Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

lentezza incredibile, mi controllate il log? grszie Opzioni
davidonedc
Inviato: Friday, November 20, 2009 6:52:10 PM
Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 33
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.46.28, on 20/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\SupportAppMH\cdrom_mon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmi\TeamViewer\Version4\TeamViewer_Service.exe
C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
C:\Programmi\TeamViewer\Version4\TeamViewer.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.169.0.1:2939
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZCfgSvc.exe] c:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppMH\cdrom_mon.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c98d3f1537111a) (gupdate1c98d3f1537111a) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Programmi\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 7168 bytes
Sponsor
Inviato: Friday, November 20, 2009 6:52:10 PM

 
r16
Inviato: Friday, November 20, 2009 8:51:06 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Il log non presenta grosse anomalie.
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di Combofix e (qoobox)

davidonedc
Inviato: Sunday, November 22, 2009 8:17:28 PM
Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 33
ComboFix 09-11-21.03 - David 22/11/2009 19.42.19.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.503.180 [GMT 1:00]
Eseguito da: c:\documents and settings\David\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-10-22 al 2009-11-22 )))))))))))))))))))))))))))))))))))
.

2009-11-21 07:50 . 2009-11-21 07:50 -------- d-----w- c:\windows\system32\XPSViewer
2009-11-21 07:50 . 2009-11-21 07:50 -------- d-----w- c:\programmi\Reference Assemblies
2009-11-21 07:48 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-21 07:48 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-21 07:48 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-21 07:48 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-21 07:48 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-21 07:48 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-21 07:48 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-21 07:48 . 2009-11-21 07:49 -------- d-----w- C:\8f1020cb72886b35e98f10379c919c64
2009-11-21 07:35 . 2009-11-21 07:35 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-11-18 19:19 . 2009-11-18 19:19 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-11-17 01:04 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-11-17 01:04 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-11-06 16:45 . 2009-11-06 16:42 2064152 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgcorex.dll
2009-11-02 08:37 . 2009-11-02 08:37 -------- d-----w- c:\documents and settings\David\Impostazioni locali\Dati applicazioni\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-22 18:36 . 2009-02-02 00:13 68448 ----a-w- c:\documents and settings\David\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-22 14:26 . 2004-09-16 14:31 81756 ----a-w- c:\windows\system32\perfc010.dat
2009-11-22 14:26 . 2004-09-16 14:31 484210 ----a-w- c:\windows\system32\perfh010.dat
2009-11-22 14:16 . 2009-09-23 18:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-11-22 13:50 . 2009-01-26 14:49 -------- d-----w- c:\programmi\Microsoft Works
2009-11-22 13:11 . 2009-02-12 18:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-11-21 07:50 . 2009-09-23 18:41 -------- d-----w- c:\programmi\MSBuild
2009-11-19 22:22 . 2009-02-09 18:42 -------- d-----w- c:\documents and settings\David\Dati applicazioni\uTorrent
2009-11-19 17:56 . 2009-01-26 16:43 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-16 20:17 . 2009-01-26 12:57 -------- d-----w- c:\programmi\File comuni\Adobe
2009-11-06 17:13 . 2009-02-23 21:42 -------- d-----w- c:\programmi\PoigpsGo
2009-10-12 18:40 . 2009-10-12 18:40 -------- d-----w- c:\programmi\B2BPOKER
2009-10-02 18:47 . 2009-10-02 18:47 -------- d-----w- c:\documents and settings\David\Dati applicazioni\Malwarebytes
2009-10-02 18:47 . 2009-10-02 18:47 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-10-02 18:47 . 2009-10-02 18:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-09-30 17:42 . 2009-08-08 16:20 -------- d-----w- c:\documents and settings\David\Dati applicazioni\TeamViewer
2009-09-28 19:44 . 2009-09-28 19:44 -------- d-----w- c:\programmi\Business Objects
2009-09-28 19:30 . 2009-09-28 19:30 516096 ----a-w- c:\windows\iwexec.exe
2009-09-28 18:58 . 2009-09-28 18:52 -------- d-----w- c:\programmi\Date Cracker 2000
2009-09-28 18:52 . 2009-09-28 18:52 249856 ------w- c:\windows\Setup1.exe
2009-09-28 18:52 . 2009-09-28 18:52 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-09-11 14:34 . 2004-09-16 14:31 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 12:54 . 2009-10-02 18:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-10-02 18:47 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 20:45 . 2004-09-16 14:31 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:56 . 2004-09-16 14:31 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:14 . 2004-09-16 14:31 247326 ----a-w- c:\windows\system32\strmdll.dll
2007-03-11 04:58 . 2009-02-01 22:08 1197796 ----a-w- c:\programmi\WinRAR-ITA v3.62+Crack.rar
1990-10-27 04:02 . 2009-02-01 22:07 189695112 ----a-w- c:\programmi\NERO_8.1_ITA+KEYGEN.rar
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-10-29 98394]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-10-29 688218]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-04 2028312]
"ZCfgSvc.exe"="c:\windows\system32\ZCfgSvc.exe" [2004-09-06 417856]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-09-06 04:29 180290 ----a-w- c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 07:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Asus\\ASUS Live Update\\LiveUpdt.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\B2BPOKER\\AssoKappa\\jre\\bin\\javaw.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/04/2009 20.39.13 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/04/2009 20.39.21 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/04/2009 20.38.45 297752]
R2 TeamViewer4;TeamViewer 4;c:\programmi\TeamViewer\Version4\TeamViewer_Service.exe [30/07/2009 16.29.42 185640]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 16.05.04 92008]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/01/2009 17.43.40 721904]
S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppMH\cdrom_mon.exe [27/01/2009 16.44.14 81920]
S2 gupdate1c98d3f1537111a;Google Update Service (gupdate1c98d3f1537111a);c:\programmi\Google\Update\GoogleUpdate.exe [12/02/2009 19.24.00 133104]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [07/02/2009 21.39.14 8192]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [27/01/2009 16.45.00 100352]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [27/01/2009 16.45.00 100352]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [27/01/2009 16.45.00 100352]
S3 ZD1211BU(Atheros);IEEE 802.11 Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [12/02/2009 19.02.03 712704]
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-22 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-12 18:15]

2009-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-12 18:23]

2009-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-12 18:23]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 192.169.0.1:2939
uInternet Settings,ProxyOverride = 127.0.0.1;<local>
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\David\Dati applicazioni\Mozilla\Firefox\Profiles\vi76p9je.default\
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\programmi\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-22 19:59
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\LgNotify.dll
.
Ora fine scansione: 2009-11-22 20:08
ComboFix-quarantined-files.txt 2009-11-22 19:08

Pre-Run: 24.641.951.232 byte disponibili
Post-Run: 24.806.561.792 byte disponibili

- - End Of File - - 3660A8D3A45FCCB5559EFFBE4E23E0E5
r16
Inviato: Sunday, November 22, 2009 8:31:46 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Sembra che hai dei Crack e Keygen, installati.
Dovresti provare a disistallarli.

Scarica Norman Malware Cleaner: http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe e salvalo sul desktop

Accedi al sistema in modalità provvisoria con un account con privilegi di Amministratore

lancia Norman ed esegui una scansione completa

al termine della scansione verrà rilasciato un log: salvalo sul Desktop con il nome Norman1 e riavvia il sistema


accedi nuovamente al sistema in modalità provvisoria con un account con privilegi di Amministratore

rilancia Norman ed esegui una seconda scansione completa

al termine della scansione verrà rilasciato un log: salvalo sul Desktop con il nome Norman2

riavvia il sistema in modalità normale

Collegati ad internet e vai alla pagina WikiSend: http://www.wikisend.com/
Clicca sul bottone "Sfoglia"
Seleziona i file appena salvati (li carichi uno alla volta)
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.
davidonedc
Inviato: Monday, November 23, 2009 10:04:05 PM
Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 33
Ho fatto le due scansioni norman1 e norman2, sono andato su wikisend ho caricato il file norman1, ho selezionato forum link ma non riesco a postare il log x il forum, mi sono anche iscritto.
se seleziono il forum link e digito download file mi fa vedere il log, poi cosa devo fare?
grazie
r16
Inviato: Monday, November 23, 2009 10:55:02 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
se seleziono il forum link e digito download file mi fa vedere il log, poi cosa devo fare?

Non devi digitare il download, ma copiarlo e incollarlo qui nel forum.
Ma dopo la scansione non è cambiato nulla?
davidonedc
Inviato: Wednesday, November 25, 2009 6:32:16 PM
Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 33
in effetti qualcosina sembra aver risolto comunque questi sono i log:

Norman Malware Cleaner
Version 1.5.0.5
Copyright © 1990 - 2009, Norman ASA. Built 2009/11/21 01:25:51

Norman Scanner Engine Version: 6.03.02
Nvcbin.def Version: 6.03.00, Date: 2009/11/21 01:25:51, Variants: 4379934

Scan started: 22/11/2009 22:43:18

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600(Safe mode) Service Pack 2
Logged on user: MAGODAVID\David

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> ""
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000


Scanning running processes and process memory...

Number of processes/threads found: 950
Number of processes/threads scanned: 950
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 1m 10s


Scanning file system...

Scanning: C:\*.*


Running post-scan cleanup routine:

Number of files found: 59948
Number of archives unpacked: 0
Number of files scanned: 59934
Number of files not scanned: 14
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 1h 24m 9s



Norman Malware Cleaner
Version 1.5.0.5
Copyright © 1990 - 2009, Norman ASA. Built 2009/11/21 01:25:51

Norman Scanner Engine Version: 6.03.02
Nvcbin.def Version: 6.03.00, Date: 2009/11/21 01:25:51, Variants: 4379934

Scan started: 23/11/2009 17:24:17

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600(Safe mode) Service Pack 2
Logged on user: MAGODAVID\David



Scanning running processes and process memory...

Number of processes/threads found: 964
Number of processes/threads scanned: 964
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 1m 13s


Scanning file system...

Scanning: C:\*.*


Running post-scan cleanup routine:

Number of files found: 60298
Number of archives unpacked: 0
Number of files scanned: 60283
Number of files not scanned: 15
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 1h 24m 29s
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.