Condividi:        

aiutatemiii...vi prego..

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

aiutatemiii...vi prego..

Postdi hipoxantina » 19/02/08 12:43

uffi...non riesco a risolvere un problemino...qualcuno di voi mi saprebbe aiutare? Sono nuova, iscritta nemmeno un minuto fa a questo sito...
Ho letto un sacco prima di giungere a scrivere...ho fatto quello che consigliavano di fare in alcuni casi ma...non ho risolto nulla...in breve se qualcuno ha il tempo di vedere il log che viene fuori dopo scansione con Hijack...mi sapreste dire cosa c'è che non va? qual'è il file da eliminare?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.35.28, on 19/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
C:\Programmi\TOSHIBA\Accessibility\FnKeyHook.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
C:\Programmi\TOSHIBA\ConfigFree\NDSTray.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\MessengerSkinner\MessengerSkinner.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\MSN Messenger\livecall.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\taskmgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: Virgilio Toolbar - {D3403F28-7D39-435F-A8CB-45016C29E48E} - C:\Programmi\Virgilio Toolbar\VirgilioBand.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Programmi\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [HWSetup] C:\Programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Programmi\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [messengerskinner] C:\Programmi\MessengerSkinner\MessengerSkinner.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CD Software aggiuntivo.lnk = D:\setup.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/downloa ... ctiveX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37E8D94C-6985-43BE-AC0B-F85A94B3F439}: NameServer = 193.204.64.3,193.204.64.97
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe

--
End of file - 10445 bytes
..vi ringrazio in anticipo...
hipoxantina
Newbie
 
Post: 4
Iscritto il: 19/02/08 12:38

Sponsor
 

Re: aiutatemiii...vi prego..

Postdi hipoxantina » 19/02/08 12:52

ecco...sono sempre io..ho mancato di dirvi che il problema sono le pagine che si aprono in automatico,mentre navigo in internet e che cominciano con...fp.pc-on-internet.com
:undecided: ho letto ..letto..ma..sarà che sono una biologa e no ncapisco nulla di pc???
hipoxantina
Newbie
 
Post: 4
Iscritto il: 19/02/08 12:38

Re: aiutatemiii...vi prego..

Postdi Luke57 » 19/02/08 13:05

Ciao, anche le biologhe devono intendersi di pc.
Detto questo ;) scarica finadwf da qui:
http://www.expobg.it/images/immxarticoli/FindAWF.exe
lo lanci, si apre una finestra dos, scegli l'opzione 1 e premi il tasto invio.
Incolli in un post il report generato dalla scansione.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: aiutatemiii...vi prego..

Postdi hipoxantina » 19/02/08 13:11

ecco...mi sa che non parte perchè mi dice che c'è un problema..alla fine esce scritto questo:ossia nessuna lista :(
Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report
hipoxantina
Newbie
 
Post: 4
Iscritto il: 19/02/08 12:38

Re: aiutatemiii...vi prego..

Postdi Luke57 » 19/02/08 13:53

Ciao, scarica ComboFix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Disconettiti da internet
disattiva l'antivirus


Avvia il file ComboFix.exe
Digita 1 per avviare il tool (non fare altre manovre durante la scansione)
Segui le instruzioni e alla fine verrà generato un log. in C:\combofix.txt
Incolla il contnuto in un post.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

RISULTATI COMBOFIX

Postdi hipoxantina » 19/02/08 15:58

Allora...eseguito tutti gli ordini..mi pare di aver letto che ha eliminato qualche cartella. Ecco il report di COMBOFIX:

ComboFix 08-02-19.2 - User 2008-02-19 15.41.30.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.171 [GMT 1:00]
Eseguito da: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\User\Dati applicazioni\MessengerSkinner
C:\Documents and Settings\User\Dati applicazioni\MessengerSkinner\Userdata\Install_MessengerSkinner.zip
C:\Documents and Settings\User\Dati applicazioni\MessengerSkinner\Userdata\languages_v2.xml
C:\Documents and Settings\User\Dati applicazioni\MessengerSkinner\Userdata\pack1.cab
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\gfjptpsno.dat
c:\documents and settings\user\impostazioni locali\dati applicazioni\gfjptpsno.exe
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\gfjptpsno_nav.dat
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\gfjptpsno_navps.dat
C:\Documents and Settings\User\Menu Avvio\Programmi\MessengerSkinner
C:\Documents and Settings\User\Menu Avvio\Programmi\MessengerSkinner\MessengerSkinner.lnk
C:\Documents and Settings\User\Menu Avvio\Programmi\MessengerSkinner\Privacy Policy.lnk
C:\Documents and Settings\User\Menu Avvio\Programmi\MessengerSkinner\Terms and conditions.lnk
C:\Documents and Settings\User\Menu Avvio\Programmi\MessengerSkinner\Website.lnk
C:\Programmi\messengerskinner\download\defaultPack.cab
C:\Programmi\messengerskinner\MessengerSkinner.exe
C:\Programmi\messengerskinner\MessengerSkinnerDll.dll
C:\Programmi\messengerskinner\Privacy Policy.url
C:\Programmi\messengerskinner\resources\appconfig.xml
C:\Programmi\messengerskinner\resources\btn.rgn
C:\Programmi\messengerskinner\resources\btnBnr.rgn
C:\Programmi\messengerskinner\resources\btnIn.rgn
C:\Programmi\messengerskinner\resources\btnInNormal.bmp
C:\Programmi\messengerskinner\resources\btnInOver.bmp
C:\Programmi\messengerskinner\resources\btnNormal.bmp
C:\Programmi\messengerskinner\resources\btnNormal.gif
C:\Programmi\messengerskinner\resources\btnNormalBnr.bmp
C:\Programmi\messengerskinner\resources\btnNormalBnr.gif
C:\Programmi\messengerskinner\resources\btnOver.bmp
C:\Programmi\messengerskinner\resources\btnOver.gif
C:\Programmi\messengerskinner\resources\btnOverBnr.bmp
C:\Programmi\messengerskinner\resources\btnOverBnr.gif
C:\Programmi\messengerskinner\resources\languages_v2.xml
C:\Programmi\messengerskinner\Terms and conditions.url
C:\Programmi\messengerskinner\uninst.exe
C:\Programmi\messengerskinner\Website.url
C:\WINDOWS\system32\nvs2.inf

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.c
.
((((((((((((((((((((((((( Files Creati Da 2008-01-19 al 2008-02-19 )))))))))))))))))))))))))))))))))))
.

2008-02-19 11:05 . 2008-02-19 11:05 <DIR> d-------- C:\Programmi\Lavasoft
2008-02-19 11:05 . 2008-02-19 11:06 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-02-19 11:03 . 2008-02-19 11:03 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-02-19 10:51 . 2008-02-19 10:51 <DIR> d-------- C:\Programmi\Trend Micro
2008-02-11 11:57 . 2008-02-11 11:57 332,800 --a------ C:\WINDOWS\system32\ffeglvz.exe
2008-02-06 16:26 . 2008-02-06 16:26 <DIR> d-------- C:\Programmi\File comuni\Oberon Media
2008-02-06 16:26 . 2008-02-06 21:27 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-02-05 12:06 . 2008-02-05 12:06 268 --ah----- C:\sqmdata15.sqm
2008-02-05 12:06 . 2008-02-05 12:06 244 --ah----- C:\sqmnoopt15.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-11 16:15 --------- d-----w C:\Programmi\Windows Live Safety Center
2008-02-11 09:43 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Lavasoft
2008-02-08 08:45 --------- d-----w C:\Programmi\ESET
2008-02-06 19:55 --------- d-----w C:\Programmi\Oberon Media
2008-01-17 09:28 --------- d-----w C:\Programmi\C6 Messenger
2008-01-12 22:39 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-12 22:01 --------- d-----w C:\Programmi\Virgilio Toolbar
2008-01-12 22:01 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Virgilio Toolbar
2008-01-10 15:28 24,936 ----a-w C:\Documents and Settings\User\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-12-30 20:28 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 11:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
"WMPNSCFG"="C:\Programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 21:56 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Programmi\Apoint2K\Apoint.exe" [2003-10-30 15:46 192512]
"PadTouch"="C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 09:56 1077327]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 13:37 88363 C:\WINDOWS\agrsmmsg.exe]
"CeEKEY"="C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe" [2005-01-21 20:48 675840]
"TPNF"="C:\Programmi\TOSHIBA\TouchPad\TPTray.exe" [2004-11-29 20:06 53248]
"TOSHIBA Accessibility"="C:\Programmi\TOSHIBA\Accessibility\FnKeyHook.exe" [2004-12-07 20:24 24576]
"HWSetup"="C:\Programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-23 17:07 28672]
"SVPWUTIL"="C:\Programmi\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 14:59 65536]
"Zooming"="ZoomingHook.exe" [2004-07-14 15:07 24576 C:\WINDOWS\system32\ZoomingHook.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-02-16 13:43 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]
"TPSMain"="TPSMain.exe" [2005-02-17 10:11 266240 C:\WINDOWS\system32\TPSMain.exe]
"SmoothView"="C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-11-15 10:44 118784]
"Tvs"="C:\Programmi\TOSHIBA\Tvs\TvsTray.exe" [2004-11-12 16:57 73728]
"NDSTray.exe"="NDSTray.exe" []
"TFncKy"="TFncKy.exe" []
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-07-26 10:17 180269]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-12-05 22:11 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 11:00 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-17 21:49:34 110592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
backup=C:\WINDOWS\pss\Avvio veloce di Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Avvio^Programmi^Esecuzione automatica^C6 Messenger.lnk]
backup=C:\WINDOWS\pss\C6 Messenger.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office OneNote 2003 Quick Launch.lnk]
backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-03-14 18:05 257088 C:\Programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:54 5674352 C:\Programmi\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 09:54 282624 C:\Programmi\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2006-12-27 16:53 73840 C:\Programmi\Macrogaming\SweetIM\SweetIM.exe

R1 SerTVOutCtlr;TOSHIBA Controls Driver -EPIOMngr;C:\WINDOWS\system32\drivers\EPIOMngr.sys [2004-07-30 14:05]
R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys [2005-02-25 18:08]
R3 DLKRCB;D-Link DFE-690TXD CardBus PC Card;C:\WINDOWS\system32\DRIVERS\DLKRCB.SYS [2001-10-15 13:38]
S1 StickyMesger;StickyMesger;C:\Programmi\TOSHIBA\Accessibility\StickyMesger.sys []
S3 brfilt;Driver filtro Brother MFC;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 21:12]
S3 BrSerWDM;Driver seriale Brother WDM;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2001-08-17 21:12]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINDOWS\system32\Drivers\BrUsbMdm.sys [2001-08-17 21:12]
S3 BrUsbScn;Driver scanner Brother MFC USB;C:\WINDOWS\system32\Drivers\BrUsbScn.sys [2001-08-17 21:12]
S3 PentaxUsb;Pentax Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-03-17 21:59]
S3 PentaxVc;Pentax Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2004-03-17 22:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e31cf16-c190-11db-a823-00134638dcbd}]
\Shell\Auto\command - Song.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Song.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8375840b-1a62-11dc-a8dc-00134638dcbd}]
\Shell\Auto\command - Cn911.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8404edfa-2964-11dc-a8f4-00134638dcbd}]
\Shell\Auto\command - Cn911.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2005-09-09 18:20:11 C:\WINDOWS\Tasks\Promemoria registrazione 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2005-09-16 13:35:11 C:\WINDOWS\Tasks\Promemoria registrazione 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 15:48:03
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Programmi\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Windows Media Player\WMPNetwk.exe
C:\Programmi\TOSHIBA\ConfigFree\NDSTray.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\RAMASST.exe
.
**************************************************************************
.
Ora fine scansione: 2008-02-19 15:51:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-19 14:50:59
.
2008-02-15 02:04:58 --- E O F ---
Come si intepreta tutto ciò? Che roba è? Ci sono virus? :eeh:
hipoxantina
Newbie
 
Post: 4
Iscritto il: 19/02/08 12:38

Re: aiutatemiii...vi prego..

Postdi Luke57 » 19/02/08 17:01

Ciao, elimina questo file:
C:\WINDOWS\system32\ffeglvz.exe
poi scarica ATf cleaner (per eliminare file temporanei) da qui:
http://www.atribune.org/ccount/click.php?id=1
Avvia ATF cleaner, clicca sul menu "main" e poi seleziona la casella "Select All". Adesso clicca sul pulsante "Empty selected" e aspetta il messaggio "Done Cleaning!"
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "aiutatemiii...vi prego..":


Chi c’è in linea

Visitano il forum: Nessuno e 23 ospiti