Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » i risultati scansione con ClamWin

i risultati scansione con ClamWin Opzioni
Topic Precedente · Topic Sucessivo
paoloc351
Inviato: Saturday, October 24, 2009 5:44:50 PM

Rank: Member

Iscritto dal : 10/24/2009
Posts: 28
Salve, Vi posto il risultato della scansione con ClamWin, mi indicate come procedere ad eliminare i file infetti o a ripararli.
Grazie.

Scan Started Sat Oct 24 12:56:38 2009




C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Microsoft\CardSpace\CardSpace.db: Permission denied

C:\Documents and Settings\Paolo\Impostazioni locali\Temp\nsoF.tmp: Permission denied

C:\Documents and Settings\Paolo\Impostazioni locali\Temp\~DF3B8D.tmp: Permission denied

C:\Documents and Settings\Paolo\Impostazioni locali\Temp\~DFF78E.tmp: Permission denied

C:\Documents and Settings\Paolo\Impostazioni locali\Temp\~DFF7B9.tmp: Permission denied

C:\Documents and Settings\Paolo\Impostazioni locali\Temp\~DFF8EC.tmp: Permission denied

C:\Documents and Settings\Paolo\Impostazioni locali\Temp\~DFF917.tmp: Permission denied

C:\Documents and Settings\Paolo\Impostazioni locali\Temp\~DFFA92.tmp: Permission denied

C:\Documents and Settings\Paolo\Impostazioni locali\Temp\~DFFABE.tmp: Permission denied

C:\hiberfil.sys: Permission denied

C:\pagefile.sys: Permission denied

C:\WINDOWS\system32\CatRoot2\tmp.edb: Permission denied

C:\WINDOWS\system32\config\default: Permission denied

C:\WINDOWS\system32\config\SAM: Permission denied

C:\WINDOWS\system32\config\SECURITY: Permission denied

C:\WINDOWS\system32\config\software: Permission denied

C:\WINDOWS\system32\config\system: Permission denied

C:\WINDOWS\system32\drivers\fidbox.idx: Permission denied



C:\Documents and Settings\Linda\Documenti\2_Lavori\Utility - 1\Archicad librerie aggiuntive\Archicad 9 ita-(Print Repared)_provato_funziona.rar: Worm.Autorun-584 FOUND

C:\Documents and Settings\Linda\Documenti\Programmi\Artlantis Studio 2 - Ultimo\Artlantis.Studio.v2.0.3.3.Multilanguage-ENGiNE\ENGiNE\Artlantis studio 2.0.3.3_Crk.exe: Trojan.Agent-121200 FOUND

C:\Programmi\Graphisoft\ArchiCAD 11\Archicad.v11.build.966_Crk.exe: Virtool.Small-5 FOUND

----------- SCAN SUMMARY -----------

Known viruses: 636715

Engine version: 0.95.2

Scanned directories: 11923

Scanned files: 115336

Infected files: 3



Data scanned: 41096.45 MB

Data read: 41528.90 MB (ratio 0.99:1)

Time: 16778.297 sec (279 m 38 s)


Completed
Torna in alto
 
Sponsor
Inviato: Saturday, October 24, 2009 5:44:50 PM

 
Torna in alto
 
paolopa
Inviato: Saturday, October 24, 2009 6:08:25 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
a questi punti il mio consiglio è postare un log di hijack,di modo che qualche esperto(non certamente io purtroppo)possa analizzarlo e dirti le procedure http://www.aiutamici.com/software?ID=11175 c è anche la versione usb se non vuoi installarla sul pc.
poi,intanto che aspetti,potresti farti una scansione con malwarebytes http://www.aiutamici.com/software?ID=80346 ,lo scarichi,lo aggiorni e fai una scansione completa,ti rilascera' un log, posta anche quello.
Torna in alto
 
paoloc351
Inviato: Saturday, October 24, 2009 6:13:04 PM

Rank: Member

Iscritto dal : 10/24/2009
Posts: 28
Questo è il risultato di Hijack
Cmq Grazie Paolopa.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.10.07, on 24/10/09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe *
C:\WINDOWS\System32\svchost.exe *
C:\WINDOWS\system32\svchost.exe *
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
C:\Programmi\Maggioli Editore\Banchedati\prg\bdsrvc.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\dllhost.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\WINDOWS\System32\dmadmin.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Programmi\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Programmi\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [DriverMax] "E:\DriverMax\devices.exe" -agent
O4 - Global Startup: BTTray.lnk = ?
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programmi\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bd Http Server (BdHttpServer) - Unknown owner - C:\Programmi\Maggioli Editore\Banchedati\prg\bdsrvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Servizio di Google Update (gupdate1c9faff92e9969a) (gupdate1c9faff92e9969a) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10264 bytes
Torna in alto
 
panchoz
Inviato: Saturday, October 24, 2009 7:34:47 PM

Rank: AiutAmico

Iscritto dal : 11/6/2008
Posts: 2,452
Shhh Togliti una curiosità da solo mentre aspetti. La scansione con Malwarebytes ti ha suggerito Paolopa.

Avrai notato in fondo alla Guida di HiJackThis un link per il controllo online del Log, provaci!

http://www.hijackthis.de/index.php

Tranquillo, ma non toccare nulla.
Torna in alto
 
paoloc351
Inviato: Saturday, October 24, 2009 9:13:20 PM

Rank: Member

Iscritto dal : 10/24/2009
Posts: 28
Vi posto il risultato della scansione con Malwarebytes

Malwarebytes' Anti-Malware 1.41
Versione del database: 3025
Windows 5.1.2600 Service Pack 3

24/10/09 8.53.10
mbam-log-2009-10-24 (20-53-05).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 230688
Tempo trascorso: 1 hour(s), 34 minute(s), 20 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 2
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
Torna in alto
 
paoloc351
Inviato: Saturday, October 24, 2009 9:24:07 PM

Rank: Member

Iscritto dal : 10/24/2009
Posts: 28
Grazie Panchoz, suggerimento accettato. il risultato nn mi segnala grossi problemi ma nn capisco il seguente risultato

C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE Abbastanza sospetto!
Secondo il nostro archivio, questo programma gira normalmente in c:\programme\widcomm\blueto~1\!. Controllare questa installazione e sottoponila a controllo antivirus se ritieni.

C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe Sicuro
Abbastanza sospetto! Secondo il nostro archivio, questo programma gira normalmente in c:\programme\.*bluetooth software\!. Controllare questa installazione e sottoponila a controllo antivirus se ritieni. Questa voce è stata classificata dai nostri visitatori come sicura.

C:\Programmi\PC Connectivity Solution\ServiceLayer.exe Davvero sicuro
Abbastanza sospetto! Secondo il nostro archivio, questo programma gira normalmente in c:\programme\.*pcsuite\services\!. Controllare questa installazione e sottoponila a controllo antivirus se ritieni. Questa voce è stata classificata dai nostri visitatori come sicura.


Cosa devo fare a tal proposito?
saluti
Torna in alto
 
r16
Inviato: Saturday, October 24, 2009 9:45:51 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Innanzi tutto Elimina quello che ha trovato Malwarebytes.
Poi fai questa scansione:
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di Combofix e (qoobox)
Torna in alto
 
panchoz
Inviato: Saturday, October 24, 2009 10:00:46 PM

Rank: AiutAmico

Iscritto dal : 11/6/2008
Posts: 2,452
paoloc351 ha scritto:


Cosa devo fare a tal proposito?
saluti



Esegui pedissequamente le indicazioni di R16
Torna in alto
 
paoloc351
Inviato: Sunday, October 25, 2009 8:43:59 AM

Rank: Member

Iscritto dal : 10/24/2009
Posts: 28
ecco il risultato di combofix

grazie

ComboFix 09-10-24.01 - Paolo 25/10/09 8.20.23.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1022.536 [GMT 1:00]
Eseguito da: c:\documents and settings\Paolo\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091024-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD0EC-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD0EC-FFA4-00F3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-00EB-0D24-347CA8A3377C}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
ADS - explorer.exe: deleted 88 bytes in 2 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Menu Avvio\HP Image Zone .lnk
c:\documents and settings\Paolo\Impostazioni locali\Dati applicazioni\soiegoi.dat
c:\documents and settings\Paolo\Impostazioni locali\Dati applicazioni\soiegoi_nav.dat
c:\documents and settings\Paolo\Impostazioni locali\Dati applicazioni\soiegoi_navps.dat

.
((((((((((((((((((((((((( Files Creati Da 2009-09-25 al 2009-10-25 )))))))))))))))))))))))))))))))))))
.

2009-10-24 16:16 . 2009-10-24 16:16 -------- d-----w- c:\documents and settings\Paolo\Dati applicazioni\Malwarebytes
2009-10-24 16:16 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-24 16:16 . 2009-10-24 16:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-10-24 16:16 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-24 11:24 . 2009-10-24 11:24 -------- d-----w- c:\documents and settings\Paolo\Impostazioni locali\Dati applicazioni\Innovative Solutions
2009-10-24 11:24 . 2009-10-24 11:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Innovative Solutions
2009-10-24 07:14 . 2009-10-24 07:14 -------- d-----w- c:\programmi\Trend Micro
2009-10-16 21:24 . 2009-10-16 21:24 -------- d-----w- c:\programmi\TIAB
2009-09-25 17:59 . 2004-08-17 00:40 16384 ----a-w- c:\windows\system32\FileOps.exe
2009-09-25 17:59 . 2009-09-25 17:59 -------- d-----w- c:\windows\system32\Adobe
2009-09-25 16:19 . 2009-09-25 16:19 -------- d-----w- c:\documents and settings\Paolo\Impostazioni locali\Dati applicazioni\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 07:34 . 2008-07-26 06:32 67119136 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-25 07:18 . 2004-08-19 12:00 89790 ----a-w- c:\windows\system32\perfc010.dat
2009-10-25 07:18 . 2004-08-19 12:00 502766 ----a-w- c:\windows\system32\perfh010.dat
2009-10-24 20:42 . 2008-07-26 06:32 789872 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-23 16:24 . 2007-12-01 09:18 -------- d-----w- c:\documents and settings\Paolo\Dati applicazioni\Skype
2009-10-23 15:25 . 2007-12-01 09:19 -------- d-----w- c:\documents and settings\Paolo\Dati applicazioni\skypePM
2009-10-20 16:20 . 2009-08-29 21:51 -------- d-----w- c:\programmi\Alice MOBILE
2009-10-19 18:40 . 2006-06-09 17:36 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-19 18:38 . 2007-12-28 20:31 -------- d-----w- c:\documents and settings\Linda\Dati applicazioni\Skype
2009-10-19 18:25 . 2007-12-28 20:53 -------- d-----w- c:\documents and settings\Linda\Dati applicazioni\skypePM
2009-10-11 21:25 . 2009-07-11 22:07 272784 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-10-11 09:24 . 2009-01-21 20:42 -------- d-----w- c:\programmi\Microsoft
2009-10-07 21:53 . 2009-07-04 13:07 -------- d-----w- c:\programmi\File comuni\Nokia
2009-10-07 21:52 . 2006-07-11 17:40 -------- d-----w- c:\programmi\Nokia
2009-10-06 18:39 . 2008-03-02 09:23 -------- d-----w- c:\documents and settings\Linda\Dati applicazioni\U3
2009-09-25 17:11 . 2009-08-29 07:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Drivers HeadQuarters
2009-09-22 17:00 . 2009-09-22 17:00 -------- d-----w- c:\documents and settings\Paolo\Dati applicazioni\HpUpdate
2009-09-22 16:52 . 2009-09-22 16:51 -------- d-----w- c:\documents and settings\Linda\Dati applicazioni\HpUpdate
2009-09-18 19:23 . 2006-05-16 07:50 -------- d-----w- c:\programmi\File comuni\Macrovision Shared
2009-09-17 21:30 . 2009-09-17 21:30 -------- d-----w- c:\programmi\File comuni\DVDVideoSoft
2009-09-17 21:30 . 2009-09-17 21:30 -------- d-----w- c:\programmi\DVDVideoSoft
2009-09-17 21:19 . 2009-09-17 21:19 -------- d-----w- c:\documents and settings\Linda\Dati applicazioni\InterVideo
2009-09-17 11:33 . 2009-09-17 11:33 -------- d-----w- c:\programmi\imaxel
2009-09-11 14:17 . 2004-08-19 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-19 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 21:51 . 2006-05-15 14:17 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-08-29 07:56 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:38 . 2009-08-29 07:17 -------- d-----w- c:\programmi\Flash Memory Toolkit
2009-08-26 20:41 . 2007-04-10 10:33 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2009-08-26 20:41 . 2007-04-10 10:33 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2009-08-26 20:40 . 2007-04-10 10:33 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2009-08-26 08:00 . 2004-08-19 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 16:10 . 2007-09-13 08:58 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2007-09-13 08:58 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2007-09-13 08:58 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-04-25 09:18 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-04-25 09:18 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2007-09-13 08:58 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2007-09-13 08:58 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2007-09-13 08:58 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2007-09-13 08:58 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-06 17:24 . 2006-05-15 13:57 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2006-05-15 13:57 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2006-05-15 13:57 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2005-05-26 02:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2006-05-15 13:57 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2004-08-19 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2006-05-15 13:57 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2008-11-14 08:32 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 17:23 . 2008-11-14 08:32 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 17:23 . 2006-05-15 13:57 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 08:59 . 2004-08-19 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 20:56 . 2004-08-19 12:00 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:52 . 2009-08-04 17:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 17:26 . 2004-08-19 15:34 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2006-07-26 20:19 . 2006-07-26 20:19 2518 ----a-w- c:\programmi\Install.inf
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer" [X]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SoundMAXPnP"="c:\programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"Apoint"="c:\programmi\Apoint2K\Apoint.exe" [2005-02-08 159744]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-20 344064]
"Cpqset"="c:\programmi\HPQ\Default Settings\cpqset.exe" [2005-03-29 233534]
"QlbCtrl.exe"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-09-25 202032]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-11-12 208952]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"NokiaMusic FastStart"="c:\programmi\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-22 2331936]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2006-09-01 282624]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-04-13 88209]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2005-5-31 577597]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\G:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnsvc"=3 (0x3)
"iPodService"=3 (0x3)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25/04/08 10.18.52 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/04/08 10.18.52 20560]
R2 BdHttpServer;Bd Http Server;c:\programmi\Maggioli Editore\Banchedati\prg\bdsrvc.exe [14/06/04 1.56.14 1421824]
R3 Com4QLBEx;Com4QLBEx;c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [23/11/08 10.45.33 193840]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [29/08/09 10.50.17 81920]
S2 gupdate1c9faff92e9969a;Servizio di Google Update (gupdate1c9faff92e9969a);c:\programmi\Google\Update\GoogleUpdate.exe [02/07/09 11.26.32 133104]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE [30/03/09 3.28.36 1533808]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [29/08/09 10.51.51 104960]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [29/08/09 10.51.51 110080]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [29/08/09 10.51.51 104960]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [29/08/09 10.51.51 104960]
S4 Rdentsitrcw;Rdentsitrcw; [x]
.
Contenuto della cartella 'Scheduled Tasks'

2009-10-25 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2008-07-26 16:10]

2009-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-07-02 10:26]

2009-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-07-02 10:26]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-Locked - (no file)
AddRemove-DMX5_is1 - e:\drivermax\unins000.exe
AddRemove-eMule - f:\programmi\eMule\Uninstall.exe
AddRemove-Malwarebytes' Anti-Malware_is1 - e:\malwarebytes' anti-malware\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-25 08:34
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\HPQ\Default Settings\cpqset.exe????????????2?3?7?6??????? ???B?????????????hLC????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1960408961-1844237615-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-10-25 8.37.16
ComboFix-quarantined-files.txt 2009-10-25 07:37

Pre-Run: 33.088.475.136 byte disponibili
Post-Run: 34.316.320.768 byte disponibili

- - End Of File - - 6B515C731DFEA8D4F271B39D76474D8A
Torna in alto
 
r16
Inviato: Sunday, October 25, 2009 1:47:06 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Elimina Combofix.
Posta un log di HJT, per una verifica.
Torna in alto
 
paoloc351
Inviato: Sunday, October 25, 2009 5:47:43 PM

Rank: Member

Iscritto dal : 10/24/2009
Posts: 28
ecco il log di hij dopo combofix. Nn trovo le cartelle di combofix che devo elimiminare dopo la disinstallazione.
grazie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.46.45, on 25/10/09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
C:\Programmi\Maggioli Editore\Banchedati\prg\bdsrvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\WINDOWS\System32\dmadmin.exe
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Programmi\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Programmi\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programmi\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bd Http Server (BdHttpServer) - Unknown owner - C:\Programmi\Maggioli Editore\Banchedati\prg\bdsrvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Servizio di Google Update (gupdate1c9faff92e9969a) (gupdate1c9faff92e9969a) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10001 bytes
Torna in alto
 
r16
Inviato: Sunday, October 25, 2009 10:27:57 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Per sicurezza, con la funzione "Cerca" digita Combofix ed elimina tutto quello che trova.
Poi:
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
O4 - HKLM\..\Run: [Apoint] "C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Programmi\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Global Startup: BTTray.lnk = ?
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -

Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su Remove selected

Fai uno ScanDisk approfondito, e una deframmentazione del HD.

Riattiva il ripristino configurazione di sistema
Se non riscontri problemi, sei a posto.
Torna in alto
 
paoloc351
Inviato: Tuesday, October 27, 2009 9:23:36 AM

Rank: Member

Iscritto dal : 10/24/2009
Posts: 28
Ciao R16
Ancora nn sono riuscito a fare l'ultima operazione che hai indicato, nn ho avuto il portatile con me.
Ti volevo chiede un informazione, la funzione fix checked di hijackthis suppongo che nn elimina le voci segnate ma li disattiva. Le voci segnate vanno disattivate perke sono pericolosi oppure sono inutili? Te lo chiedo per soddisfare una pura curiosità e capirne di piu' in materia.
Grazie
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » i risultati scansione con ClamWin


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.