Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Winupgro.exe, aiuto!!!!!!!!!! Opzioni
maximetto
Inviato: Sunday, January 24, 2010 6:29:47 PM
Rank: AiutAmico

Iscritto dal : 4/7/2009
Posts: 35
Un saluto a tutti, e proprio a tutti chiedo come posso eliminare Winupgro.exe, sicuramente causa dei miei problemi.
All' improvviso il pc si è riavviato da solo e un' applicazione cercava di avviarsi in automatico.
gliel' ho impedito fino a che Malewarebyte ha funzionato ma credo di non esserci riuscito.
Si è prima sostituita ad un' applicazione di TuneUp e dopo che l'ho disinstallato ha fatto la steassa cosa con activeSync.
Ho disinstallato anche questo ed ora dopo una ricerca l' ho ritovato in una cartella nella directory C\: Fik\Tools\Winupgro.exe.
Ringrazio tutti anticipatamente!!!!!
Maximetto
Sponsor
Inviato: Sunday, January 24, 2010 6:29:47 PM

 
shapiro
Inviato: Sunday, January 24, 2010 6:39:46 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

Winupgro.exe e' una delle infezioni del virus bagle

disattiva il ripristino

scarica

http://dc108.4shared.com/download/75022994/b07bff/FindyKill.exe?tsid=20090209-102651-de3379fb

Una volta installato chiudi tutte le applicazioni attive e disconnettiti dal internet, poi clicca sull'icona di FindyKill e nella finestra dos che si aprirà scrivi 2 e premi Invio. Attendi il termine della scansione e posta qui il log che trovi in C:\FindyKill.txt
maximetto
Inviato: Sunday, January 24, 2010 6:54:08 PM
Rank: AiutAmico

Iscritto dal : 4/7/2009
Posts: 35

############################## | FindyKill V5.027 |

# User : Deborah (Administrators) # DEBORAH-0A0C5C7
# Update on 21/01/2010 by El Desaparecido
# Start at: 18.48.14 | 24/01/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# Intel(R) Pentium(R) 4 CPU 3.20GHz
# Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1368 [VPS 100124-0] 4.8.1368 [ Enabled | Updated ]

# A:\ # Disco floppy, 3,5 pollici
# C:\ # Disco rigido locale # 149,05 Go (74,21 Go free) # NTFS
# D:\ # Disco CD-ROM
# E:\ # Disco CD-ROM

############################## | Active Processes |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | C: |


################## | C:\WINDOWS |


################## | C:\WINDOWS\Prefetch |


################## | C:\WINDOWS\system32 |


################## | C:\WINDOWS\system32\drivers |


################## | C:\Documents and Settings\Deborah\Dati applicazioni |


################## | Other deleting ... |

################## | Temporary Internet Files |


################## | Registry |


################## | Crack > Keygen > Serial |


################## | State |

# Safe boot mode : OK


# Showing of hidden files : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | PEH |


################## | End of Report # FindyKill V5.027 ! |

Spero di aver fatto tutto bene!
maximetto
Inviato: Sunday, January 24, 2010 7:43:22 PM
Rank: AiutAmico

Iscritto dal : 4/7/2009
Posts: 35
Se può essere d' aiuto posto il log di ComboFix

ComboFix 10-01-23.06 - Deborah 24/01/2010 19.14.10.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2047.1552 [GMT 1:00]
Eseguito da: c:\documents and settings\Deborah\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100124-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\LOG.TXT

.
((((((((((((((((((((((((( Files Creati Da 2009-12-24 al 2010-01-24 )))))))))))))))))))))))))))))))))))
.

2010-01-24 16:43 . 2010-01-24 17:53 -------- d-----w- C:\FyK
2010-01-24 15:47 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-24 15:47 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-24 15:47 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-24 15:47 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-24 15:47 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-24 15:47 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-24 15:47 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-24 15:47 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-24 15:47 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-24 13:39 . 2010-01-24 13:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\F-Secure
2010-01-24 12:57 . 2010-01-24 12:57 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2010-01-24 12:57 . 2009-11-16 11:25 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-24 12:57 . 2010-01-24 12:57 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-01-24 12:57 . 2010-01-24 12:57 -------- d-----w- c:\programmi\TuneUp Utilities 2009
2010-01-21 17:08 . 2004-08-04 07:34 39018 ----a-r- c:\windows\system32\hsfci011.dll
2010-01-21 17:07 . 2004-03-17 04:00 86016 ----a-r- c:\windows\system32\mdmxsdk.dll
2010-01-21 17:07 . 2004-03-17 04:04 13059 ----a-r- c:\windows\system32\drivers\mdmxsdk.sys
2010-01-21 17:07 . 2004-09-29 07:35 219136 ----a-r- c:\windows\system32\drivers\HSFHWBS2.sys
2010-01-21 17:07 . 2004-09-29 07:34 702592 ----a-r- c:\windows\system32\drivers\HSF_CNXT.sys
2010-01-21 17:07 . 2004-09-29 07:33 1036928 ----a-r- c:\windows\system32\drivers\HSF_DP.sys
2010-01-19 16:51 . 2010-01-19 16:51 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-19 16:50 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-19 16:50 . 2010-01-19 16:50 -------- d-----w- C:\32c3867d539700cf438450
2010-01-19 16:50 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-19 16:50 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-19 16:50 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-19 16:50 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-19 16:50 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-19 16:50 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-19 16:50 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-19 16:50 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-01-18 10:42 . 2010-01-18 10:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Drivers HeadQuarters
2010-01-09 16:31 . 2010-01-09 16:31 -------- d-----w- c:\documents and settings\Deborah\Impostazioni locali\Dati applicazioni\PCHealth
2010-01-09 16:30 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-08 16:48 . 2010-01-08 16:48 79488 ----a-w- c:\documents and settings\Deborah\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-08 16:40 . 2010-01-08 16:41 -------- d-----w- c:\programmi\File comuni\Adobe
2010-01-07 20:04 . 2010-01-07 20:04 -------- d-----w- c:\programmi\QuickTime
2010-01-07 20:02 . 2010-01-07 20:02 -------- d-----w- c:\programmi\File comuni\Apple
2010-01-07 20:02 . 2010-01-07 20:02 -------- d-----w- c:\programmi\Apple Software Update
2010-01-07 20:02 . 2010-01-07 20:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2010-01-03 09:56 . 2010-01-03 09:56 -------- d-----w- c:\documents and settings\Deborah\Dati applicazioni\Media Player Classic
2010-01-03 09:47 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2010-01-03 09:47 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-01-03 09:47 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-01-03 09:47 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-01-03 09:47 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2010-01-03 09:47 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2010-01-03 09:47 . 2009-12-11 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-01-03 09:47 . 2010-01-03 09:50 -------- d-----w- c:\programmi\K-Lite Codec Pack
2010-01-02 20:28 . 2010-01-02 20:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\vsosdk
2010-01-02 19:50 . 2010-01-02 19:50 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-02 19:50 . 2010-01-02 19:50 47360 ----a-w- c:\documents and settings\Deborah\Dati applicazioni\pcouffin.sys
2010-01-02 19:50 . 2010-01-03 09:11 -------- d-----w- c:\documents and settings\Deborah\Dati applicazioni\Vso
2010-01-02 19:50 . 2009-09-02 20:58 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-01-02 19:50 . 2009-09-02 20:58 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-01-02 19:50 . 2009-09-02 20:58 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-01-02 19:50 . 2009-09-02 20:58 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-01-02 19:50 . 2009-09-02 20:58 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-01-02 19:50 . 2009-09-02 20:58 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-01-02 19:50 . 2009-09-02 20:57 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-01-02 19:50 . 2010-01-02 19:50 -------- d-----w- c:\programmi\VSO
2009-12-28 20:33 . 2009-12-28 20:33 -------- d-----w- c:\documents and settings\Deborah\Dati applicazioni\Playrix Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 15:47 . 2009-04-13 17:50 -------- d-----w- c:\programmi\Alwil Software
2010-01-24 12:56 . 2009-04-14 19:59 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\{55A29068-F2CE-456C-9148-C869879E2357}
2010-01-24 10:50 . 2009-12-12 19:52 -------- d-----w- c:\documents and settings\Deborah\Dati applicazioni\GameHouse
2010-01-22 11:23 . 2009-04-13 16:02 77296 ----a-w- c:\documents and settings\Deborah\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-21 17:13 . 2009-05-04 18:02 -------- d-----w- c:\programmi\FaxTalk Communicator
2010-01-21 17:07 . 2009-04-15 16:05 -------- d-----w- c:\programmi\CONEXANT
2010-01-20 08:34 . 2004-08-19 12:00 85132 ----a-w- c:\windows\system32\perfc010.dat
2010-01-20 08:34 . 2004-08-19 12:00 492266 ----a-w- c:\windows\system32\perfh010.dat
2010-01-19 16:51 . 2009-04-17 14:14 -------- d-----w- c:\programmi\MSBuild
2010-01-08 17:04 . 2009-04-13 19:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-08 17:02 . 2009-11-04 08:53 152576 ----a-w- c:\documents and settings\Deborah\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-08 16:37 . 2009-09-10 13:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2010-01-08 16:36 . 2009-04-13 19:30 -------- d-----w- c:\programmi\Java
2010-01-07 20:04 . 2009-08-20 12:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2010-01-03 09:41 . 2009-04-15 15:34 -------- d-----w- c:\programmi\DivX
2009-12-30 11:33 . 2009-09-13 16:55 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-25 18:24 . 2009-12-14 20:36 24 ----a-w- c:\windows\popcinfo.dat
2009-12-21 19:06 . 2004-08-19 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-18 12:55 . 2009-12-18 12:53 -------- d-----w- c:\documents and settings\Deborah\Dati applicazioni\DeepVoyage
2009-12-14 20:18 . 2009-12-14 20:17 -------- d-----w- c:\documents and settings\Deborah\Dati applicazioni\7Wonders
2009-12-10 17:13 . 2009-12-10 17:13 722192 ----a-w- c:\windows\system32\VB40032.DLL
2009-12-10 12:57 . 2009-12-07 15:37 -------- d-----w- c:\documents and settings\Deborah\Dati applicazioni\Zylom
2009-12-10 12:56 . 2009-12-07 15:37 -------- d-----w- c:\programmi\Zylom Games
2009-12-07 15:37 . 2009-12-07 15:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Zylom
2009-12-07 10:59 . 2009-12-07 10:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SugarGames
2009-12-07 10:38 . 2009-04-13 16:31 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-12-07 07:05 . 2009-08-20 12:24 -------- d-----w- c:\programmi\File comuni\Real
2009-12-07 07:05 . 2009-12-07 07:05 -------- d-----w- c:\programmi\File comuni\xing shared
2009-12-06 19:54 . 2009-12-06 19:54 -------- d-----w- c:\programmi\DIFX
2009-12-02 17:11 . 2009-06-21 15:33 -------- d-----w- c:\programmi\Unlocker
2009-12-01 20:15 . 2009-12-01 20:15 73728 ----a-w- c:\windows\ALCFDRTM.EXE
2009-11-29 15:53 . 2009-11-29 15:53 -------- d-----w- c:\programmi\DevGuru
2009-11-25 18:15 . 2009-11-25 18:15 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-21 15:54 . 2004-08-19 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-06 17:15 . 2009-10-06 17:15 0 ----a-w- c:\programmi\pspbrwse.jbf
.

((((((((((((((((((((((((((((( SnapShot@2010-01-24_15.13.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-24 18:12 . 2010-01-24 18:12 16384 c:\windows\Temp\Perflib_Perfdata_e8.dat
+ 2010-01-24 18:12 . 2010-01-24 18:12 16384 c:\windows\Temp\Perflib_Perfdata_608.dat
+ 2010-01-24 15:19 . 2010-01-24 15:19 262144 c:\windows\system32\config\systemprofile\NtUser.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\programmi\IncrediMail\bin\IncMail.exe" [2009-03-31 251264]
"ATnotes.exe"="c:\programmi\ATnotes\ATnotes.exe" [2005-01-05 1015808]
"TuneUp MemOptimizer"="c:\programmi\TuneUp Utilities 2009\MemOptimizer.exe" [2009-11-16 163144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"SoundMan"="SOUNDMAN.EXE" [2005-06-21 90112]
"AlcWzrd"="ALCWZRD.EXE" [2005-07-13 2806272]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2010-01-08 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Deborah\Menu Avvio\Programmi\Esecuzione automatica\
MagicCursor2000 v2.2.1.1.lnk - c:\programmi\Madentec Limited\MagicCursor 2000\MagicCursor2000.exe [2009-4-13 753153]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"PinnacleDriverCheck"=c:\windows\system32\PSDrvCheck.exe -CheckReg
"Pinnacle WebUpdater"="c:\programmi\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe"
"OODefragTray"=c:\windows\system32\oodtray.exe
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24/01/2010 16.47.52 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/01/2010 16.47.52 20560]
R3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\system32\drivers\3xHybrid.sys [15/04/2009 16.34.17 827008]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/04/2009 12.38.18 721904]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [15/04/2009 16.46.40 45312]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [15/04/2009 16.46.40 55936]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-24 c:\windows\Tasks\Manutenzione in 1 clic.job
- c:\programmi\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 16:38]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/
uInternet Connection Wizard,ShellNext = "c:\programmi\Outlook Express\msimn.exe" //eml:F:\avast! Registration.eml
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Deborah\Dati applicazioni\Mozilla\Firefox\Profiles\h63wdhyv.default\
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-connections-per-server - 8
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-24 19:18
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="63C49C4C45F25418D3114480493E5EF14BF819F3BBF9E79BE5095181309C162E5FFC5E560541DDD0954863A2EA9DC70F0D65B50A8135B3731AFDF0F2F26C39F90960189AB4628A535F3D47FEC61B78F227C6FA189081F46ED30A5BDD41313132A8ADA3274A9047FABC6E15C7E3BF75AE8777F593A4D5E8F50006269E27EC1531CBDC41DCC17C23B7FB8DD305CC87E8E55B0717C8781BF18150FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A2D97226D213B5555D575E7D6A3B98080A691F06E6B31B749AB22B8F83FA38FC4B0635691997D9ED2F0E7810B379054F6C13FCE7B1634B4ED2315092C27A2F173B318D5C315CD4C7C1E9B72B02CD7DEA4734DC8B5E715D0AC46896C152153C47F1774CF2D68B5E8FBB884EDBB11651D8032CBC96205E71EFB6A342F0D1054F55B32B9A53B737DFADFCE3EB38A0DBFC42BFC16FAFA1CD368B248FE9F8D9A56F4EF78374A7F81652529B5D915A9C5190984F9B1C03FE0A722D3EBF7B3674FB3705EB9AAA9C308246EE61379563EAC8B00E3747BD3FCA00FEE9E626340A1DAC540E6F6E626668FCDE394B99A07343BB14983334A11908404918B51FA9D748008AC118E114B620A7522C8B8F32B2D24509743237ECC7B0FE51D5F7E5430BDA662E3E2E3A8D4ACC49ED8485881A4A38A3EE21D5889407B1162F812B9D3B8CAF702A642DA3EDDDD24D8EC5D5577F6B87BDB96175C463976C0209C103CA244F9454FD5946ABABB38FC2A935C835DB46C91AF13C1B6D793B35E31EFBE8D5DF48CAEBB905DEC40E1050DA45DDDF3BFC12F964B37D8464C7BA5681BE5D768E266F08B406160FC3B2BCD76D7D8CCFE9040B88EC3034257317E08A4151577BA4044078511BFD22E58A885EF500D4032567EC5927AA31A3C780FE86B1CD9B7B2E58BD3887C8701AC759458E14910D1733F0FCC42CFB8F5AEF73666B8443A42F24566ADA4070E7AA6CB9C6070809CDDCC03E0117B510A7D6623370540DD02E016486D0650B09A03D3A16685BBB52765A5B41440F256699DD755578CD452DB611AF457B51199B1C6CFA310792376CA8C9F8401462FD9548E3E746DED8492083B2AB41FB0DBFC8200B5E1F84272CE9CA97EE53433869C35B93584305E9DA899DECE27F687BF940B41D75C84688EBF107E4F869A92D312EBC4CCADF54EB5E584F7BC057D6F1E34927DAB6E9361A6DC04B083744A14FC6251DA0A903B83BDC92AACE18F2E63AC1BE09AFFD94C231CA25490BACF988253D0D6ED74067A0A6035281091ED3B613F68D303D082E5C9B4582F72B41F2C2254D5C68E9BE9A01F521C3EE826B4DEB2E103A345878EDF7953ED012D93F6F353C52A10787B981D0E02DA7CC477E08AE3139D8F309D36012543C99"
.
Ora fine scansione: 2010-01-24 19:20:07
ComboFix-quarantined-files.txt 2010-01-24 18:20
ComboFix2.txt 2010-01-24 15:44

Pre-Run: 79.638.564.864 byte disponibili
Post-Run: 79.598.055.424 byte disponibili

- - End Of File - - 04649FE4C9C6FFD82DE5ADD78978C84F


Premetto che prima di iniziare la scanzione mi ha dato questo avviso:

!!Warning!!
CD-emulation drivers are running on this machine.
ComboFix nedds to temporarily disable them.



Confermo e inizia il controllo.




Non so se è importante, ma al riavvio facendo un controllo del pc con TuneUp utility, ho notato che erano attivate la funzione di accesso secondario e le condivisioni di amministratore
e il numero di connessioni stabilite era reimpostato. Rimetto tutto in ordine sempre con tuneup e al successivo riavvio è tutto a posto.


Spero serva!
shapiro
Inviato: Sunday, January 24, 2010 8:46:08 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
non riesco a vedere questo Winupgro.exe , di solito findikyll lo rileva

nemmeno combofix rileva niente del bagle

prova ad eliminarlo manualmente se e' veramente nel pc

abilita la visualizzazione dei file nascosti (apri una cartella qualsiasi, vai su Strumenti--> Opzioni cartella--> Visualizzazione e spunta Visualizza file e cartelle nascosti


segui il percorso che hai dato ed eliminalo

C\: Fik\Tools\Winupgro.exe
maximetto
Inviato: Monday, January 25, 2010 9:48:19 AM
Rank: AiutAmico

Iscritto dal : 4/7/2009
Posts: 35
Ho eliminato tutta la cartella, che fino a ieri mattina non esisteva proprio.
Ho ripulito il pc prima con tuneup poi con ccleaner 2 volte alla fine ho provato a cercare il malvagio con la funzione cerca e
sembra sia sparito.
Una domanda:
Possibile che le impostazioni di amministratore e accesso secondario le cambiasse combofix per la scanzione ?

Se può servire, stamattina avast si è aggiornato regolarmente. (Premetto che l' ho reinstallato da cd winmagazine, quindi nuovo di zecca)

Se ti viene in mente qualcosa, accetto con piacere i tuoi consigli.

Grazie!
shapiro
Inviato: Monday, January 25, 2010 8:52:42 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
maximetto

ho sbagliato post Drool scusa

tra un po' sono anche da te

maximetto
Inviato: Tuesday, January 26, 2010 6:15:11 PM
Rank: AiutAmico

Iscritto dal : 4/7/2009
Posts: 35
Quando torni, mi daresti una controllata al log di Hijack ?
Grazie!!!




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.08.15, on 26/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\ATnotes\ATnotes.exe
C:\Programmi\TuneUp Utilities 2009\MemOptimizer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programmi\IncrediMail\bin\IMApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Click-N-Type\Click-N-Type.exe
C:\Programmi\Madentec Limited\MagicCursor 2000\MagicCursor2000.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe" //eml:F:\avast! Registration.eml
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ATnotes.exe] C:\Programmi\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programmi\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicCursor2000 v2.2.1.1.lnk = C:\Programmi\Madentec Limited\MagicCursor 2000\MagicCursor2000.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239646859796
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6953 bytes
shapiro
Inviato: Tuesday, January 26, 2010 7:15:41 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
hai installato tu questi programmi?

Click-N-Type

Madentec Limited


fai questo controllo da modalita' provvisoria , vediamo se realmente il bagle non e' nel pc

scarica http://www.zonavirus.com/datos/descargas/95/elibagla.asp

lancia il programma e spunta '' ELIMINAR FICHEROS AUTOMATICAMENTE''

clicca su EXPLORAR per avviare la scansione


quando avra' finito vai in C:\ . salva il log e postalo
maximetto
Inviato: Tuesday, January 26, 2010 8:26:21 PM
Rank: AiutAmico

Iscritto dal : 4/7/2009
Posts: 35
Si, fanno usare il pc a mia moglie disabile.

Ecco il log



(26-1-2010 18:55:26)
EliBagle v13.47 (c)2010 S.G.H. / Satinfo S.L. (Actualizado el 22 de Enero del 2010)

Lista de Acciones (por Acción Directa):

(26-1-2010 18:55:32)
EliBagle v13.47 (c)2010 S.G.H. / Satinfo S.L. (Actualizado el 22 de Enero del 2010)

Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 6692
Nº Total de Ficheros: 69128
Nº de Ficheros Analizados: 13376
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0


Spero bene!
shapiro
Inviato: Tuesday, January 26, 2010 10:16:25 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
MAXIMETTO

per cortesia mi faresti nuovamente la scansione con malwarebytes?

aggiorna il programma prima di avviare la scansione che dovra' essere completa
maximetto
Inviato: Wednesday, January 27, 2010 2:00:54 PM
Rank: AiutAmico

Iscritto dal : 4/7/2009
Posts: 35
Malwarebytes' Anti-Malware 1.44
Versione del database: 3644
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27/01/2010 14.01.30
mbam-log-2010-01-27 (14-01-30).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 182296
Tempo trascorso: 55 minute(s), 29 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)




Che pensi ?
fdaccc
Inviato: Wednesday, January 27, 2010 3:21:56 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
non ha trovato nessuna infezione, buon per te =)
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.