Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

PROBLEMI DI VIRUS...C'è QUALCUNO CHE MI AIUTA???=) Opzioni
lacasinista
Inviato: Friday, January 30, 2009 9:52:28 PM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43
ciao a tutti!!!come preannuncia il mio nick sono una vera casinista col computer...in parole povere non ci capisco nienteBrick wall ...ma mi hanno segnalato il vostro sito e quindi eccomi qui!Il problema è che il mio portatile è molto lento da qualche giorno...premetto subito che non l'ho curato abbastanza facendogli fare l'antivirus(cioè si e no glielo avro' fatto fare due volte in vita mia Eh? ...

lascio qui il log di Hijack this e poi se vi serve ho anche quello di Malwarebytes!!!Ma una cosa alla volta se no nn penso di uscirne viva!Anxious Quindi questo è il log di Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.25.47, on 30/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\acer\Wireless\Utility\WlanUtil.exe
C:\Programmi\Launch Manager\QtZgAcer.EXE
C:\Programmi\Aspire Arcade\PCMService.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\HiYo\bin\HiYo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe
C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe
C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Programmi\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Programmi\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [acerWireless] C:\Programmi\acer\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Programmi\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Hiyo] C:\Programmi\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Programmi\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\progra~1\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedbit video accelerator\sblsp.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-833616f5d30f7f25.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\Skype4COM.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe

--
End of file - 11101 bytes

Anxious ehm... AIUTATEMIIIIIIIIIIIIIIIIIIIIIIIIIIIII Anxious
Sponsor
Inviato: Friday, January 30, 2009 9:52:28 PM

 
r16
Inviato: Friday, January 30, 2009 9:59:14 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.malwarebytes.org/
Prima di fare la scansione AGGIORNALO.
Esegui una scansione completa del sistema e, una volta terminata la scansione,assicurati che tutti i files evidenziati, siano selezionati, e clicca Rimuovi Selezionati
Posta il log.
*********************************************************************************************************
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, digita (oppure, copia ed incolla) questo comando: Combofix /u e premi invio poi cancella le cartelle in "C" di combofix (qoobox)
Poi posta un nuono log di HJT.
pidue
Inviato: Friday, January 30, 2009 10:07:44 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
r16 ha scritto:
Ciao.
Scarica ed installa MalwareBytes:


Mi sembra che la casinista ce l'abbia già. Guarda bene tra le righe.Whistle Whistle



lacasinista
Inviato: Friday, January 30, 2009 10:13:49 PM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43
Dancing grazie per la tempestiva risposta!ce la mettero' tutta per riuscire a fare quello che hai detto...A PRESTISSIMO APPENA HO FATTO MANDO TUTTO!!!GRAZIE TANTE!incrociamo le dita...Angel
lacasinista
Inviato: Friday, January 30, 2009 10:27:13 PM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43
EH SIIIIII CE L'HO GIà IL LOG DI MALWAREBYTES!!!l'ho fatto fare stasera Anxious eccolo:

Malwarebytes' Anti-Malware 1.33
Versione del database: 1709
Windows 5.1.2600 Service Pack 2

30/01/2009 22.18.01
mbam-log-2009-01-30 (22-18-01).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 100337
Tempo trascorso: 1 hour(s), 4 minute(s), 46 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 26
Valori di registro infetti: 0
Elementi dato del registro infetti: 1
Cartelle infette: 11
File infetti: 45

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Cartelle infette:
C:\Programmi\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmi\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmi\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmi\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmi\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmi\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmi\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmi\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\FunWebProducts (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\FunWebProducts\Data (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\FunWebProducts\Data\Administrator (Adware.MyWay) -> Quarantined and deleted successfully.

File infetti:
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP149\snapshot\MFEX-1.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP153\A0097762.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP153\A0097763.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP153\A0097764.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP153\A0097765.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP153\A0097772.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP153\A0097774.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP153\A0097776.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP153\A0097777.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP153\A0097779.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP153\A0097780.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP153\A0097782.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP153\A0097785.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP153\A0097786.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP153\A0097787.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP153\A0097794.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP153\A0097799.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP153\A0097793.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP153\A0097811.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP154\A0098258.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP154\A0098259.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP154\A0098294.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP154\A0098295.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP154\A0098296.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP154\A0098299.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP154\A0098301.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP154\A0098302.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP154\A0098304.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP154\A0098305.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP154\A0098306.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP154\A0098308.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP154\A0098312.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP154\A0098315.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP154\A0098316.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP154\A0098317.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP154\A0098322.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP154\A0098323.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP154\A0098327.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP154\A0098340.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP154\A0098344.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP154\A0098310.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{651DD12C-0842-4EFE-B477-A8BC4273B8EF}\RP154\A0098346.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\Programmi\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmi\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

SONO UN CASO GRAVE???A COSA SERVONO TUTTE STE PAROLEEEEEEEEE???ihihihihihihihih...scusatemi davvero ma l'arabo è niente in confronto...Brick wall
r16
Inviato: Friday, January 30, 2009 10:34:34 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121
Riavvia il pc
Rifai la scansione con Malwarebytes, e mi riposti il log.
Aspetto anche il log di Combofix.

pidue ha scritto:
r16 ha scritto:
Ciao.
Scarica ed installa MalwareBytes:


Mi sembra che la casinista ce l'abbia già. Guarda bene tra le righe.Whistle Whistle


Vero P2 ma se non lo posta....Anxious
49parallelo
Inviato: Friday, January 30, 2009 10:37:12 PM

Rank: AiutAmico

Iscritto dal : 12/23/2008
Posts: 83
scusate se mi intrometto...curiosavo per caso...oè sembra un campo di battaglia!!!!!!! il tuo pc ..
ciao
r16
Inviato: Friday, January 30, 2009 10:41:00 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
49parallelo ha scritto:
scusate se mi intrometto...curiosavo per caso...oè sembra un campo di battaglia!!!!!!! il tuo pc ..
ciao

E' tutto palco 49parallelo Drool
lacasinista
Inviato: Friday, January 30, 2009 10:43:48 PM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43
r 16 come faccio a dsattivare il mio antivirus???scusamiii nn ci capisco niente...Brick wall
r16
Inviato: Friday, January 30, 2009 10:54:00 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Non lo uso....
Prova a cliccare con il tasto destro sull'icona che c'è in basso vicino all'orologio, e vedi se trovi una voce tipo "disabilita.
Hai Disattivato il Ripristino Configurazione Sistema?
Trovato, leggi qui:
http://www.nod32.it/support/faq1.php?id=1093
lacasinista
Inviato: Friday, January 30, 2009 11:09:54 PM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43
r 16 sono stanchissima e dopo una giornata di studio nn ce la faccio piu'...possiamo vedere tutto domani?SONO ARRIVATA AL PROBLEMA DISATTIVARE ANTIVIRUS(una lumaca è pu' veloce)...

io ho il nod antivirus e c'è un tasto che dice "termina l'ambiente di lavoro di nod"...ma se termino poi lo posso far ripartire??boh...

ti ringrazio tantissimo Dancing

non mi abbandonare domaniiiiiiiiiiiii!!!Notte nottina
r16
Inviato: Friday, January 30, 2009 11:13:44 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Per disabilitare Nod leggi il link sopra.
E ripeto, Disattiva il ripristino configurazione di sistema. E Riavvia il pc. (è importante)
Buonanotte.
lacasinista
Inviato: Friday, January 30, 2009 11:18:13 PM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43
WOW!!!ok ho disattivato l'antivirus domani faccio tutto il resto !!!ti ringrazio di nuovo tantissimo ...spero di riuscire a fare tutto e a postarti tutto...Think

ciao ciaoAngel
lacasinista
Inviato: Saturday, January 31, 2009 12:34:11 PM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43
r 16 ho scaricato combofix ma mi dice che la versione è scaduta...Anxious cosa faccio??? nb:avevo seguito tutto passo per passo...
r16
Inviato: Saturday, January 31, 2009 12:54:07 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Disinstalla combofix in questo modo:
Start
Esegui
nella finestra di dialogo, digita (oppure, copia ed incolla) questo comando: Combofix /u e premi invio poi cancella le cartelle in "C" di combofix (qoobox)

Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Lo riscarichi da qui:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
lacasinista
Inviato: Saturday, January 31, 2009 9:15:32 PM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43
ciao!qesto è il log di combofix:

ComboFix 09-01-21.04 - Administrator 2009-01-31 16.13.39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.510.154 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active


ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\Uninstall Fun Web Products.dll
c:\windows\system32\Cache

.
((((((((((((((((((((((((( Files Creati Da 2008-12-28 al 2009-01-31 )))))))))))))))))))))))))))))))))))
.

2009-01-30 18:36 . 2009-01-30 19:07 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-01-30 18:36 . 2009-01-30 18:36 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-01-30 18:36 . 2009-01-30 18:36 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2009-01-30 18:36 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-30 18:36 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-30 17:39 . 2009-01-30 17:39 <DIR> d-------- c:\programmi\Trend Micro
2009-01-26 02:12 . 2009-01-31 12:28 <DIR> d-------- c:\programmi\SpeedBit Video Accelerator
2009-01-26 02:12 . 2009-01-26 02:12 172,032 --a------ c:\windows\system32\AniGIF.ocx
2009-01-14 17:08 . 2009-01-14 17:08 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org
2009-01-14 17:04 . 2009-01-14 17:04 <DIR> d-------- c:\programmi\OpenOffice.org 3
2009-01-14 17:04 . 2009-01-14 17:04 <DIR> d-------- c:\programmi\JRE
2009-01-14 17:03 . 2009-01-14 17:03 <DIR> d-------- c:\programmi\File comuni\Java
2008-12-15 13:40 . 2008-12-15 13:40 <DIR> d-------- c:\programmi\HiYo
2008-12-15 13:40 . 2008-12-15 13:40 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\HiYo
2008-12-15 13:40 . 2008-12-15 13:40 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\HiYo
2008-12-06 16:53 . 2008-12-06 16:53 <DIR> d-------- c:\windows\Sun
2008-12-06 16:48 . 2009-01-14 17:04 <DIR> d-------- c:\programmi\Java
2008-12-06 16:48 . 2008-12-06 16:48 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-06 16:48 . 2008-12-06 16:48 73,728 --a------ c:\windows\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-22 23:55 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Skype
2009-01-22 20:34 --------- d-----w c:\programmi\Launch Manager
2009-01-12 10:20 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-12-17 13:19 --------- d-----w c:\programmi\AdunanzA
2008-12-01 21:22 --------- d-----w c:\programmi\MSN Messenger
.

------- Sigcheck -------

2004-09-29 19:45 659456 5e44c65a8fdf34e023467b13c0305196 c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
2005-03-10 08:48 660480 c3bcd4313f62f6f22f06899fec77d725 c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
2005-03-10 10:04 1219072 03d7ee01102c11e2dbf18a7e9d40d84e c:\windows\system32\wininet.dll

2004-08-19 14:39 1883136 bdd34cf918b9133e03eea7633ba002b5 c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\programmi\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2007-09-24 57344]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"msnmsgr"="c:\programmi\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-05-20 98304]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-05-20 532480]
"acerWireless"="c:\programmi\acer\Wireless\Utility\WlanUtil.exe" [2004-06-09 417792]
"PRONoMgr.exe"="c:\programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2004-02-05 86016]
"LManager"="c:\programmi\Launch Manager\QtZgAcer.EXE" [2004-07-05 315392]
"PCMService"="c:\programmi\Aspire Arcade\PCMService.exe" [2004-03-25 81920]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2007-09-24 921600]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2005-06-06 2614496]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2007-09-14 267064]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-06-29 286720]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-06-23 61440]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-05 176128]
"HPHUPD05"="c:\programmi\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-12 49152]
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-02-02 495616]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-06 136600]
"Hiyo"="c:\programmi\HiYo\bin\HiYo.exe" [2008-12-10 300336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2004-08-19 137728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.0.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
Stardock ObjectDock.lnk - c:\windows\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 1826885]
Y'z ToolBar.lnk - c:\windows\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 90112]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-03-03 15:48 110592 c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.imc"= imc32.acm
"msacm.l3codecp"= l3codecp.acm
"VIDC.i263"= i263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 SMBHC;Driver del controller host del bus di gestione sistema Microsoft;c:\windows\system32\drivers\smbhc.sys [2007-09-24 6784]
R3 SMBBATT;Driver di Microsoft Smart Battery;c:\windows\system32\drivers\smbbatt.sys [2007-09-24 16128]
R4 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2004-06-01 10386]
R4 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2004-05-31 4054]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43299520-cb80-11dd-867b-000e3548f99f}]
\Shell\AutoRun\command - .\run\autorun.exe
\Shell\open\Command - .\run\autorun.exe
.
Contenuto della cartella 'Scheduled Tasks'

2008-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2009-01-31 c:\windows\Tasks\HP Usg Daily.job
- c:\programmi\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe [2004-01-07 06:05]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-FAST Defrag - (no file)


.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.speedbit.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\svo5kkn9.default\
FF - prefs.js: browser.search.selectedEngine - Google

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-31 16:14:11
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\LgNotify.dll
.
Ora fine scansione: 2009-01-31 16.15.39
ComboFix-quarantined-files.txt 2009-01-31 15:15:37

Pre-Run: 33.722.482.688 byte disponibili
Post-Run: 33,727,279,104 byte disponibili

177

se ho sbagliato qualcosa avvisami(molto probabile)Anxious
lacasinista
Inviato: Saturday, January 31, 2009 9:29:42 PM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43
ho appena riavviato il sistema e mi è comparsa una finestra con scritto:PROTEZIONE FILE DI WINDOWS(CONSERVARE LE VERSIONI NON RICONOSCIUTE DEI FILE?SI O NO?)...non ci capisco piu' niente...cmq se non sbaglio ora dovrei ri mandarti un nuovo log della scansione di malwerebytes...giusto??? :) HELP!!!
r16
Inviato: Saturday, January 31, 2009 9:55:43 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Cosa hai cliccato in risposta a quel messaggio?
Aspetto il log di Malwarebytes.
Poi posta un nuovo log di HJT.
lacasinista
Inviato: Saturday, January 31, 2009 10:12:50 PM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43
CIAOOOOO :)

allora...se clicco si mi dice:inserisci cd di windows xp bla bla bla ,se dico no:la stessa identica cosa...;il problema è che in nessun caso e spingendo qualsiasi tasto non và piu' via la finestra!!!è piccolina e la ho stampata in faccia anche adesso che ti sto scrivendo!:') e se faccio annulla dopo tre secondi mi ricompare la finestra :')

adesso ti posto il log di malwerebytes (appena finisce)...

grazie infinite
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.