Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

controllata ai log..............grazie!!!!! Opzioni
gladmanone
Inviato: Tuesday, October 14, 2008 8:51:27 PM
Rank: Member

Iscritto dal : 4/27/2007
Posts: 0
tutto dopo aver scaricato dei seriali...............
r16 mi aveva consigliato di scansionare con dei programmi
ed ecco qui i tre log!
un giudizio!

Malwarebytes' Anti-Malware 1.28
Versione del database: 1266
Windows 5.1.2600 Service Pack 3

13/10/2008 22.30.28
mbam-log-2008-10-13 (22-30-28).txt

Tipo di scansione: Scansione completa (C:\|E:\|)
Elementi scansionati: 74101
Tempo trascorso: 28 minute(s), 22 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)


ComboFix 08-10-12.01 - pb 2008-10-13 22.40.28.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.419 [GMT 2:00]
Eseguito da: C:\Documents and Settings\pb\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Creati Da 2008-09-13 al 2008-10-13 )))))))))))))))))))))))))))))))))))
.

2008-10-13 21:37 . 2008-10-13 21:38 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-10-13 21:37 . 2008-10-13 21:37 <DIR> d-------- C:\Documents and Settings\pb\Dati applicazioni\Malwarebytes
2008-10-13 21:37 . 2008-10-13 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-10-13 21:37 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-13 21:37 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-13 10:40 . 2008-10-13 10:40 <DIR> d-------- C:\Programmi\ClamWin
2008-10-13 10:40 . 2008-10-13 10:40 <DIR> d-------- C:\Documents and Settings\pb\Dati applicazioni\.clamwin
2008-10-13 10:40 . 2008-10-13 10:40 <DIR> d-------- C:\Documents and Settings\All Users\.clamwin
2008-10-13 10:38 . 2008-10-13 10:38 <DIR> d-------- C:\Programmi\ReflexiveArcade
2008-10-13 10:38 . 2008-10-13 10:38 <DIR> d-------- C:\Programmi\LuckyTender
2008-10-11 10:19 . 2008-10-13 14:36 424 --a------ C:\WINDOWS\zipgenius.xml
2008-10-11 10:18 . 2008-10-11 10:22 <DIR> d-------- C:\Documents and Settings\pb\Dati applicazioni\ZipGenius
2008-10-11 10:17 . 2008-10-11 10:18 <DIR> d-------- C:\Programmi\ZipGenius 6
2008-09-23 09:25 . 2008-09-23 09:25 <DIR> d-------- C:\Programmi\Defraggler
2008-09-23 09:24 . 2008-09-23 09:24 <DIR> d-------- C:\Programmi\Recuva
2008-09-20 20:50 . 2008-09-20 21:49 <DIR> d-------- C:\Programmi\NOS
2008-09-20 20:50 . 2008-09-20 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-13 19:42 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-10-13 17:46 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-10-13 12:43 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-10-13 08:25 --------- d-----w C:\Programmi\Ahead
2008-10-11 19:44 --------- d-----w C:\Documents and Settings\pb\Dati applicazioni\OpenOffice.org2
2008-10-04 13:32 --------- d-----w C:\Programmi\OpenOffice.org 2.4
2008-09-26 17:38 --------- d-----w C:\Programmi\Java
2008-09-12 22:21 --------- d-----w C:\Programmi\File comuni\Adobe
2008-09-10 17:11 --------- d-----w C:\Programmi\CCleaner
2008-09-09 11:39 --------- d-----w C:\Programmi\Pinnacle
2008-09-07 18:57 --------- d-----w C:\Programmi\Windows Live
2008-09-07 18:20 --------- d-----w C:\Programmi\IObit
2008-09-07 18:17 --------- d-----w C:\Programmi\Windows Live Toolbar
2008-09-06 15:47 --------- d-----w C:\Documents and Settings\pb\Dati applicazioni\GlarySoft
2008-08-19 17:45 --------- d-----w C:\Documents and Settings\pb\Dati applicazioni\Video DVD Maker FREE
2008-08-19 17:44 1,024,000 ----a-w C:\WINDOWS\system32\ewmpegco.dll
2008-08-19 17:41 --------- d-----w C:\Programmi\Video DVD Maker FREE
2008-08-19 15:37 --------- d-----w C:\Programmi\Tiscali ADSL Signup
2008-08-19 15:23 --------- d-----w C:\Programmi\QuickTime
2008-08-19 15:13 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-08-19 15:11 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SmartSound Software Inc
2008-08-18 20:26 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle
2008-08-18 20:13 --------- d-----w C:\Programmi\AdorageI-SAL
2008-08-18 20:09 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\QuickTime
2008-08-18 19:57 --------- d-----w C:\Programmi\Microsoft Silverlight
2008-08-18 19:46 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle Studio
2008-08-18 10:26 --------- d-----w C:\Programmi\File comuni\AVSMedia
2008-08-18 10:26 --------- d-----w C:\Programmi\AVS4YOU
2008-08-18 09:57 --------- d-----w C:\Documents and Settings\pb\Dati applicazioni\AVS4YOU
2008-08-18 07:12 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\AVS4YOU
2008-08-17 18:58 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle VideoSpin
2008-08-17 18:49 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\VideoSpin
2008-08-17 18:45 --------- d-----w C:\Programmi\File comuni\Nero
2008-08-17 18:44 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-08-14 08:38 --------- d-----w C:\Documents and Settings\pb\Dati applicazioni\CyberLink
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-16 17:00 17,931,485 -c--a-w C:\Programmi\gimp2.zip
2008-07-15 11:37 87,710 ----a-w C:\Programmi\install_wmp11windowsxpx86itit.exe.exe
2008-07-15 11:10 6,530,392 -c--a-w C:\Programmi\AWCSetup.zip
2008-07-15 07:06 15,083,520 ----a-w C:\Programmi\spybotsd160.exe
2008-07-15 06:51 529,473 ----a-w C:\WINDOWS\system32\flash.zip
2008-06-30 12:23 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008063020080701\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"RMC"="C:\WINDOWS\system32\drivers\RMC.exe" [2005-03-28 24576]
"SynTPLpr"="C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" [2005-03-04 102490]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-03-04 708698]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ClamWin"="C:\Programmi\ClamWin\bin\ClamTray.exe" [2006-12-12 73728]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-04-12 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)
"DisableLockWorkstation"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"EverioService"="C:\Programmi\CyberLink\PCM4Everio\EverioService.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\APPS\\skype\\phone\\Skype.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\eMule\\eMule.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 MTC0001_RMC;Remove Control Device;C:\WINDOWS\system32\drivers\RMC.sys [2005-04-22 13912]
R3 Slazldrv;SmartLink AMR_PCI Driver;C:\WINDOWS\system32\DRIVERS\SLDRV\slazldrv.sys [2005-01-05 226768]
R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-12-31 28160]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'

2008-10-13 C:\WINDOWS\Tasks\Garanzia estesa.job
- C:\APPS\SMP\PBCARNOT.EXE [2005-11-09 13:55]

2008-10-13 C:\WINDOWS\Tasks\Master CD_DVD Creator.job
- C:\Apps\SMP\MCDCHECK.EXE [2005-11-08 15:26]

2008-10-13 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Programmi\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2006-08-11 C:\WINDOWS\Tasks\Promemoria registrazione 1.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2008-04-14 04:14]

2006-08-18 C:\WINDOWS\Tasks\Promemoria registrazione 2.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2008-04-14 04:14]

2006-08-11 C:\WINDOWS\Tasks\Promemoria registrazione 3.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2008-04-14 04:14]

2008-09-25 C:\WINDOWS\Tasks\Schedule Task Weekly.job
- C:\Programmi\Registry Easy\RE.exe []
.
.
------- Supplementare di scansione -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.sitecom.com/connectivity
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1
R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 22:41:24
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-10-13 22.42.09
ComboFix-quarantined-files.txt 2008-10-13 20:42:07
ComboFix2.txt 2008-10-13 20:37:40

Pre-Run: 11.207.122.944 byte disponibili
Post-Run: 11,192,639,488 byte disponibili




180 --- E O F --- 2008-10-09 19:54:57
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.48.10, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\APPS\RecordNow\RecordNow.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\CCleaner\CCleaner.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sitecom.com/connectivity
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 8270 bytes
questo è il risultato, spero possa esserti d'aiuto; una considerazione: in combofix ho trovato forse qusti due programmi che possono essere collegati al virus:

2008-10-13 10:38 . 2008-10-13 10:38 <DIR> d-------- C:\Programmi\ReflexiveArcade
2008-10-13 10:38 . 2008-10-13 10:38 <DIR> d-------- C:\Programmi\LuckyTender

grazie ancora!!!!
Sponsor
Inviato: Tuesday, October 14, 2008 8:51:27 PM

 
r16
Inviato: Tuesday, October 14, 2008 9:32:54 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao gladmanone .
Prima di tutto se non li hai scaricati tu, questi due programmi vanno eliminati:
C:\Programmi\ReflexiveArcade
C:\Programmi\LuckyTender
Controlla anche se ci sono in Installazioni Applicazione, se ci sono li rimuovi.
Poi ho notato che hai il "Tea Timer" di SPYBOT attivato.
Dovresti disistallarlo, crea più problemi che benefici.
Per una disistallazione corretta, devi disistallare completamente SPYBOT,fare una pulizia con CCleaner,riavviare il pc, e reistallarlo facendo attenzione a NON ATTIVARE o LASCIARE ATTIVATO il TEA TIMER.
Scaricalo da qui, e se lo leggi bene, dice quale spunta devi TOGLIERE:
http://www.aiutaamici.com/software?ID=10831.
Poi elimina queste voci di HijackThis:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Per il resto, i vari log non hanno riscontrato virus.
Dimenticavo:

Disinstalla combofix in questo modo:
Start
Esegui
nella finestra di dialogo, digita (oppure, copia ed incolla) questo comando: Combofix /u e premi invio poi cancella le cartelle in "C" di combofix (qoobox)




gladmanone
Inviato: Wednesday, October 15, 2008 12:20:39 PM
Rank: Member

Iscritto dal : 4/27/2007
Posts: 0
grazie per l'attenzione............ma per eliminare quelle voci di hijackthis come faccio?
r16
Inviato: Wednesday, October 15, 2008 1:01:34 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
gladmanone ha scritto:
grazie per l'attenzione............ma per eliminare quelle voci di hijackthis come faccio?

Scusa....
Se non sai "fixare"le voci,segui questa guida dettagliata: http://www.aiutaamici.com/software?ID=11175
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.