Non riesco ad accedere ai siti degli antivirus

[mavck]

Cara Elektra,,,sono tornato a trovarti...ekko ti auguro con questo regalo buonadomenica..ahahhah

Codice: Seleziona tutto

ComboFix 10-06-18.03 - Administrator 20/06/2010   0.59.34.1.1 - x86
Eseguito da: c:\documents and settings\Administrator\Documenti\Download\ComboFix.exe
 * Creato nuovo punto di ripristino
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msconfig.exe
c:\windows\system32\syswinan.vbs

c:\windows\system32\netlogon.dll . . . è infetto!!

c:\windows\system32\srsvc.dll . . . è infetto!!

c:\windows\system32\proquota.exe . . . is missing!!

.
(((((((((((((((((((((((((   Files Creati Da 2010-05-19 al 2010-06-19  )))))))))))))))))))))))))))))))))))
.

2010-06-10 12:06 . 2010-06-10 12:06   --------   dc----w-   c:\programmi\File comuni\Java
2010-06-10 11:45 . 2010-06-10 11:45   503808   -c--a-w-   c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6235ed4f-n\msvcp71.dll
2010-06-10 11:45 . 2010-06-10 11:45   499712   -c--a-w-   c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6235ed4f-n\jmc.dll
2010-06-10 11:45 . 2010-06-10 11:45   348160   -c--a-w-   c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6235ed4f-n\msvcr71.dll
2010-06-10 11:45 . 2010-06-10 11:45   61440   -c--a-w-   c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-652b6367-n\decora-sse.dll
2010-06-10 11:45 . 2010-06-10 11:45   12800   -c--a-w-   c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-652b6367-n\decora-d3d.dll
2010-06-10 11:45 . 2010-04-12 15:29   411368   -c--a-w-   c:\windows\system32\deployJava1.dll
2010-06-05 06:24 . 2010-06-05 06:24   503808   -c--a-w-   c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\6.0\46\f84c6ae-10ea3dc3-n\msvcp71.dll
2010-06-05 06:24 . 2010-06-05 06:24   499712   -c--a-w-   c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\6.0\46\f84c6ae-10ea3dc3-n\jmc.dll
2010-06-05 06:24 . 2010-06-05 06:24   348160   -c--a-w-   c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\6.0\46\f84c6ae-10ea3dc3-n\msvcr71.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 11:43 . 2001-08-31 17:00   72260   ----a-w-   c:\windows\system32\perfc010.dat
2010-06-10 11:43 . 2001-08-31 17:00   449592   ----a-w-   c:\windows\system32\perfh010.dat
2010-05-22 12:12 . 2010-02-08 14:52   --------   dc----w-   c:\documents and settings\Administrator\Dati applicazioni\vlc
2010-05-22 12:10 . 2010-03-06 23:07   443912   -c--a-w-   c:\documents and settings\Administrator\Dati applicazioni\Real\Update\setup3.10\setup.exe
2010-05-09 12:08 . 2009-09-21 20:05   1   -c--a-w-   c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-08 18:39 . 2009-09-20 06:46   --------   dc----w-   c:\documents and settings\Administrator\Dati applicazioni\uTorrent
2010-03-22 18:11 . 2010-03-22 18:04   21272048   -c--a-w-   c:\documents and settings\Administrator\Dati applicazioni\Real\Update\setup3.10\rp\RealPlayerSPGold_it.exe
2008-04-26 22:11 . 2008-04-26 22:11   169822   --sha-r-   c:\windows\system32\tfgfxa.dll
.

------- Sigcheck -------





[-] 2008-04-26 . 5DEF00B476192F4AE0E9515F08100443 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll




c:\windows\System32\drivers\beep.sys ... è mancante !!
c:\windows\System32\es.dll ... è mancante !!
c:\windows\System32\netlogon.dll ... è mancante !!
c:\windows\System32\srsvc.dll ... è mancante !!
c:\windows\System32\regsvc.dll ... è mancante !!
c:\windows\System32\schedsvc.dll ... è mancante !!
c:\windows\System32\termsrv.dll ... è mancante !!
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusTray"="c:\programmi\Asus\EeePC ACPI\AsTray.exe" [2007-09-28 77824]
"AsusACPIServer"="c:\programmi\Asus\EeePC ACPI\AsAcpiSvr.exe" [2007-10-02 450560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-04 16841216]
"SkyTel"="SkyTel.EXE" [2007-08-04 1826816]
"CanonMyPrinter"="c:\programmi\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-02-01 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-03-01 124928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Programmi\\uTorrent\\uTorrent.exe"=
"e:\\Programmi\\eMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
"7243:TCP"= 7243:TCP:nflbnvbf

S2 pcwnfku;Universal Server;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 17.39.46 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
DcomLaunch   REG_MULTI_SZ      DcomLaunch

[COLOR=RED]NETSVCS REQUIRES REPAIRS - current entries shown[/COLOR]
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
SENS
Sharedaccess
Tapisrv
Themes
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
WmdmPmSN
pcwnfku

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\gily1y3t.default\
FF - component: c:\programmi\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: e:\programmi\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: e:\programmi\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: e:\programmi\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: e:\programmi\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----
e:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-XPlite - e:\dowlads\XPlite.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-20 01:05
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pcwnfku]
"ServiceDll"="c:\windows\system32\tfgfxa.dll"
.
Ora fine scansione: 2010-06-20  01:09:21
ComboFix-quarantined-files.txt  2010-06-19 23:09

Pre-Run: 654.434.304 byte disponibili
Post-Run: 907.235.328 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - C1E6B2D7A493D62CD7254FEB5EB8711A


come al solito attendo il suo consiglio ::D

[-> EleKtrA <-]

Ciao mavck, iniziavo a preoccuparmi...mancava un computer all'appello.

Questo è lo script per combofix da eseguire:

Codice: Seleziona tutto

Killall::
File::
c:\windows\system32\tfgfxa.dll
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7243:TCP"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pcwnfku]
NetSvcs::
pcwnfku
Universal Server
nflbnvbf 
Driver::
pcwnfku
Universal Server
nflbnvbf 
Folder::
C:\WINDOWS\temp
C:\WINDOWS\Tasks
Domains::

Dal log risultano questi file mancanti, ne eri a conoscenza?

Codice: Seleziona tutto

c:\windows\System32\drivers\beep.sys ... è mancante !!
c:\windows\System32\es.dll ... è mancante !!
c:\windows\System32\netlogon.dll ... è mancante !!
c:\windows\System32\srsvc.dll ... è mancante !!
c:\windows\System32\regsvc.dll ... è mancante !!
c:\windows\System32\schedsvc.dll ... è mancante !!
c:\windows\System32\termsrv.dll ... è mancante !!


Allega anche un log di hijackthis.

[mavck]

Cara Elektra questo è il 4 pc, il mio è ancora SALVO!!!...
cmq si tratta di un eeepc4g con xp lite, forse per questo manca qualcosa, tanto è usato veramente poco..ma quel poco è bastato per ammalarsi
cmq appena ho i vari LOG come al solito te li posto
Grazie di tutto e BUONAGIORNATA

[mavck]

questo è il log di COMBOFIX-CFScript...ora provvedo all'altro

Codice: Seleziona tutto

ComboFix 10-06-24.01 - Administrator 25/06/2010   8.44.16.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.39.1040.18.503.210 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Administrator\Desktop\CFScript.txt
 * Creato nuovo punto di ripristino

FILE ::
"c:\windows\system32\tfgfxa.dll"
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tfgfxa.dll

c:\windows\system32\netlogon.dll . . . è infetto!!

c:\windows\system32\srsvc.dll . . . è infetto!!

c:\windows\system32\proquota.exe . . . is missing!!

.
(((((((((((((((((((((((((((((((((((((((   Driver/Servizi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PCWNFKU
-------\Service_pcwnfku


(((((((((((((((((((((((((   Files Creati Da 2010-05-25 al 2010-06-25  )))))))))))))))))))))))))))))))))))
.

2010-06-10 12:06 . 2010-06-10 12:06   --------   dc----w-   c:\programmi\File comuni\Java
2010-06-10 11:45 . 2010-06-10 11:45   503808   -c--a-w-   c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6235ed4f-n\msvcp71.dll
2010-06-10 11:45 . 2010-06-10 11:45   499712   -c--a-w-   c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6235ed4f-n\jmc.dll
2010-06-10 11:45 . 2010-06-10 11:45   348160   -c--a-w-   c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6235ed4f-n\msvcr71.dll
2010-06-10 11:45 . 2010-06-10 11:45   61440   -c--a-w-   c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-652b6367-n\decora-sse.dll
2010-06-10 11:45 . 2010-06-10 11:45   12800   -c--a-w-   c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-652b6367-n\decora-d3d.dll
2010-06-10 11:45 . 2010-04-12 15:29   411368   -c--a-w-   c:\windows\system32\deployJava1.dll
2010-06-05 06:24 . 2010-06-05 06:24   503808   -c--a-w-   c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\6.0\46\f84c6ae-10ea3dc3-n\msvcp71.dll
2010-06-05 06:24 . 2010-06-05 06:24   499712   -c--a-w-   c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\6.0\46\f84c6ae-10ea3dc3-n\jmc.dll
2010-06-05 06:24 . 2010-06-05 06:24   348160   -c--a-w-   c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\6.0\46\f84c6ae-10ea3dc3-n\msvcr71.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-20 17:47 . 2009-09-21 20:05   1   -c--a-w-   c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-10 11:43 . 2001-08-31 17:00   72260   ----a-w-   c:\windows\system32\perfc010.dat
2010-06-10 11:43 . 2001-08-31 17:00   449592   ----a-w-   c:\windows\system32\perfh010.dat
2010-05-22 12:12 . 2010-02-08 14:52   --------   dc----w-   c:\documents and settings\Administrator\Dati applicazioni\vlc
2010-05-22 12:10 . 2010-03-06 23:07   443912   -c--a-w-   c:\documents and settings\Administrator\Dati applicazioni\Real\Update\setup3.10\setup.exe
2010-05-08 18:39 . 2009-09-20 06:46   --------   dc----w-   c:\documents and settings\Administrator\Dati applicazioni\uTorrent
.

------- Sigcheck -------





[-] 2008-04-26 . 5DEF00B476192F4AE0E9515F08100443 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll




c:\windows\System32\drivers\beep.sys ... è mancante !!
c:\windows\System32\es.dll ... è mancante !!
c:\windows\System32\netlogon.dll ... è mancante !!
c:\windows\System32\srsvc.dll ... è mancante !!
c:\windows\System32\regsvc.dll ... è mancante !!
c:\windows\System32\schedsvc.dll ... è mancante !!
c:\windows\System32\termsrv.dll ... è mancante !!
.
(((((((((((((((((((((((((((((   SnapShot@2010-06-19_23.05.39   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-25 06:52 . 2010-06-25 06:52   16384              c:\windows\temp\Perflib_Perfdata_6b8.dat
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusTray"="c:\programmi\Asus\EeePC ACPI\AsTray.exe" [2007-09-28 77824]
"AsusACPIServer"="c:\programmi\Asus\EeePC ACPI\AsAcpiSvr.exe" [2007-10-02 450560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-04 16841216]
"SkyTel"="SkyTel.EXE" [2007-08-04 1826816]
"CanonMyPrinter"="c:\programmi\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-02-01 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-03-01 124928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Programmi\\uTorrent\\uTorrent.exe"=
"e:\\Programmi\\eMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
DcomLaunch   REG_MULTI_SZ      DcomLaunch

[COLOR=RED]NETSVCS REQUIRES REPAIRS - current entries shown[/COLOR]
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
SENS
Sharedaccess
Tapisrv
Themes
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
WmdmPmSN
pcwnfku

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\gily1y3t.default\
FF - component: c:\programmi\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: e:\programmi\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: e:\programmi\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: e:\programmi\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: e:\programmi\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----
e:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-25 08:52
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(1896)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Canon\IJPLM\IJPLMSVC.EXE
e:\programmi\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-06-25  08:55:49 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2010-06-25 06:55
ComboFix2.txt  2010-06-19 23:09

Pre-Run: 899.588.096 byte disponibili
Post-Run: 872.894.464 byte disponibili

- - End Of File - - FF57D7B2268F77F652CC7E75BFB18482


[mavck]

ecco il log di HijackThis...grazie mille

Codice: Seleziona tutto

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9.41.09, on 25/06/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
E:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Asus\EeePC ACPI\AsTray.exe
C:\Programmi\Asus\EeePC ACPI\AsAcpiSvr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Canon\MyPrinter\BJMyPrt.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
E:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AsusTray] C:\Programmi\Asus\EeePC ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Programmi\Asus\EeePC ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programmi\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe"  -osboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: ClipSrv - Unknown owner - C:\WINDOWS\system32\clipsrv.exe (file missing)
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

--
End of file - 4359 bytes


[-> EleKtrA <-]

Ok, sorvolando sullo stato del sistema, il problema è risolto?

[mavck]

si si..quel problema è risolto

[-> EleKtrA <-]

Perfetto, nel caso volessi eseguire una manutenzione del sistema fai riferimento ai consigli che ti ho fornito per gli altri computer. Nel frattempo aspetto il tuo (Ovviamente sto scherzando )

[greystone]

Salve sono nuovo del forum.
Ho un problema che non riesco a risolvere sul pc di mio nipote. Dopo un problema di messaggi a "cascata" da symantec, che non gli faceva fare niente, gli ho dovuto disinstallare norton con il tool di rimozione, ora però non riesco ad installare nessun antivirus perché non riesco ad accedere ai relativi siti.
Dopo varie scansioni con sw come malwarebytes che hanno eliminato parecchia roba ma non risolto il problema,
ora ho seguito le vostre istruzioni ed ho scaricato combofix di cui riporto il report.
Ho avuto e superato molti gravi problemi con i pc, ma stavolta non riesco a venirne a capo. Spero mi possiate aiutare altrimenti mio nipote mi crocifigge. Grazie in anticipo

ComboFix 10-08-22.05 - Cristiano Colonnese 23/08/2010 16.27.39.3.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1022.681 [GMT 2:00]
Eseguito da: c:\documents and settings\Cristiano Colonnese\desktop\abc.exe
Opzioni usate :: /killall

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-07-23 al 2010-08-23 )))))))))))))))))))))))))))))))))))
.

2010-08-23 14:06 . 2010-08-23 14:06 -------- d-----w- C:\abc
2010-08-23 09:56 . 2010-08-23 09:56 -------- d-----w- c:\documents and settings\Cristiano Colonnese\Dati applicazioni\Malwarebytes
2010-08-23 09:56 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-23 09:56 . 2010-08-23 09:56 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-08-23 09:56 . 2010-08-23 09:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-08-23 09:56 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-23 08:31 . 2010-08-23 14:35 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2010-08-23 07:53 . 2010-08-23 07:53 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-22 17:42 . 2010-08-23 07:53 755200 ----a-w- c:\windows\system32\drivers\gjtuhj.sys
2010-08-22 17:42 . 2010-08-22 17:42 -------- d-----w- C:\FOUND.004
2010-08-22 16:25 . 2010-08-22 16:25 -------- d-----w- c:\programmi\Notebook Hardware Control
2010-08-22 15:56 . 2010-08-22 15:56 -------- d-----w- C:\FOUND.003
2010-08-18 13:01 . 2010-08-18 13:01 -------- d-----w- C:\FOUND.002
2010-08-18 08:10 . 2010-08-18 08:10 -------- d-----w- C:\FOUND.001
2010-08-16 08:15 . 2010-08-16 08:15 -------- d-----w- C:\FOUND.000
2010-08-09 18:57 . 2010-08-18 11:46 0 ----a-w- c:\windows\system32\drivers\ghfoux.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-23 14:32 . 2005-05-19 20:01 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-15 19:45 . 2010-08-15 19:45 16 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\bawuho.dat
2010-08-15 16:47 . 2010-08-15 16:47 16 ----a-w- c:\documents and settings\Cristiano Colonnese\Dati applicazioni\bawuho.dat
2010-08-09 18:57 . 2010-08-09 18:57 12 ----a-w- c:\documents and settings\NetworkService\Dati applicazioni\bawuho.dat
2010-07-27 19:28 . 2006-11-11 12:27 10556 ----a-w- c:\documents and settings\Cristiano Colonnese\Dati applicazioni\wklnhst.dat
2010-06-30 15:19 . 2006-11-11 19:15 81504 ----a-w- c:\documents and settings\Cristiano Colonnese\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-06-24 14:06 . 2005-05-19 19:32 83818 ----a-w- c:\windows\system32\perfc010.dat
2010-06-24 14:06 . 2005-05-19 19:32 488994 ----a-w- c:\windows\system32\perfh010.dat
2010-06-13 09:16 . 2009-04-30 20:20 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-25 18:51 . 2010-05-25 18:51 503808 ----a-w- c:\documents and settings\Cristiano Colonnese\Dati applicazioni\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6cdc25c2-n\msvcp71.dll
2010-05-25 18:51 . 2010-05-25 18:51 499712 ----a-w- c:\documents and settings\Cristiano Colonnese\Dati applicazioni\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6cdc25c2-n\jmc.dll
2010-05-25 18:51 . 2010-05-25 18:51 348160 ----a-w- c:\documents and settings\Cristiano Colonnese\Dati applicazioni\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6cdc25c2-n\msvcr71.dll
2009-03-21 14:18 . 2005-05-19 19:31 170193 --sh--r- c:\windows\system32\cezrkyyw.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-08-23_13.54.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-23 14:33 . 2010-08-23 14:33 16384 c:\windows\temp\Perflib_Perfdata_4ac.dat
+ 2010-02-06 12:00 . 2010-08-23 14:33 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2010-02-06 12:00 . 2010-08-23 13:53 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-08 68856]
"Google Update"="c:\documents and settings\Cristiano Colonnese\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-08-01 133104]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"NokiaMServer"="c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer" [X]
"SoundMan"="SOUNDMAN.EXE" [2005-04-22 77824]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-15 88202]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 102491]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 692315]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-14 32768]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 110592]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 344064]
"LManager"="c:\programmi\Launch Manager\QtZgAcer.EXE" [2005-05-05 286720]
"eRecoveryService"="c:\programmi\Acer\eRecovery\Monitor.exe" [2005-06-29 352256]
"MBBalloon"="c:\programmi\HOTALBUMMyBOX\MBBalloon.exe" [2007-11-30 789144]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-09-24 149280]
"NokiaMusic FastStart"="c:\programmi\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"MobileConnect"="c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-07-03 2328576]
"NotebookHardwareControl"="c:\programmi\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2005-8-16 577597]
EPSON Status Monitor 3 Environment Check(3).lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2001-6-24 128000]
MediaChecker.lnk - c:\programmi\HOTALBUMMyBOX\MediaChecker.exe [2007-11-30 915096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\JustVoip.com\\JustVoip\\JustVoip.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3453:TCP"= 3453:TCP:huxutzgk

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [21/08/2008 14.48.07 15172]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [23/08/2010 11.56.35 304464]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12.31.14 92008]
R2 VMCService;Vodafone Mobile Connect Service;c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [03/07/2009 11.40.30 9216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23/08/2010 11.56.31 20952]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [06/02/2010 13.53.39 135664]
S2 lobbwgjdd;Windows System;c:\windows\system32\svchost.exe -k netsvcs [19/05/2005 21.32.02 14336]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [27/03/2010 11.11.04 112640]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [27/03/2010 12.24.45 102656]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
lobbwgjdd
.
Contenuto della cartella 'Scheduled Tasks'

2010-08-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-06 11:53]

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-06 11:53]

2010-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1423492589-3838477401-2941409723-1005Core1cb3f056618a58e.job
- c:\documents and settings\Cristiano Colonnese\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-08-01 15:08]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-23 16:34
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lobbwgjdd]
"ServiceDll"="c:\windows\system32\cezrkyyw.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3156)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\programmi\Nokia\PC Connectivity Solution\ConnAPI.DLL
c:\programmi\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\acer\eManager\anbmServ.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Common Files\Motive\McciCMService.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SOUNDMAN.EXE
c:\windows\AGRSMMSG.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
c:\programmi\Nokia\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\Nokia\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\progra~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
c:\programmi\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\programmi\Nokia\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\programmi\Nokia\PC Connectivity Solution\Transports\NclBCBTSrv.exe
c:\programmi\iPod\bin\iPodService.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Ora fine scansione: 2010-08-23 16:38:52 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-08-23 14:38
ComboFix2.txt 2010-08-23 13:58

Pre-Run: 8.930.394.112 byte disponibili
Post-Run: 8.915.943.424 byte disponibili

- - End Of File - - A3CEE8DEDAB8A629581A26EFCB043CB8

[Luke57]

Ciao,Apri il block notes di windows
Copia e incolla all'interno del file testo il seguente script:

Codice: Seleziona tutto

NetSvcs::
lobbwgjdd

Driver::
lobbwgjdd

File::
c:\windows\system32\drivers\gjtuhj.sys
c:\windows\system32\drivers\ghfoux.sys
c:\windows\system32\cezrkyyw.dll

Salva il file testo nella stessa posizione dove è presente combofix.exe e chiamalo CFScript.txt
Disconettiti da internet.

Adesso trascina il file CFScript.txt su ComboFix.exe o abc.exe
Il programma eseguirà una nuova scansione,al termine riavvia il pc se ti viene richiesto dal programma.
Posta il nuovo report, metti il testo tra i due tag

Codice: Seleziona tutto

[greystone]

Grazie Luke57 per la risposta rapidissima.
Domani provo e poi posto il report.
Ah... scusa se non ho taggato il report, ma sono abbastanza rinco.

[greystone]

Ciao, non ho resistito e ierisera dopo cena ho riaperto il mio studio per fare la scansione con combofix.
Tutto risolto!
Sei un grande Luke, non finirò mai di ringraziarti, anche perché i miei nipoti non mi staranno più addosso come avvoltoi.
Solo un'ultima cosa, ora il pc è senza antivirus, quale mi consigli che non sia troppo invasivo (io sui miei pc prima avevo avira, ma mi dava troppi falsi positivi e ho installato avg e mi trovo bene), considera che loro utilizzano molto internet e i social network, oltre naturalmente ad altre cosette tipiche dei ragazzi (ora è attiva solo la protezione di malwarebytes, che faccio la lascio?)
Allego comunque per sicurezza il nuovo report:

Codice: Seleziona tutto

ComboFix 10-08-22.05 - Cristiano Colonnese 23/08/2010  22.59.27.4.1 - FAT32x86
Microsoft Windows XP Professional  5.1.2600.2.1252.39.1040.18.1022.579 [GMT 2:00]
Eseguito da: c:\documents and settings\Cristiano Colonnese\Desktop\abc.exe
Opzioni usate :: c:\documents and settings\Cristiano Colonnese\Desktop\CFScript.txt

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\system32\cezrkyyw.dll"
"c:\windows\system32\drivers\ghfoux.sys"
"c:\windows\system32\drivers\gjtuhj.sys"
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\cezrkyyw.dll
c:\windows\system32\drivers\ghfoux.sys
c:\windows\system32\drivers\gjtuhj.sys

.
(((((((((((((((((((((((((((((((((((((((   Driver/Servizi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LOBBWGJDD
-------\Service_lobbwgjdd


(((((((((((((((((((((((((   Files Creati Da 2010-07-23 al 2010-08-23  )))))))))))))))))))))))))))))))))))
.

2010-08-23 14:06 . 2010-08-23 14:06   --------   d-----w-   C:\abc
2010-08-23 09:56 . 2010-08-23 09:56   --------   d-----w-   c:\documents and settings\Cristiano Colonnese\Dati applicazioni\Malwarebytes
2010-08-23 09:56 . 2010-04-29 10:19   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-23 09:56 . 2010-08-23 09:56   --------   d-----w-   c:\programmi\Malwarebytes' Anti-Malware
2010-08-23 09:56 . 2010-08-23 09:56   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-08-23 09:56 . 2010-04-29 10:19   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-08-23 08:31 . 2010-08-23 20:52   22528   ----a-w-   c:\windows\system32\drivers\nhcDriver.sys
2010-08-23 07:53 . 2010-08-23 07:53   --------   d-----w-   c:\windows\system32\wbem\Repository
2010-08-22 17:42 . 2010-08-22 17:42   --------   d-----w-   C:\FOUND.004
2010-08-22 16:25 . 2010-08-22 16:25   --------   d-----w-   c:\programmi\Notebook Hardware Control
2010-08-22 15:56 . 2010-08-22 15:56   --------   d-----w-   C:\FOUND.003
2010-08-18 13:01 . 2010-08-18 13:01   --------   d-----w-   C:\FOUND.002
2010-08-18 08:10 . 2010-08-18 08:10   --------   d-----w-   C:\FOUND.001
2010-08-16 08:15 . 2010-08-16 08:15   --------   d-----w-   C:\FOUND.000

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-23 21:06 . 2005-05-19 20:01   12   ----a-w-   c:\windows\bthservsdp.dat
2010-08-15 19:45 . 2010-08-15 19:45   16   ----a-w-   c:\documents and settings\LocalService\Dati applicazioni\bawuho.dat
2010-08-15 16:47 . 2010-08-15 16:47   16   ----a-w-   c:\documents and settings\Cristiano Colonnese\Dati applicazioni\bawuho.dat
2010-08-09 18:57 . 2010-08-09 18:57   12   ----a-w-   c:\documents and settings\NetworkService\Dati applicazioni\bawuho.dat
2010-07-27 19:28 . 2006-11-11 12:27   10556   ----a-w-   c:\documents and settings\Cristiano Colonnese\Dati applicazioni\wklnhst.dat
2010-06-30 15:19 . 2006-11-11 19:15   81504   ----a-w-   c:\documents and settings\Cristiano Colonnese\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-06-24 14:06 . 2005-05-19 19:32   83818   ----a-w-   c:\windows\system32\perfc010.dat
2010-06-24 14:06 . 2005-05-19 19:32   488994   ----a-w-   c:\windows\system32\perfh010.dat
2010-06-13 09:16 . 2009-04-30 20:20   664   ----a-w-   c:\windows\system32\d3d9caps.dat
.

(((((((((((((((((((((((((((((   SnapShot@2010-08-23_13.54.59   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-23 21:07 . 2010-08-23 21:07   16384              c:\windows\temp\Perflib_Perfdata_3cc.dat
+ 2010-02-06 12:00 . 2010-08-23 14:33   245760              c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2010-02-06 12:00 . 2010-08-23 13:53   245760              c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-08 68856]
"Google Update"="c:\documents and settings\Cristiano Colonnese\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-08-01 133104]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"NokiaMServer"="c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer" [X]
"SoundMan"="SOUNDMAN.EXE" [2005-04-22 77824]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-15 88202]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 102491]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 692315]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-14 32768]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 110592]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 344064]
"LManager"="c:\programmi\Launch Manager\QtZgAcer.EXE" [2005-05-05 286720]
"eRecoveryService"="c:\programmi\Acer\eRecovery\Monitor.exe" [2005-06-29 352256]
"MBBalloon"="c:\programmi\HOTALBUMMyBOX\MBBalloon.exe" [2007-11-30 789144]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-09-24 149280]
"NokiaMusic FastStart"="c:\programmi\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"MobileConnect"="c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-07-03 2328576]
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2005-8-16 577597]
EPSON Status Monitor 3 Environment Check(3).lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2001-6-24 128000]
MediaChecker.lnk - c:\programmi\HOTALBUMMyBOX\MediaChecker.exe [2007-11-30 915096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\JustVoip.com\\JustVoip\\JustVoip.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3453:TCP"= 3453:TCP:huxutzgk

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [21/08/2008 14.48.07 15172]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [23/08/2010 11.56.35 304464]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12.31.14 92008]
R2 VMCService;Vodafone Mobile Connect Service;c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [03/07/2009 11.40.30 9216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23/08/2010 11.56.31 20952]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [06/02/2010 13.53.39 135664]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [27/03/2010 11.11.04 112640]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [27/03/2010 12.24.45 102656]
.
Contenuto della cartella 'Scheduled Tasks'

2010-08-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-06 11:53]

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-06 11:53]

2010-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1423492589-3838477401-2941409723-1005Core1cb3f056618a58e.job
- c:\documents and settings\Cristiano Colonnese\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-08-01 15:08]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-23 23:08
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1332)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\programmi\Nokia\PC Connectivity Solution\ConnAPI.DLL
c:\programmi\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\acer\eManager\anbmServ.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Common Files\Motive\McciCMService.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SOUNDMAN.EXE
c:\windows\AGRSMMSG.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
c:\programmi\Nokia\PC Connectivity Solution\ServiceLayer.exe
c:\progra~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
c:\programmi\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\Nokia\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\programmi\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\programmi\Nokia\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\programmi\Nokia\PC Connectivity Solution\Transports\NclBCBTSrv.exe
c:\programmi\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
c:\windows\SoftwareDistribution\Download\Install\NDP20SP2-KB979909-x86.exe
d:\f46e88d793726354c935c9ad03\HotFixInstaller.exe
c:\windows\system32\MsiExec.exe
c:\programmi\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Ora fine scansione: 2010-08-23  23:17:59 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2010-08-23 21:17
ComboFix2.txt  2010-08-23 14:38
ComboFix3.txt  2010-08-23 13:58

Pre-Run: 8.919.121.920 byte disponibili
Post-Run: 8.439.365.632 byte disponibili

- - End Of File - - 963E7FE446F1ACA0D0D83347B00C0FD1

[Luke57]

Ciao, mi ero dimenticato questi files in neretto da eliminare:
c:\documents and settings\LocalService\Dati applicazioni\bawuho.dat
c:\documents and settings\Cristiano Colonnese\Dati applicazioni\bawuho.dat
c:\documents and settings\NetworkService\Dati applicazioni\bawuho.dat

da risorse del computer premi strumenti>opzioni cartella>visualizzazione>metti la spunta a "visualizza file e cartelle nascosti" premi OK. Cerca ed elimina i suddetti file.
Se non si facessero eliminare, riutilizza lo script di combofix al solito modo(CFScript.txt) , inserendo però questo testo e salvando le modifiche:

File::
c:\documents and settings\LocalService\Dati applicazioni\[b]bawuho.dat
c:\documents and settings\Cristiano Colonnese\Dati applicazioni\bawuho.dat
c:\documents and settings\NetworkService\Dati applicazioni\bawuho.dat[/b]

[greystone]

OK! Eliminati anche i bawuho.dat.
ora credo che il pc sia più sterile di una sala operatoria!!!
Grazie ancora.
Poi, quando avrò un po' di tempo eseguirò una scansione dei miei pc e posto i report, così pulisco pure quelli che già qualche mese fa ho ripulito da un cazzutissimo elibagla che ha rischiato di farmi perdere tutto.
Ciao e alla prossima

[greystone]

scusate l'ignoranza, ma quando ci sono più account su uno stesso pc, basta avviare combofix su un utente qualsiasi o bisogna fare la scansione per ognuno di essi?

[FDAC]

Ciao Grey, la scansione con Combofix basta che la fai in un utente con privilegi di AMMINISTRATORE, ricordati prima di salvarlo sul desktop.

[greystone]

Grazie FDAC, allora è tutto ok. L'account che ho utilizzato per la scansione ha il privilegio di amministratore.

[FDAC]

Bene, allora sei a posto, amico.
Se vuoi eseguire una pulizia dei file temporanei e schifezze varie, per tentare di liberare un po' di spazio prezioso su disco e velocizzare il Sistema Operativo, passa di qua, quando vuoi.

Ciao

[greystone]

Ciao FDAC,
quello in oggetto era il pc dei mie nipoti e dopo la scansione con Combofix ho provveduto a utilizzare alcuni trucchetti per velocizzarlo e ripulire i file di sistema ed ho fatto la deframmentazione approfondita con un defrag.cmd creato da me (secondo alcune istruzioni trovate tempo fa sul web).
Invece il mio notebook dopo un'immane battaglia contro un elibagla l'ho dapprima ripulito a fondo e poi continuo a fare una manutenzione periodica con un manipolo di programmi come NHC, defrag.cmd, registrybooster, speedupmypc, spyware doctor, perfect disk ecc. e va come una scheggia (considerando che è un acer aspire 1300 vecchio di quasi 8 anni!!! ) tanto che per il lavoro utilizzo più questo che il pc fisso dell'hp con Vista.
Quando avrò un po' di tempo spulcerò i vari topic del forum e certamente troverò qualcosa di utile per i miei pc.
Peccato non aver scoperto prima questo forum, siete fantastici!

[FDAC]

Io sono appena arrivato qui, ma ho avuto esperienza su altri forum.
Sono giovane, forse il più piccolo del forum, visto che ho solamente 16 anni.
Ma vediamo di non andare fuori argomento, ciao Grey, alla prossima