Problema, virus?

di **cassius** » 18/08/09 07:27

Ciao ragazzi, sono nuovo, ho provato ad arrangiarmi, ma non sono riuscito a fare niente. V spiego in breve, ieri ho collegato la fotocamera digitale al pc per scaricare le foto, e quando sono andato per accedere alla periferica mi è apparso un errore che diceva: " Impossibile accedere alla periferica, al percorso o al file specificato. E' probabile che non si disponga delle autorizzazioni necessarie". Mentre appare questo messaggio,AVG-Free 8.5 mi apre una finestra e dice che ha trovato una minaccia il niome del file è: L:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\wmg32.exe. Nome minaccia Trojan Generic12.BTGR
Cosa devo fare? E' un virus? Non riesco più ad accedere alla fotocamera...
Ho provato su google ma non trovo niente di interessante...
Se qualcuno può aiutarmi ve ne sarei immensamente grato...

di **cassius** » 18/08/09 08:53

Vi posto anche la scansione fatta con HiJackThis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8.33.16, on 18/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\Java\jre1.5.0\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\HP\KBD\KBD.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Programmi\HP\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmi\QuickTime\qttask.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\HP\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\3 Internet\3 Internet.exe
C:\Documents and Settings\HP_Proprietario\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Programmi\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Programmi\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - Global Startup: Action Manager 32.lnk = C:\Programmi\ScannerU\AM32.exe
O4 - Global Startup: Digisoft AntiDialer.lnk = C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 8284 bytes

di **shel** » 20/08/09 16:38

ciao

se prevx non dice bugie, dovresti essere infetto

http://www.prevx.com/filenames/X9035976 ... 2.EXE.html

Disattiva l'antivirus e i programmi anti-spyware
Disconnetti il pc da internet

scarica combofix da qui:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Se hai delle icone di collegamento a programmi sul desktop, crea una cartella apposita e copiale al suo interno

Doppio click su combofix.exe e segui le istruzioni passo a passo, ricordati di dare invio dopo i vari passaggi

Quando avrà finito creerà il log C:\combofix.txt salvalo e postalo come gli altri report.

di **cassius** » 22/08/09 00:30

Intanto grazie mille

Ecco il report di Combofix:

ComboFix 09-08-20.07 - HP_Proprietario 22/08/2009 1.06.45.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.511.121 [GMT 2:00]
Eseguito da: c:\documents and settings\HP_Proprietario\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Creato nuovo punto di ripristino
.
ADS - svchost.exe: deleted 68 bytes in 1 streams.
ADS - netcfgx.dll: deleted 100 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Creati Da 2009-07-21 al 2009-08-21 )))))))))))))))))))))))))))))))))))
.

2009-08-19 15:54 . 2009-08-19 15:54 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
2009-08-19 09:52 . 2009-08-19 09:52 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2009-08-19 09:47 . 2009-08-19 09:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-08-10 07:04 . 2009-08-10 07:04 -------- d-sh--w- c:\documents and settings\HP_Proprietario\IECompatCache
2009-07-30 10:08 . 2005-01-14 07:32 53248 ----a-w- c:\windows\system32\PAStiSvc.exe
2009-07-30 10:01 . 2009-07-30 10:01 -------- d-----w- c:\programmi\Windows Media Components
2009-07-30 10:01 . 2009-07-30 10:01 -------- d-----w- c:\programmi\Mingjong
2009-07-30 09:59 . 2009-07-30 09:59 -------- d-----w- c:\windows\PixArt
2009-07-30 09:59 . 2009-07-30 09:59 -------- d-----w- c:\programmi\PC Camera
2009-07-30 09:59 . 2009-07-30 09:59 -------- d-----w- c:\programmi\File comuni\PCCamera
2009-07-27 17:42 . 2009-07-27 17:42 -------- d-----w- c:\documents and settings\HP_Proprietario\Dati applicazioni\Nokia Multimedia Player
2009-07-26 21:57 . 2009-08-18 06:23 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-26 21:48 . 2009-06-27 12:35 1008896 ----a-w- c:\documents and settings\All Users\Dati applicazioni\AVG Security Toolbar\IEToolbar.dll
2009-07-26 21:38 . 2009-07-26 21:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-26 21:38 . 2009-07-26 21:38 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-26 21:38 . 2009-07-26 21:38 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-26 21:38 . 2009-07-26 21:38 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-26 21:38 . 2009-08-21 22:13 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-26 21:38 . 2009-07-26 21:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVG Security Toolbar
2009-07-26 21:37 . 2009-07-26 21:37 -------- d-----w- c:\programmi\AVG
2009-07-26 21:37 . 2009-07-26 21:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 23:17 . 2009-07-13 23:03 -------- d-----w- c:\documents and settings\HP_Proprietario\Dati applicazioni\BitTorrent
2009-08-19 09:52 . 2005-01-02 21:13 -------- d-----w- c:\programmi\Google
2009-07-31 20:17 . 2004-12-10 21:24 65094 ----a-w- c:\windows\system32\perfc010.dat
2009-07-31 20:17 . 2004-12-10 21:24 429910 ----a-w- c:\windows\system32\perfh010.dat
2009-07-28 18:37 . 2008-04-07 20:06 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-07-26 21:57 . 2006-01-08 17:56 63640 ----a-w- c:\documents and settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-07-23 17:47 . 2009-07-13 21:47 -------- d-----w- c:\programmi\3 Internet
2009-07-19 09:54 . 2005-01-02 21:02 -------- d-----w- c:\programmi\File comuni\Adobe
2009-07-19 09:14 . 2006-10-15 18:35 -------- d-----w- c:\programmi\Digisoft AntiDialer
2009-07-13 22:57 . 2009-07-13 22:57 -------- d-----w- c:\programmi\BitTorrent
2009-07-13 22:52 . 2009-07-13 22:52 1915520 ----a-w- c:\documents and settings\HP_Proprietario\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2005-09-19 12:47 . 2005-12-06 20:07 41578 ----a-w- c:\programmi\mozilla firefox\components\jar50.dll
2005-09-19 12:47 . 2005-12-06 20:07 48228 ----a-w- c:\programmi\mozilla firefox\components\jsd3250.dll
2005-09-19 12:47 . 2005-12-06 20:07 160876 ----a-w- c:\programmi\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-27 12:35 1008896 ----a-w- c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]
"STYLEXP"="c:\programmi\TGTSoft\StyleXP\StyleXP.exe" [2005-08-18 1359872]
"NBJ"="c:\programmi\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 1871872]
"PcSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-19 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.5.0\bin\jusched.exe" [2005-01-02 36972]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"HPHUPD08"="c:\programmi\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2005-05-04 278528]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 253952]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-11-22 348160]
"HPHUPD04"="c:\programmi\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 49152]
"Share-to-Web Namespace Daemon"="c:\programmi\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ABBYY Community Agent"="c:\progra~1\SPRINT~1.0OF\Sprint\CAgent.exe" [2001-01-31 241664]
"AnyDVD"="c:\programmi\SlySoft\AnyDVD\AnyDVD.exe" [2005-02-04 456704]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2005-01-02 98304]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-26 1948440]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-08-02 1519616]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-05-04 90112]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2005-05-04 2805248]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Action Manager 32.lnk - c:\programmi\ScannerU\AM32.exe [2005-12-17 57344]
Digisoft AntiDialer.lnk - c:\programmi\Digisoft AntiDialer\AntiDialer.exe [2003-8-19 730112]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-26 21:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [26/07/2009 23.38.24 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [26/07/2009 23.38.25 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [26/07/2009 23.37.48 298776]
S2 gupdate1ca20b2c07dd03e;Servizio di Google Update (gupdate1ca20b2c07dd03e);c:\programmi\Google\Update\GoogleUpdate.exe [19/08/2009 11.52.21 133104]
S3 GT680xNT;USB Scanner Driver;c:\windows\system32\drivers\Gt680x.sys [17/12/2005 23.19.34 17376]
S3 PAC207;USB PC Cam Plus;c:\windows\system32\drivers\PFC027.sys [24/02/2005 12.29.14 162176]
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-21 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-19 09:47]

2009-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-08-19 09:52]

2009-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-08-19 09:52]

2009-08-21 c:\windows\Tasks\HP Usg Daily.job
- c:\programmi\hp photosmart 11\printer\Hphusg04.exe [2002-11-22 19:50]

2009-08-21 c:\windows\Tasks\HP Usg Login.job
- c:\programmi\hp photosmart 11\printer\Hphusg04.exe [2002-11-22 19:50]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-PCDrProfiler - (no file)
Notify-WgaLogon - (no file)

.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\HP_Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\pqpfta58.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client ... T:official

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version",
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id",
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-22 01:14
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Ora fine scansione: 2009-08-21 1.16.15
ComboFix-quarantined-files.txt 2009-08-21 23:16

Pre-Run: 136.280.891.392 byte disponibili
Post-Run: 136.445.648.896 byte disponibili

236 --- E O F --- 2009-07-24 21:53

di **shel** » 22/08/09 18:02

ciao

avevi l'Autorun.inf, niente male

prova a collegare la fotocamera e vedi se ti esce ancora quell'errore

fai anche una scansione con il tuo avg e controlla se ti rileva ancora la minaccia di prima

di **cassius** » 23/08/09 10:20

Ciao ho provato a collegare la fotocamera e mi appare un messaggio dove c'è scritto: "accesso negato" e non posso entrare nella fotocamera.
E' possiible che il virus abbia intaccato anche la macchina fotografica? Cosa devo fare? Sono nelle tue mani....

di **shel** » 23/08/09 10:32

ciao

hai provato a fare la scansione con il tuo avg come ti ho consigliato?

di **cassius** » 23/08/09 11:28

Si la sto facendo ma al momento non trova nulla...

di **shel** » 23/08/09 11:34

ciao

quando cerchi di aprire altri exe te lo permette? controlla se nella cartella System32 hai il file rundll32.exe

di **cassius** » 23/08/09 13:20

allora la scansione è finita e non ha trovato nessuna infezione, il file che mi dicevi tu c'è....

di **cassius** » 23/08/09 13:21

inolteho provato ad aprire altri exe e funzionano tutti normalmente...

di **shel** » 23/08/09 17:39

analizza il file che avg ti indica come infetto

http://www.virustotal.com/it/

L:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\wmg32.exe.

di **cassius** » 23/08/09 20:04

Allora quel file appartiene ad L:/ ed è la fotocamera quando la collego al pc. Ho aperto AVG e il file infetto lo trovo nella quarantena, ma da li non so come fare per caricarlo sul sito che mi hai detto, poichè ho fatto una ricerca nel pc e non lo trovo e nella fotocamera risulta non essere presente.
Poi un fatto curioso, una volta collegata la fotocamera, se anzichè cliccare 2 volte su L:/ clicco il tasto dx del mouse e seleziono esplora, riesco ad entrare nella memoria del fotocamera e scaricare le foto... Che casino...
Sai dirmi qualcosa per cortesia? Ti ringrazio in anticipo per tutto.

di **cassius** » 24/08/09 20:34

Ciao sono riuscito in qualche modo a far analizzare il file infetto da quel sito che mi avevi consigliato.
Il file è all'interno della fotocamera digitale e questo è il responso:

http://www.virustotal.com/it/analisis/5 ... 1235569097

Posso eliminarlo dalla fotocamera?

di **shel** » 24/08/09 20:40

Posso eliminarlo dalla fotocamera?

tu che dici? 22 antivirus su 39 lo hanno riconosciuto come una minaccia

di **cassius** » 25/08/09 13:07

L'ho eliminato... Ultimo problema come faccio a ripristinare l'autorun quando collego una memoria di massa (chiavetta usb o fotocamera) con windows xp? Ti ringrazio ancora...

Problema, virus?

Problema, virus?

Re: Problema, virus?

Re: Problema, virus?

Re: Problema, virus?

Re: Problema, virus?

Re: Problema, virus?

Re: Problema, virus?

Re: Problema, virus?

Re: Problema, virus?

Re: Problema, virus?

Re: Problema, virus?

Re: Problema, virus?

Re: Problema, virus?

Re: Problema, virus?

Re: Problema, virus?

Re: Problema, virus?

Topic correlati a "Problema, virus?":

Chi c’è in linea