Pc a rischio! Aiutoo!

[shel]

ciao Alessia

mi dici cosa ti appare quando avg ti rileva la minaccia?

[alessia84]

mi dice
percorso: C/Windows/system32/userenit.exe
tipo file: Trojan downloader generic 8.cqe

Minaccia rilevata all'apertura

[shel]

tenuto conto che avg ti segnala questo, prova a fare una scansione e vedi cosa trova

non vorrei essere polemico, ma proprio ieri avg ha segnalato il file user32.dll come minaccia
comunque....fai una scansione con avg e vediamo cosa ne esce

[le fate ignoranti]

Ciao a tutti,
mi accodo a questa richiesta di aiuto perchè mi sembra di essere in una situazione molto simile.
Premetto che il mio PC ha Windows XP, uso AVG, spybot s&d, spyguard, zone alarm.
ho già fatto lo scan con navilog1 e passato ccleaner.
vi posto i log di navilog e hijachthis.
Vi ringrazio in anticipo, siete molto cortesi e pazienti.
_____________________________________________________________________

Navipromo Removal version 3.7.6 started on 04/05/2009 at 9.05.11,40

Fix running from C:\Programmi\navilog1
Actual User Account : "User"

Updated on 14.03.2009 at 18h00 by IL-MAFIOSO

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ )
BIOS : Phoenix - Award BIOS v6.00PG
USER : User ( Administrator )
BOOT : Fail-safe boot

Antivirus : AVG Anti-Virus Free 8.5 (Activated)
Firewall : NVIDIA Firewall 1.0 (Not Activated)

C:\ (Local Disk) - FAT32 - Total:232 Go (Free:57 Go)
D:\ (CD or DVD) - UDF - Total:0 Go (Free:0 Go)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)



Manual Removal

Typed filename : csooc

Cleanning stage done in safe mode

*** Searching, making backups and deleting files ***

* Deletion in "C:\WINDOWS\system32" *


* Deletion in "C:\Documents and Settings\User\impost~1\datiap~1" *


* Deletion in "C:\DOCUME~1\luca\impost~1\datiap~1" *


* Deletion in "C:\DOCUME~1\fabio\impost~1\datiap~1" *


* Deletion in "C:\DOCUME~1\claudia\impost~1\datiap~1" *


* Deletion in "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" *


* Deletion in "C:\DOCUME~1\GUEST\impost~1\datiap~1" *


* Deletion in "C:\DOCUME~1\TEMP\impost~1\datiap~1" *


* Deletion in "C:\DOCUME~1\CLO\impost~1\datiap~1" *



*** Deleting folders in "C:\WINDOWS" ***


*** Deleting folders in "C:\Programmi" ***


*** Deleting folders in "C:\Documents and Settings\All Users\menuav~1\progra~1" ***


*** Deleting folders in "C:\Documents and Settings\All Users\menuav~1" ***


*** Deleting folders in "c:\docume~1\alluse~1\datiap~1" ***


*** Deleting folders in "C:\Documents and Settings\User\datiap~1" ***


*** Deleting folders in "C:\DOCUME~1\luca\datiap~1" ***


*** Deleting folders in "C:\DOCUME~1\fabio\datiap~1" ***


*** Deleting folders in "C:\DOCUME~1\claudia\datiap~1" ***


*** Deleting folders in "C:\DOCUME~1\ADMINI~1\datiap~1" ***


*** Deleting folders in "C:\DOCUME~1\GUEST\datiap~1" ***


*** Deleting folders in "C:\DOCUME~1\CLO\datiap~1" ***

...\FunkyEmoticons ...deleting...
...\FunkyEmoticons deleted !


*** Deleting folders in "C:\Documents and Settings\User\impost~1\datiap~1" ***


*** Deleting folders in "C:\DOCUME~1\luca\impost~1\datiap~1" ***


*** Deleting folders in "C:\DOCUME~1\fabio\impost~1\datiap~1" ***


*** Deleting folders in "C:\DOCUME~1\claudia\impost~1\datiap~1" ***


*** Deleting folders in "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" ***


*** Deleting folders in "C:\DOCUME~1\GUEST\impost~1\datiap~1" ***


*** Deleting folders in "C:\DOCUME~1\TEMP\impost~1\datiap~1" ***


*** Deleting folders in "C:\DOCUME~1\CLO\impost~1\datiap~1" ***


*** Deleting folders in "C:\Documents and Settings\User\menuav~1\progra~1" ***


*** Deleting folders in "C:\DOCUME~1\luca\menuav~1\progra~1" ***


*** Deleting folders in "C:\DOCUME~1\fabio\menuav~1\progra~1" ***


*** Deleting folders in "C:\DOCUME~1\claudia\menuav~1\progra~1" ***


*** Deleting folders in "C:\DOCUME~1\ADMINI~1\menuav~1\progra~1" ***


*** Deleting folders in "C:\DOCUME~1\GUEST\menuav~1\progra~1" ***


*** Deleting folders in "C:\DOCUME~1\CLO\menuav~1\progra~1" ***



*** Deleting files ***


*** Deleting temporary files ***

Cleaning of C:\WINDOWS\Temp done !
Cleaning of C:\Documents and Settings\User\impost~1\Temp done !

*** Complementary Search ***
(Search specific files)

1)Deletion with backups new Instant Access files:

2)Heuristic search and deletion with backups :


* In "C:\WINDOWS\system32" *


* In "C:\Documents and Settings\User\impost~1\datiap~1" *


* In "C:\DOCUME~1\luca\impost~1\datiap~1" *


* In "C:\DOCUME~1\fabio\impost~1\datiap~1" *


* In "C:\DOCUME~1\claudia\impost~1\datiap~1" *


* In "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" *


* In "C:\DOCUME~1\GUEST\impost~1\datiap~1" *


* In "C:\DOCUME~1\TEMP\impost~1\datiap~1" *


* In "C:\DOCUME~1\CLO\impost~1\datiap~1" *


cesgk.exe found !
Copy cesgk.exe done !
cesgk.exe deleted !

cesgk_nav.dat found !
Copy cesgk_nav.dat done !
cesgk_nav.dat deleted !


*** Copy Registry to Safebackup folder ***

Backing up Registry done !

*** Cleaning Registry ***

Registry cleaned


*** Certificates ***

Egroup Certificate not found !
Electronic-Group Certificate not found !
Montorgueil Certificate not found !
OOO-Favorit Certificate not found !
Sunny-Day-Design-Ltd Certificate not found !

*** Search others known folders and files ***



*** Cleaning stage complete on 04/05/2009 at 9.08.44,43 ***


_____________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.02.45, on 04/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\sm56hlpr.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\lotus\organize\easyclip.exe
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\Programmi\SpywareGuard\sgmain.exe
C:\Programmi\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\lotus\organize\org5.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\HighJaack 2\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmi\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AutoLogin - {598B818E-71F1-486E-A0BE-9952B5851367} - (no file)
O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programmi\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {598B818E-71F1-486E-A0BE-9952B5851367} - (no file)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programmi\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TQ566808] "D:\Setup.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Programmi\SpywareGuard\sgmain.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Global Startup: Windows Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AutoLogin - {6CE08A84-B3F9-422a-B133-60275F605AF4} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AutoLogin - {6CE08A84-B3F9-422a-B133-60275F605AF4} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6506562984
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 12266 bytes

[Frate Aurelio]

@le fate ignoranti
Ciao

Esegui:
● Correzione degli elementi trovati nelle "aree-chiave" del sistema da Hijackthis:
- Cliccare sulla icona Hijackthis sul Desktop
- Premere il pulsante:
- Do System scan only
- Fixare (premere il tasto Fix Checked di Hijackthis) dopo avere spuntato le seguenti voci:

Codice: Seleziona tutto

R3 - URLSearchHook: (no name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)
O2 - BHO: (no name) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - (no file)
O2 - BHO: AutoLogin - {598B818E-71F1-486E-A0BE-9952B5851367} - (no file)
O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - (no file)
O3 - Toolbar: (no name) - {598B818E-71F1-486E-A0BE-9952B5851367} - (no file)
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe

Verifica inoltre online il file:
D:\Setup.exe
Con la seguente procedura:

● Virus Total
http://www.virustotal.com/it/
- Clicca, nella parte centrale della pagina, il pulsante:
- Sfoglia…
- Seleziona il percorso:
D:\
- Seleziona il file:
- Setup.exe
- Premi il tasto sotto a Sfoglia:
- Invia file
- Al termine della scansione mandaci, per quanto possibile, i risultati degli antivirus che hanno rilevato eventuali infezioni virali nel predetto file.

■ Pulizia Malaware
● Scarica MalwareBytes
http://www.download.com/Malwarebytes-An ... d=10997763
● aggiornalo
● Importante:
se non si riesce ad aggiornarlo:
● Scaricare l’Aggiornamento DataBase (mbanìm-rules.exe:) da:
http://www.gt500.org/malwarebytes/database.jsp
- cliccare sul programma scaricato
- eseguire una scansione completa .
● Importante::
Al termine della scansione cliccare sul pulsante:
- Mostra Risultati:
- Selezionare tutti i file infetti eventualmente trovati ed eliminali.
- Postare nel topic, il log di fine scansione che crea, eseguendo la seguente procedura:
viewtopic.php?f=4&t=79679

■ Dopo avere ravviato il Pc posta un nuovo log di Hijackthis

Frate Aurelio

[le fate ignoranti]

Grazie mille, fatto tutto tranne D:\Setup.exe perchè per me D:\ è il masterizzatore, suppongo di dover fixare la voce.
ne AVG ne MalwareBytes mi danno messaggi di errore, l'unica cosa anormale è un file contenuto nella directory di navilog1 ("C:\Programmi\Navilog1\gnc.exe";"Run-time compresso fsg";"") me lo segnala, ma non mi fa fare nessuna operazione.
L'unica perplessità che mi rimane è il (non continuo) avviso di protezione di Windows XP riguardante la mancata esistenza di firewall, malgrado Zonealarm funzioni regolarmente.
posto i log e ringrazio per la cortesia

Codice: Seleziona tutto

Malwarebytes' Anti-Malware 1.36
Versione del database: 2060
Windows 5.1.2600 Service Pack 3

06/05/2009 10.19.37
mbam-log-2009-05-06 (10-19-37).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 376519
Tempo trascorso: 1 hour(s), 41 minute(s), 32 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)



_____________________________________________________________

Codice: Seleziona tutto

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.39.53, on 06/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\lotus\organize\easyclip.exe
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\Programmi\SpywareGuard\sgmain.exe
C:\Programmi\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\HighJaack 2\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmi\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programmi\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programmi\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TQ566808] "D:\Setup.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Programmi\SpywareGuard\sgmain.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Global Startup: Windows Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AutoLogin - {6CE08A84-B3F9-422a-B133-60275F605AF4} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AutoLogin - {6CE08A84-B3F9-422a-B133-60275F605AF4} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226506562984
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 10649 bytes



[Frate Aurelio]

@le fate ignoranti
Ciao

La voce dell'elemento:

Codice: Seleziona tutto

O4 - HKLM\..\Run: [TQ566808] "D:\Setup.exe"

deve essere FIXATA.
Il valore 04 indica che nell'avvio automatico del tuo PC viene attivato (Run) un file Setup.exe di un CD o DVD eventualmente inseriti nel Masterizzatore/Lettore D:

Per quanto riguarda la segnalazione di:
C:\Programmi\Navilog1\gnc.exe
è gia stata segnalata da Malawarebytes come un falso positivo.
http://translate.google.it/translate?hl ... t%26sa%3DG

Eseguire le seguenti procedure per la pulizia del PC:

■ Pulizia file internet, temporanei etc. del PC
Effettua il download, l’ installazione e l’esecuzione di:
● CCleaner
http://www.ccleaner.com
● Importante:
In fase d’installazione levare la spunta altrimenti viene installata Yahoo Tollbar.
Avvialo e clicca su:
- Opzioni►Avanzate
Togli la spunta da:
- Elimina file solo se più vecchi di 48 ore
Clicca i tasti:
- Pulizia (il primo in alto a Sinistra)
- Analizza ( Pulsante in basso Centrale)
- Avvia Pulizia (Pulsante in basso a Destra)

● ATF-Cleaner
- Scarica ATF-Cleaner (Non richiede installazione):
http://www.atribune.org/ccount/click.php?id=1
Spunta la voce:
- Select all
Premi il tasto:
- Empty Select

■ Deframmentazione HD
● Scaricare JkDefrag e installalo:
http://www.kessels.nl/JkDefrag/index.html
- Deframmentare l‘Hard Disk e in particolare quello del Sistema Operativo (SO di norma in C:)

■ Correzione errori File di Registro
● CCleaner
http://www.ccleaner.com
Cliccare i tasti:
- Registro (Secondo tasto in alto a Sinistra)
- Trova Problemi (Pulsante in basso Centrale)
- Ripara selezionati (Pulsante in basso a Destra)
- alla domanda:
- Vuoi eseguire il Backup delle modifiche del Registro”
- clicca:
- SI

■ Deframmentazione File di Registro
- Scarica, installa ed esegui:
● Auslogics Registry Defrag
http://www.auslogics.com/en/software/re ... g/download


Frate aurelio

[Frances]

Ciao
Ho lo stesso problema con un NaviPromo.AA virus... Ho fatto un scan con Navilog e siccome non sono molto brava con i PC, ho pensato di postare qui i risultati perché Navilog consiglia di chiedere aiuto a qualcuno che sa prima di fare danni sul proprio sistema!
Se mi potete indicare il prossimo passo, sarei molto grata!


[b]Search Navipromo version 3.7.7 began on 17/05/2009 at 15.34.39,03

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!

Fix running from C:\Programmi\navilog1

Updated on 12.05.2009 at 18h00 by IL-MAFIOSO

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1.40GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : Frances ( Administrator )
BOOT : Normal boot

Antivirus : AVG Anti-Virus Free 8.5 (Activated)


C:\ (Local Disk) - NTFS - Total:37 Go (Free:11 Go)
D:\ (CD or DVD)


Search done in normal mode


*** Search folders in "C:\WINDOWS" ***


*** Search folders in "C:\Programmi" ***


*** Search folders in "C:\Documents and Settings\All Users\menuav~1\progra~1" ***


*** Search folders in "C:\Documents and Settings\All Users\menuav~1" ***


*** Search folders in "c:\docume~1\alluse~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\Frances\datiap~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\Frances\impost~1\datiap~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\Frances\menuav~1\progra~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\menuav~1\progra~1" ***


*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net



*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "C:\WINDOWS\system32" *

* Scan in "C:\Documents and Settings\Frances\impost~1\datiap~1" *

* Scan in "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" *



*** Search files ***



*** Search specific Registry keys ***
!! Following keys are not certainly all infected !!


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"weqwi"="\"c:\\documents and settings\\frances\\impostazioni locali\\dati applicazioni\\weqwi.exe\" weqwi"


*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :


2)Heuristic Search :

* In "C:\WINDOWS\system32" :


* In "C:\Documents and Settings\Frances\impost~1\datiap~1" :

weqwi.exe found !
weqwi.dat found !
weqwi_nav.dat found !
weqwi_navps.dat found !

* In "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" :


3)Certificates Search :

Egroup certificate not found !
Electronic-Group certificate not found !
Montorgueil certificate not found !
OOO-Favorit certificate not found !
Sunny-Day-Design-Ltd certificate not found !

4)Search others known folders and files :



*** Search completed on 17/05/2009 at 15.42.50,64 ***

[Luke57]

ciao,
Riavvia il computer in modalità provvisoria: all'avvio del pc, prima che inizi a caricare Windows, premi ripetutamente F8. Uscirà la finestra del menu Opzioni avanzate di Windows => scegli modalità provvisoria (usa il tasto freccia ^).
Una volta entrata nel sistema, esegui nuovamente Navilog1 e stavolta scegli l'opzione 2 (Automatic Cleaning) e dai l'ok (eseguirà la pulizia dei files infetti trovati. Al termine posta il nuovo report.

[Frances]

Ciao Luke

Grazie mille per il tuo aiuto. Ho fatto tutto secondo le tue istruzioni... ecco il nuovo report.


Navipromo Removal version 3.7.7 started on 17/05/2009 at 16.40.11,59

Fix running from C:\Programmi\navilog1

Updated on 12.05.2009 at 18h00 by IL-MAFIOSO

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1.40GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : Frances ( Administrator )
BOOT : Fail-safe boot

Antivirus : AVG Anti-Virus Free 8.5 (Activated)


C:\ (Local Disk) - NTFS - Total:37 Go (Free:12 Go)
D:\ (CD or DVD)


Automatic removal
with Catchme and GNS results


Cleanning stage done in safe mode


*** fsbl1.txt not found ***
(Check that Catchme found nothing in Search Mode)


*** Deleting with Backups GenericNaviSearch results ***

* Deletion in "C:\WINDOWS\System32" *


* Deletion in "C:\Documents and Settings\Frances\impost~1\datiap~1" *


* Deletion in "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" *


*** Deleting folders in "C:\WINDOWS" ***


*** Deleting folders in "C:\Programmi" ***


*** Deleting folders in "C:\Documents and Settings\All Users\menuav~1\progra~1" ***


*** Deleting folders in "C:\Documents and Settings\All Users\menuav~1" ***


*** Deleting folders in "c:\docume~1\alluse~1\datiap~1" ***


*** Deleting folders in "C:\Documents and Settings\Frances\datiap~1" ***


*** Deleting folders in "C:\DOCUME~1\ADMINI~1\datiap~1" ***


*** Deleting folders in "C:\Documents and Settings\Frances\impost~1\datiap~1" ***


*** Deleting folders in "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" ***


*** Deleting folders in "C:\Documents and Settings\Frances\menuav~1\progra~1" ***


*** Deleting folders in "C:\DOCUME~1\ADMINI~1\menuav~1\progra~1" ***



*** Deleting files ***


*** Deleting temporary files ***

Cleaning of C:\WINDOWS\Temp done !
Cleaning of C:\Documents and Settings\Frances\impost~1\Temp done !

*** Complementary Search ***
(Search specific files)

1)Deletion with backups new Instant Access files:

2)Heuristic search and deletion with backups :


* In "C:\WINDOWS\system32" *


* In "C:\Documents and Settings\Frances\impost~1\datiap~1" *


* In "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" *


*** Copy Registry to Safebackup folder ***

Backing up Registry done !

*** Cleaning Registry ***

Registry cleaned


*** Certificates ***

Egroup Certificate not found !
Electronic-Group Certificate not found !
Montorgueil Certificate not found !
OOO-Favorit Certificate not found !
Sunny-Day-Design-Ltd Certificate not found !

*** Search others known folders and files ***



*** Cleaning stage complete on 17/05/2009 at 16.44.25,15 ***

[Luke57]

Ciao, ok, per sicurezza scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Fatto questo, disconnettiti da internet, chiudi programmi e applicazioni, disattiva l'antivirus, clicca su start>esegui, nel box bianco copia e incolla questo comando, virgolette comprese:

"%userprofile%\desktop\combofix.exe" /killall

Premi OK, se tutto va bene parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione, se spariscono le icone dal desktop non preoccuparti),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt ,allega il file a un prossimo post.

[Frances]

Ciao Luke

Ho fatto ComboFix e allego qui sotto il report finale.

ComboFix 09-05-17.03 - Frances 18/05/2009 0.57.55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.446.198 [GMT 2:00]
Eseguito da: c:\documents and settings\Frances\desktop\combofix.exe
Opzioni usate :: /killall
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\MFC71.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-04-17 al 2009-05-17 )))))))))))))))))))))))))))))))))))
.

2009-05-17 13:50 . 2009-05-17 13:50 73024 ----a-w c:\programmi\favoritnetworkremover_20090517155017s.exe
2009-05-17 13:33 . 2009-05-17 14:44 -------- d-----w c:\programmi\Navilog1
2009-05-17 13:30 . 2009-05-17 13:30 577997 ----a-w c:\programmi\Navilog1.exe
2009-05-12 15:07 . 2009-05-14 13:40 -------- d-----w C:\Example Books
2009-05-12 15:06 . 2009-05-12 15:06 -------- d-----w c:\programmi\SysMedia
2009-04-21 23:20 . 2004-08-03 20:58 5504 -c--a-w c:\windows\system32\dllcache\mstee.sys
2009-04-21 23:20 . 2004-08-03 20:58 5504 ----a-w c:\windows\system32\drivers\MSTEE.sys
2009-04-21 23:19 . 2004-08-03 21:10 10880 -c--a-w c:\windows\system32\dllcache\ndisip.sys
2009-04-21 23:19 . 2004-08-03 21:10 10880 ----a-w c:\windows\system32\drivers\NdisIP.sys
2009-04-21 23:19 . 2004-08-03 21:10 15360 -c--a-w c:\windows\system32\dllcache\streamip.sys
2009-04-21 23:19 . 2004-08-03 21:10 15360 ----a-w c:\windows\system32\drivers\StreamIP.sys
2009-04-21 23:19 . 2004-08-03 21:10 11136 -c--a-w c:\windows\system32\dllcache\slip.sys
2009-04-21 23:19 . 2004-08-03 21:10 11136 ----a-w c:\windows\system32\drivers\SLIP.sys
2009-04-21 23:19 . 2004-08-03 21:10 19328 -c--a-w c:\windows\system32\dllcache\wstcodec.sys
2009-04-21 23:19 . 2004-08-03 21:10 19328 ----a-w c:\windows\system32\drivers\WSTCODEC.SYS
2009-04-21 23:18 . 2004-08-03 21:10 85376 -c--a-w c:\windows\system32\dllcache\nabtsfec.sys
2009-04-21 23:18 . 2004-08-03 21:10 85376 ----a-w c:\windows\system32\drivers\NABTSFEC.sys
2009-04-21 23:18 . 2004-08-03 21:10 17024 -c--a-w c:\windows\system32\dllcache\ccdecode.sys
2009-04-21 23:18 . 2004-08-03 21:10 17024 ----a-w c:\windows\system32\drivers\CCDECODE.sys
2009-04-21 23:17 . 2004-08-19 13:39 54784 -c--a-w c:\windows\system32\dllcache\vfwwdm32.dll
2009-04-21 23:17 . 2004-08-19 13:39 54784 ----a-w c:\windows\system32\vfwwdm32.dll
2009-04-21 23:17 . 2004-08-03 21:10 78464 -c--a-w c:\windows\system32\dllcache\usbvideo.sys
2009-04-21 23:17 . 2004-08-03 21:10 78464 ----a-w c:\windows\system32\drivers\usbvideo.sys
2009-04-21 21:06 . 2009-04-21 21:33 -------- d-----w c:\programmi\Spybot - Search & Destroy
2009-04-21 21:06 . 2009-04-21 21:33 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-04-21 21:01 . 2009-04-21 21:03 16409960 ----a-w c:\programmi\spybotsd162.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 13:01 . 2009-02-16 13:51 2340080 ----a-w c:\programmi\Wordfast.txt
2009-05-16 10:22 . 2009-02-16 13:51 274546 ----a-w c:\programmi\Wordfast.jtx
2009-05-16 10:18 . 2009-01-27 14:02 -------- d-----w c:\programmi\Wordfast
2009-05-06 09:15 . 2008-11-09 22:31 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-06 09:15 . 2008-11-09 22:31 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-06 09:15 . 2008-11-09 22:31 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-19 14:21 . 2005-10-11 06:33 426042 ----a-w c:\windows\system32\perfh010.dat
2009-04-19 14:21 . 2005-10-11 06:33 63600 ----a-w c:\windows\system32\perfc010.dat
2009-04-16 09:16 . 2009-04-16 09:16 86272 ----a-w c:\programmi\avg8fupg.exe
2009-03-24 18:47 . 2009-03-24 18:37 -------- d-----w c:\programmi\OpenVPN
2009-03-24 18:36 . 2009-03-24 18:36 1119521 ----a-w c:\programmi\openvpn-2.0.9-gui-1.0.3-install.exe
2009-03-08 16:08 . 2009-03-08 16:07 19333112 ----a-w c:\programmi\DivXInstaller.exe
2009-03-07 13:41 . 2008-11-12 00:34 44904 ----a-w c:\documents and settings\Frances\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-03-06 13:59 . 2005-10-11 06:33 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-05 18:41 . 2009-03-05 18:41 4909440 ----a-w c:\programmi\Silverlight.2.0.exe
2009-03-04 12:37 . 2009-03-04 12:36 2384108 ----a-w c:\programmi\aud-x_install.zip
2009-03-04 12:25 . 2009-03-04 12:25 652333 ----a-w c:\programmi\Xvid-1.2.1-04122008.exe
2009-02-28 20:46 . 2009-02-28 20:46 2526811 ----a-w c:\programmi\emule049b.exe
2009-02-20 08:29 . 2005-10-11 06:33 662016 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:29 . 2005-10-11 06:33 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-19 23:38 . 2009-02-19 23:38 31804 ---ha-w c:\windows\system32\mlfcache.dat
2009-02-16 14:17 . 2009-02-16 14:17 0 ----a-w c:\programmi\Wordfast_lockFile.txt
2009-01-27 13:38 . 2009-01-27 12:59 64879282 ----a-w c:\programmi\WordfastPro_20090101.exe
2008-12-04 12:07 . 2008-12-04 12:07 7730856 ----a-w c:\programmi\Google_Earth_CZXD.exe
2008-11-26 19:57 . 2008-11-26 19:47 68756776 ----a-w c:\programmi\iTunesSetup.exe
2008-11-12 00:01 . 2008-11-11 23:59 16307608 ----a-w c:\programmi\jre-6u10-windows-i586-p-s.exe
2008-11-11 23:17 . 2008-11-11 23:17 1830 ----a-w c:\programmi\HP Photosmart Essential 2.5.lnk
2008-11-11 23:17 . 2008-11-11 23:17 1940 ----a-w c:\programmi\Shop for HP Supplies.lnk
2008-11-11 23:15 . 2008-11-11 23:15 1008 ----a-w c:\programmi\Centro soluzioni HP.lnk
2008-11-10 10:58 . 2008-11-10 10:58 1851544 ----a-w c:\programmi\install_flash_player.exe
2008-11-09 23:16 . 2008-11-09 23:15 22380328 ----a-w c:\programmi\SkypeSetup.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"TOSCDSPD"="c:\programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"Toshiba Hotkey Utility"="c:\programmi\Toshiba\Windows Utilities\Hotkey.exe" [2005-08-27 1093632]
"SmoothView"="c:\programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
"PadTouch"="c:\programmi\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-06 1947928]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\programmi\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-11-12 136600]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"openvpn-gui"="c:\programmi\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 99328]
"NDSTray.exe"="NDSTray.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-06 09:15 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/11/2008 0.31.10 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/11/2008 0.31.15 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10/11/2008 0.31.02 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/11/2008 0.31.01 298776]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [11/10/2005 18.22.33 211200]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [01/10/2006 14.37.02 26624]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\programmi\NOS\bin\getPlus_HelperSvc.exe [11/11/2008 17.33.02 33752]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - UMWdf
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WmiApSrv
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'

2008-11-09 c:\windows\Tasks\Promemoria registrazione 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-10-11 10:00]

2008-11-23 c:\windows\Tasks\Promemoria registrazione 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-10-11 10:00]

2008-11-09 c:\windows\Tasks\Promemoria registrazione 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-10-11 10:00]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Frances\Dati applicazioni\Mozilla\Firefox\Profiles\ctem89b2.default\
FF - component: c:\programmi\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 01:03
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2624)
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\acs.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Toshiba\ConfigFree\CFSvcs.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\programmi\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\programmi\AVG\AVG8\avgcsrvx.exe
c:\programmi\Toshiba\ConfigFree\NDSTray.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\programmi\HP\Digital Imaging\bin\hpqste08.exe
c:\programmi\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Ora fine scansione: 2009-05-17 1.08.19 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-05-17 23:08

Pre-Run: 12.685.606.912 byte disponibili
Post-Run: 13.100.666.880 byte disponibili

218 --- E O F --- 2009-05-13 18:32

[Frances]

Ciao di nuovo

Il mio PC adesso funziona molto meglio di prima però ora ho un altro problemino...

Dopo aver fatto ComboFix, adesso quando avvio il computer mi appare questo messaggio:

Hotkey.exe - Impossibile individuare un componente
Impossibile avviare l'applicazione specificata. MFC71.DLL non è stato trovato. Una nuova installazione dell'applicazione potrebbe risolvere il problema.

Forse il ComboFix ha cancellato qualcosa che non doveva cancellare? Come faccio a rettificare questo problema? C'è qualcosa che dovrei cancellare io?

Grazie di nuovo per tutto l'aiuto!

Frances

[Luke57]

Ciao, scarica la dll da qui:
http://www.dll-files.com/dllindex/dll-files.shtml?mfc71

poi mettila nella cartella system32.

[Frances]

Grazie mille

Much appreciated...

Frances