Mi controllereste il log gentilmente? - Sicurezza VIRUS

Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllereste il log gentilmente?

Mi controllereste il log gentilmente?

Opzioni

Topic Precedente · Topic Sucessivo

El_PaMpErO

Inviato: Monday, November 16, 2009 8:32:47 PM

Rank: Member

Iscritto dal : 3/8/2007
Posts: 11

Il pc va terribilmente lento su internet :(
Questo è il log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.31.54, on 16/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\DLink\Software Bluetooth\bin\btwdins.exe
C:\Programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programmi\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmi\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Programmi\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmi\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\DLink\Software Bluetooth\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Programmi\ARESCOM\Modem Telindus Arescom ND220\dslmon.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Programmi\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Programmi\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Programmi\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Programmi\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Programmi\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Programmi\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [Test321] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe
O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\DLink\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmi\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmi\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\DLink\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\DLink\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219150639707
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05022B30-4853-4CA2-A5CB-490089087408}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{29FB9897-51DB-444F-938C-B72F920D8C1B}: NameServer = 85.37.17.49 85.38.28.91
O17 - HKLM\System\CS1\Services\Tcpip\..\{05022B30-4853-4CA2-A5CB-490089087408}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\DLink\Software Bluetooth\bin\btwdins.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 11644 bytes

Torna in alto

Sponsor

Inviato: Monday, November 16, 2009 8:32:47 PM

Torna in alto

shapiro

Inviato: Monday, November 16, 2009 8:41:17 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

ciao

hai delle infezioni da eliminare

Scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Disconnetiti da internet
Disattiva l'antivirus.
Avvia il file ComboFix.exe
Digita 1 per avviare il tool
Segui le istruzioni (non fare nulla durante la scansione, se spariscono le icone dal desktop è normale) e alla fine verrà generato un log.
Finito, posta il log che trovi in C:\Combofix.txt

Torna in alto

El_PaMpErO

Inviato: Monday, November 16, 2009 9:45:09 PM

Rank: Member

Iscritto dal : 3/8/2007
Posts: 11

ComboFix 09-11-16.05 - Lino 16/11/2009 21.03.12..1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.502.337 [GMT 1:00]
Eseguito da: c:\documents and settings\Lino\Desktop\ComboFix.exe

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Lino\php.exe
c:\recycler\S-1-5-21-0243556031-888888379-781863308-1455
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe
c:\windows\system32\pwdmon.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-10-16 al 2009-11-16 )))))))))))))))))))))))))))))))))))
.

2009-11-16 19:31 . 2009-11-16 19:31 -------- d-----w- c:\programmi\Trend Micro
2009-11-14 16:13 . 2009-11-14 16:13 -------- d-----w- c:\documents and settings\Lino\Dati applicazioni\PlayFirst
2009-11-14 16:13 . 2009-11-14 16:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PlayFirst
2009-11-14 16:12 . 2009-11-14 16:12 -------- d-----w- c:\programmi\PopCap Games
2009-11-13 13:27 . 2009-11-16 19:51 43520 ----a-w- c:\documents and settings\Lino\pxxy.exe
2009-11-10 17:52 . 2009-11-10 17:52 -------- d-----w- c:\windows\system32\QuickTime
2009-11-10 17:51 . 2009-11-10 17:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TechSmith
2009-11-10 17:51 . 2009-11-10 17:51 -------- d-----w- c:\programmi\QuickTime
2009-11-10 17:50 . 2009-11-10 17:50 -------- d-----w- c:\programmi\File comuni\TechSmith Shared
2009-11-10 17:50 . 2009-11-10 17:50 -------- d-----w- c:\programmi\TechSmith
2009-11-09 20:37 . 2009-11-09 20:37 -------- d-----w- c:\documents and settings\Lino\Dati applicazioni\dvdcss
2009-11-09 19:49 . 2005-06-15 02:00 102400 ----a-w- c:\windows\system32\tsccvid.dll
2009-11-09 19:25 . 2009-11-09 19:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVS4YOU
2009-11-09 19:24 . 2009-11-09 19:24 -------- d-----w- c:\documents and settings\Lino\Dati applicazioni\AVS4YOU
2009-11-09 19:23 . 2009-11-09 19:41 -------- d-----w- c:\programmi\File comuni\AVSMedia
2009-11-09 19:22 . 2009-11-09 19:42 -------- d-----w- c:\programmi\AVS4YOU
2009-11-06 08:18 . 2009-11-12 14:38 43520 ----a-w- c:\documents and settings\Lino\p4xy.exe
2009-11-05 09:56 . 2009-11-09 19:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\file joy proc deaf
2009-11-05 09:56 . 2009-11-05 10:03 684032 ----a-w- c:\documents and settings\All Users\Dati applicazioni\file joy proc deaf\first move.exe
2009-11-05 09:56 . 2009-11-05 09:59 -------- d-----w- c:\programmi\TorrentSpeeder
2009-11-05 09:45 . 2009-11-05 09:46 -------- d-----w- c:\programmi\PartyGaming
2009-10-28 22:31 . 2009-10-28 22:31 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-10-27 19:25 . 2009-10-28 22:28 -------- d-----w- c:\programmi\Total Video Converter
2009-10-27 12:03 . 2009-10-27 12:03 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-27 12:03 . 2009-11-06 16:33 -------- d-----w- c:\documents and settings\Lino\Dati applicazioni\skypePM
2009-10-27 12:02 . 2009-11-06 16:51 -------- d-----w- c:\documents and settings\Lino\Dati applicazioni\Skype
2009-10-27 12:00 . 2009-10-27 12:00 -------- d-----w- c:\programmi\File comuni\Skype
2009-10-27 12:00 . 2009-10-27 12:01 -------- d-----r- c:\programmi\Skype
2009-10-27 12:00 . 2009-10-27 12:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-10-21 15:17 . 2009-10-21 15:17 -------- d-----w- c:\windows\Sun
2009-10-21 15:15 . 2009-10-21 15:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-21 15:15 . 2009-10-21 15:15 -------- d-----w- c:\programmi\Java
2009-10-21 15:14 . 2009-10-21 15:14 152576 ----a-w- c:\documents and settings\Lino\Dati applicazioni\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-20 12:20 . 2009-10-21 12:19 45056 ----a-w- c:\documents and settings\Lino\ndp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-11 15:16 . 2008-09-06 14:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-11-11 00:42 . 2009-03-22 19:41 -------- d-----w- c:\documents and settings\Lino\Dati applicazioni\U3
2009-11-10 17:53 . 2009-10-02 14:19 -------- d-----w- c:\documents and settings\Lino\Dati applicazioni\vlc
2009-11-09 19:45 . 2008-08-19 20:52 71120 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-09 19:43 . 2008-11-04 20:11 -------- d-----w- c:\programmi\TeamViewer3
2009-11-07 14:08 . 2009-01-21 20:18 -------- d-----w- c:\documents and settings\Lino\Dati applicazioni\DataCast
2009-11-07 14:08 . 2008-08-19 20:54 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-11-07 14:05 . 2008-08-19 19:55 -------- d-----w- c:\programmi\Microsoft Works
2009-11-07 14:02 . 2009-10-03 16:59 -------- d-----w- c:\programmi\File comuni\HP
2009-11-06 09:15 . 2008-08-20 15:51 -------- d-----w- c:\documents and settings\Lino\Dati applicazioni\uTorrent
2009-11-04 00:21 . 2009-10-16 12:16 24064 ----a-w- c:\documents and settings\Lino\pxy.exe
2009-10-28 22:27 . 2008-08-20 20:51 -------- d-----w- c:\programmi\Sony
2009-10-28 22:26 . 2009-01-21 20:35 -------- d-----w- c:\programmi\MyFree Codec
2009-10-27 21:45 . 2009-10-09 17:31 -------- d-----w- c:\programmi\eMule
2009-10-27 08:36 . 1980-01-01 07:00 85330 ----a-w- c:\windows\system32\perfc010.dat
2009-10-27 08:36 . 1980-01-01 07:00 492504 ----a-w- c:\windows\system32\perfh010.dat
2009-10-15 17:35 . 2009-10-08 12:59 45056 ----a-w- c:\documents and settings\Lino\p3xy.exe
2009-10-09 15:44 . 2009-10-09 15:44 -------- d-----w- c:\programmi\Sega
2009-10-09 14:08 . 2009-10-09 14:08 -------- d-----w- c:\documents and settings\Lino\Dati applicazioni\Creative
2009-10-09 14:05 . 2009-10-09 14:05 -------- d-----w- c:\programmi\Creative
2009-10-07 15:36 . 2009-10-07 15:36 -------- d-----w- c:\programmi\KaraFun
2009-10-07 15:36 . 2009-10-07 15:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Recisio
2009-10-07 13:17 . 2009-10-06 13:07 47616 ----a-w- c:\documents and settings\Lino\nd.exe
2009-10-04 07:27 . 2009-10-03 15:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-10-03 17:15 . 2009-10-03 14:47 119853 ----a-w- c:\windows\hpoins11.dat
2009-10-03 17:05 . 2009-10-03 17:05 -------- d-----w- c:\documents and settings\Lino\Dati applicazioni\HP
2009-10-03 17:05 . 2008-09-21 21:17 -------- d-----w- c:\programmi\HP
2009-10-03 17:05 . 2009-10-03 17:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP
2009-10-03 17:01 . 2009-10-03 17:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Sonic
2009-10-03 16:56 . 2008-09-21 21:15 -------- d-----w- c:\programmi\Hewlett-Packard
2009-10-03 16:54 . 2009-10-03 16:54 -------- d-----w- c:\programmi\File comuni\Hewlett-Packard
2009-10-02 14:30 . 2009-10-02 14:30 -------- d-----w- c:\programmi\Microsoft
2009-10-02 14:29 . 2009-10-02 14:28 -------- d-----w- c:\programmi\Windows Live
2009-10-02 14:29 . 2009-10-02 14:29 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-10-02 14:22 . 2009-10-02 14:22 0 ----a-w- c:\windows\nsreg.dat
2009-10-02 14:22 . 2009-10-02 14:22 -------- d-----w- c:\programmi\Ask.com
2009-10-02 14:21 . 2009-10-02 14:21 -------- d-----w- c:\programmi\File comuni\DVDVideoSoft
2009-10-02 14:21 . 2009-10-02 14:21 -------- d-----w- c:\programmi\DVDVideoSoft
2009-10-02 14:19 . 2009-10-02 14:19 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-10-02 14:16 . 2009-10-02 14:16 -------- d-----w- c:\programmi\VideoLAN
2009-10-02 13:53 . 2009-10-02 13:53 -------- d-----w- c:\programmi\Google
2009-10-02 13:37 . 2008-11-04 20:53 -------- d-----w- c:\programmi\ESET
2009-10-02 13:35 . 2008-08-19 21:05 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2009-10-02 13:18 . 2009-10-02 13:18 19 ----a-w- c:\windows\system32\drivers\adidsl.cfg
2009-10-02 13:18 . 2009-10-02 13:18 -------- d-----w- c:\programmi\ARESCOM
2009-10-02 13:11 . 2008-09-03 15:23 -------- d-----w- c:\programmi\DivX
2009-09-23 14:37 . 2009-10-03 15:13 34112 ----a-w- c:\documents and settings\Lino\Dati applicazioni\Mozilla\Firefox\Profiles\4o4qyhzi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-09-23 14:37 . 2009-10-03 15:13 32448 ----a-w- c:\documents and settings\Lino\Dati applicazioni\Mozilla\Firefox\Profiles\4o4qyhzi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-09-23 14:37 . 2009-10-03 15:13 22352 ----a-w- c:\documents and settings\Lino\Dati applicazioni\Mozilla\Firefox\Profiles\4o4qyhzi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-09-11 14:17 . 1980-01-01 07:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 1980-01-01 07:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:56 . 1980-01-01 07:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 1980-01-01 07:00 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-16 15:22 1144712 ----a-w- c:\programmi\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\programmi\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 442368]
"Creative WebCam Tray"="c:\programmi\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-02 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-30 118784]
"TPKMAPHELPER"="c:\programmi\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-08-07 94208]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 208896]
"UC_Start"="c:\programmi\IBM\Updater\\ucstartup.exe" [2004-06-25 36864]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035]
"ibmmessages"="c:\programmi\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 442368]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-03-19 90112]
"QCTRAY"="c:\programmi\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2004-08-18 708608]
"QCWLICON"="c:\programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-08-18 81920]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2004-07-29 110592]
"BMMLREF"="c:\programmi\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-29 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-29 397312]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Wireless N DWA-140"="c:\programmi\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2007-06-21 1658880]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-21 149280]
"S3TRAY2"="S3Tray2.exe" - c:\windows\system32\S3Tray2.exe [2001-10-12 69632]
"TrackPointSrv"="tp4serv.exe" - c:\windows\system32\tp4serv.exe [2003-11-13 94208]
"TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2002-09-04 53248]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\DLink\Software Bluetooth\BTTray.exe [2003-10-29 503875]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-19 24576]
DSLMON.lnk - c:\programmi\ARESCOM\Modem Telindus Arescom ND220\dslmon.exe [2009-10-2 917600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2004-08-18 10:30 258048 ----a-w- c:\windows\system32\QConGina.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido HP Photosmart Premier.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio rapido HP Photosmart Premier.lnk
backup=c:\windows\pss\Avvio rapido HP Photosmart Premier.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Lino^Menu Avvio^Programmi^Esecuzione automatica^Utilità controllo supporti di Cyber-shot Viewer.lnk]
path=c:\documents and settings\Lino\Menu Avvio\Programmi\Esecuzione automatica\Utilità controllo supporti di Cyber-shot Viewer.lnk
backup=c:\windows\pss\Utilità controllo supporti di Cyber-shot Viewer.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Programmi\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [19/08/2008 22.18.47 16384]
R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [24/09/2004 1.39.58 64256]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [01/01/1980 8.00.00 13904]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [09/10/2009 19.16.12 91830]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [19/08/2008 22.16.16 12288]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [02/01/2009 17.50.38 476416]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - mbr
.
Contenuto della cartella 'Scheduled Tasks'

2008-08-19 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2008-08-19 08:37]

2009-11-15 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-11-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-11-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2009-06-16 15:22]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\programmi\DLink\Software Bluetooth\btsendto_ie_ctx.htm
TCP: {05022B30-4853-4CA2-A5CB-490089087408} = 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Lino\Dati applicazioni\Mozilla\Firefox\Profiles\4o4qyhzi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.it
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Lino\Dati applicazioni\Mozilla\Firefox\Profiles\4o4qyhzi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-Microsoft WinUpdate - c:\windows\system32\msupdte.exe
HKLM-Run-UC_SMB - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-16 21:21
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2416)
c:\windows\system32\WININET.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\ibmpmsvc.exe
c:\windows\system32\S24EvMon.exe
c:\programmi\DLink\Software Bluetooth\bin\btwdins.exe
c:\programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\System32\QCONSVC.EXE
c:\windows\system32\RegSrvc.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDll32.exe
c:\programmi\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Ora fine scansione: 2009-11-16 21:29 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-16 20:28
Ecco il log:

Pre-Run: 3.115.491.328 byte disponibili
Post-Run: 3.565.850.624 byte disponibili

- - End Of File - - FB30FB7BDB6AAFB9897D3E9888360453

Torna in alto

shapiro

Inviato: Monday, November 16, 2009 10:14:28 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

Installa Ccleaner, durante l’installazione deseleziona l’opzione per la barra di Yahoo, lo apri, vai in Opzioni>Avanzate, togli la spunta a “Cancella file temp diwindows solo se più vecchi di 48 ore”, poi avvialo, seleziona "Analizza" ed alla fine dell'analisi premi "Avvia pulizia''

http://www.filehippo.com/download_ccleaner/

scarica questo pulitore

http://www.atribune.org/ccount/click.php?id=1

Avvia ATFCleaner.exe con un doppio click

1.1) seleziona la casella Select All
2.1) clicca sul pulsante Empty selected
3.1) aspetta l'avviso Done Cleaning
(se usi opera o firefox,spunta anche le loro sezioni)

scarica Malwarebytes http://www.malwarebytes.org/mbam/program/mbam-setup.exe
1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare per ora le ventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum

Torna in alto

El_PaMpErO

Inviato: Tuesday, November 17, 2009 12:30:04 AM

Rank: Member

Iscritto dal : 3/8/2007
Posts: 11

Ho fatto tutto ciò che mi hai scritto
Ti posto il log di Malwarebytes:

Malwarebytes' Anti-Malware 1.41
Versione del database: 3178
Windows 5.1.2600 Service Pack 3

17/11/2009 0.27.54
mbam-log-2009-11-17 (00-27-47).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 176023
Tempo trascorso: 1 hour(s), 44 minute(s), 16 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 133

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Documents and Settings\Lino\nd.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Lino\ndp.exe (Worm.Pushbot) -> No action taken.
C:\Documents and Settings\Lino\p3xy.exe (Worm.Pushbot) -> No action taken.
C:\Documents and Settings\Lino\p4xy.exe (Trojan.Buzus) -> No action taken.
C:\Documents and Settings\Lino\pxxy.exe (Trojan.Buzus) -> No action taken.
C:\Documents and Settings\Lino\pxy.exe (Backdoor.Bot) -> No action taken.
C:\Programmi\Samsung\Samsung PC Studio 3\util\ProfileLoadX800.exe (Trojan.Dropper) -> No action taken.
C:\Programmi\Samsung\Samsung PC Studio 3\util\ProfileLoadZ510.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP194\A0031986.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP194\A0031987.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP194\A0031999.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP194\A0032001.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP194\A0033000.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP194\A0033001.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP194\A0033999.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP194\A0034000.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP176\A0028531.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP176\A0028532.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP178\A0028548.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP178\A0028549.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP178\A0028584.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP178\A0028585.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP178\A0028609.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP178\A0028610.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP178\A0028624.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP178\A0028625.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP178\A0029642.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP178\A0028642.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP178\A0028643.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP178\A0029643.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP178\A0029674.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP178\A0029676.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP178\A0029694.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP178\A0029695.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP179\A0029728.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP179\A0029729.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP180\A0029736.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP180\A0029737.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP182\A0030722.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP182\A0030723.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP182\A0031064.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP182\A0031065.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP183\A0031450.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP183\A0031451.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP184\A0031462.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP187\A0031629.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP188\A0031661.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP188\A0031663.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP190\A0031780.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP190\A0031782.exe (Worm.Pushbot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP191\A0031803.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP191\A0031804.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP191\A0031825.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP191\A0031826.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP192\A0031846.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP192\A0031847.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP192\A0031860.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP192\A0031861.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP192\A0031882.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP192\A0031883.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP193\A0031902.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP193\A0031903.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP193\A0031915.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP193\A0031916.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP193\A0031953.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP193\A0031954.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP199\A0034375.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP199\A0034376.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP199\A0034388.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP199\A0034389.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP199\A0034450.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP199\A0034451.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP200\A0034556.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP200\A0034557.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP201\A0034581.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP201\A0034582.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP201\A0034601.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP201\A0034602.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP202\A0034610.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP202\A0034611.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP202\A0034629.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP202\A0034630.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP202\A0034644.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP202\A0034645.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP202\A0034671.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP202\A0034672.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP203\A0034687.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP203\A0034688.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP204\A0034869.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP205\A0034884.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP205\A0034885.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP208\A0036614.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP208\A0036615.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP208\A0036627.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP208\A0036628.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP208\A0036661.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP208\A0036662.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP208\A0037661.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP208\A0037662.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP209\A0038660.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP209\A0038661.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP209\A0038674.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP209\A0038675.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP210\A0038761.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP210\A0038762.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP212\A0038805.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP212\A0038806.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP213\A0038876.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP213\A0038877.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP213\A0038898.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP213\A0038899.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP214\A0038915.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP215\A0038936.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP215\A0038921.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP215\A0038922.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP215\A0038935.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP215\A0038951.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP215\A0038952.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP216\A0038972.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP216\A0038973.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP216\A0038989.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP216\A0038991.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP216\A0039003.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP216\A0039004.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP216\A0039015.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP216\A0039016.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP217\A0039045.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP217\A0039047.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP217\A0039060.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP217\A0039078.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP217\A0039079.exe (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP217\A0039098.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{E94EDF3F-1C7F-46A2-A768-237BF9E78305}\RP217\A0039059.exe (Trojan.Buzus) -> No action taken.

Torna in alto

shapiro

Inviato: Tuesday, November 17, 2009 9:52:38 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

avevi moltissime infezioni localizzate nei punti di ripristino

riavvia malwarebytes, lascia la spunta agli oggetti trovati infetti e rimuovi tutto

per maggior sicurezza, disattiva il ripristino

Commenta:

Start/tasto destro del mouse su risorse del computer/proprietà/Ripristino configurazione del sistema/e metti la spunta su "disattiva ripristino configurazione del sistema"

riavvia il pc, riattiva il ripristino creando un nuovo punto

Postami un log di hijackthis

Torna in alto

El_PaMpErO

Inviato: Tuesday, November 17, 2009 4:35:18 PM

Rank: Member

Iscritto dal : 3/8/2007
Posts: 11

Ok fatto.
Questo è il log du hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.34.22, on 17/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\DLink\Software Bluetooth\bin\btwdins.exe
C:\Programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Programmi\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Programmi\IBM\Updater\jre\bin\javaw.exe
C:\Programmi\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Programmi\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmi\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DLink\Software Bluetooth\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Programmi\ARESCOM\Modem Telindus Arescom ND220\dslmon.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Programmi\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Programmi\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Programmi\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Programmi\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Programmi\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ibmmessages] C:\Programmi\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\DLink\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmi\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmi\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\DLink\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\DLink\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219150639707
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05022B30-4853-4CA2-A5CB-490089087408}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{05022B30-4853-4CA2-A5CB-490089087408}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\DLink\Software Bluetooth\bin\btwdins.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 11258 bytes

Torna in alto

shapiro

Inviato: Tuesday, November 17, 2009 4:52:47 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

se la Ask Toolbar non e' strettamente necessaria eliminala da pannello di controllo, e fixa anche le righe da hijackthis

Avvia hijackthis, con tutte le applicazioni chiuse, premi su Do a system scan only , spunta ed elimina (fix checked) le seguenti righe:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmi\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmi\PartyGaming\PartyPoker\RunApp.exe (file missing)

elimina anche la sua cartella

C:\Programmi\Ask.com\GenericAskToolbar.dll

Fai un po' di pulizia, usa questi programmi

Installa Ccleaner

http://www.aiutamici.com/software?ID=11223

durante l’installazione deseleziona l’opzione per la barra di Yahoo, lo apri, vai in Opzioni>Avanzate, togli la spunta a “Cancella file temp diwindows solo se più vecchi di 48 ore”, poi avvialo, seleziona "Analizza" ed alla fine dell'analisi premi "Avvia pulizia''

clicca su Registro, nella pagina successiva clicca Trova problemi, poi al termine dello scan clicca su Ripara selezionati , risposndi di sì alla richiesta di salvare il backup (salvalo in una cartella a piacimento) poi ripara tutti gli elementi trovati.

riscontri ancora problemi?

Se hai altre domande, sono qui

Torna in alto

El_PaMpErO

Inviato: Tuesday, November 17, 2009 5:34:27 PM

Rank: Member

Iscritto dal : 3/8/2007
Posts: 11

Sembra che tutto vada benissimo!
Mille grazie,sei un grande! :)

Torna in alto

Utenti presenti in questo topic

Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllereste il log gentilmente?

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded