marcello76

Utenti
  • Numero contenuti

    71
  • Iscritto

  • Ultima visita

Su marcello76

  • Livello
    Apprendista
  1. Salve conoscete un modo per ripetere in automatico l'unione di una medesima pagina pdf su diversi pdf, che non sia quello di unirli uno alla volta? Si tratta di una lettera di presentazione da allegare ad un moltitudine di schede prodotto diverse (circa 200). Grazie in Anticipo.
  2. Ciao, volevo acquistare il nuovo notebook ASUS della serie K72, senonchè cercando sulla rete l'offerta migliore ho scoperto che è presente la serie X72 che come caratteristiche è identica (ad esempio si trova sia il K72JR-TY044V che il X72JR-TY044V). Nel sito asus ancora il prodotto non è stato inserito, solamente nelle news viene presentata la nuova serie K72 www.asus.com/News.aspx?N_ID=Y5lBIemSOJ8Go3ZQ Può essere una differenza nelle qualitaà delle plastiche, finiture? Voi sapete qualcosa? Grazie
  3. Da ieri il mio pc (con OS XPProf SP2) ha dei problemi con l'apertura di outlook 2003, mostrandomi sempre il messaggio "Outlook non è stato avviato correttamente l'ultima volta. Avviare Outlook in modalità provvisoria..."(vedi allegato) e quindi influendo sulla lentezza del OS, poichè OUTLOOK.exe ha dei tempi lunghissimi di caricamento. Aiuto! qui è tutto fermo! Grazie in anticipo M76
  4. Caricamento lentissimo e outlook con apertura molto differita che blocca ogni operazione! Ringrazio anticipatamente m76 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16.45.54, on 01/12/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\ABBYY FineReader 9.0\NetworkLicenseServer.exe C:\Programmi\Java\jre6\bin\jqs.exe C:\Programmi\Power Translator 12\LogoMedia TranslateDotNet Server.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe C:\Programmi\Trend Micro\OfficeScan Client\TmPfw.exe C:\Programmi\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\WINDOWS\Explorer.EXE C:\Programmi\HP\HP Software Update\HPWuSchd2.exe C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programmi\Java\jre6\bin\jusched.exe C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe C:\Programmi\WinZip\WZQKPICK.EXE C:\Programmi\Stickies\stickies.exe C:\Programmi\Trend Micro\BM\TMBMSRV.exe C:\Programmi\Trend Micro\OfficeScan Client\TmProxy.exe C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\WINDOWS\system32\svchost.exe C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE C:\Documents and Settings\mverdini\Documenti\EXE\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sanmarinoweb.com/pan360_news.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8082 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator 12\Applications\LEC IE Translation Extension.dll O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user') O4 - Startup: Stickies.lnk = C:\Programmi\Stickies\stickies.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ? O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Subscribe in RSS Popper - C:\Programmi\RSS Popper\ie_subscribe.htm O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = colombini.loc O17 - HKLM\Software\..\Telephony: DomainName = colombini.loc O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = colombini.loc O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = colombini.loc O23 - Service: ABBYY FineReader 9.0 - Servizio Gestione licenze (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Programmi\ABBYY FineReader 9.0\NetworkLicenseServer.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator 12\LogoMedia TranslateDotNet Server.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\TmPfw.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\TmProxy.exe -- End of file - 9783 bytes
  5. Tramite il cd di xp e la console di ripristino, ho espanso e riinserito nel mio c: il file usernit.exe (expand d:\i386\userinit.ex_ c:\windows\system32 /Y) che probabilmente era danneggiato, ora tutto ok. Ciao
  6. Aiutatemi! Ho utilizzato Combofix per fare un pò di pulizia da qualche malware sospetto, però a metà della procedura (si era già riavviato il pc per aver eliminato delle infezioni) si inchioda il pc, quindi penso di riavviare forzatamente con il reset. Una volta riavviato il pc il caricamento arriva fino alla classica schermata di inserimento della password (Os=XP home edition), la inserisco, premo invio, inizia il 'caricamento delle impostazioni predefinite in corso'e fin qui tutto normale. Ma invece di continuare con la comparsa del mio classico desktop la scritta precedente cambia rapidamente in "disconessione in corso",poi subito "salvataggio delle impostazioni" e poi mi torna a chiedere l'inserimento della password come all'inizio...e così all'infinito. In modalià provvisoria è la stessa cosa, idem con l'ultima configurazione sicuramente funzionante. Ho provato a riavviare il pc innumerevoli volte, ma è sempre al stessa situazione. Cosa devo fare??? PANICO!
  7. Aiutatemi! Ho utilizzato Combofix per fare un pò di pulizia da qualche malware sospetto, però a metà della procedura (si era già riavviato il pc per aver eliminato delle infezioni) si inchioda il pc, quindi penso di riavviare forzatamente con il reset. Una volta riavviato il pc il caricamento arriva fino alla classica schermata di inserimento della password (Os=XP home edition), la inserisco, premo invio, inizia il 'caricamento delle impostazioni predefinite in corso'e fin qui tutto normale. Ma invece di continuare con la comparsa del mio classico desktop la scritta precedente cambia rapidamente in "disconessione in corso",poi subito "salvataggio delle impostazioni" e poi mi torna a chiedere l'inserimento della password come all'inizio...e così all'infinito. In modalià provvisoria è la stessa cosa, idem con l'ultima configurazione sicuramente funzionante. Ho provato a riavviare il pc innumerevoli volte, ma è sempre al stessa situazione. Cosa devo fare??? PANICO
  8. Ho fatto quanto mi hai detto. Purtroppo era un .exe legato al collegamento via modem quindi mi erano scomparsi tutti i contenuti della cartella connessioni e non me ne faceva creare di nuove. Poi ho ricopiato il file dal cd di xp è tutto è tornato a posto!!! adesso non mi compare più alcuna segnalazione di malware da parte dell'antivirus. Dici che sono a posto? Grazie 1000
  9. GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2009-02-01 19:22:54 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT FA07BF1C ZwCreateThread SSDT FA07BF08 ZwOpenProcess SSDT FA07BF0D ZwOpenThread SSDT FA07BF17 ZwTerminateProcess SSDT FA07BF12 ZwWriteVirtualMemory ---- Services - GMER 1.0.14 ---- Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] llrfzpgbv <-- ROOTKIT !!! ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\llrfzpgbv@DisplayName Shell Installer Reg HKLM\SYSTEM\CurrentControlSet\Services\llrfzpgbv@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\Services\llrfzpgbv@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\llrfzpgbv@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\llrfzpgbv@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\CurrentControlSet\Services\llrfzpgbv@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\Services\llrfzpgbv@Description Esegue le funzioni di ripristino del sistema. Per interrompere il servizio, disattivare Ripristino configurazione di sistema nella scheda Ripristino configurazione di sistema in Risorse del computer->Propriet? Reg HKLM\SYSTEM\CurrentControlSet\Services\llrfzpgbv\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\llrfzpgbv\Parameters@ServiceDll C:\WINDOWS\system32\gnbpbgl.dll Reg HKLM\SYSTEM\ControlSet002\Services\llrfzpgbv@DisplayName Shell Installer Reg HKLM\SYSTEM\ControlSet002\Services\llrfzpgbv@Type 32 Reg HKLM\SYSTEM\ControlSet002\Services\llrfzpgbv@Start 2 Reg HKLM\SYSTEM\ControlSet002\Services\llrfzpgbv@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\llrfzpgbv@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet002\Services\llrfzpgbv@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\Services\llrfzpgbv@Description Esegue le funzioni di ripristino del sistema. Per interrompere il servizio, disattivare Ripristino configurazione di sistema nella scheda Ripristino configurazione di sistema in Risorse del computer->Propriet? Reg HKLM\SYSTEM\ControlSet002\Services\llrfzpgbv\Parameters Reg HKLM\SYSTEM\ControlSet002\Services\llrfzpgbv\Parameters@ServiceDll C:\WINDOWS\system32\gnbpbgl.dll ---- EOF - GMER 1.0.14 ----
  10. Scusami per il ritardo mostruoso nella risposta, ma sono stato fuori per lavoro, ecco il report. grazie SDFix: Version 1.240 Run by Grishnackh on 29/01/2009 at 19.36 Microsoft Windows XP [Versione 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\DOCUME~1\GRISHN~1\IMPOST~1\Temp\tmp1.tmp - Deleted C:\DOCUME~1\GRISHN~1\IMPOST~1\Temp\tmp4.tmp - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-29 20:18:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\llrfzpgbv] "DisplayName"="Shell Installer" "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000000 "ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs" "ObjectName"="LocalSystem" "Description"="Esegue le funzioni di ripristino del sistema. Per interrompere il servizio, disattivare Ripristino configurazione di sistema nella scheda Ripristino configurazione di sistema in Risorse del computer->Proprietà" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\llrfzpgbv\Parameters] "ServiceDll"=str(2):"C:\WINDOWS\system32\gnbpbgl.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\llrfzpgbv] "DisplayName"="Shell Installer" "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000000 "ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs" "ObjectName"="LocalSystem" "Description"="Esegue le funzioni di ripristino del sistema. Per interrompere il servizio, disattivare Ripristino configurazione di sistema nella scheda Ripristino configurazione di sistema in Risorse del computer->Proprietà" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\llrfzpgbv\Parameters] "ServiceDll"=str(2):"C:\WINDOWS\system32\gnbpbgl.dll" scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Thu 17 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\000028ba71dfd467c65f2bde063375e2\BITD.tmp" Thu 17 Jul 2008 2,397,600 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\01665e10c405dfae7e4f26c70343ccc4\BIT3.tmp" Sun 6 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\077714378fce46667bf83f314b4523e3\BITB.tmp" Thu 17 Jul 2008 901,360 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0c0ffeb6fb4bc8846e0c5cf377b8a818\BIT4.tmp" Sat 5 Jul 2008 337,640 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0ee3b0654a7a940485dac3b01eeb550a\BIT9.tmp" Fri 18 Jul 2008 222,224 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\10b5e4ecfa113801ef71d6db0cb74145\BIT8.tmp" Thu 17 Jul 2008 155,291 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1ab04012110d71b7b9c4660c8afd923a\BITC.tmp" Fri 18 Jul 2008 556,608 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\255725879dc8d5807c1d8809e4708ad2\BIT5.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2fcf585806d8bf9bb6f9b9817e78a0c1\BIT27.tmp" Fri 4 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\32781d1d4c9376712f29aa274b73ca47\BITB.tmp" Thu 17 Jul 2008 151,427 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\37ee3cf75c4fb93bf21469f9edacb1b3\BIT8.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3f84c36fe6c24310713c243787053623\BIT28.tmp" Mon 30 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\427a26edf0373d456a00c2d04a963078\BITC.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4418dff4d628ddfd950eefd33d9ec4b5\BIT2F.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\47c019af7605567e29e7bd907b0ad034\BIT2C.tmp" Thu 17 Jul 2008 156,033 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4adffaf95f40b9395bac848505d5fb9b\BIT10.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4c1331c12bfc78a7745078e7062049b0\BIT15.tmp" Mon 30 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5addd6f775e0368f244f62c739d66dd4\BIT12.tmp" Sun 6 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5f76e3102f402d515dd0d8c48b7df4f0\BIT6.tmp" Mon 30 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\61c83252a9ad03e2232587c2a592cf75\BITB.tmp" Sun 6 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\61db889df2bb0d68d39517a9d9857735\BITA.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6231ffa9fe99f26f6d45f1891c0101ab\BIT20.tmp" Sat 12 Jul 2008 488,176 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\643e1186160e496a96d7819a6af73ec8\BITC.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\66eca4d8912939f6c332e9e35946c81d\BIT18.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\75feb251b3d446ef2326656511b4e3e0\BIT19.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7746dfe1c120ff4d78947166d489bbf7\BIT25.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\843053247b805da35324a20e0f24b10a\BIT1E.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8a1f491aa72048b2a44b7c31fdd87565\BIT1B.tmp" Thu 17 Jul 2008 565,288 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8b582ee0f406df4d35d50861555c3943\BIT7.tmp" Sun 6 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8d6e31868c2159d8c32326d5f279ec60\BIT9.tmp" Sat 5 Jul 2008 3,117,608 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8edfd7f3f1b2ac7bbeb74a12b021550d\BITA.tmp" Thu 17 Jul 2008 103,102 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8fb4c19116c2961008a1e403d72b5a81\BIT11.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\904043f6ad7a7bede76411f67276080c\BIT21.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9222fa7f008e9ade15720ca46a48e69f\BIT31.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9479c53f68f42d57a9c94b988feb8486\BIT1D.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9722e50f42051581a0c3e692f2533a08\BIT22.tmp" Fri 18 Jul 2008 251,161 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9859834e89172702ef462fbc3265334a\BIT2.tmp" Sat 12 Jul 2008 4,733,992 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\98b47756654dd1e19184d79664cf2003\BIT29.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\99d7a7ee86e8c2f5705cee469afedf18\BIT2B.tmp" Wed 16 Jul 2008 489,200 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a3ccf65eb3ba676c3a08ee60289ac0c9\BIT6.tmp" Thu 17 Jul 2008 906,774 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a3d0999c37473fd86ec0102b2eb2123c\BIT23.tmp" Sun 6 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a608e1242ecff4c25fb9af06259283aa\BITC.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a8aa6dad16c992c84081f23e5f1e43f9\BIT2A.tmp" Thu 17 Jul 2008 151,873 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a920c50166fbf1bbbfd6188627990faa\BIT14.tmp" Thu 17 Jul 2008 569,144 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad4333920be1af2a3fcf93f44109468a\BIT16.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bd9a488f8040c308fb9ee749ed9755dd\BIT2E.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c71f23dd1fddc05ee83a238eb71b47c6\BIT30.tmp" Thu 17 Jul 2008 150,985 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c84243c5aa3d791303c6737e91f61c23\BIT35.tmp" Thu 17 Jul 2008 154,184 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cbde20a9f1dec689286859b9f8cb04f9\BIT8.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d101face4d5c9707247de6f8abe636d1\BIT1C.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d1442656644b2e0b011b6ca0cca53f54\BIT24.tmp" Tue 1 Jul 2008 1,053,224 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d6441a6e88275e2d14b377c981fffa3b\BIT21.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d996636e924473ced51c0fada1a941a9\BIT13.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\dbd4b3762f6515a115e065ac3221e0f1\BIT26.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\df194a63d43d6af5d055e7c2e5bf5e42\BIT37.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\df687b6203dcf746123a7953693317bc\BIT17.tmp" Thu 17 Jul 2008 494,832 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e1c01b7f52f122729009e4d1770edc4f\BIT3.tmp" Thu 17 Jul 2008 483,056 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e6a088b14aebe858b757a4cd6c269878\BIT9.tmp" Thu 17 Jul 2008 102,262 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e707b8d1c965e5592a5e1ee22d466ba8\BIT7.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e727e3ae91da0ff4beef60db8a3bc368\BIT2D.tmp" Fri 4 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ea110e2fd24e2b0c1ab4fde8131b5fcb\BIT7.tmp" Thu 17 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ebf63d6fa17d06c949a43c1dd58d742a\BIT5.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ee34a7dea1910d07c5fcc83ea2b931ea\BIT1F.tmp" Thu 17 Jul 2008 495,856 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f16c4e738eed1b6e2c2e7454417ac0fb\BITA.tmp" Fri 4 Jul 2008 673,320 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fdce2064db66d5fc284e3c1b997a157a\BIT27.tmp" Thu 17 Jul 2008 408,816 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0549dc4730f14fac896bb6fb834d0d41\download\BIT3A.tmp" Sat 5 Jul 2008 211,868 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1c43dbeea27aea47d4654af29f4f673b\download\BITB.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2c6b4547a6e0d2dc0eb1879e8c0648a8\download\BIT3C.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3b646a90996e7908ad784bf7757565dd\download\BIT5.tmp" Sat 12 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5122d5cb6151641680e92be02bbcec8a\download\BIT38.tmp" Thu 17 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\583c25d3daf6739d648b09c4f7d7c311\download\BIT6B.tmp" Thu 17 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7d0f5548088994f5470a3c9065885d9b\download\BIT1B.tmp" Thu 17 Jul 2008 1,246,965 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\816da047370b1589f5734856a8ec7e79\download\BIT39.tmp" Thu 17 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8758954d944e5b5a872394b33035699e\download\BIT14.tmp" Thu 17 Jul 2008 229,229 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\87f88d92bb494a4adc4e7426afe5bbd7\download\BIT8.tmp" Sun 6 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\91d7b914e33ff9bf6ad054b3afd965a2\download\BIT35.tmp" Thu 17 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\93f03a0b1bc43520daf7b36005955cce\download\BIT6A.tmp" Thu 17 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\db1470e49212d1a0ad5d128ca65590d8\download\BIT17.tmp" Sat 5 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e660ed22fd990cefd61726372a39330a\download\BIT9.tmp" Finished!
  11. Intanto grazie, ecco il log ComboFix 09-01-17.04 - Grishnackh 2009-01-18 19.32.17.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.256.110 [GMT 1:00] Running from: c:\documents and settings\Grishnackh\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Grishnackh\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: c:\windows\system32\gnbpbgl.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . F:\autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 ))))))))))))))))))))))))))))))) . 2009-01-10 20:02 . 2009-01-10 20:02 <DIR> d-------- c:\windows\system32\xircom 2009-01-10 20:02 . 2009-01-10 20:02 <DIR> d-------- c:\windows\srchasst 2009-01-10 20:02 . 2009-01-10 20:02 <DIR> d-------- c:\programmi\microsoft frontpage 2009-01-10 19:21 . 2009-01-10 19:21 <DIR> d-------- c:\documents and settings\Grishnackh\Dati applicazioni\Malwarebytes 2009-01-10 19:20 . 2009-01-10 19:21 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware 2009-01-10 19:20 . 2009-01-10 19:20 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes 2009-01-10 19:20 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-10 19:20 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-02 14:48 . 2009-01-02 14:46 782,336 --------- c:\windows\UNNERO.exe 2009-01-02 14:48 . 2009-01-02 14:46 532,480 --a------ c:\windows\system32\imagx5.dll 2009-01-02 14:48 . 2009-01-02 14:46 507,904 --a------ c:\windows\system32\imagr5.dll 2009-01-02 14:48 . 2009-01-02 14:46 275,312 --a------ c:\windows\system32\ImagXpr5.dll 2009-01-02 14:48 . 2009-01-02 14:46 155,648 --a------ c:\windows\system32\NeroCheck.exe 2009-01-02 14:48 . 2009-01-02 14:46 106,496 --a------ c:\windows\system32\TwnLib20.dll 2009-01-02 14:48 . 2009-01-02 14:46 61,320 --------- c:\windows\UNNERO.cfg 2009-01-02 14:48 . 2009-01-02 14:46 35,328 --a------ c:\windows\system32\picn20.dll 2009-01-02 14:47 . 2009-01-02 14:47 <DIR> d-------- c:\programmi\ahead 2008-12-30 20:48 . 2008-12-30 20:48 <DIR> d-------- c:\programmi\Avira GmbH . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-10 16:36 --------- d-----w c:\programmi\Wise Registry Cleaner 2009-01-09 20:44 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avira 2009-01-09 20:40 --------- d-----w c:\programmi\Avira 2008-12-25 19:29 --------- d-----w c:\programmi\Digisoft AntiDialer 2008-07-19 13:04 58,160 ----a-w c:\documents and settings\Grishnackh\Dati applicazioni\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( snapshot@2009-01-10_20.07.47.98 ))))))))))))))))))))))))))))))))))))))))) . - 2000-08-31 07:00:00 28,672 ----a-w c:\windows\NIRCMD.exe + 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-02-24 86016] "HP Software Update"="c:\programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032] "DeviceDiscovery"="c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960] "avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "SMSERIAL"="sm56hlpr.exe" [2000-11-22 c:\windows\sm56hlpr.exe] "nwiz"="nwiz.exe" [2005-02-24 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2004-08-19 c:\windows\system32\advpack.dll] c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2008-06-10 113664] Digisoft AntiDialer.lnk - c:\programmi\Digisoft AntiDialer\AntiDialer.exe [2003-08-19 730112] Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2008-06-10 118784] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5371:TCP"= 5371:TCP:fpashrfa S3 NtApm;Driver interfaccia NT Apm/Legacy;c:\windows\system32\drivers\NtApm.sys [2008-06-07 9472] S4 llrfzpgbv;Shell Installer;c:\windows\system32\svchost.exe -k netsvcs [2004-08-19 14336] --- Other Services/Drivers In Memory --- *NewlyCreated* - LLRFZPGBV HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs llrfzpgbv . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.libero.it/ IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-18 19:39:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run SMSERIAL = sm56hlpr.exe? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\llrfzpgbv] "ServiceDll"="c:\windows\system32\gnbpbgl.dll" . ------------------------ Other Running Processes ------------------------ . c:\programmi\Avira\AntiVir PersonalEdition Classic\sched.exe c:\programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Completion time: 2009-01-18 19:44:46 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-18 18:44:40 ComboFix2.txt 2009-01-17 13:00:18 ComboFix3.txt 2009-01-10 19:09:56 Pre-Run: 2.993.647.616 byte disponibili Post-Run: 3,010,469,888 byte disponibili 126 --- E O F --- 2008-07-17 19:25:30
  12. Scusami per il ritardo nel risponderti! Ho fatto quanto mi hai detto, ecco il log. grazie ComboFix 09-01-09.03 - Grishnackh 2009-01-17 13.32.32.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.256.92 [GMT 1:00] Eseguito da: c:\documents and settings\Grishnackh\Desktop\ComboFix.exe Interruttori di comando utilizzati :: c:\documents and settings\Grishnackh\Desktop\CFScript.txt * Creato nuovo punto di ripristino ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !! FILE :: c:\windows\system32\gnbpbgl.dll c:\windows\Tasks -- Whitelisted -- . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\gnbpbgl.dll c:\windows\temp . ((((((((((((((((((((((((((((((((((((((( Driver/Servizi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_llrfzpgbv -------\Service_llrfzpgbv ((((((((((((((((((((((((( Files Creati Da 2008-12-17 al 2009-01-17 ))))))))))))))))))))))))))))))))))) . 2009-01-10 20:02 . 2009-01-10 20:02 <DIR> d-------- c:\windows\system32\xircom 2009-01-10 20:02 . 2009-01-10 20:02 <DIR> d-------- c:\windows\srchasst 2009-01-10 20:02 . 2009-01-10 20:02 <DIR> d-------- c:\programmi\microsoft frontpage 2009-01-10 19:21 . 2009-01-10 19:21 <DIR> d-------- c:\documents and settings\Grishnackh\Dati applicazioni\Malwarebytes 2009-01-10 19:20 . 2009-01-10 19:21 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware 2009-01-10 19:20 . 2009-01-10 19:20 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes 2009-01-10 19:20 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-10 19:20 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-02 14:48 . 2009-01-02 14:46 782,336 --------- c:\windows\UNNERO.exe 2009-01-02 14:48 . 2009-01-02 14:46 532,480 --a------ c:\windows\system32\imagx5.dll 2009-01-02 14:48 . 2009-01-02 14:46 507,904 --a------ c:\windows\system32\imagr5.dll 2009-01-02 14:48 . 2009-01-02 14:46 275,312 --a------ c:\windows\system32\ImagXpr5.dll 2009-01-02 14:48 . 2009-01-02 14:46 155,648 --a------ c:\windows\system32\NeroCheck.exe 2009-01-02 14:48 . 2009-01-02 14:46 106,496 --a------ c:\windows\system32\TwnLib20.dll 2009-01-02 14:48 . 2009-01-02 14:46 61,320 --------- c:\windows\UNNERO.cfg 2009-01-02 14:48 . 2009-01-02 14:46 35,328 --a------ c:\windows\system32\picn20.dll 2009-01-02 14:47 . 2009-01-02 14:47 <DIR> d-------- c:\programmi\ahead 2008-12-30 20:48 . 2008-12-30 20:48 <DIR> d-------- c:\programmi\Avira GmbH . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-10 16:36 --------- d-----w c:\programmi\Wise Registry Cleaner 2009-01-09 20:44 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avira 2009-01-09 20:40 --------- d-----w c:\programmi\Avira 2008-12-25 19:29 --------- d-----w c:\programmi\Digisoft AntiDialer 2008-07-19 13:04 58,160 ----a-w c:\documents and settings\Grishnackh\Dati applicazioni\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-02-24 86016] "HP Software Update"="c:\programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032] "DeviceDiscovery"="c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960] "avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "SMSERIAL"="sm56hlpr.exe" [2000-11-22 c:\windows\sm56hlpr.exe] "nwiz"="nwiz.exe" [2005-02-24 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2004-08-19 c:\windows\system32\advpack.dll] c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2008-06-10 113664] Digisoft AntiDialer.lnk - c:\programmi\Digisoft AntiDialer\AntiDialer.exe [2003-08-19 730112] Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2008-06-10 118784] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5371:TCP"= 5371:TCP:fpashrfa S3 NtApm;Driver interfaccia NT Apm/Legacy;c:\windows\system32\drivers\NtApm.sys [2008-06-07 9472] S4 llrfzpgbv;Shell Installer;c:\windows\system32\svchost.exe -k netsvcs [2004-08-19 14336] --- Other Services/Drivers In Memory --- *NewlyCreated* - LLRFZPGBV HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs llrfzpgbv . . ------- Supplementare di scansione ------- . uStart Page = hxxp://www.libero.it/ IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-17 13:56:23 Windows 5.1.2600 Service Pack 2 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run SMSERIAL = sm56hlpr.exe? Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\llrfzpgbv] "ServiceDll"="c:\windows\system32\gnbpbgl.dll" . ------------------------ Altri processi in esecuzione ------------------------ . c:\programmi\Avira\AntiVir PersonalEdition Classic\sched.exe c:\programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Ora fine scansione: 2009-01-17 14:00:14 - macchina è stato riavviato ComboFix-quarantined-files.txt 2009-01-17 13:00:09 ComboFix2.txt 2009-01-10 19:09:56 Pre-Run: 3.057.967.104 byte disponibili Post-Run: 3,080,097,792 byte disponibili 126 --- E O F --- 2008-07-17 19:25:30
  13. Grazie Luke57! Ho fatto quanto mi hai indicato e non compare più alcun alert. Sapresti consigliarmi anche un buon firewall, ma leggero e poco invadente (visto che il mio pc è vecchiotto (del 2000!) e navigo ancora con modem a 56K)? Ti allego i post di combofix, malwarebytes e hijackthis: ComboFix 09-01-09.03 - Grishnackh 2009-01-10 19.48.17.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.256.63 [GMT 1:00] Eseguito da: c:\documents and settings\Grishnackh\Desktop\ComboFix.exe * Creato nuovo punto di ripristino ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !! . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\cxxntmqe.dll c:\windows\system32\efcYSmLE.dll c:\windows\system32\ELmSYcfe.ini c:\windows\system32\ELmSYcfe.ini2 c:\windows\system32\khfDvuvw.dll c:\windows\system32\plqsupmm.ini c:\windows\system32\qoahdpuw.ini c:\windows\system32\wupdhaoq.dll c:\windows\system32\xvxkml.dll . ((((((((((((((((((((((((( Files Creati Da 2008-12-10 al 2009-01-10 ))))))))))))))))))))))))))))))))))) . 2009-01-10 20:02 . 2009-01-10 20:02 <DIR> d-------- c:\windows\system32\xircom 2009-01-10 20:02 . 2009-01-10 20:02 <DIR> d-------- c:\windows\srchasst 2009-01-10 20:02 . 2009-01-10 20:02 <DIR> d-------- c:\programmi\microsoft frontpage 2009-01-10 19:21 . 2009-01-10 19:21 <DIR> d-------- c:\documents and settings\Grishnackh\Dati applicazioni\Malwarebytes 2009-01-10 19:20 . 2009-01-10 19:21 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware 2009-01-10 19:20 . 2009-01-10 19:20 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes 2009-01-10 19:20 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-10 19:20 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-02 14:48 . 2009-01-02 14:46 782,336 --------- c:\windows\UNNERO.exe 2009-01-02 14:48 . 2009-01-02 14:46 532,480 --a------ c:\windows\system32\imagx5.dll 2009-01-02 14:48 . 2009-01-02 14:46 507,904 --a------ c:\windows\system32\imagr5.dll 2009-01-02 14:48 . 2009-01-02 14:46 275,312 --a------ c:\windows\system32\ImagXpr5.dll 2009-01-02 14:48 . 2009-01-02 14:46 155,648 --a------ c:\windows\system32\NeroCheck.exe 2009-01-02 14:48 . 2009-01-02 14:46 106,496 --a------ c:\windows\system32\TwnLib20.dll 2009-01-02 14:48 . 2009-01-02 14:46 61,320 --------- c:\windows\UNNERO.cfg 2009-01-02 14:48 . 2009-01-02 14:46 35,328 --a------ c:\windows\system32\picn20.dll 2009-01-02 14:47 . 2009-01-02 14:47 <DIR> d-------- c:\programmi\ahead 2008-12-30 20:48 . 2008-12-30 20:48 <DIR> d-------- c:\programmi\Avira GmbH . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-10 16:36 --------- d-----w c:\programmi\Wise Registry Cleaner 2009-01-09 20:44 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avira 2009-01-09 20:40 --------- d-----w c:\programmi\Avira 2008-12-25 19:29 --------- d-----w c:\programmi\Digisoft AntiDialer 2008-07-19 13:04 58,160 ----a-w c:\documents and settings\Grishnackh\Dati applicazioni\GDIPFONTCACHEV1.DAT 2004-08-19 16:39 155,652 --sha-r c:\windows\system32\gnbpbgl.dll . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-02-24 86016] "HP Software Update"="c:\programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032] "DeviceDiscovery"="c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960] "avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "SMSERIAL"="sm56hlpr.exe" [2000-11-22 c:\windows\sm56hlpr.exe] "nwiz"="nwiz.exe" [2005-02-24 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2004-08-19 c:\windows\system32\advpack.dll] c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2008-06-10 113664] Digisoft AntiDialer.lnk - c:\programmi\Digisoft AntiDialer\AntiDialer.exe [2003-08-19 730112] Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2008-06-10 118784] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\efcYSmLE [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5371:TCP"= 5371:TCP:fpashrfa S3 NtApm;Driver interfaccia NT Apm/Legacy;c:\windows\system32\drivers\NtApm.sys [2008-06-07 9472] S4 llrfzpgbv;Shell Installer;c:\windows\system32\svchost.exe -k netsvcs [2004-08-19 14336] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs llrfzpgbv . - - - - ORFÃOS REMOVIDOS - - - - BHO-{9EAF43BD-4ECA-42CB-A9C4-42EFA0832764} - c:\windows\system32\efcYSmLE.dll BHO-{AF209DB6-29BB-4F8B-84E8-2056EA999610} - c:\windows\system32\khfDvuvw.dll ShellExecuteHooks-{AF209DB6-29BB-4F8B-84E8-2056EA999610} - c:\windows\system32\khfDvuvw.dll . ------- Supplementare di scansione ------- . uStart Page = hxxp://www.libero.it/ IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-10 20:04:14 Windows 5.1.2600 Service Pack 2 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run SMSERIAL = sm56hlpr.exe? Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\llrfzpgbv] "ServiceDll"="c:\windows\system32\gnbpbgl.dll" . ------------------------ Altri processi in esecuzione ------------------------ . c:\programmi\Avira\AntiVir PersonalEdition Classic\sched.exe c:\programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Ora fine scansione: 2009-01-10 20:09:52 - macchina è stato riavviato ComboFix-quarantined-files.txt 2009-01-10 19:09:47 Pre-Run: 3.060.645.888 byte disponibili Post-Run: 3,036,123,136 byte disponibili 130 --- E O F --- 2008-07-17 19:25:30 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Malwarebytes' Anti-Malware 1.32 Versione del database: 1638 Windows 5.1.2600 Service Pack 2 10/01/2009 23.36.54 mbam-log-2009-01-10 (23-36-54).txt Tipo di scansione: Scansione completa (C:\|F:\|) Elementi scansionati: 63798 Tempo trascorso: 41 minute(s), 25 second(s) Processi delle memoria infetti: 0 Moduli della memoria infetti: 0 Chiavi di registro infette: 0 Valori di registro infetti: 0 Elementi dato del registro infetti: 1 Cartelle infette: 0 File infetti: 15 Processi delle memoria infetti: (Nessun elemento malevolo rilevato) Moduli della memoria infetti: (Nessun elemento malevolo rilevato) Chiavi di registro infette: (Nessun elemento malevolo rilevato) Valori di registro infetti: (Nessun elemento malevolo rilevato) Elementi dato del registro infetti: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Cartelle infette: (Nessun elemento malevolo rilevato) File infetti: C:\Documents and Settings\Grishnackh\Documenti\Marcello\Protezione PC\attivazione xp\XPKey\XPKey.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\cxxntmqe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\efcYSmLE.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\khfDvuvw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\wupdhaoq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\xvxkml.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BBA80060-48F2-4D72-80E2-9ADE0F1358BB}\RP5\A0001193.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BBA80060-48F2-4D72-80E2-9ADE0F1358BB}\RP5\A0001160.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BBA80060-48F2-4D72-80E2-9ADE0F1358BB}\RP5\A0001174.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BBA80060-48F2-4D72-80E2-9ADE0F1358BB}\RP6\A0001209.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BBA80060-48F2-4D72-80E2-9ADE0F1358BB}\RP6\A0001210.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BBA80060-48F2-4D72-80E2-9ADE0F1358BB}\RP6\A0001211.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BBA80060-48F2-4D72-80E2-9ADE0F1358BB}\RP6\A0001214.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BBA80060-48F2-4D72-80E2-9ADE0F1358BB}\RP6\A0001215.dll (Trojan.Vundo) -> Quarantined and deleted successfully. F:\attivazione xp\XPKey\XPKey.exe (Trojan.Downloader) -> Quarantined and deleted successfully. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Logfile of HijackThis v1.99.1 Scan saved at 14.22.51, on 11/01/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Digisoft AntiDialer\AntiDialer.exe C:\Programmi\WinZip\WZQKPICK.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Grishnackh\Documenti\Marcello\Protezione PC\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Digisoft AntiDialer.lnk = C:\Programmi\Digisoft AntiDialer\AntiDialer.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\GRISHN~1\IMPOST~1\Temp\hpdj.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  14. Salve, ieri ho installato la nuova versione di Avira-free ed ho fatto aggiornato conl'update. Contemporaneamente hanno iniziato ad arrivarmi gli alert di 2-3 trojan che non è possibile ne riparare, ne cancellare ,ne mettere in quarantena. Difatti se nella finestra dell'alert scelgo ua di queste operazioni e clicco su ok, l'alert rientra ma dopo qualche secondo mi ricompare il medesimo alert, sul medesimo trojan, che infesta il medesimo file. Invece se non chiudo l'alert ogni 2-3 salta fuori un alert identico. Tutto questo inizia già al momento dell'avvio del pc, internet o non internet. I trojan, che evidentemente sono sconosciuti all'ultimo database Avira, sono: Trojan TR/Monder.akld TR/Vundo.fxr.15 Virtl.20332.1 Grazie in anticipo, vi allego il log di HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 17.50.23, on 10/01/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Digisoft AntiDialer\AntiDialer.exe C:\Programmi\WinZip\WZQKPICK.EXE C:\Documents and Settings\Grishnackh\Documenti\Marcello\Protezione PC\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {8FCA3991-25ED-46DF-83D5-63AA5A66B9E7} - C:\WINDOWS\system32\efcYSmLE.dll O2 - BHO: (no name) - {AF209DB6-29BB-4F8B-84E8-2056EA999610} - C:\WINDOWS\system32\khfDvuvw.dll O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Digisoft AntiDialer.lnk = C:\Programmi\Digisoft AntiDialer\AntiDialer.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll O20 - Winlogon Notify: khfDvuvw - C:\WINDOWS\SYSTEM32\khfDvuvw.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\GRISHN~1\IMPOST~1\Temp\hpdj.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  15. grazie, intanto approfitto e rinserisco il log ottenuto dalla versione più recente di HiJackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14.00.10, on 13/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Intel\Wireless\Bin\EvtEng.exe C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Acer\Empowering Technology\admServ.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Programmi\File comuni\LightScribe\LSSrvc.exe C:\WINDOWS\Explorer.EXE C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\Synaptics\SynTP\SynTPEnh.exe C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe C:\Acer\Empowering Technology\admtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Programmi\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Programmi\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\wbem\unsecapp.exe C:\Programmi\PSNLite\Psn2Lite.exe C:\Programmi\OpenOffice\program\soffice.exe C:\PROGRA~1\PSNLite\PSNGive.exe C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe C:\Programmi\Microsoft Office\OFFICE11\MSPUB.EXE C:\Documents and Settings\mselva\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy/explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sPXSIGN.EXE] "C:\Programmi\Symprex\Mail Signature Manager Sign\sign.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 1.1.1.lnk = C:\Programmi\OpenOffice\program\quickstart.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmi\PSNLite\Psn2Lite.exe O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {10458B03-35AC-4D5C-B9AA-9645F27B3E4D} (Cieffe VisionWeb) - http://172.16.0.180/ProximaVisionWEB.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = colombini.loc O17 - HKLM\Software\..\Telephony: DomainName = colombini.loc O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = colombini.loc O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = colombini.loc O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programmi\WinPcap\rpcapd.exe (file missing) O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 8004 bytes