il pc si spegne - Sicurezza VIRUS - Aiutamici Forum

Aiutamici Forum

Benvenuto Ospite

Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » il pc si spegne

2 pages: [1] 2

il pc si spegne

Opzioni

Topic Precedente · Topic Sucessivo

disel

Inviato: Sunday, January 02, 2011 12:03:26 AM

Rank: AiutAmico

Iscritto dal : 5/28/2008
Posts: 55

Avira ha segnalato un virus,ma al tentativo di controllare il pc si spegne e si riavvia da solo, ma quando termina di caricare, si rispegne.
Ho fatto ripartire in modalità provvisoria e fatta la scansione con avira che ha trovato una serie di troiani e un virus, ho disattivato il ripristino della configurazione e riavviato, ma continua a spegnersi. Sto rifacendo la scansione in modalità provvisoria, che altro potrei fare?

Sponsor

Inviato: Sunday, January 02, 2011 12:03:26 AM

meme1580

Inviato: Sunday, January 02, 2011 11:01:27 AM

Rank: AiutAmico

Iscritto dal : 3/25/2008
Posts: 170

Riesci a postare un log hijackthis??

disel

Inviato: Sunday, January 02, 2011 1:48:17 PM

Rank: AiutAmico

Iscritto dal : 5/28/2008
Posts: 55

scusa il ritardo
nell'ultima scansione avira non ha rilevato niente, ma continua a spegnersi e ripartire

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13.40.56, on 02/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
H:\AUP_Hijack\PortableApps\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=stonicit&s={searchTerms}&f=4
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programmi\facemoods.com\facemoods\1.4.17.1\bh\facemoods.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_16\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Programmi\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programmi\facemoods.com\facemoods\1.4.17.1\facemoodsTlbr.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [bgsmsnd.exe] C:\WINDOWS\system32\bgsmsnd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_16\bin\jusched.exe"
O4 - HKLM\..\Run: [facemoods] "C:\Programmi\facemoods.com\facemoods\1.4.17.1\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_16\bin\npjpi150_16.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_16\bin\npjpi150_16.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1288550720534
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Programmi\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8484 bytes

r16

Inviato: Sunday, January 02, 2011 2:00:57 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Commenta:

ho disattivato il ripristino della configurazione

Questo è stato un errore.
Più che HijackThis, servirebbero i log di Avira, per capire che tipo di infezione aveva il pc.

meme1580

Inviato: Sunday, January 02, 2011 2:03:56 PM

Rank: AiutAmico

Iscritto dal : 3/25/2008
Posts: 170

cominciamo, hai diverse toolbar che ti consiglio di disinstallare:

Commenta:

Toolbar: Nero Toolbar
Toolbar: Ask Toolbar
Toolbar: facemoods Toolbar

Prima disinstallale con il metodo classico:
Start>pannello di controllo>installazione applicazioni

Dopo averle disinstallate se compaiono ancora fixa queste voci:

Commenta:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=stonicit&s={searchTerms}&f=4
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Programmi\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programmi\facemoods.com\facemoods\1.4.17.1\facemoodsTlbr.dll

Fixa anche le seguenti voci:

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [facemoods] "C:\Programmi\facemoods.com\facemoods\1.4.17.1\facemoodssrv.exe" /md I

Scarica malwarebytes antimalware, installalo, AGGIORNALO, fai una scansione completa,rimuovi le eventuli minacce.

Posta i log avira, Malwarebyte's e hijack

meme1580

Inviato: Sunday, January 02, 2011 2:11:03 PM

Rank: AiutAmico

Iscritto dal : 3/25/2008
Posts: 170

chiedo scusa a r16 stavo rispondendo insieme a lui.

disel

Inviato: Sunday, January 02, 2011 2:20:59 PM

Rank: AiutAmico

Iscritto dal : 5/28/2008
Posts: 55

grazie, mentre faccio il resto posto il log di avira

Avira AntiVir Personal
Report file date: sabato 1 gennaio 2011 22:17

Scanning for 2313669 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Safe mode
Username : Administrator
Computer name : GIORGIO-D14C30F

Version information:
BUILD.DAT : 10.0.0.609 31824 Bytes 13/12/2010 09:43:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 10/12/2010 20:43:31
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 12:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 10/12/2010 20:43:31
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 20:20:53
VBASE002.VDF : 7.11.0.1 2048 Bytes 14/12/2010 20:20:53
VBASE003.VDF : 7.11.0.2 2048 Bytes 14/12/2010 20:20:53
VBASE004.VDF : 7.11.0.3 2048 Bytes 14/12/2010 20:20:53
VBASE005.VDF : 7.11.0.4 2048 Bytes 14/12/2010 20:20:53
VBASE006.VDF : 7.11.0.5 2048 Bytes 14/12/2010 20:20:53
VBASE007.VDF : 7.11.0.6 2048 Bytes 14/12/2010 20:20:53
VBASE008.VDF : 7.11.0.7 2048 Bytes 14/12/2010 20:20:53
VBASE009.VDF : 7.11.0.8 2048 Bytes 14/12/2010 20:20:53
VBASE010.VDF : 7.11.0.9 2048 Bytes 14/12/2010 20:20:53
VBASE011.VDF : 7.11.0.10 2048 Bytes 14/12/2010 20:20:53
VBASE012.VDF : 7.11.0.11 2048 Bytes 14/12/2010 20:20:54
VBASE013.VDF : 7.11.0.52 128000 Bytes 16/12/2010 20:20:54
VBASE014.VDF : 7.11.0.91 226816 Bytes 20/12/2010 20:22:34
VBASE015.VDF : 7.11.0.122 136192 Bytes 21/12/2010 20:35:08
VBASE016.VDF : 7.11.0.156 122880 Bytes 24/12/2010 23:39:17
VBASE017.VDF : 7.11.0.185 146944 Bytes 27/12/2010 20:23:57
VBASE018.VDF : 7.11.0.228 132608 Bytes 30/12/2010 21:42:22
VBASE019.VDF : 7.11.0.229 2048 Bytes 30/12/2010 21:42:22
VBASE020.VDF : 7.11.0.230 2048 Bytes 30/12/2010 21:42:22
VBASE021.VDF : 7.11.0.231 2048 Bytes 30/12/2010 21:42:22
VBASE022.VDF : 7.11.0.232 2048 Bytes 30/12/2010 21:42:22
VBASE023.VDF : 7.11.0.233 2048 Bytes 30/12/2010 21:42:23
VBASE024.VDF : 7.11.0.234 2048 Bytes 30/12/2010 21:42:23
VBASE025.VDF : 7.11.0.235 2048 Bytes 30/12/2010 21:42:23
VBASE026.VDF : 7.11.0.236 2048 Bytes 30/12/2010 21:42:23
VBASE027.VDF : 7.11.0.237 2048 Bytes 30/12/2010 21:42:23
VBASE028.VDF : 7.11.0.238 2048 Bytes 30/12/2010 21:42:23
VBASE029.VDF : 7.11.0.239 2048 Bytes 30/12/2010 21:42:23
VBASE030.VDF : 7.11.0.240 2048 Bytes 30/12/2010 21:42:23
VBASE031.VDF : 7.11.0.247 33792 Bytes 31/12/2010 18:24:49
Engineversion : 8.2.4.134
AEVDF.DLL : 8.1.2.1 106868 Bytes 02/08/2010 15:09:54
AESCRIPT.DLL : 8.1.3.51 1286524 Bytes 30/12/2010 21:42:41
AESCN.DLL : 8.1.7.2 127349 Bytes 23/11/2010 20:16:38
AESBX.DLL : 8.1.3.2 254324 Bytes 23/11/2010 20:16:42
AERDL.DLL : 8.1.9.2 635252 Bytes 03/11/2010 20:51:51
AEPACK.DLL : 8.2.4.7 512375 Bytes 30/12/2010 21:42:32
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 23/11/2010 20:16:38
AEHEUR.DLL : 8.1.2.60 3158392 Bytes 30/12/2010 21:42:31
AEHELP.DLL : 8.1.16.0 246136 Bytes 04/12/2010 22:32:04
AEGEN.DLL : 8.1.5.0 397685 Bytes 04/12/2010 22:32:03
AEEMU.DLL : 8.1.3.0 393589 Bytes 23/11/2010 20:16:28
AECORE.DLL : 8.1.19.0 196984 Bytes 04/12/2010 22:32:02
AEBB.DLL : 8.1.1.0 53618 Bytes 02/08/2010 15:09:48
AVWINLL.DLL : 10.0.0.0 19304 Bytes 02/08/2010 15:09:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 02/08/2010 15:09:55
AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 14:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 02/08/2010 15:09:55
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 10/12/2010 20:43:31
AVARKT.DLL : 10.0.22.6 231784 Bytes 10/12/2010 20:43:29
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 02/08/2010 15:09:55
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 14:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 02/08/2010 15:09:56
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 14:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 13:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 02/08/2010 15:10:08

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Programmi\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, F:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: sabato 1 gennaio 2011 22:17

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '59' Module(s) have been scanned
Scan process 'avcenter.exe' - '92' Module(s) have been scanned
Scan process 'Explorer.EXE' - '79' Module(s) have been scanned
Scan process 'svchost.exe' - '65' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'lsass.exe' - '48' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '58' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!
The registry was scanned ( '1707' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\Programmi\eMule\Incoming\chiave attivazione cyberlink powerdvd ultra 3d v10.0.1516.exe
[DETECTION] Is the TR/Drop.Agent.OJ Trojan
C:\RECYCLER\S-1-5-21-448539723-884357618-725345543-1004\Dc31.rar
[0] Archive type: RAR
[DETECTION] Is the TR/Autoit.929618 Trojan
--> Setup.exe
[1] Archive type: AutoIt
--> xampp\htdocs\bundle\source\WebFetti_MWF_SweetIM.exe
[2] Archive type: AutoIt
--> Program Files\AutoIt3\My\NeverBlue\MultiBundle\webface_sub1900.exe
--> Program Files\AutoIt3\My\NeverBlue\MultiBundle\SweetIMSU_Sub1752.exe
[DETECTION] Is the TR/Autoit.929618 Trojan
--> Program Files\AutoIt3\My\NeverBlue\SweetIM\idwbho2.dll
[DETECTION] Is the TR/BHO.afwt Trojan
--> Program Files\AutoIt3\My\NeverBlue\MultiBundle\WebFetti_sub1427.exe
[DETECTION] Contains recognition pattern of the DR/Click.AutoIt.Q.9 dropper
--> keygen\keygen.exe
[DETECTION] Is the TR/Genome.bjgv Trojan
C:\RECYCLER\S-1-5-21-448539723-884357618-725345543-1004\Dc30.0\Setup.exe
[0] Archive type: AutoIt
[DETECTION] Is the TR/Autoit.929618 Trojan
--> xampp\htdocs\bundle\source\WebFetti_MWF_SweetIM.exe
[1] Archive type: AutoIt
--> Program Files\AutoIt3\My\NeverBlue\MultiBundle\webface_sub1900.exe
--> Program Files\AutoIt3\My\NeverBlue\MultiBundle\SweetIMSU_Sub1752.exe
[DETECTION] Is the TR/Autoit.929618 Trojan
--> Program Files\AutoIt3\My\NeverBlue\SweetIM\idwbho2.dll
[DETECTION] Is the TR/BHO.afwt Trojan
--> Program Files\AutoIt3\My\NeverBlue\MultiBundle\WebFetti_sub1427.exe
[DETECTION] Contains recognition pattern of the DR/Click.AutoIt.Q.9 dropper
C:\RECYCLER\S-1-5-21-448539723-884357618-725345543-1004\Dc30.0\keygen\keygen.exe
[DETECTION] Is the TR/Genome.bjgv Trojan
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!
Begin scan in 'F:\' <Volume>
F:\PROG-INS\cimatron9\CimatronE.v9.0.SP1.READNFO-CAXiSO.zip
[0] Archive type: ZIP
[DETECTION] Is the TR/Spy.ZBot.13 Trojan
--> crack/regHasp.exe
[DETECTION] Is the TR/Spy.ZBot.13 Trojan
F:\PROG-INS\cimatron9\CimatronE.v9.0.SP1.READNFO-CAXiSO\crack\regHasp.exe
[DETECTION] Is the TR/Spy.ZBot.13 Trojan

Beginning disinfection:
F:\PROG-INS\cimatron9\CimatronE.v9.0.SP1.READNFO-CAXiSO\crack\regHasp.exe
[DETECTION] Is the TR/Spy.ZBot.13 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4fc00fc3.qua'.
F:\PROG-INS\cimatron9\CimatronE.v9.0.SP1.READNFO-CAXiSO.zip
[DETECTION] Is the TR/Spy.ZBot.13 Trojan
[NOTE] The file was moved to the quarantine directory under the name '575d2068.qua'.
C:\RECYCLER\S-1-5-21-448539723-884357618-725345543-1004\Dc30.0\keygen\keygen.exe
[DETECTION] Is the TR/Genome.bjgv Trojan
[NOTE] The file was moved to the quarantine directory under the name '05167a8e.qua'.
C:\RECYCLER\S-1-5-21-448539723-884357618-725345543-1004\Dc30.0\Setup.exe
[DETECTION] Contains recognition pattern of the DR/Click.AutoIt.Q.9 dropper
[NOTE] The file was moved to the quarantine directory under the name '632a354c.qua'.
C:\RECYCLER\S-1-5-21-448539723-884357618-725345543-1004\Dc31.rar
[DETECTION] Is the TR/Genome.bjgv Trojan
[NOTE] The file was moved to the quarantine directory under the name '266f1871.qua'.
C:\Programmi\eMule\Incoming\chiave attivazione cyberlink powerdvd ultra 3d v10.0.1516.exe
[DETECTION] Is the TR/Drop.Agent.OJ Trojan
[NOTE] The file was moved to the quarantine directory under the name '59ae2a19.qua'.

End of the scan: sabato 1 gennaio 2011 23:30
Used time: 1:10:21 Hour(s)

The scan has been done completely.

9660 Scanned directories
747500 Files were scanned
11 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
6 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
747487 Files not concerned
18441 Archives were scanned
2 Warnings
6 Notes

r16

Inviato: Sunday, January 02, 2011 3:09:12 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

meme1580 ha scritto:

chiedo scusa a r16 stavo rispondendo insieme a lui.

Ma che scuse!!!! Drool

Drool

Ci mancherebbe, pure che mi "indispettissi" per queste cazzate.
Anzi meme1580, visto che io sono arrivato prima, perchè non ho neanche guardato il log di HJt, continua tu.

@disel :
Con tutti quei crack e Keygen che hai scaricato da E-mule, non ti meravigliare, se un giorno, il pc "esplode". Whistle

Whistle

meme1580

Inviato: Sunday, January 02, 2011 3:35:52 PM

Rank: AiutAmico

Iscritto dal : 3/25/2008
Posts: 170

concordo con r16, tutti quei crack è keygen sono una distruzione per il pc.

Aspetto le altre operazioni.

disel

Inviato: Sunday, January 02, 2011 3:51:05 PM

Rank: AiutAmico

Iscritto dal : 5/28/2008
Posts: 55

spero di avere fatto tutto correttamente, non ho potuto aggiornare Malwarwbites perchè in modalità provvisoria non riesco a connetermi(o non so fare).Come vedrai ha trovato una chiave infetta che è stata rimossa. A r16 domando dove e come riesce a vedere quello che ho scaricato, perchè dovrebbero essere in cartelle non attive, e in questi giorni non ho aperto nessuno file scaricato.
Ricordo che il log sono in modalità provvisoria

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Versione database: 5363

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

02/01/2011 14.53.12
mbam-log-2011-01-02 (14-53-12).txt

Tipo di scansione: Scansione veloce
Elementi esaminati: 146817
Tempo trascorso: 2 minuti, 25 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Versione database: 5363

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

02/01/2011 15.13.15
mbam-log-2011-01-02 (15-13-15).txt

Tipo di scansione: Scansione completa (C:\|F:\|)
Elementi esaminati: 251807
Tempo trascorso: 19 minuti, 19 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15.26.06, on 02/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\AUP_Hijack\PortableApps\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_16\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_16\bin\jusched.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_16\bin\npjpi150_16.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_16\bin\npjpi150_16.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1288550720534
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Programmi\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7359 bytes

r16

Inviato: Sunday, January 02, 2011 4:19:27 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Commenta:

A r16 domando dove e come riesce a vedere quello che ho scaricato,

Ovviamente dal log di Avira.
E precisamente dalla periferica (o partizione) F:
F:\PROG-INS\cimatron9\CimatronE.v9.0.SP1.READNFO-CAXiSO\crack\regHasp.exe
Ma anche dal disco rigido:
C:\RECYCLER\S-1-5-21-448539723-884357618-725345543-1004\Dc30.0\keygen\keygen.exe

Elimina questa voce di HJT:
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

Comunque, se il pc non si avvia in modalità normale, significa che qualche chiave del registro, è danneggiata.
Puoi tentare con questo CD-Live:
http://www.aiutamici.com/software?ID=11243
Oppure con il CD d'installazione originale del tuo S.O.

disel

Inviato: Sunday, January 02, 2011 4:28:36 PM

Rank: AiutAmico

Iscritto dal : 5/28/2008
Posts: 55

il pc si accende regolarmente ma quando finisce di caricare tutti i processi si spegne e si riavvia da solo

r16

Inviato: Sunday, January 02, 2011 4:33:24 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

disel ha scritto:

il pc si accende regolarmente ma quando finisce di caricare tutti i processi si spegne e si riavvia da solo

Puoi fare anche così:
Quando entri in Modalità provvisoria, prova l'opzione "Ultima Configurazione Funzionante"

disel

Inviato: Sunday, January 02, 2011 4:43:23 PM

Rank: AiutAmico

Iscritto dal : 5/28/2008
Posts: 55

con Ultima Configurazione Funzionante in questo momento è acceso, cosa è bene che faccia, ti ricordo che ho fermato il ripristino della configurazione

r16

Inviato: Sunday, January 02, 2011 4:56:39 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Commenta:

con Ultima Configurazione Funzionante in questo momento è acceso, cosa è bene che faccia, ti ricordo che ho fermato il ripristino della configurazione

Beh, per sicurezza, creati un punto di ripristino.
Poi Fai una scansione completa con Malwarebyts (Aggiornalo prima)
Posta il log.
E per ultimo, posta un log di HJT.

disel

Inviato: Sunday, January 02, 2011 5:25:49 PM

Rank: AiutAmico

Iscritto dal : 5/28/2008
Posts: 55

resiste !!!! aspetto il tuo giudizio

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5443

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/01/2011 17.03.10
mbam-log-2011-01-02 (17-03-10).txt

Scan type: Quick scan
Objects scanned: 150354
Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17.16.33, on 02/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\hasplms.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
C:\Programmi\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Java\jre1.5.0_16\bin\jusched.exe
C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Programmi\NETGEAR\WG111v2\WG111v2.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\svchost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Programmi\File comuni\Nokia\NoA\nokiaaserver.exe
C:\Programmi\Java\jre1.5.0_16\bin\jucheck.exe
C:\Documents and Settings\giorgio\Desktop\AUP_Hijack\PortableApps\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=stonicit
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_16\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_16\bin\jusched.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Programmi\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_16\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_16\bin\ssv.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1288550720534
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Programmi\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9557 bytes

r16

Inviato: Sunday, January 02, 2011 5:45:29 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Commenta:

resiste !!!!

E perchè non dovrebbe.... Think

Think

Probabilmente, la chiave di sistema del registro, sarà stata ripristinata.
Elimina queste voci di HJT:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=stonicit
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

Poi vai in Installazione Applicazioni e rimuovi TUTTE le versioni Java.
Installa questa:
http://www.aiutamici.com/software?ID=11134

Poi esegui queste pulizie:
Dai una pulita (registro compreso)con CCleaner http://www.aiutamici.com/software?ID=11223
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:(esclusivamente, su partizioni in NTFS):
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su Remove selected

Fai uno ScanDisk, e una deframmentazione del HD.

disel

Inviato: Sunday, January 02, 2011 5:58:04 PM

Rank: AiutAmico

Iscritto dal : 5/28/2008
Posts: 55

ti ringrazio per la tua disponibilità, sei un grande

r16

Inviato: Sunday, January 02, 2011 6:26:50 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

disel ha scritto:

ti ringrazio per la tua disponibilità, sei un grande

Bah...credimi, non ho fatto niente di speciale.
Piuttosto, occhio a quei crack, e similari vari.
Ho il sospetto, che il problema sia venuto da loro. (o da cosa hai scaricato).
Ciao.

Utenti presenti in questo topic

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » il pc si spegne

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS :

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded