Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

controllo log Opzioni
ejman
Inviato: Monday, February 16, 2009 9:12:31 PM

Rank: Member

Iscritto dal : 1/24/2009
Posts: 15
questo è il log del pc di un non riesce a connettersi con la chiavetta
vi ringrazio anticipatamente
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.52.25, on 16/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\Siano Mobile Silicon\SMS1000\DVBHRoutingManager.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SupportAppXL\onda_mon.exe
C:\Programmi\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\Multimedia Card Reader\shwicon2k.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.EXE
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\sistray.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\2.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmi\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Programmi\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E08IXLRD_923015] "C:\Programmi\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [Performance Center] C:\Programmi\Ascentive\Performance Center\ApcMain.exe -m
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228567480167
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212527275156
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: DVB-H Routing Manager (DVBHRoutingManager) - Unknown owner - C:\Programmi\Siano Mobile Silicon\SMS1000\DVBHRoutingManager.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: ONDA Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\onda_mon.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Programmi\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Programmi\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe

--
Sponsor
Inviato: Monday, February 16, 2009 9:12:31 PM

 
r16
Inviato: Monday, February 16, 2009 10:38:08 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Fai queste 2 scansioni: Se non hai connessione prova a scaricarle in una penna USB, e trasferire i software nel pc con il problema della connessione.
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO.
Esegui una scansione completa del sistema .
Posta il log.


Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, digita (oppure, copia ed incolla) questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di combofix (qoobox)
ejman
Inviato: Tuesday, February 17, 2009 9:58:43 PM

Rank: Member

Iscritto dal : 1/24/2009
Posts: 15
Ciao eccomi sono riuscito a fare il log di malwarebyte ora lo posto e poi faccio la scansione con combofix. Grazie

Malwarebytes' Anti-Malware 1.34
Versione del database: 1749
Windows 5.1.2600 Service Pack 3

17/02/2009 21.37.01
mbam-log-2009-02-17 (21-37-01).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 156430
Tempo trascorso: 25 minute(s), 3 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 4
Valori di registro infetti: 1
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 3

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c24d7016-d00f-41ef-9781-984b6b5ff38f} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ec88fcd0-2ed5-4d65-9b4c-71d146b43a2e} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e532cfb1-5edd-4663-8c22-bcd67b5e5bd4} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ConTest.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\WINDOWS\system32\ConTest.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA0DFD92-C030-4354-9376-79C9F63F42D4}\RP116\A0027822.exe (Rogue.PCSpeedScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA0DFD92-C030-4354-9376-79C9F63F42D4}\RP116\A0027823.exe (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
ejman
Inviato: Wednesday, February 18, 2009 8:41:01 PM

Rank: Member

Iscritto dal : 1/24/2009
Posts: 15
ciao, ieri vi ho postato il log dei malaware, oggi abbiamo fatto il log di combofix con le caratteristiche date da voi, vi ringrazio anticipatamente per la vostra cortesia e professionalita, gradirei una risposta a breve
grazie
"Utente" - 2009-02-18 14:31:35 Service Pack 3
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Utente\Documenti\"


((((((((((((((((((((((((((((((( Files Created from 2009-01-18 to 2009-02-18 ))))))))))))))))))))))))))))))))))


2009-02-18 14:06 49,152 --a------ C:\WINDOWS\nircmd.exe
2009-02-17 21:00 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-02-17 21:00 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2009-02-17 21:00 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2009-02-17 21:00 <DIR> d-------- C:\DOCUME~1\Utente\DATIAP~1\Malwarebytes
2009-02-17 21:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATIAP~1\Malwarebytes
2009-02-12 20:46 110,080 --a------ C:\WINDOWS\system32\drivers\ONDAusbnet.sys
2009-02-12 20:46 105,216 --a------ C:\WINDOWS\system32\drivers\ONDAusbvoice.sys
2009-02-12 20:46 104,960 --a------ C:\WINDOWS\system32\drivers\ONDAusbser6k.sys
2009-02-12 20:46 104,960 --a------ C:\WINDOWS\system32\drivers\ONDAusbnmea.sys
2009-02-12 20:46 104,960 --a------ C:\WINDOWS\system32\drivers\ONDAusbmdm6k.sys
2009-02-12 20:46 <DIR> d-------- C:\Programmi\Alice MOBILE
2009-02-11 20:31 <DIR> d-------- C:\WINDOWS\system32\SupportAppXL
2009-02-01 22:07 20,480 --a------ C:\WINDOWS\system32\SysRestore.dll
2009-02-01 22:06 <DIR> d-------- C:\Programmi\Ascentive
2009-01-18 15:57 1,155,072 --------- C:\WINDOWS\NuNinst.exe
2009-01-18 15:56 85,360 --------- C:\WINDOWS\system32\drivers\incdfs.sys
2009-01-18 15:56 4,976 --------- C:\WINDOWS\system32\drivers\incdrec.sys
2009-01-18 15:56 26,784 --------- C:\WINDOWS\system32\drivers\incdpass.sys
2009-01-18 15:56 <DIR> d-------- C:\WINDOWS\InCD
2009-01-18 15:56 <DIR> d-------- C:\Programmi\Ahead
2009-01-18 13:38 <DIR> d-------- C:\Programmi\Nero
2009-01-18 13:38 <DIR> d-------- C:\Programmi\File comuni\Nero
2009-01-18 13:23 <DIR> d-------- C:\WINDOWS\SxsCaPendDel


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-02-18 12:38:08 86,364 ----a-w C:\WINDOWS\system32\perfc010.dat
2009-02-18 12:38:08 475,848 ----a-w C:\WINDOWS\system32\perfh010.dat
2009-02-17 20:50:52 12 ----a-w C:\WINDOWS\bthservsdp.dat
2009-01-08 21:11:38 103,488 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2009-01-04 16:55:20 -------- d-----w C:\Programmi\Crawler
2009-01-02 02:15:26 24,872 ----a-w C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2008-12-28 17:04:26 -------- d-----w C:\Programmi\Belkin
2008-12-19 20:10:42 -------- d-----w C:\Programmi\Western Digital
2008-12-06 12:36:18 153,139 ----a-w C:\WINDOWS\hpoins14.dat
2008-11-23 15:02:22 56 ------w C:\WINDOWS\system32\ezsidmv.dat
2008-11-22 21:04:22 235 ----a-w C:\WINDOWS\FlashSaver.dat
2008-11-19 17:21:48 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}=C:\Programmi\Crawler\Toolbar\ctbr.dll [2008-12-22 02:10]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll [2008-12-11 22:47]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-11 23:12]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Programmi\Windows Live Toolbar\msntb.dll [2006-09-27 17:45]
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}=C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-11 22:47]
{FE063DB1-4EC0-403e-8DD8-394C54984B2C}=C:\Programmi\AskTBar\bar\2.bin\ASKTBAR.DLL [2009-01-18 16:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-10 11:40]
"UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" []
"Sunkist2k"="C:\Programmi\Multimedia Card Reader\shwicon2k.exe" [2004-12-10 11:49]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-11-02 21:58]
"USBToolTip"="C:\Programmi\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-06-01 03:37]
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-19 21:12]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"InCD"="C:\Programmi\Ahead\InCD\InCD.exe" [2003-05-23 15:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:14]
"E08IXLRD_923015"="C:\Programmi\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.exe" [2007-06-12 23:09]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2008-09-29 17:57]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2008-04-14 04:14]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-11 23:12]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-08-21 14:52]
"AnyDVD"="C:\Programmi\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-01-09 14:05]
"Performance Center"="C:\Programmi\Ascentive\Performance Center\ApcMain.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
%SystemRoot%\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
bthsvcs BthServ
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
napagent


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e4e1e12-f872-11dd-bf8a-00a0c6000000}]
AutoRun\command- F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5233e77c-f93d-11dd-bf8c-00c09fe1abbc}]
AutoRun\command- F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5233e77d-f93d-11dd-bf8c-00c09fe1abbc}]
AutoRun\command- F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5233e77f-f93d-11dd-bf8c-00c09fe1abbc}]
AutoRun\command- F:\AutoRun.exe


Contents of the 'Scheduled Tasks' folder
2008-06-09 21:09:00 C:\WINDOWS\tasks\Critical Battery Alarm Program.job
2009-02-18 13:19:04 C:\WINDOWS\tasks\Verifica aggiornamenti per Windows Live Toolbar.job
2009-02-18 12:36:14 C:\WINDOWS\tasks\WebReg Deskjet F2100 series.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-18 14:34:40
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


Completion time: 2009-02-18 14:35:21
C:\ComboFix3.txt ... 2009-02-18 14:06
C:\ComboFix2.txt ... 2009-02-18 14:25

--- E O F ---
r16
Inviato: Wednesday, February 18, 2009 9:04:21 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Lo hai installato tu questo programma? Ascentive
Poi:
Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe\ Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e4e1e12-f872-11dd-bf8a-00a0c6000000}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5233e77c-f93d-11dd-bf8c-00c09fe1abbc}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5233e77d-f93d-11dd-bf8c-00c09fe1abbc}]
AutoRun\command- F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5233e77f-f93d-11dd-bf8c-00c09fe1abbc}]


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix




ejman
Inviato: Wednesday, February 18, 2009 9:43:55 PM

Rank: Member

Iscritto dal : 1/24/2009
Posts: 15
ciao, abbiamo fatto come hai detto, ora ti inviamo il nuovo log di combofix con gli aggiornamenti che ci hai dato
eccolo: nuovamente grazie , apresto

"Utente" - 2009-02-18 21.32.02 Service Pack 3
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Utente\"
Command switches used :: "F:\ciao.txt"


((((((((((((((((((((((((((((((( Files Created from 2009-01-18 to 2009-02-18 ))))))))))))))))))))))))))))))))))


2009-02-18 21:00 <DIR> d-------- C:\Programmi\VS Revo Group
2009-02-18 14:06 49,152 --a------ C:\WINDOWS\nircmd.exe
2009-02-17 21:00 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-02-17 21:00 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2009-02-17 21:00 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2009-02-17 21:00 <DIR> d-------- C:\DOCUME~1\Utente\DATIAP~1\Malwarebytes
2009-02-17 21:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATIAP~1\Malwarebytes
2009-02-12 20:46 110,080 --a------ C:\WINDOWS\system32\drivers\ONDAusbnet.sys
2009-02-12 20:46 105,216 --a------ C:\WINDOWS\system32\drivers\ONDAusbvoice.sys
2009-02-12 20:46 104,960 --a------ C:\WINDOWS\system32\drivers\ONDAusbser6k.sys
2009-02-12 20:46 104,960 --a------ C:\WINDOWS\system32\drivers\ONDAusbnmea.sys
2009-02-12 20:46 104,960 --a------ C:\WINDOWS\system32\drivers\ONDAusbmdm6k.sys
2009-02-12 20:46 <DIR> d-------- C:\Programmi\Alice MOBILE
2009-02-11 20:31 <DIR> d-------- C:\WINDOWS\system32\SupportAppXL
2009-02-01 22:07 20,480 --a------ C:\WINDOWS\system32\SysRestore.dll
2009-02-01 22:06 <DIR> d-------- C:\Programmi\Ascentive
2009-01-18 15:57 1,155,072 --------- C:\WINDOWS\NuNinst.exe
2009-01-18 15:56 85,360 --------- C:\WINDOWS\system32\drivers\incdfs.sys
2009-01-18 15:56 4,976 --------- C:\WINDOWS\system32\drivers\incdrec.sys
2009-01-18 15:56 26,784 --------- C:\WINDOWS\system32\drivers\incdpass.sys
2009-01-18 15:56 <DIR> d-------- C:\WINDOWS\InCD
2009-01-18 15:56 <DIR> d-------- C:\Programmi\Ahead
2009-01-18 13:38 <DIR> d-------- C:\Programmi\Nero
2009-01-18 13:38 <DIR> d-------- C:\Programmi\File comuni\Nero
2009-01-18 13:23 <DIR> d-------- C:\WINDOWS\SxsCaPendDel


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-02-18 20:11:14 86,364 ----a-w C:\WINDOWS\system32\perfc010.dat
2009-02-18 20:11:14 475,848 ----a-w C:\WINDOWS\system32\perfh010.dat
2009-02-18 20:05:02 12 ----a-w C:\WINDOWS\bthservsdp.dat
2009-01-08 21:11:38 103,488 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2009-01-04 16:55:20 -------- d-----w C:\Programmi\Crawler
2009-01-02 02:15:26 24,872 ----a-w C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2008-12-28 17:04:26 -------- d-----w C:\Programmi\Belkin
2008-12-19 20:10:42 -------- d-----w C:\Programmi\Western Digital
2008-12-06 12:36:18 153,139 ----a-w C:\WINDOWS\hpoins14.dat
2008-11-23 15:02:22 56 ------w C:\WINDOWS\system32\ezsidmv.dat
2008-11-22 21:04:22 235 ----a-w C:\WINDOWS\FlashSaver.dat
2008-11-19 17:21:48 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}=C:\Programmi\Crawler\Toolbar\ctbr.dll [2008-12-22 02:10]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll [2008-12-11 22:47]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-11 23:12]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Programmi\Windows Live Toolbar\msntb.dll [2006-09-27 17:45]
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}=C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-11 22:47]
{FE063DB1-4EC0-403e-8DD8-394C54984B2C}=C:\Programmi\AskTBar\bar\2.bin\ASKTBAR.DLL [2009-01-18 16:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-10 11:40]
"UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" []
"Sunkist2k"="C:\Programmi\Multimedia Card Reader\shwicon2k.exe" [2004-12-10 11:49]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-11-02 21:58]
"USBToolTip"="C:\Programmi\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-06-01 03:37]
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-19 21:12]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"InCD"="C:\Programmi\Ahead\InCD\InCD.exe" [2003-05-23 15:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:14]
"E08IXLRD_923015"="C:\Programmi\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.exe" [2007-06-12 23:09]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2008-09-29 17:57]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2008-04-14 04:14]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-11 23:12]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-08-21 14:52]
"AnyDVD"="C:\Programmi\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-01-09 14:05]
"Performance Center"="C:\Programmi\Ascentive\Performance Center\ApcMain.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
%SystemRoot%\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
bthsvcs BthServ
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
napagent


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e4e1e12-f872-11dd-bf8a-00a0c6000000}]
AutoRun\command- F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5233e77c-f93d-11dd-bf8c-00c09fe1abbc}]
AutoRun\command- F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5233e77d-f93d-11dd-bf8c-00c09fe1abbc}]
AutoRun\command- F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5233e77f-f93d-11dd-bf8c-00c09fe1abbc}]
AutoRun\command- F:\AutoRun.exe

*Newly Created Service* - ONDA_AUTORUN_CDROM_MONITOR

Contents of the 'Scheduled Tasks' folder
2008-06-09 21:09:00 C:\WINDOWS\tasks\Critical Battery Alarm Program.job
2009-02-18 20:19:04 C:\WINDOWS\tasks\Verifica aggiornamenti per Windows Live Toolbar.job
2009-02-18 12:36:14 C:\WINDOWS\tasks\WebReg Deskjet F2100 series.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-18 21:36:03
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


Completion time: 2009-02-18 21.36.49
C:\ComboFix3.txt ... 2009-02-18 14:25
C:\ComboFix2.txt ... 2009-02-18 14:38

--- E O F ---
ejman
Inviato: Wednesday, February 18, 2009 9:50:47 PM

Rank: Member

Iscritto dal : 1/24/2009
Posts: 15
Dimenticavo il programma ascentive non lo ha installato lui. Grazie
r16
Inviato: Wednesday, February 18, 2009 11:20:58 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Se non lo hai installato tu, esegui queste operazioni:
Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\2.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Performance Center] C:\Programmi\Ascentive\Performance Center\ApcMain.exe -m
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
Trova e cancella i file in rosso:
C:\Programmi\AskTBar\bar\2.bin\ASKTBAR.DLL (è una cartella)
C:\Programmi\Crawler\Toolbar\ctbr.dll (è una cartella)
C:\Programmi\Ascentive\Performance Center\ApcMain.exe -m (è una cartella)
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Riavvia il pc per confermare le modifiche.
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO

Fai queste operazioni, poi dimmi come và il pc e se il problema è risolto.
L'operazione di Combofix, non è andata a buon fine in quanto sono stati commessi 2 errori: 1 a testa.
Niente di irreparabile, dimmi come và il pc.
ejman
Inviato: Friday, February 20, 2009 8:26:51 PM

Rank: Member

Iscritto dal : 1/24/2009
Posts: 15
ciao, dopo le vostre attenzioni il pc del mio amico funziona alla perfezione, penso abbia risolto i problemi e siamo riusciti a connetterci tranquillamente, ora gli ho detto di crearsi un suo accoun, che sicuramente fara vista la vostra professionalita

ringrazio tutto lo staff di aiutamici ed in modo particolare r16 che ha seguito i problemi


grazie
r16
Inviato: Friday, February 20, 2009 8:36:16 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Figurati....di niente.
Digli al tuo amico che faccia una scansione con il suo antivirus nella lettera F:\ .
Non sò se tale lettera è riferita a una chiavetta USB, o a una partizione del HD, oppure a un Hard Disck esterno.
Sò che è molto probabile che sia infetta.
Ciao.
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.