Un saluto a tutti, e proprio a tutti chiedo come posso eliminare Winupgro.exe, sicuramente causa dei miei problemi.
All' improvviso il pc si è riavviato da solo e un' applicazione cercava di avviarsi in automatico.
gliel' ho impedito fino a che Malewarebyte ha funzionato ma credo di non esserci riuscito.
Si è prima sostituita ad un' applicazione di TuneUp e dopo che l'ho disinstallato ha fatto la steassa cosa con activeSync.
Ho disinstallato anche questo ed ora dopo una ricerca l' ho ritovato in una cartella nella directory C\: Fik\Tools\Winupgro.exe.
Ringrazio tutti anticipatamente!!!!!
Maximetto

ciao

Winupgro.exe e' una delle infezioni del virus bagle

disattiva il ripristino

scarica

http://dc108.4shared.com/download/75022994/b07bff/FindyKill.exe?tsid=20090209-102651-de3379fb

Una volta installato chiudi tutte le applicazioni attive e disconnettiti dal internet, poi clicca sull'icona di FindyKill e nella finestra dos che si aprirà scrivi 2 e premi Invio. Attendi il termine della scansione e posta qui il log che trovi in C:\FindyKill.txt

Se può essere d' aiuto posto il log di ComboFix

ComboFix 10-01-23.06 - Deborah 24/01/2010 19.14.10.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2047.1552 [GMT 1:00]
Eseguito da: c:\documents and settings\Deborah\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100124-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\LOG.TXT

.
((((((((((((((((((((((((( Files Creati Da 2009-12-24 al 2010-01-24 )))))))))))))))))))))))))))))))))))
.

2010-01-24 16:43 . 2010-01-24 17:53 -------- d-----w- C:\FyK
2010-01-24 15:47 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-24 15:47 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-24 15:47 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-24 15:47 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-24 15:47 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-24 15:47 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-24 15:47 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-24 15:47 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-24 15:47 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-24 13:39 . 2010-01-24 13:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\F-Secure
2010-01-24 12:57 . 2010-01-24 12:57 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2010-01-24 12:57 . 2009-11-16 11:25 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-24 12:57 . 2010-01-24 12:57 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-01-24 12:57 . 2010-01-24 12:57 -------- d-----w- c:\programmi\TuneUp Utilities 2009
2010-01-21 17:08 . 2004-08-04 07:34 39018 ----a-r- c:\windows\system32\hsfci011.dll
2010-01-21 17:07 . 2004-03-17 04:00 86016 ----a-r- c:\windows\system32\mdmxsdk.dll
2010-01-21 17:07 . 2004-03-17 04:04 13059 ----a-r- c:\windows\system32\drivers\mdmxsdk.sys
2010-01-21 17:07 . 2004-09-29 07:35 219136 ----a-r- c:\windows\system32\drivers\HSFHWBS2.sys
2010-01-21 17:07 . 2004-09-29 07:34 702592 ----a-r- c:\windows\system32\drivers\HSF_CNXT.sys
2010-01-21 17:07 . 2004-09-29 07:33 1036928 ----a-r- c:\windows\system32\drivers\HSF_DP.sys
2010-01-19 16:51 . 2010-01-19 16:51 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-19 16:50 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-19 16:50 . 2010-01-19 16:50 -------- d-----w- C:\32c3867d539700cf438450
2010-01-19 16:50 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-19 16:50 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-19 16:50 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-19 16:50 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-19 16:50 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-19 16:50 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-19 16:50 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-19 16:50 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-01-18 10:42 . 2010-01-18 10:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Drivers HeadQuarters
2010-01-09 16:31 . 2010-01-09 16:31 -------- d-----w- c:\documents and settings\Deborah\Impostazioni locali\Dati applicazioni\PCHealth
2010-01-09 16:30 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-08 16:48 . 2010-01-08 16:48 79488 ----a-w- c:\documents and settings\Deborah\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-08 16:40 . 2010-01-08 16:41 -------- d-----w- c:\programmi\File comuni\Adobe
2010-01-07 20:04 . 2010-01-07 20:04 -------- d-----w- c:\programmi\QuickTime
2010-01-07 20:02 . 2010-01-07 20:02 -------- d-----w- c:\programmi\File comuni\Apple
2010-01-07 20:02 . 2010-01-07 20:02 -------- d-----w- c:\programmi\Apple Software Update
2010-01-07 20:02 . 2010-01-07 20:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2010-01-03 09:56 . 2010-01-03 09:56 -------- d-----w- c:\documents and settings\Deborah\Dati applicazioni\Media Player Classic
2010-01-03 09:47 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2010-01-03 09:47 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-01-03 09:47 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-01-03 09:47 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-01-03 09:47 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2010-01-03 09:47 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2010-01-03 09:47 . 2009-12-11 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-01-03 09:47 . 2010-01-03 09:50 -------- d-----w- c:\programmi\K-Lite Codec Pack
2010-01-02 20:28 . 2010-01-02 20:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\vsosdk
2010-01-02 19:50 . 2010-01-02 19:50 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-02 19:50 . 2010-01-02 19:50 47360 ----a-w- c:\documents and settings\Deborah\Dati applicazioni\pcouffin.sys
2010-01-02 19:50 . 2010-01-03 09:11 -------- d-----w- c:\documents and settings\Deborah\Dati applicazioni\Vso
2010-01-02 19:50 . 2009-09-02 20:58 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-01-02 19:50 . 2009-09-02 20:58 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-01-02 19:50 . 2009-09-02 20:58 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-01-02 19:50 . 2009-09-02 20:58 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-01-02 19:50 . 2009-09-02 20:58 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-01-02 19:50 . 2009-09-02 20:58 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-01-02 19:50 . 2009-09-02 20:57 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-01-02 19:50 . 2010-01-02 19:50 -------- d-----w- c:\programmi\VSO
2009-12-28 20:33 . 2009-12-28 20:33 -------- d-----w- c:\documents and settings\Deborah\Dati applicazioni\Playrix Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 15:47 . 2009-04-13 17:50 -------- d-----w- c:\programmi\Alwil Software
2010-01-24 12:56 . 2009-04-14 19:59 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\{55A29068-F2CE-456C-9148-C869879E2357}
2010-01-24 10:50 . 2009-12-12 19:52 -------- d-----w- c:\documents and settings\Deborah\Dati applicazioni\GameHouse
2010-01-22 11:23 . 2009-04-13 16:02 77296 ----a-w- c:\documents and settings\Deborah\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-21 17:13 . 2009-05-04 18:02 -------- d-----w- c:\programmi\FaxTalk Communicator
2010-01-21 17:07 . 2009-04-15 16:05 -------- d-----w- c:\programmi\CONEXANT
2010-01-20 08:34 . 2004-08-19 12:00 85132 ----a-w- c:\windows\system32\perfc010.dat
2010-01-20 08:34 . 2004-08-19 12:00 492266 ----a-w- c:\windows\system32\perfh010.dat
2010-01-19 16:51 . 2009-04-17 14:14 -------- d-----w- c:\programmi\MSBuild
2010-01-08 17:04 . 2009-04-13 19:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-08 17:02 . 2009-11-04 08:53 152576 ----a-w- c:\documents and settings\Deborah\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-08 16:37 . 2009-09-10 13:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2010-01-08 16:36 . 2009-04-13 19:30 -------- d-----w- c:\programmi\Java
2010-01-07 20:04 . 2009-08-20 12:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2010-01-03 09:41 . 2009-04-15 15:34 -------- d-----w- c:\programmi\DivX
2009-12-30 11:33 . 2009-09-13 16:55 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-25 18:24 . 2009-12-14 20:36 24 ----a-w- c:\windows\popcinfo.dat
2009-12-21 19:06 . 2004-08-19 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-18 12:55 . 2009-12-18 12:53 -------- d-----w- c:\documents and settings\Deborah\Dati applicazioni\DeepVoyage
2009-12-14 20:18 . 2009-12-14 20:17 -------- d-----w- c:\documents and settings\Deborah\Dati applicazioni\7Wonders
2009-12-10 17:13 . 2009-12-10 17:13 722192 ----a-w- c:\windows\system32\VB40032.DLL
2009-12-10 12:57 . 2009-12-07 15:37 -------- d-----w- c:\documents and settings\Deborah\Dati applicazioni\Zylom
2009-12-10 12:56 . 2009-12-07 15:37 -------- d-----w- c:\programmi\Zylom Games
2009-12-07 15:37 . 2009-12-07 15:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Zylom
2009-12-07 10:59 . 2009-12-07 10:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SugarGames
2009-12-07 10:38 . 2009-04-13 16:31 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-12-07 07:05 . 2009-08-20 12:24 -------- d-----w- c:\programmi\File comuni\Real
2009-12-07 07:05 . 2009-12-07 07:05 -------- d-----w- c:\programmi\File comuni\xing shared
2009-12-06 19:54 . 2009-12-06 19:54 -------- d-----w- c:\programmi\DIFX
2009-12-02 17:11 . 2009-06-21 15:33 -------- d-----w- c:\programmi\Unlocker
2009-12-01 20:15 . 2009-12-01 20:15 73728 ----a-w- c:\windows\ALCFDRTM.EXE
2009-11-29 15:53 . 2009-11-29 15:53 -------- d-----w- c:\programmi\DevGuru
2009-11-25 18:15 . 2009-11-25 18:15 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-21 15:54 . 2004-08-19 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-06 17:15 . 2009-10-06 17:15 0 ----a-w- c:\programmi\pspbrwse.jbf
.

((((((((((((((((((((((((((((( SnapShot@2010-01-24_15.13.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-24 18:12 . 2010-01-24 18:12 16384 c:\windows\Temp\Perflib_Perfdata_e8.dat
+ 2010-01-24 18:12 . 2010-01-24 18:12 16384 c:\windows\Temp\Perflib_Perfdata_608.dat
+ 2010-01-24 15:19 . 2010-01-24 15:19 262144 c:\windows\system32\config\systemprofile\NtUser.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\programmi\IncrediMail\bin\IncMail.exe" [2009-03-31 251264]
"ATnotes.exe"="c:\programmi\ATnotes\ATnotes.exe" [2005-01-05 1015808]
"TuneUp MemOptimizer"="c:\programmi\TuneUp Utilities 2009\MemOptimizer.exe" [2009-11-16 163144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"SoundMan"="SOUNDMAN.EXE" [2005-06-21 90112]
"AlcWzrd"="ALCWZRD.EXE" [2005-07-13 2806272]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2010-01-08 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Deborah\Menu Avvio\Programmi\Esecuzione automatica\
MagicCursor2000 v2.2.1.1.lnk - c:\programmi\Madentec Limited\MagicCursor 2000\MagicCursor2000.exe [2009-4-13 753153]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"PinnacleDriverCheck"=c:\windows\system32\PSDrvCheck.exe -CheckReg
"Pinnacle WebUpdater"="c:\programmi\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe"
"OODefragTray"=c:\windows\system32\oodtray.exe
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24/01/2010 16.47.52 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/01/2010 16.47.52 20560]
R3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\system32\drivers\3xHybrid.sys [15/04/2009 16.34.17 827008]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/04/2009 12.38.18 721904]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [15/04/2009 16.46.40 45312]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [15/04/2009 16.46.40 55936]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-24 c:\windows\Tasks\Manutenzione in 1 clic.job
- c:\programmi\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 16:38]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/
uInternet Connection Wizard,ShellNext = "c:\programmi\Outlook Express\msimn.exe" //eml:F:\avast! Registration.eml
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Deborah\Dati applicazioni\Mozilla\Firefox\Profiles\h63wdhyv.default\
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-connections-per-server - 8
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-24 19:18
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="63C49C4C45F25418D3114480493E5EF14BF819F3BBF9E79BE5095181309C162E5FFC5E560541DDD0954863A2EA9DC70F0D65B50A8135B3731AFDF0F2F26C39F90960189AB4628A535F3D47FEC61B78F227C6FA189081F46ED30A5BDD41313132A8ADA3274A9047FABC6E15C7E3BF75AE8777F593A4D5E8F50006269E27EC1531CBDC41DCC17C23B7FB8DD305CC87E8E55B0717C8781BF18150FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A2D97226D213B5555D575E7D6A3B98080A691F06E6B31B749AB22B8F83FA38FC4B0635691997D9ED2F0E7810B379054F6C13FCE7B1634B4ED2315092C27A2F173B318D5C315CD4C7C1E9B72B02CD7DEA4734DC8B5E715D0AC46896C152153C47F1774CF2D68B5E8FBB884EDBB11651D8032CBC96205E71EFB6A342F0D1054F55B32B9A53B737DFADFCE3EB38A0DBFC42BFC16FAFA1CD368B248FE9F8D9A56F4EF78374A7F81652529B5D915A9C5190984F9B1C03FE0A722D3EBF7B3674FB3705EB9AAA9C308246EE61379563EAC8B00E3747BD3FCA00FEE9E626340A1DAC540E6F6E626668FCDE394B99A07343BB14983334A11908404918B51FA9D748008AC118E114B620A7522C8B8F32B2D24509743237ECC7B0FE51D5F7E5430BDA662E3E2E3A8D4ACC49ED8485881A4A38A3EE21D5889407B1162F812B9D3B8CAF702A642DA3EDDDD24D8EC5D5577F6B87BDB96175C463976C0209C103CA244F9454FD5946ABABB38FC2A935C835DB46C91AF13C1B6D793B35E31EFBE8D5DF48CAEBB905DEC40E1050DA45DDDF3BFC12F964B37D8464C7BA5681BE5D768E266F08B406160FC3B2BCD76D7D8CCFE9040B88EC3034257317E08A4151577BA4044078511BFD22E58A885EF500D4032567EC5927AA31A3C780FE86B1CD9B7B2E58BD3887C8701AC759458E14910D1733F0FCC42CFB8F5AEF73666B8443A42F24566ADA4070E7AA6CB9C6070809CDDCC03E0117B510A7D6623370540DD02E016486D0650B09A03D3A16685BBB52765A5B41440F256699DD755578CD452DB611AF457B51199B1C6CFA310792376CA8C9F8401462FD9548E3E746DED8492083B2AB41FB0DBFC8200B5E1F84272CE9CA97EE53433869C35B93584305E9DA899DECE27F687BF940B41D75C84688EBF107E4F869A92D312EBC4CCADF54EB5E584F7BC057D6F1E34927DAB6E9361A6DC04B083744A14FC6251DA0A903B83BDC92AACE18F2E63AC1BE09AFFD94C231CA25490BACF988253D0D6ED74067A0A6035281091ED3B613F68D303D082E5C9B4582F72B41F2C2254D5C68E9BE9A01F521C3EE826B4DEB2E103A345878EDF7953ED012D93F6F353C52A10787B981D0E02DA7CC477E08AE3139D8F309D36012543C99"
.
Ora fine scansione: 2010-01-24 19:20:07
ComboFix-quarantined-files.txt 2010-01-24 18:20
ComboFix2.txt 2010-01-24 15:44

Pre-Run: 79.638.564.864 byte disponibili
Post-Run: 79.598.055.424 byte disponibili

- - End Of File - - 04649FE4C9C6FFD82DE5ADD78978C84F


Premetto che prima di iniziare la scanzione mi ha dato questo avviso:

!!Warning!!
CD-emulation drivers are running on this machine.
ComboFix nedds to temporarily disable them.



Confermo e inizia il controllo.




Non so se è importante, ma al riavvio facendo un controllo del pc con TuneUp utility, ho notato che erano attivate la funzione di accesso secondario e le condivisioni di amministratore
e il numero di connessioni stabilite era reimpostato. Rimetto tutto in ordine sempre con tuneup e al successivo riavvio è tutto a posto.


Spero serva!

Ho eliminato tutta la cartella, che fino a ieri mattina non esisteva proprio.
Ho ripulito il pc prima con tuneup poi con ccleaner 2 volte alla fine ho provato a cercare il malvagio con la funzione cerca e
sembra sia sparito.
Una domanda:
Possibile che le impostazioni di amministratore e accesso secondario le cambiasse combofix per la scanzione ?

Se può servire, stamattina avast si è aggiornato regolarmente. (Premetto che l' ho reinstallato da cd winmagazine, quindi nuovo di zecca)

Se ti viene in mente qualcosa, accetto con piacere i tuoi consigli.

Grazie!

Quando torni, mi daresti una controllata al log di Hijack ?
Grazie!!!




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.08.15, on 26/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\ATnotes\ATnotes.exe
C:\Programmi\TuneUp Utilities 2009\MemOptimizer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programmi\IncrediMail\bin\IMApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Click-N-Type\Click-N-Type.exe
C:\Programmi\Madentec Limited\MagicCursor 2000\MagicCursor2000.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe" //eml:F:\avast! Registration.eml
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ATnotes.exe] C:\Programmi\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programmi\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicCursor2000 v2.2.1.1.lnk = C:\Programmi\Madentec Limited\MagicCursor 2000\MagicCursor2000.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239646859796
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6953 bytes

Si, fanno usare il pc a mia moglie disabile.

Ecco il log



(26-1-2010 18:55:26)
EliBagle v13.47 (c)2010 S.G.H. / Satinfo S.L. (Actualizado el 22 de Enero del 2010)

---

Lista de Acciones (por Acción Directa):

(26-1-2010 18:55:32)
EliBagle v13.47 (c)2010 S.G.H. / Satinfo S.L. (Actualizado el 22 de Enero del 2010)

---

Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 6692
Nº Total de Ficheros: 69128
Nº de Ficheros Analizados: 13376
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0


Spero bene!

Malwarebytes' Anti-Malware 1.44
Versione del database: 3644
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27/01/2010 14.01.30
mbam-log-2010-01-27 (14-01-30).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 182296
Tempo trascorso: 55 minute(s), 29 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)




Che pensi ?