Condividi:        

Aiutoo!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Aiutoo!

Postdi blinketto182 » 07/06/09 12:32

Ciao a tutti. Da stamattina AVG continua a segnalarmi che ci sono diversi virus tutti con lo stesso percorso C:\Windows\system32\msxml71.dll
Ho fatto la scansione con super antispyware mi ha trovato 3 trojan, li ho levati ma il problema persiste infatti Avg continua a segnalare virus.
Così ho fatto la scansione con hijackthis vi posto i risultati.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.09.14, on 07/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\hp\kbd\kbd.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Utente\AppData\Local\Temp\Rar$EX00.273\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\Windows\system32\msxml71.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [snpstd2] C:\Windows\vsnpstd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://giochi.gratisgiochi.ws/0486e9d9fe8c55b0fa4d591b91083c12/game.php?file=http://giochi.gratisgiochi.ws/0486e9d9fe8c55b0fa4d591b91083c12/1158.dcr&width=425&height=330"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resourc ... dit-it.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Servizio di Google Update (gupdate1c9a646127d6e88) (gupdate1c9a646127d6e88) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9929 bytes
blinketto182
Newbie
 
Post: 3
Iscritto il: 07/06/09 12:30

Sponsor
 

Re: Aiutoo!

Postdi -> EleKtrA <- » 07/06/09 12:52

Ciao blinketto182 , benvenuto.
Si tratta di un trojan FakeAlert, che può essere facilmente rimosso con l'aiuto di due programmi, ma andiamo con ordine.

1) Con tutte le applicazioni chiuse e disconnesso da internet
Tasto destro su Hijackthis, esegui come amministratore
Clicca su "do a system scan only"
Metti la spunta a queste voci e clicca su "fix checked"

O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\Windows\system32\msxml71.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http:/ /giochi.gratisgiochi.ws/0486e9d9fe8c55b0fa4d591b91083c12/game.php?file=http:/ /giochi.gratisgiochi.ws/0486e9d9fe8c55b0fa4d591b91083c12/1158.dcr&width=425 &height=330"
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

2) Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Tasto destro, esegui come amministratore
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

3) Scarica Malwarebytes, installa il programma ed aggiorna le firme.
http://www.download.com/Malwarebytes-An ... 04572.html
Nella scheda scansione, seleziona "scansione completa"
Allega il rapporto.

4) Esegui questo tool per disinstallare completamente Norton
http://service1.symantec.com/support/in ... 7160511924
tasto destro sull'exe, esegui come amministratore.

Nota: i report vanno allegati o inseriti nel tag "code" ;)
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Problema msxml71.dll

Postdi Angelfree987 » 22/07/09 14:37

Ciao a tutti. Non avrei voluto riaprire questo topic ma purtroppo anch'io ho avuto lo stesso problema di blinketto182;
e dato che lui avendo Vista e io Xp,
mi chiedevo se vi fossero diverse procedure per risolvere questo problema.
Ora posto la scansione fatta da Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.25.17, on 22/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\b.exe
C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\D-Tools\daemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\msa.exe
c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Proprietario\Documenti\Miei download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Programmi\Softonic_Italia\tbSof0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programmi\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Programmi\Softonic_Italia\tbSof0.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programmi\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Programmi\Softonic_Italia\tbSof0.dll
O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Noun Internet Plan Seek] C:\Documents and Settings\All Users\Dati applicazioni\Close upload noun internet\Dent Frag.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [waveante] C:\DOCUME~1\PROPRI~1\DATIAP~1\FOURTO~1\memo style.exe
O4 - HKCU\..\Run: [Pando] "C:\Programmi\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\b.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xmk142YYIT
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?ad182b48f8f641b9a84eb6b14fb7e033
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?ad182b48f8f641b9a84eb6b14fb7e033
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica link utilizzando Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\programmi\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programmi\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-c65d847e5cd55d5e.spaces.live ... nPUpld.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programmi\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programmi\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{931FBFB3-68E4-4388-8CA2-E989FA4300F3}: NameServer = 193.70.152.15 193.70.152.25
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11219 bytes

P.S.
tra l'altro oltre a questo è stato riscontrato un certo file "msa.exe" come virus ma non so di che entità.

Nel frattempo colgo l'occasione per ringraziarvi anticipatamente
Saluti,
angelfree987
Avatar utente
Angelfree987
Newbie
 
Post: 4
Iscritto il: 22/07/09 14:10
Località: Torino

Re: Aiutoo!

Postdi -> EleKtrA <- » 22/07/09 15:59

Ciao e benvenuto ;)
Nel log si vede un'infezione.
Scarica Combofix sul desktop
devi rinominare il file prima di salvarlo sul desktop in abc.exe
(per rinominare il file, quando lo scarichi ti chiede dove salvarlo e ti compare la casella "nome file", cambia il nome che ti appare in abc.exe e salvalo obbligatoriamente sul desktop)

start > esegui, nel box bianco copia e incolla questo comando, virgolette comprese:
"%userprofile%\desktop\abc.exe" /killall
Premi OK
non installare la recovery console
se tutto va bene parte il programma che potrebbe impiegare molto
attendi pazientemente il termine delle operazioni e posta il report C:\ComboFix.txt.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: Aiutoo!

Postdi Angelfree987 » 22/07/09 16:55

Fatto!! Questo è il report che mi ha rilasciato.

ComboFix 09-07-21.05 - Proprietario 22/07/2009 17.29.59.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.895.539 [GMT 2:00]
Eseguito da: c:\documents and settings\Proprietario\desktop\abc.exe
Opzioni usate :: /killall
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-3C24-9E7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\PROPRI~1\IMPOST~1\Temp\tmp2.tmp
c:\documents and settings\Proprietario\Dati applicazioni\MessengerSkinner
c:\documents and settings\Proprietario\Dati applicazioni\MessengerSkinner\Userdata\languages_v2.xml
c:\documents and settings\Proprietario\Dati applicazioni\MessengerSkinner\Userdata\pack1.cab
c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\aoukkqgae.dat
c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\aoukkqgae.exe
c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\aoukkqgae_nav.dat
c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\aoukkqgae_navps.dat
c:\documents and settings\Proprietario\Menu Avvio\Programmi\Videos.url
c:\documents and settings\Proprietario\Preferiti\Videos.url
c:\programmi\newdotnet
c:\programmi\newdotnet\nncore.dll
c:\programmi\newdotnet\nnrun.exe
c:\windows\msa.exe
c:\windows\NDNuninstall6_38.exe
c:\windows\system32\Data
c:\windows\system32\msxml71.dll
c:\windows\system32\nvs2.inf
c:\windows\Sysvxd.exe
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NNSERV
-------\Service_NNServ
-------\Service_TDSSserv


((((((((((((((((((((((((( Files Creati Da 2009-06-22 al 2009-07-22 )))))))))))))))))))))))))))))))))))
.

2009-07-18 19:05 . 2009-07-18 19:05 -------- d-----w- c:\programmi\ASIO4ALL v2
2009-07-18 19:04 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2009-07-18 19:03 . 2009-07-18 19:03 -------- d-----w- c:\programmi\Outsim
2009-07-18 19:01 . 2009-07-18 19:05 -------- d-----w- c:\programmi\Image-Line
2009-07-17 17:08 . 2009-07-17 17:08 188256 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\VCSExpress\9.0\1040\ResourceCache.dll
2009-07-16 17:37 . 2009-07-16 17:39 -------- d-----w- c:\documents and settings\Proprietario\TruePianos Settings
2009-07-16 17:36 . 2009-07-16 17:36 -------- d-----w- c:\programmi\TruePianos
2009-07-16 16:59 . 2009-07-16 16:59 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Proteus X
2009-07-16 16:22 . 2009-07-16 16:22 -------- d-----w- c:\programmi\File comuni\Creative Professional
2009-07-16 16:21 . 2009-07-16 16:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Macrovision
2009-07-16 16:21 . 2009-07-16 16:21 54784 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE
2009-07-16 16:20 . 2009-07-16 16:20 12464 ----a-w- c:\windows\system32\drivers\CdaC15BA.SYS
2009-07-16 16:03 . 2003-08-18 09:33 1706800 ------w- c:\windows\system32\gdiplus.dll
2009-07-16 15:55 . 2009-07-16 15:55 -------- d-----w- c:\programmi\Creative
2009-07-16 15:55 . 1999-10-11 01:00 41984 ------w- c:\windows\Ctregrun.exe
2009-07-16 15:54 . 2009-07-16 15:54 -------- d-----w- c:\windows\Cache
2009-07-16 15:53 . 2009-07-16 16:59 -------- d-----w- c:\programmi\Steinberg
2009-07-16 15:51 . 2000-05-10 23:00 90112 ------w- c:\windows\Updreg.EXE
2009-07-16 15:50 . 2006-04-12 11:05 11776 ----a-w- c:\windows\INRES.DLL
2009-07-16 15:50 . 2009-07-16 16:58 -------- d-----w- c:\programmi\Creative Professional
2009-07-16 14:30 . 2009-07-16 14:31 -------- d-----w- C:\b7a1dcb828a796d98d3acca3546ecf32
2009-07-16 14:19 . 2009-07-16 14:40 -------- d-----w- C:\9e63692ba387aa64eb35216cf633b4
2009-07-16 13:38 . 2009-07-16 13:38 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\PCHealth
2009-07-16 13:38 . 2009-07-16 13:38 -------- d-----w- c:\windows\system32\RsFx
2009-07-16 13:32 . 2009-07-16 13:38 -------- d-----w- c:\programmi\Microsoft SQL Server
2009-07-16 13:32 . 2009-07-16 13:32 -------- d-----w- c:\programmi\Microsoft Synchronization Services
2009-07-16 13:31 . 2009-07-16 14:38 194912 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\VBExpress\9.0\1040\ResourceCache.dll
2009-07-16 13:30 . 2009-07-17 17:07 416 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\MSDN\9.0\1040\ResourceCache.dll
2009-07-16 13:29 . 2009-07-16 13:29 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft Help
2009-07-16 13:27 . 2009-07-16 13:37 -------- d-----w- c:\programmi\Microsoft.NET
2009-07-16 13:27 . 2009-07-17 17:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-07-16 13:27 . 2009-07-17 17:06 -------- d-----w- c:\programmi\Microsoft Visual Studio 9.0
2009-07-16 13:26 . 2009-07-16 13:26 -------- d-----w- c:\programmi\Microsoft SDKs
2009-07-16 13:18 . 2009-07-16 13:19 -------- d-----w- C:\07870b5f47573051224029809372cbe2
2009-07-13 17:53 . 2009-07-13 17:53 8854 ----a-r- c:\documents and settings\Proprietario\Dati applicazioni\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-07-13 17:53 . 2009-07-13 17:53 40960 ----a-r- c:\documents and settings\Proprietario\Dati applicazioni\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-07-13 17:53 . 2009-07-13 17:53 40960 ----a-r- c:\documents and settings\Proprietario\Dati applicazioni\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-07-13 17:53 . 2009-07-13 17:53 -------- d-----w- c:\programmi\Project64 1.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-22 15:41 . 2009-02-11 18:24 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\WTablet
2009-07-22 12:05 . 2009-03-31 12:24 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-07-18 19:04 . 2009-03-31 09:59 -------- d-----w- c:\programmi\Vstplugins
2009-07-18 13:26 . 2008-03-17 11:44 -------- d-----w- c:\programmi\eMule
2009-07-17 16:01 . 2008-06-27 18:59 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2009-07-17 16:00 . 2008-04-08 18:39 -------- d-----w- c:\programmi\Norton Security Scan
2009-07-16 16:21 . 2008-07-15 08:12 -------- d-----w- c:\programmi\File comuni\Macrovision Shared
2009-07-16 16:16 . 2007-05-12 08:09 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-07-16 15:24 . 2007-05-26 07:40 119656 ----a-w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-07-16 14:32 . 2009-02-11 18:11 261520 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-07-16 14:30 . 2006-03-02 12:00 86568 ----a-w- c:\windows\system32\perfc010.dat
2009-07-16 14:30 . 2006-03-02 12:00 500224 ----a-w- c:\windows\system32\perfh010.dat
2009-07-16 13:32 . 2007-12-20 10:54 -------- d-----w- c:\programmi\Microsoft SQL Server Compact Edition
2009-06-24 18:57 . 2008-01-07 18:11 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Canon
2009-06-20 20:43 . 2009-06-20 20:40 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\InfraRecorder
2009-06-20 20:40 . 2009-06-20 20:40 -------- d-----w- c:\programmi\InfraRecorder
2009-06-20 20:31 . 2009-06-20 20:31 -------- d-----w- c:\programmi\MagicISO
2009-06-20 19:59 . 2009-06-20 19:59 -------- d-----w- c:\programmi\SlySoft
2009-06-20 17:23 . 2009-06-20 17:23 -------- d-----w- c:\programmi\LiDe
2009-06-16 14:53 . 2006-03-02 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:53 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-11 14:52 . 2009-06-11 14:52 -------- d-----w- c:\documents and settings\NetworkService\Dati applicazioniPDFcreator
2009-06-11 14:51 . 2009-06-11 14:51 -------- d-----w- c:\programmi\PDFCreator
2009-06-11 14:51 . 2009-06-11 14:51 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\PDFCreator
2009-06-03 19:25 . 2006-03-02 12:00 1295872 ----a-w- c:\windows\system32\quartz.dll
2009-05-30 23:20 . 2009-05-30 23:06 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\ImgBurn
2009-05-30 22:54 . 2009-05-30 22:53 -------- d-----w- c:\programmi\ImgBurn
2009-05-30 22:49 . 2009-05-30 22:39 -------- d-----w- c:\programmi\GCUTIL
2009-05-30 20:51 . 2009-05-30 20:51 -------- d-----w- c:\programmi\Altap Salamander 2.5
2009-05-30 13:17 . 2008-07-08 10:48 -------- d-----w- c:\programmi\StepMania
2009-05-27 18:25 . 2009-05-26 20:11 -------- d-----w- c:\programmi\Softonic_Italia
2009-05-26 20:11 . 2009-05-26 20:11 -------- d-----w- c:\programmi\Conduit
2009-05-26 16:37 . 2009-05-26 16:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Elaborate Bytes
2009-05-26 16:06 . 2009-05-26 16:06 -------- d-----w- c:\programmi\Elaborate Bytes
2009-05-07 17:03 . 2009-05-26 20:11 51200 ----a-w- c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\iiorrmi8.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\FFExternalAlert.dll
2009-05-07 17:03 . 2009-05-26 20:11 114688 ----a-w- c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\iiorrmi8.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\npmozax.dll
2009-05-07 15:41 . 2006-03-02 12:00 346112 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 12:07 . 2009-05-06 12:07 131072 ----a-r- c:\documents and settings\Proprietario\Dati applicazioni\Microsoft\Installer\{3A4BEF94-179B-43DC-8380-76EEC6DB5EF4}\NewShortcut3_3A4BEF94179B43DC838076EEC6DB5EF4.exe
2009-05-06 12:07 . 2009-05-06 12:07 131072 ----a-r- c:\documents and settings\Proprietario\Dati applicazioni\Microsoft\Installer\{3A4BEF94-179B-43DC-8380-76EEC6DB5EF4}\NewShortcut1_3A4BEF94179B43DC838076EEC6DB5EF4.exe
2009-05-06 12:07 . 2009-05-06 12:07 10134 ----a-r- c:\documents and settings\Proprietario\Dati applicazioni\Microsoft\Installer\{3A4BEF94-179B-43DC-8380-76EEC6DB5EF4}\ARPPRODUCTICON.exe
2009-05-04 19:48 . 2009-05-04 19:48 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-29 04:45 . 2006-03-02 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:44 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-14 09:43 . 2008-06-19 12:58 134648 ----a-w- c:\programmi\mozilla firefox\components\brwsrcmp.dll
2008-02-14 19:00 . 2008-02-14 19:00 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4edd5c14-2d22-4d7a-9748-c975a7fd933b}"= "c:\programmi\Softonic_Italia\tbSof0.dll" [2009-05-06 2093080]

[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 08:32 279944 ----a-w- c:\programmi\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]
2009-05-06 14:27 2093080 ----a-w- c:\programmi\Softonic_Italia\tbSof0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
"{4edd5c14-2d22-4d7a-9748-c975a7fd933b}"= "c:\programmi\Softonic_Italia\tbSof0.dll" [2009-05-06 2093080]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
"{4EDD5C14-2D22-4D7A-9748-C975A7FD933B}"= "c:\programmi\Softonic_Italia\tbSof0.dll" [2009-05-06 2093080]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"Pando"="c:\programmi\Pando Networks\Pando\Pando.exe" [2009-04-23 4044616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D066UUtility"="c:\windows\TWAIN_32\D66U\D066UUTY.EXE" [2000-07-06 32768]
"DAEMON Tools-1033"="c:\programmi\D-Tools\daemon.exe" [2004-08-22 81920]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2008-05-27 413696]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-05-04 148888]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-3-11 212992]
Windows Desktop Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Monitor Apache Servers.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Proprietario^Menu Avvio^Programmi^Esecuzione automatica^ubisoft register.lnk]
path=c:\documents and settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\ubisoft register.lnk
backup=c:\windows\pss\ubisoft register.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Turbo Torrent\\ttorrent.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\alaplaya\\S4League\\S4Client.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Pando Networks\\Pando\\pando.exe"=
"c:\\Programmi\\Java\\jre1.6.0_02\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programmi\\Java\\jre1.6.0_02\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56694:TCP"= 56694:TCP:Pando P2P TCP Listening Port
"56694:UDP"= 56694:UDP:Pando P2P UDP Listening Port

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [12/05/2007 10.09.30 11264]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [23/12/2008 14.02.29 8192]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [01/06/2008 9.13.10 34064]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [11/02/2009 20.23.49 3032360]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [22/06/2006 20.23.52 808448]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [06/10/2004 11.39.14 283904]
S3 asbp2poa;asbp2poa;\??\c:\docume~1\PROPRI~1\IMPOST~1\Temp\asbp2poa.sys --> c:\docume~1\PROPRI~1\IMPOST~1\Temp\asbp2poa.sys [?]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [04/10/2004 7.28.38 43392]
S3 Cdstf50pwf;Cdstf50pwf; [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [11/02/2009 20.23.52 15144]
S3 XDva221;XDva221;\??\c:\windows\system32\XDva221.sys --> c:\windows\system32\XDva221.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'

2009-07-17 c:\windows\Tasks\Norton Security Scan for Proprietario.job
- c:\programmi\Norton Security Scan\Nss.exe [2008-09-19 18:20]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-waveante - c:\docume~1\PROPRI~1\DATIAP~1\FOURTO~1\memo style.exe
HKLM-Run-TkBellExe - c:\programmi\File comuni\Real\Update_OB\realsched.exe
HKLM-Run-Noun Internet Plan Seek - c:\documents and settings\All Users\Dati applicazioni\Close upload noun internet\Dent Frag.exe
ShellExecuteHooks-{E0D8FD38-6F36-4C9F-AE43-EDFA2BB266BA} - (no file)


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... xmk142YYIT
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Apri in nuova scheda in primo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?ad182b48f8f641b9a84eb6b14fb7e033
IE: Apri in nuova scheda in secondo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?ad182b48f8f641b9a84eb6b14fb7e033
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Scarica link utilizzando Mega Manager... - c:\programmi\Megaupload\Mega Manager\mm_file.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Proprietario\Menu Avvio\Programmi\IMVU\Run IMVU.lnk
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\iiorrmi8.default\
FF - component: c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\iiorrmi8.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\FFExternalAlert.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\programmi\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\programmi\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\programmi\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-22 17:42
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-343818398-746137067-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C8313309-8BC8-741A-232B-8B23A823EDE9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaaidnigfmnholkogh"=hex:6a,61,6a,65,6c,6b,6a,67,68,63,6f,66,66,69,62,66,63,70,
6f,6f,00,a4
"hagjkaboehfgpagh"=hex:6a,61,6d,67,6b,6a,6d,64,61,69,6b,67,70,66,69,6f,65,65,
67,63,00,66
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3960)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Altap Salamander 2.5\plugins\salamext.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Ora fine scansione: 2009-07-22 17.50.29 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-07-22 15:50

Pre-Run: 47.103.602.688 byte disponibili
Post-Run: 51.432.079.360 byte disponibili

311 --- E O F --- 2009-07-21 19:55
Avatar utente
Angelfree987
Newbie
 
Post: 4
Iscritto il: 22/07/09 14:10
Località: Torino

Re: Aiutoo!

Postdi -> EleKtrA <- » 23/07/09 09:52

1) Salva il documento che ti allego CFScript
Con il mouse trascina il file CFScript.txt sull'icona rossa di Combofix
Immagine
Lascia lavorare il programma
Verrà creato un nuovo log combofix.txt
Allega il rapporto per un controllo.

2) Con tutte le applicazioni chiuse e disconnesso da internet
Avvia Hijackthis e clicca su "do a system scan only"
Metti la spunta a queste voci e clicca su "fix checked"

Codice: Seleziona tutto
R3 - URLSearchHook: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Programmi\Softonic_Italia\tbSof0.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programmi\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
Sconosciuto
O2 - BHO: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Programmi\Softonic_Italia\tbSof0.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
Sconosciuto
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programmi\AskBarDis\bar\bin\askBar.dll
Sconosciuto
O3 - Toolbar: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Programmi\Softonic_Italia\tbSof0.dll
O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Noun Internet Plan Seek] C:\Documents and Settings\All Users\Dati applicazioni\Close upload noun internet\Dent Frag.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [waveante] C:\DOCUME~1\PROPRI~1\DATIAP~1\FOURTO~1\memo style.exe
O4 - HKCU\..\Run: [Pando] "C:\Programmi\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\b.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xmk142YYIT
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\IMVU\Run IMVU.lnk (file missing)
O10 - Broken Internet access because of LSP provider 'c:\programmi\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe


3) Scarica CCleaner e dai una ripulita al sistema
scheda pulizia / avvia pulizia
scheda registro / trova problemi / ripara selezionati.

4) Scarica Malwarebytes, installa il programma ed aggiorna le firme.
Nella scheda scansione, seleziona "scansione completa"
Allega il rapporto.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: Aiutoo!

Postdi -> EleKtrA <- » 23/07/09 09:54

Apri il blocco note copia e salva questo testo,chiamandolo CFScript
col mouse trascina il file CFScript.txt sull'icona rossa di combofix.

Codice: Seleziona tutto
KillAll::
Driver::
NNServ
TDSSserv
Cdstf50pwf

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NNServ]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NNServ]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NNServ]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NNServ]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_NNServ]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNServ]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NNServ]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NNServ]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NNServ]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\NNServ]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSserv]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSserv]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TDSSserv]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSserv]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_TDSSserv]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Cdstf50pwf]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_Cdstf50pwf]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_Cdstf50pwf]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_Cdstf50pwf]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_Cdstf50pwf]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdstf50pwf]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdstf50pwf]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Cdstf50pwf]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Cdstf50pwf]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Cdstf50pwf]

Folder::
C:\WINDOWS\temp
C:\WINDOWS\Tasks
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: Aiutoo!

Postdi Angelfree987 » 23/07/09 17:14

Perfetto ha appena finito di lavorare. Ora ti allego tutti i rapporti.
Questo è quello di Combofix:

Codice: Seleziona tutto
ComboFix 09-07-21.05 - Proprietario 23/07/2009 15.47.55.2.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.39.1040.18.895.410 [GMT 2:00]
Eseguito da: c:\documents and settings\Proprietario\Desktop\abc.exe
Opzioni usate :: c:\documents and settings\Proprietario\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-3C24-9E7C08000A00}
 * Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\temp

.
(((((((((((((((((((((((((   Files Creati Da 2009-06-23 al 2009-07-23  )))))))))))))))))))))))))))))))))))
.

2009-07-18 19:05 . 2009-07-18 19:05   --------   d-----w-   c:\programmi\ASIO4ALL v2
2009-07-18 19:04 . 2006-06-20 08:56   225280   ----a-w-   c:\windows\system32\rewire.dll
2009-07-18 19:03 . 2009-07-18 19:03   --------   d-----w-   c:\programmi\Outsim
2009-07-18 19:01 . 2009-07-18 19:05   --------   d-----w-   c:\programmi\Image-Line
2009-07-17 17:08 . 2009-07-17 17:08   188256   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Microsoft\VCSExpress\9.0\1040\ResourceCache.dll
2009-07-16 17:37 . 2009-07-16 17:39   --------   d-----w-   c:\documents and settings\Proprietario\TruePianos Settings
2009-07-16 17:36 . 2009-07-16 17:36   --------   d-----w-   c:\programmi\TruePianos
2009-07-16 16:59 . 2009-07-16 16:59   --------   d-----w-   c:\documents and settings\Proprietario\Dati applicazioni\Proteus X
2009-07-16 16:22 . 2009-07-16 16:22   --------   d-----w-   c:\programmi\File comuni\Creative Professional
2009-07-16 16:21 . 2009-07-16 16:21   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Macrovision
2009-07-16 16:21 . 2009-07-16 16:21   54784   ----a-w-   c:\windows\system32\drivers\CDAC11BA.EXE
2009-07-16 16:20 . 2009-07-16 16:20   12464   ----a-w-   c:\windows\system32\drivers\CdaC15BA.SYS
2009-07-16 16:03 . 2003-08-18 09:33   1706800   ------w-   c:\windows\system32\gdiplus.dll
2009-07-16 15:55 . 2009-07-16 15:55   --------   d-----w-   c:\programmi\Creative
2009-07-16 15:55 . 1999-10-11 01:00   41984   ------w-   c:\windows\Ctregrun.exe
2009-07-16 15:54 . 2009-07-16 15:54   --------   d-----w-   c:\windows\Cache
2009-07-16 15:53 . 2009-07-16 16:59   --------   d-----w-   c:\programmi\Steinberg
2009-07-16 15:51 . 2000-05-10 23:00   90112   ------w-   c:\windows\Updreg.EXE
2009-07-16 15:50 . 2006-04-12 11:05   11776   ----a-w-   c:\windows\INRES.DLL
2009-07-16 15:50 . 2009-07-16 16:58   --------   d-----w-   c:\programmi\Creative Professional
2009-07-16 14:30 . 2009-07-16 14:31   --------   d-----w-   C:\b7a1dcb828a796d98d3acca3546ecf32
2009-07-16 14:19 . 2009-07-16 14:40   --------   d-----w-   C:\9e63692ba387aa64eb35216cf633b4
2009-07-16 13:38 . 2009-07-16 13:38   --------   d-----w-   c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\PCHealth
2009-07-16 13:38 . 2009-07-16 13:38   --------   d-----w-   c:\windows\system32\RsFx
2009-07-16 13:32 . 2009-07-16 13:38   --------   d-----w-   c:\programmi\Microsoft SQL Server
2009-07-16 13:32 . 2009-07-16 13:32   --------   d-----w-   c:\programmi\Microsoft Synchronization Services
2009-07-16 13:31 . 2009-07-16 14:38   194912   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Microsoft\VBExpress\9.0\1040\ResourceCache.dll
2009-07-16 13:30 . 2009-07-17 17:07   416   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Microsoft\MSDN\9.0\1040\ResourceCache.dll
2009-07-16 13:29 . 2009-07-16 13:29   --------   d-----w-   c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft Help
2009-07-16 13:27 . 2009-07-16 13:37   --------   d-----w-   c:\programmi\Microsoft.NET
2009-07-16 13:27 . 2009-07-17 17:08   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-07-16 13:27 . 2009-07-17 17:06   --------   d-----w-   c:\programmi\Microsoft Visual Studio 9.0
2009-07-16 13:26 . 2009-07-16 13:26   --------   d-----w-   c:\programmi\Microsoft SDKs
2009-07-16 13:18 . 2009-07-16 13:19   --------   d-----w-   C:\07870b5f47573051224029809372cbe2
2009-07-13 17:53 . 2009-07-13 17:53   8854   ----a-r-   c:\documents and settings\Proprietario\Dati applicazioni\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-07-13 17:53 . 2009-07-13 17:53   40960   ----a-r-   c:\documents and settings\Proprietario\Dati applicazioni\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-07-13 17:53 . 2009-07-13 17:53   40960   ----a-r-   c:\documents and settings\Proprietario\Dati applicazioni\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-07-13 17:53 . 2009-07-13 17:53   --------   d-----w-   c:\programmi\Project64 1.6

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-23 13:58 . 2009-02-11 18:24   --------   d-----w-   c:\documents and settings\Proprietario\Dati applicazioni\WTablet
2009-07-22 16:00 . 2008-04-08 18:39   --------   d-----w-   c:\programmi\Norton Security Scan
2009-07-22 12:05 . 2009-03-31 12:24   --------   d-----w-   c:\programmi\Microsoft Silverlight
2009-07-18 19:04 . 2009-03-31 09:59   --------   d-----w-   c:\programmi\Vstplugins
2009-07-18 13:26 . 2008-03-17 11:44   --------   d-----w-   c:\programmi\eMule
2009-07-17 16:01 . 2008-06-27 18:59   --------   d-----w-   c:\programmi\File comuni\Symantec Shared
2009-07-16 16:21 . 2008-07-15 08:12   --------   d-----w-   c:\programmi\File comuni\Macrovision Shared
2009-07-16 16:16 . 2007-05-12 08:09   --------   d--h--w-   c:\programmi\InstallShield Installation Information
2009-07-16 15:24 . 2007-05-26 07:40   119656   ----a-w-   c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-07-16 14:32 . 2009-02-11 18:11   261520   ----a-w-   c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-07-16 14:30 . 2006-03-02 12:00   86568   ----a-w-   c:\windows\system32\perfc010.dat
2009-07-16 14:30 . 2006-03-02 12:00   500224   ----a-w-   c:\windows\system32\perfh010.dat
2009-07-16 13:32 . 2007-12-20 10:54   --------   d-----w-   c:\programmi\Microsoft SQL Server Compact Edition
2009-06-24 18:57 . 2008-01-07 18:11   --------   d-----w-   c:\documents and settings\Proprietario\Dati applicazioni\Canon
2009-06-20 20:43 . 2009-06-20 20:40   --------   d-----w-   c:\documents and settings\Proprietario\Dati applicazioni\InfraRecorder
2009-06-20 20:40 . 2009-06-20 20:40   --------   d-----w-   c:\programmi\InfraRecorder
2009-06-20 20:31 . 2009-06-20 20:31   --------   d-----w-   c:\programmi\MagicISO
2009-06-20 19:59 . 2009-06-20 19:59   --------   d-----w-   c:\programmi\SlySoft
2009-06-20 17:23 . 2009-06-20 17:23   --------   d-----w-   c:\programmi\LiDe
2009-06-16 14:53 . 2006-03-02 12:00   82432   ----a-w-   c:\windows\system32\fontsub.dll
2009-06-16 14:53 . 2006-03-02 12:00   119808   ----a-w-   c:\windows\system32\t2embed.dll
2009-06-11 14:52 . 2009-06-11 14:52   --------   d-----w-   c:\documents and settings\NetworkService\Dati applicazioniPDFcreator
2009-06-11 14:51 . 2009-06-11 14:51   --------   d-----w-   c:\programmi\PDFCreator
2009-06-11 14:51 . 2009-06-11 14:51   --------   d-----w-   c:\documents and settings\Proprietario\Dati applicazioni\PDFCreator
2009-06-03 19:25 . 2006-03-02 12:00   1295872   ----a-w-   c:\windows\system32\quartz.dll
2009-05-30 23:20 . 2009-05-30 23:06   --------   d-----w-   c:\documents and settings\Proprietario\Dati applicazioni\ImgBurn
2009-05-30 22:54 . 2009-05-30 22:53   --------   d-----w-   c:\programmi\ImgBurn
2009-05-30 22:49 . 2009-05-30 22:39   --------   d-----w-   c:\programmi\GCUTIL
2009-05-30 20:51 . 2009-05-30 20:51   --------   d-----w-   c:\programmi\Altap Salamander 2.5
2009-05-30 13:17 . 2008-07-08 10:48   --------   d-----w-   c:\programmi\StepMania
2009-05-27 18:25 . 2009-05-26 20:11   --------   d-----w-   c:\programmi\Softonic_Italia
2009-05-26 20:11 . 2009-05-26 20:11   --------   d-----w-   c:\programmi\Conduit
2009-05-26 16:37 . 2009-05-26 16:37   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Elaborate Bytes
2009-05-26 16:06 . 2009-05-26 16:06   --------   d-----w-   c:\programmi\Elaborate Bytes
2009-05-07 17:03 . 2009-05-26 20:11   51200   ----a-w-   c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\iiorrmi8.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\FFExternalAlert.dll
2009-05-07 17:03 . 2009-05-26 20:11   114688   ----a-w-   c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\iiorrmi8.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\npmozax.dll
2009-05-07 15:41 . 2006-03-02 12:00   346112   ----a-w-   c:\windows\system32\localspl.dll
2009-05-06 12:07 . 2009-05-06 12:07   131072   ----a-r-   c:\documents and settings\Proprietario\Dati applicazioni\Microsoft\Installer\{3A4BEF94-179B-43DC-8380-76EEC6DB5EF4}\NewShortcut3_3A4BEF94179B43DC838076EEC6DB5EF4.exe
2009-05-06 12:07 . 2009-05-06 12:07   131072   ----a-r-   c:\documents and settings\Proprietario\Dati applicazioni\Microsoft\Installer\{3A4BEF94-179B-43DC-8380-76EEC6DB5EF4}\NewShortcut1_3A4BEF94179B43DC838076EEC6DB5EF4.exe
2009-05-06 12:07 . 2009-05-06 12:07   10134   ----a-r-   c:\documents and settings\Proprietario\Dati applicazioni\Microsoft\Installer\{3A4BEF94-179B-43DC-8380-76EEC6DB5EF4}\ARPPRODUCTICON.exe
2009-05-04 19:48 . 2009-05-04 19:48   410984   ----a-w-   c:\windows\system32\deploytk.dll
2009-04-29 04:45 . 2006-03-02 12:00   827392   ----a-w-   c:\windows\system32\wininet.dll
2009-04-29 04:44 . 2006-03-02 12:00   78336   ----a-w-   c:\windows\system32\ieencode.dll
2009-07-22 15:51 . 2008-06-19 12:58   134648   ----a-w-   c:\programmi\mozilla firefox\components\brwsrcmp.dll
2008-02-14 19:00 . 2008-02-14 19:00   848   --sha-w-   c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4edd5c14-2d22-4d7a-9748-c975a7fd933b}"= "c:\programmi\Softonic_Italia\tbSof0.dll" [2009-05-06 2093080]

[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 08:32   279944   ----a-w-   c:\programmi\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]
2009-05-06 14:27   2093080   ----a-w-   c:\programmi\Softonic_Italia\tbSof0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
"{4edd5c14-2d22-4d7a-9748-c975a7fd933b}"= "c:\programmi\Softonic_Italia\tbSof0.dll" [2009-05-06 2093080]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
"{4EDD5C14-2D22-4D7A-9748-C975A7FD933B}"= "c:\programmi\Softonic_Italia\tbSof0.dll" [2009-05-06 2093080]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"Pando"="c:\programmi\Pando Networks\Pando\Pando.exe" [2009-04-23 4044616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D066UUtility"="c:\windows\TWAIN_32\D66U\D066UUTY.EXE" [2000-07-06 32768]
"DAEMON Tools-1033"="c:\programmi\D-Tools\daemon.exe" [2004-08-22 81920]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2008-05-27 413696]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-05-04 148888]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-3-11 212992]
Windows Desktop Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Monitor Apache Servers.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Proprietario^Menu Avvio^Programmi^Esecuzione automatica^ubisoft register.lnk]
path=c:\documents and settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\ubisoft register.lnk
backup=c:\windows\pss\ubisoft register.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Turbo Torrent\\ttorrent.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\alaplaya\\S4League\\S4Client.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Pando Networks\\Pando\\pando.exe"=
"c:\\Programmi\\Java\\jre1.6.0_02\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programmi\\Java\\jre1.6.0_02\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56694:TCP"= 56694:TCP:Pando P2P TCP Listening Port
"56694:UDP"= 56694:UDP:Pando P2P UDP Listening Port

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [12/05/2007 10.09.30 11264]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [23/12/2008 14.02.29 8192]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [01/06/2008 9.13.10 34064]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [11/02/2009 20.23.49 3032360]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [22/06/2006 20.23.52 808448]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [06/10/2004 11.39.14 283904]
S3 asbp2poa;asbp2poa;\??\c:\docume~1\PROPRI~1\IMPOST~1\Temp\asbp2poa.sys --> c:\docume~1\PROPRI~1\IMPOST~1\Temp\asbp2poa.sys [?]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [04/10/2004 7.28.38 43392]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [11/02/2009 20.23.52 15144]
S3 XDva221;XDva221;\??\c:\windows\system32\XDva221.sys --> c:\windows\system32\XDva221.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'

2009-07-22 c:\windows\Tasks\Norton Security Scan for Proprietario.job
- c:\programmi\Norton Security Scan\Nss.exe [2008-09-19 18:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYIT
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Apri in nuova scheda in primo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?ad182b48f8f641b9a84eb6b14fb7e033
IE: Apri in nuova scheda in secondo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?ad182b48f8f641b9a84eb6b14fb7e033
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Scarica link utilizzando Mega Manager... - c:\programmi\Megaupload\Mega Manager\mm_file.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Proprietario\Menu Avvio\Programmi\IMVU\Run IMVU.lnk
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\iiorrmi8.default\
FF - component: c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\iiorrmi8.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\FFExternalAlert.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\programmi\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\programmi\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\programmi\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-23 15:58
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-343818398-746137067-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C8313309-8BC8-741A-232B-8B23A823EDE9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaaidnigfmnholkogh"=hex:6a,61,6a,65,6c,6b,6a,67,68,63,6f,66,66,69,62,66,63,70,
   6f,6f,00,a4
"hagjkaboehfgpagh"=hex:6a,61,6d,67,6b,6a,6d,64,61,69,6b,67,70,66,69,6f,65,65,
   67,63,00,66
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3720)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Altap Salamander 2.5\plugins\salamext.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Ora fine scansione: 2009-07-23 16.08.30 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2009-07-23 14:08
ComboFix2.txt  2009-07-22 15:50

Pre-Run: 50.539.175.936 byte disponibili
Post-Run: 51.908.055.040 byte disponibili

282   --- E O F ---   2009-07-21 19:55


E questo è quello lasciatomi da Malwarebytes:

Codice: Seleziona tutto
Malwarebytes' Anti-Malware 1.39
Versione del database: 2487
Windows 5.1.2600 Service Pack 2

23/07/2009 18.00.59
mbam-log-2009-07-23 (18-00-55).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 236680
Tempo trascorso: 1 hour(s), 21 minute(s), 56 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 7
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 5

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
c:\Qoobox\quarantine\C\WINDOWS\msa.exe.vir (Trojan.Agent) -> No action taken.
c:\Qoobox\quarantine\C\WINDOWS\system32\msxml71.dll.vir (Trojan.FakeAlert) -> No action taken.
c:\documents and settings\proprietario\documenti\miei download\vegas_pro_8.0_keygen\keygen.exe (Backdoor.SDBot) -> No action taken.
c:\system volume information\_restore{c48da5bf-9876-4751-97e7-33ec39bab0fc}\RP550\A0176201.exe (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{c48da5bf-9876-4751-97e7-33ec39bab0fc}\RP550\A0176203.dll (Trojan.FakeAlert) -> No action taken.
Avatar utente
Angelfree987
Newbie
 
Post: 4
Iscritto il: 22/07/09 14:10
Località: Torino

Re: Aiutoo!

Postdi -> EleKtrA <- » 23/07/09 17:37

Bene!
Hai eliminato quanto trovato da Malwarebytes?

Esegui una Defremmentazione ed uno Scandisk:

La deframmentazione è un'operazione informatica che consiste nel ristrutturare l'allocazione dei files presenti su un hard disk facendo in modo che ciascun file risulti memorizzato in zone contigue dal punto di vista fisico; questo diminuisce drasticamente i tempi di accesso ai file.
Ci sono molti software che effettuano la deframmentazione dell'hard-disk, i migliori sono JkDefrag, Auslogics Disk Defrag e IObit SmartDefrag.
Tutti i sistemi operativi Windows hanno comunque una utility interna per deframmentare il disco rigido, per accedervi bisogna seguire il percorso:
Start / Programmi / Accessori / Utilità di sistema / Utilità di deframmentazione dischi.

Lo Scandisk è un programma che controlla e ripara file system e cluster danneggiati nell'hard disk.
Tutti i sistemi operati Windows hanno questa utility che permette di controllare ed eventualmente riparare la presenza di errori contenuti nel disco fisso, per accedervi bisogna seguire il percorso:
Aprite Risorse del computer / Tasto destro sul disco fisso / proprietà / Strumenti / Esegui Scandisk
Selezionate entrambe le opzioni: correggi automaticamente gli errori del File system, cerca i settori danneggiati e tenta il ripristino.
Si aprirà una finestra di avvertimento: Impossibile ottenere accesso esclusivo ad alcuni file di Windows...
Cliccate su "SI" per pianificare l'operazione al prossimo avvio.

Nota: Dovresti aggiornare il sistema con il Service Pack3

Al termine delle operazioni allega un nuovo log di hijackthis.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: Aiutoo!

Postdi Angelfree987 » 24/07/09 19:26

Ciao! Allora, lo scandisk me l'ha fatto tranquillamente invece la deframmentazione non va a buon fine dato che trova dei file (file emule, jdowloader sia temp che completi) e mi da il messaggio "impossibile deframmentare questi file" terminando automaticamente il processo. E' un problema???
Aspetto a metter su il Service Pack 3 perchè voglio che sia tutto apposto :)

Questo è il nuovo log di hijackthis

Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.18.03, on 24/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Megaupload\Mega Manager\MegaManager.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Proprietario\Documenti\Miei download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?ad182b48f8f641b9a84eb6b14fb7e033
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?ad182b48f8f641b9a84eb6b14fb7e033
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica link utilizzando Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programmi\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-c65d847e5cd55d5e.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programmi\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programmi\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{931FBFB3-68E4-4388-8CA2-E989FA4300F3}: NameServer = 193.70.152.15 193.70.152.25
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8075 bytes
Avatar utente
Angelfree987
Newbie
 
Post: 4
Iscritto il: 22/07/09 14:10
Località: Torino

Re: Aiutoo!

Postdi -> EleKtrA <- » 24/07/09 19:33

Il log di hijackthis è a posto.
Prova a deframmentare in modalità provvisoria, oppure utilizza uno dei programmi che ho citato nel post precedente.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50


Torna a Sicurezza e Privacy


Topic correlati a "Aiutoo!":


Chi c’è in linea

Visitano il forum: Nessuno e 69 ospiti

cron