINDOWS\system32\drivers\mbam.sys
2009-02-05 20:52 . 2003-06-25 16:05 266,360 --a------ F:\WINDOWS\system32\TweakUI.exe
2009-02-05 20:52 . 2002-06-21 15:09 160,217 --a------ F:\WINDOWS\system32\PowerToysLicense.rtf
2009-02-04 22:28 . 2009-02-04 22:28 <DIR> d-------- F:\Programmi\Trend Micro
2009-02-04 12:27 . 2009-02-04 12:27 <DIR> d-------- F:\Programmi\Windows Defender
2009-02-04 10:53 . 2009-02-04 10:53 <DIR> d-------- F:\Documents and Settings\Fili\Dati applicazioni\Printer Info Cache
2009-02-04 10:37 . 2009-02-04 11:48 <DIR> d-------- F:\Documents and Settings\Fili\Dati applicazioni\U3
2009-02-04 09:32 . 2009-02-04 09:32 <DIR> d-------- F:\Programmi\html2pop3
2009-02-03 15:55 . 2009-02-03 17:34 <DIR> d-------- F:\Programmi\WebSite X5 Evolution
2009-02-03 00:21 . 1997-07-19 17:00 604,432 --a------ F:\WINDOWS\system32\COMCTL32.OCX
2009-02-03 00:21 . 1998-03-13 11:06 389,120 --a------ F:\WINDOWS\system32\Atx32.ocx
2009-02-03 00:21 . 2005-08-23 14:54 388,608 --a------ F:\WINDOWS\system32\3DABM8U.OCX
2009-02-03 00:21 . 1997-03-21 10:51 346,112 --a------ F:\WINDOWS\system32\PPRO100.DLL
2009-02-03 00:21 . 1997-03-21 15:05 154,528 --a------ F:\WINDOWS\system32\PPRO100.OCX
2009-02-03 00:21 . 1997-10-24 16:19 78,336 --a------ F:\WINDOWS\system32\ATX32PIC.DLL
2009-02-03 00:21 . 1997-11-11 16:10 28,160 --a------ F:\WINDOWS\system32\ATX32OLE.DLL
2009-02-03 00:18 . 1998-03-04 21:32 237,568 --a------ F:\WINDOWS\system32\CompPl32.dll
2009-02-03 00:18 . 2008-03-20 16:25 185,856 --a------ F:\WINDOWS\system32\iwpsetup.exe
2009-02-03 00:18 . 1997-11-05 20:03 90,624 --a------ F:\WINDOWS\system32\CPWCTL32.OCX
2009-02-03 00:18 . 1997-01-16 00:00 29,696 --a------ F:\WINDOWS\system32\VB5STKIT.DLL
2009-02-03 00:18 . 1997-01-16 13:42 6,114 --a------ F:\WINDOWS\system32\SHELLLNK.TLB
2009-02-01 17:27 . 2009-02-01 17:28 <DIR> d-------- F:\WINDOWS\system32\Adobe
2009-02-01 16:39 . 2002-08-30 18:47 929,844 --a------ F:\WINDOWS\system32\Mfc42d.dll
2009-02-01 16:39 . 2000-07-15 15:00 434,252 --a------ F:\WINDOWS\system32\Msvcrtd.dll
2009-02-01 16:32 . 2009-02-02 08:54 <DIR> d-------- F:\WINDOWS\Downloaded Installations
2009-02-01 09:30 . 2008-03-21 13:57 14,640 --------- F:\WINDOWS\system32\spmsgXP_2k3.dll
2009-02-01 09:30 . 2009-02-01 09:30 0 --ah----- F:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-01 09:30 . 2009-02-01 09:30 0 --ah----- F:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-01 09:28 . 2009-02-01 09:38 <DIR> d-------- F:\Documents and Settings\Fili\Dati applicazioni\Nokia
2009-02-01 09:27 . 2009-02-01 09:27 <DIR> d-------- F:\Programmi\File comuni\PCSuite
2009-02-01 09:27 . 2009-02-01 09:27 <DIR> d-------- F:\Programmi\File comuni\Nokia
2009-02-01 09:26 . 2009-02-01 09:26 <DIR> d-------- F:\Programmi\PC Connectivity Solution
2009-02-01 09:26 . 2008-09-15 07:29 1,112,288 --a------ F:\WINDOWS\system32\wdfcoinstaller01007.dll
2009-02-01 09:26 . 2008-09-15 07:56 659,968 --a------ F:\WINDOWS\system32\nmwcdcocls.dll
2009-02-01 09:26 . 2008-09-15 07:56 22,016 --a------ F:\WINDOWS\system32\drivers\ccdcmbo.sys
2009-02-01 09:26 . 2008-08-26 09:26 18,816 --a------ F:\WINDOWS\system32\drivers\pccsmcfd.sys
2009-02-01 09:26 . 2008-09-15 07:56 17,664 --a------ F:\WINDOWS\system32\drivers\ccdcmb.sys
2009-02-01 09:26 . 2008-09-15 07:56 8,064 --a------ F:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2009-02-01 09:25 . 2009-02-01 09:27 <DIR> d-------- F:\Programmi\Nokia
2009-02-01 09:23 . 2009-02-01 09:23 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\Installations
2009-01-31 21:33 . 2009-01-31 21:33 <DIR> d-------- F:\Programmi\DIFX
2009-01-31 21:31 . 2009-02-01 09:27 <DIR> d----c--- F:\WINDOWS\system32\DRVSTORE
2009-01-31 21:31 . 2009-02-01 09:30 <DIR> d-------- F:\Documents and Settings\Fili\Dati applicazioni\PC Suite
2009-01-31 21:31 . 2009-02-01 09:30 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2009-01-31 21:30 . 2009-02-01 09:12 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations
2009-01-31 21:28 . 2008-04-13 19:45 26,112 --a------ F:\WINDOWS\system32\drivers\usbser.sys
2009-01-31 21:28 . 2008-04-13 19:45 26,112 --a--c--- F:\WINDOWS\system32\dllcache\usbser.sys
2009-01-31 21:27 . 2009-01-31 21:27 0 --ah----- F:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-31 21:27 . 2009-01-31 21:27 0 --ah----- F:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-01-26 15:52 . 2009-01-26 15:52 <DIR> d-------- F:\Programmi\Windows Media Connect 2
2009-01-26 15:49 . 2009-01-26 15:49 <DIR> d-------- F:\WINDOWS\system32\LogFiles
2009-01-26 15:49 . 2009-02-01 09:31 <DIR> d-------- F:\WINDOWS\system32\drivers\UMDF
2009-01-26 09:12 . 2009-01-26 09:12 424 --a------ F:\WINDOWS\ODBC.INI
2009-01-26 09:11 . 2007-04-09 13:23 28,040 --a------ F:\WINDOWS\system32\mdimon.dll
2009-01-26 09:10 . 2009-01-26 09:10 <DIR> d-------- F:\Programmi\Microsoft.NET
2009-01-26 09:08 . 2009-01-26 09:10 <DIR> d-------- F:\WINDOWS\SHELLNEW
2009-01-25 17:36 . 2009-01-25 17:36 <DIR> d-------- F:\Programmi\eRightSoft
2009-01-25 10:23 . 2009-01-25 10:23 <DIR> d-------- F:\WINDOWS\system32\IOSUBSYS
2009-01-25 10:23 . 2008-07-31 23:17 9,200 --------- F:\WINDOWS\system32\drivers\cdralw2k.sys
2009-01-25 10:23 . 2008-07-31 23:17 9,072 --------- F:\WINDOWS\system32\drivers\cdr4_xp.sys
2009-01-23 21:41 . 2009-01-23 21:42 <DIR> d-------- F:\Programmi\File comuni\Adobe
2009-01-23 21:39 . 2009-01-24 07:57 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\NOS
2009-01-22 07:02 . 2009-01-22 07:02 <DIR> d-------- F:\WINDOWS\system32\3Planesoft
2009-01-22 07:02 . 2009-01-22 07:02 <DIR> d-------- F:\Programmi\The Lost Watch 3D Screensaver
2009-01-22 07:02 . 2009-01-22 07:02 <DIR> d-------- F:\Programmi\3Planesoft Screensaver Manager
2009-01-21 16:36 . 2009-01-21 16:36 <DIR> d-------- F:\Documents and Settings\All Users\Dati applicazioni\wmp
2009-01-21 15:35 . 2009-01-25 01:10 <DIR> d-------- F:\WINDOWS\system32\NtmsData
2009-01-20 21:29 . 2002-09-10 13:00 10,129,408 --a--c--- F:\WINDOWS\system32\dllcache\hwxkor.dll
2009-01-20 21:28 . 2009-01-20 21:28 25 --a------ F:\WINDOWS\cdplayer.ini
2009-01-20 21:26 . 2001-08-30 23:07 8,704 --a------ F:\WINDOWS\system32\kbdjpn.dll
2009-01-20 21:26 . 2001-08-30 23:07 8,704 --a--c--- F:\WINDOWS\system32\dllcache\kbdjpn.dll
2009-01-20 21:26 . 2001-08-30 23:07 8,192 --a------ F:\WINDOWS\system32\kbdkor.dll
2009-01-20 21:26 . 2001-08-30 23:07 8,192 --a--c--- F:\WINDOWS\system32\dllcache\kbdkor.dll
2009-01-20 21:26 . 2008-04-14 03:12 6,144 --a------ F:\WINDOWS\system32\kbd106.dll
2009-01-20 21:26 . 2001-08-17 22:55 6,144 --a------ F:\WINDOWS\system32\kbd101c.dll
2009-01-20 21:26 . 2001-08-17 22:55 6,144 --a------ F:\WINDOWS\system32\kbd101b.dll
2009-01-20 21:26 . 2008-04-14 03:12 6,144 --a--c--- F:\WINDOWS\system32\dllcache\kbd106.dll
2009-01-20 21:26 . 2001-08-17 22:55 6,144 --a--c--- F:\WINDOWS\system32\dllcache\kbd101c.dll
2009-01-20 21:26 . 2001-08-17 22:55 6,144 --a--c--- F:\WINDOWS\system32\dllcache\kbd101b.dll
2009-01-20 21:26 . 2001-08-17 22:55 5,632 --a------ F:\WINDOWS\system32\kbd103.dll
2009-01-20 21:26 . 2001-08-17 22:55 5,632 --a--c--- F:\WINDOWS\system32\dllcache\kbd103.dll
2009-01-20 12:02 . 2009-01-20 12:02 <DIR> d-------- F:\Documents and Settings\Fili\Dati applicazioni\Canon
2009-01-20 11:50 . 2009-01-20 11:50 <DIR> d-------- F:\Programmi\File comuni\xing shared
2009-01-20 11:49 . 2009-01-20 11:49 <DIR> d-------- F:\Programmi\Real
2009-01-20 00:36 . 2009-01-20 11:50 <DIR> d-------- F:\Programmi\File comuni\Real
2009-01-19 17:01 . 2009-01-19 17:01 164 --a------ F:\WINDOWS\wininit.ini
2009-01-19 16:57 . 2009-01-19 16:57 3,882 --a------ F:\WINDOWS\mozver.dat
2009-01-19 16:09 . 2009-02-01 17:28 <DIR> d-------- F:\Programmi\Google
2009-01-19 09:51 . 2008-10-16 21:04 6,066,176 -----c--- F:\WINDOWS\system32\dllcache\ieframe.dll
2009-01-19 09:51 . 2007-04-17 10:32 2,455,488 -----c--- F:\WINDOWS\system32\dllcache\ieapfltr.dat
2009-01-19 09:51 . 2007-03-08 06:11 1,032,192 -----c--- F:\WINDOWS\system32\dllcache\ieframe.dll.mui
2009-01-19 09:51 . 2008-10-16 21:04 459,264 -----c--- F:\WINDOWS\system32\dllcache\msfeeds.dll
2009-01-19 09:51 . 2008-10-16 21:04 383,488 -----c--- F:\WINDOWS\system32\dllcache\ieapfltr.dll
2009-01-19 09:51 . 2008-10-16 21:04 267,776 -----c--- F:\WINDOWS\system32\dllcache\iertutil.dll
2009-01-19 09:51 . 2008-10-16 21:04 63,488 -----c--- F:\WINDOWS\system32\dllcache\icardie.dll
2009-01-19 09:51 . 2008-10-16 21:04 52,224 -----c--- F:\WINDOWS\system32\dllcache\msfeedsbs.dll
2009-01-19 09:51 . 2008-10-16 14:11 13,824 -----c--- F:\WINDOWS\system32\dllcache\ieudinit.exe
2009-01-19 09:31 . 2009-01-19 09:31 13,646 --a------ F:\WINDOWS\system32\wpa.bak
2009-01-19 08:37 . 2009-01-19 08:37 <DIR> d-------- F:\WINDOWS\system32\it
2009-01-19 08:37 . 2009-01-19 08:37 <DIR> d-------- F:\WINDOWS\l2schemas
2009-01-19 08:08 . 2009-01-19 11:13 <DIR> d-------- F:\WINDOWS\system32\it-it
2009-01-18 13:07 . 1998-01-23 12:20 305,152 --a------ F:\WINDOWS\IsUn0410.exe
2009-01-18 11:56 . 2008-04-14 03:12 13,463,552 --a--c--- F:\WINDOWS\system32\dllcache\hwxjpn.dll
2009-01-18 11:55 . 2006-10-18 21:47 991,744 -----c--- F:\WINDOWS\system32\dllcache\drmv2clt.dll
2009-01-17 14:10 . 2009-02-03 21:41 <DIR> d-------- F:\Programmi\eMule
2009-01-17 01:51 . 2009-01-25 17:37 <DIR> d-------- F:\Program Files
2009-01-17 01:51 . 1996-07-18 14:06 297,472 --a------ F:\WINDOWS\uninst.exe
2009-01-17 01:50 . 2009-01-17 01:50 <DIR> d-------- F:\Documents and Settings\Fili\WINDOWS
2009-01-17 00:06 . 2009-01-17 00:06 <DIR> d-------- F:\Programmi\Microsoft CAPICOM 2.1.0.2
2009-01-16 18:54 . 2008-12-13 07:36 3,593,216 --a--c--- F:\WINDOWS\system32\dllcache\mshtml.dll
2009-01-16 18:54 . 2008-08-14 14:22 2,192,896 -----c--- F:\WINDOWS\system32\dllcache\ntoskrnl.exe
2009-01-16 18:54 . 2008-08-14 14:22 2,148,864 -----c--- F:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2009-01-16 18:54 . 2008-08-14 14:22 2,069,760 -----c--- F:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2009-01-16 18:54 . 2008-08-14 14:22 2,027,520 -----c--- F:\WINDOWS\system32\dllcache\ntkrpamp.exe
2009-01-16 18:54 . 2008-09-15 16:24 1,846,400 -----c--- F:\WINDOWS\system32\dllcache\win32k.sys
2009-01-16 18:53 . 2008-04-11 20:04 691,712 -----c--- F:\WINDOWS\system32\dllcache\inetcomm.dll
2009-01-16 18:53 . 2008-10-24 12:21 455,296 -----c--- F:\WINDOWS\system32\dllcache\mrxsmb.sys
2009-01-16 18:53 . 2008-10-15 17:36 337,408 -----c--- F:\WINDOWS\system32\dllcache\netapi32.dll
2009-01-16 18:53 . 2008-12-11 11:57 333,952 -----c--- F:\WINDOWS\system32\dllcache\srv.sys
2009-01-16 18:53 . 2008-05-01 15:34 331,776 -----c--- F:\WINDOWS\system32\dllcache\msadce.dll
2009-01-16 18:53 . 2008-10-03 11:02 247,326 -----c--- F:\WINDOWS\system32\dllcache\strmdll.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-15 15:52 --------- d-----w F:\Programmi\Alwil Software
2009-01-15 14:33 --------- d-----w F:\Programmi\microsoft frontpage
2009-01-15 14:32 558,142 ----a-w F:\WINDOWS\java\Packages\CN3TVZPF.ZIP
2009-01-15 14:32 155,995 ----a-w F:\WINDOWS\java\Packages\CSHB3D3B.ZIP
2009-01-15 14:27 --------- d-----w F:\Programmi\Servizi in linea
2009-01-05 22:33 3,751,995 ----a-w F:\WINDOWS\system32\GPhotos.scr
2008-12-11 10:57 333,952 ----a-w F:\WINDOWS\system32\drivers\srv.sys
2008-12-02 21:37 49,480 ----a-w F:\WINDOWS\system32\sirenacm.dll
2006-05-03 10:06 163,328 --sh--r F:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r F:\WINDOWS\system32\msfDX.dll
2008-03-16 13:30 216,064 --sh--r F:\WINDOWS\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2008-04-14 03:14 15360]
"PC Suite Tray"="F:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 12:47 1205760]
"swg"="F:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-02-01 17:28 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="F:\WINDOWS\System32\NvCpl.dll" [2003-10-06 15:16 5058560]
"avast!"="F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 18:18 81000]
"SunJavaUpdateSched"="F:\Programmi\Java\jre6\bin\jusched.exe" [2009-01-15 18:42 136600]
"DHTray"="F:\WINDOWS\system32\DHTray.exe" [2007-06-19 16:59 331776]
"A0380mon"="F:\WINDOWS\system32\A0380mon.exe" [2007-03-22 18:51 16384]
"CanonSolutionMenu"="F:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 17:01 644696]
"CanonMyPrinter"="F:\Programmi\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 17:50 1603152]
"SSBkgdUpdate"="F:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"OpwareSE4"="F:\Programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]
"NeroFilterCheck"="F:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Touch Manager"="F:\Programmi\Netropa\Touch Manager\TouchMgr.exe" [2000-08-08 23:13 618496]
"TkBellExe"="F:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2009-01-20 11:49 185896]
"Adobe Reader Speed Launcher"="F:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"nwiz"="nwiz.exe" [2003-10-06 15:16 741376 F:\WINDOWS\system32\nwiz.exe]
"C-Media Mixer"="Mixer.exe" [2002-10-15 19:00 1818624 F:\WINDOWS\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 03:14 15360]

F:\Documents and Settings\Fili\Menu Avvio\Programmi\Esecuzione automatica\
html2pop3.lnk - F:\Programmi\html2pop3\html2pop3.bat [2009-02-04 09:32:18 154]
OpenOffice.org 2.4.lnk - F:\Programmi\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]

F:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
WinZip Quick Pick.lnk - F:\Programmi\WinZip\WZQKPICK.EXE [2009-01-15 22:30:33 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"F:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"F:\\Programmi\\CrossLoop\\CrossLoopConnect.exe"=
"D:\\incomedia\\WebSite.exe"=

R1 aswSP;avast! Self Protection;F:\WINDOWS\system32\drivers\aswSP.sys [2009-01-15 16:53:26 111184]
R1 msikbd2k;Multimedia Keyboard Filter Driver;F:\WINDOWS\system32\drivers\Msikbd2k.sys [2009-01-15 23:50:48 6725]
R2 aswFsBlk;aswFsBlk;F:\WINDOWS\system32\drivers\aswFsBlk.sys [2009-01-15 20:25:21 20560]
R2 WinDefend;Windows Defender;F:\Programmi\Windows Defender\MsMpEng.exe [2006-11-03 19:19:58 13592]
R3 A0380VID;USB2.0 PC Camera;F:\WINDOWS\system32\drivers\A0380Vid.sys [2009-01-15 23:19:15 3927808]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f7a70c0-f29f-11dd-addb-0019666238ac}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contenuto della cartella 'Scheduled Tasks'

2009-02-05 F:\WINDOWS\Tasks\MP Scheduled Scan.job
- F:\Programmi\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Add to Google Photos Screensa&ver - F:\WINDOWS\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://F:\WINDOWS\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://F:\WINDOWS\Java\classes\xmldso.cab
.

Torna in alto

r16

Inviato: Thursday, February 05, 2009 11:48:01 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Bene , è stato eliminato.
Per completare l'opera, esegui queste operazioni di pulizia:
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected
Penso che il problema sia risolto.

Torna in alto

gargamella56

Inviato: Friday, February 06, 2009 7:21:39 PM

Rank: Newbie

Iscritto dal : 2/4/2009
Posts: 0

Ok...il pc va una bellezza, sei stato gentilissimo grazie per la pazienza e le spiegazioni molto intuitive.......GRAZIEEEE Applause

Torna in alto

r16

Inviato: Friday, February 06, 2009 8:54:28 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

De nada.
Ricordati di rinascondere le cartelle di sistema;
Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.
Ciao!

Torna in alto

Utenti presenti in questo topic

Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Come bloccare l'apertura di pagine indesiderate

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded