poesia

Dopo aver fatto scansioni varie, utilizzato Ccleaner e altro vorrein allegare il report di Combofix nella speranza possiate fare qualcosa per risolvere il problema : lentezza pc grazie ps: non riesco ad allegare più nessun file, come devo fare per cancellare i vecchi allegati per liberare spazio? grazie ComboFix 10-01-01.01 - HP_Proprietario 02/01/2010 9.41.46.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1022.539 [GMT 1:00] Eseguito da: c:\documents and settings\HP_Proprietario\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 100101-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\HP_Proprietario\Desktop 058 sp 09 .pdf c:\documents and settings\HP_Proprietario\Desktop preliminare .pdf c:\windows\system\hpsysdrv .DAT c:\windows\system\hpsysdrv .exe c:\windows\system32\ctfmon .exe c:\windows\system32\ps2 .exe c:\windows\system32\ps2.bat c:\windows\TEMP\logishrd\LVPrcInj01.dll . ((((((((((((((((((((((((( Files Creati Da 2009-12-02 al 2010-01-02 ))))))))))))))))))))))))))))))))))) . 2009-12-13 16:19 . 2009-12-13 16:19 398336 ----a-w- c:\windows\system32\CF13368.exe 2009-12-08 18:04 . 2009-12-08 18:04 152576 ----a-w- c:\documents and settings\HP_Proprietario\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-08 17:42 . 2009-12-08 17:42 -------- d-----w- c:\windows\system32\wbem\Repository . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-02 08:48 . 2009-01-03 22:59 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-01-02 08:48 . 2009-01-03 22:59 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2010-01-01 09:14 . 2008-10-16 13:50 -------- d-----w- c:\documents and settings\HP_Proprietario\Dati applicazioni\Skype 2010-01-01 09:01 . 2008-10-16 13:58 -------- d-----w- c:\documents and settings\HP_Proprietario\Dati applicazioni\skypePM 2009-12-30 13:11 . 2004-12-10 21:24 81332 ----a-w- c:\windows\system32\perfc010.dat 2009-12-30 13:11 . 2004-12-10 21:24 483246 ----a-w- c:\windows\system32\perfh010.dat 2009-12-08 18:05 . 2005-01-02 12:44 -------- d-----w- c:\programmi\Java 2009-12-08 18:04 . 2009-11-11 15:38 79488 ----a-w- c:\documents and settings\HP_Proprietario\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll 2009-11-25 12:33 . 2009-05-20 20:35 -------- d-----w- c:\programmi\QuickTime 2009-11-24 23:54 . 2009-02-27 11:32 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2009-11-24 23:51 . 2009-02-27 11:32 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-11-24 23:49 . 2009-02-27 11:32 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-24 23:48 . 2009-02-27 11:32 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-24 23:47 . 2009-02-27 11:32 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-11-24 23:47 . 2009-02-27 11:32 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-11-24 21:52 . 2005-01-02 13:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer 2009-11-24 21:48 . 2009-11-24 21:48 -------- d-----w- c:\programmi\File comuni\Apple 2009-11-15 20:45 . 2008-11-27 16:49 -------- d-----w- c:\programmi\VocalReader 2009-10-29 07:40 . 2004-08-19 11:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-21 05:38 . 2004-08-19 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38 . 2004-08-19 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-19 11:00 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:33 . 2004-08-19 12:00 271360 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:38 . 2004-08-19 12:00 150016 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:38 . 2004-08-19 12:00 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-11 03:17 . 2009-02-20 18:51 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-02-22 17:40 . 2009-02-22 17:29 31083672 -c--a-w- c:\programmi\setupita avast.exe 2009-01-18 16:11 . 2009-01-18 16:11 1851544 -c--a-w- c:\programmi\install_flash_player.exe 2009-02-24 19:34 . 2009-02-24 19:34 1044480 -c--a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll 2009-02-24 19:34 . 2009-02-24 19:34 200704 -c--a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll 2005-12-05 22:49 . 2008-05-24 01:59 22 -csha-w- c:\windows\SMINST\HPCD.SYS . <pre> c:\programmi\Alice ti aiuta\SmartBridge\motivesb .exe c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx .exe c:\programmi\File comuni\Symantec Shared\Security Center\usrprmpt .exe c:\programmi\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe c:\programmi\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08 .exe c:\programmi\HP\HP Software Update\hpwuschd2 .exe c:\programmi\Java\jre1.5.0\bin\jusched .exe c:\programmi\Monsters\PowerGramo\powergramo .exe c:\programmi\Monsters\PowerGramo\powergramo .exe c:\programmi\Monsters\PowerGramo\powergramo .exe c:\programmi\SweetIM\Messenger\sweetim .exe c:\windows\SMINST\recguard .exe </pre> ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\programmi\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-03-27 173368] [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2008-03-27 12:12 1164600 ----a-w- c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-29 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [2009-02-22 13836] "RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14820864] "ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2009-02-27 13836] "HPHUPD08"="c:\programmi\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2009-02-27 13836] "iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2005-05-04 278528] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2009-02-27 13836] "HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2009-02-27 13836] "Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2009-02-27 13836] "ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "SweetIM"="c:\programmi\SweetIM\Messenger\SweetIM.exe" [2009-02-27 13836] "KBD"="c:\hp\KBD\KBD.EXE" [2009-02-27 13836] "LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008] "LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992] "QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-11-10 417792] "SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280] c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-5-23 217088] Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] BTTray.lnk - c:\programmi\D-Link\Software Bluetooth\BTTray.exe [2004-11-30 565309] D-Link AirPlus G+ Wireless Adapter Utility.lnk - c:\programmi\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE [2008-5-23 671744] Device Detector 3.lnk - c:\programmi\Olympus\DeviceDetector\DevDtct2.exe [2008-11-18 118784] HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624] Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-1-3 66864] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\MsgPlusLoader.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Programmi\\iTunes\\iTunes.exe"= "c:\\Programmi\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programmi\\NetMeeting\\conf.exe"= "c:\\Programmi\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27/02/2009 12.32.48 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/02/2009 12.32.48 20560] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [01/09/2009 22.00.49 54752] R2 viewer_service;SECTRA Viewer Update Service;c:\programmi\Sectra\IDS5web\bin\viewer_service.exe [04/10/2006 18.09.04 24628] R3 TNET1130;D-Link AirPlus G+ Wireless Adapter;c:\windows\system32\drivers\GPLUS.sys [23/05/2008 18.55.40 283392] S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21.48.42 704864] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?] . Contenuto della cartella 'Scheduled Tasks' 2010-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-01-02 c:\windows\Tasks\User_Feed_Synchronization-{C1020393-804A-471E-9A05-C1747BE33ACD}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Scansione supplementare ------- . uStart Page = hxxp://www.libero.it/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Aggiungi a PDF esistente - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Converti destinazione link in Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Converti in Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Converti selezione in Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Invia a &Bluetooth - c:\programmi\D-Link\Software Bluetooth\btsendto_ie_ctx.htm Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\HP_Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\jccsyydg.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin8.dll FF - plugin: c:\programmi\Mozilla Firefox\plugins\npyaxmpb.dll FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-02 09:49 Windows 5.1.2600 Service Pack 3 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ************************************************************************** . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- Dlls caricate dai processi in esecuzione --------------------- - - - - - - - > 'winlogon.exe'(1304) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(6396) c:\windows\system32\WININET.dll c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Altri processi in esecuzione ------------------------ . c:\windows\system32\Ati2evxx.exe c:\programmi\Alwil Software\Avast4\aswUpdSv.exe c:\programmi\Alwil Software\Avast4\ashServ.exe c:\programmi\D-Link\Software Bluetooth\bin\btwdins.exe c:\programmi\Java\jre6\bin\jqs.exe c:\programmi\File comuni\LightScribe\LSSrvc.exe c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE c:\programmi\Alwil Software\Avast4\ashMaiSv.exe c:\programmi\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\Ati2evxx.exe c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\RTHDCPL.EXE c:\programmi\iPod\bin\iPodService.exe c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe c:\programmi\Alice ti aiuta\bin\mpbtn.exe c:\programmi\HP\Digital Imaging\bin\hpqSTE08.exe c:\programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe . ************************************************************************** . Ora fine scansione: 2010-01-02 09:55:34 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2010-01-02 08:55 Pre-Run: 217.396.453.376 byte disponibili Post-Run: 217.706.397.696 byte disponibili - - End Of File - - 7536CD0838E1478A43C9EC3FF099FE82

WOWWWWWWWWWWWWWWWW mERçI BCP...ORA CHIEDETEMI TUTTO!!!!!

NON HO IDEA...............CHE DEVO FARE CON QUESTI FILE IN QUARANTENA????? Kaspersky segnala questi file in quarantena (hai eseguito una scansione con tredmicro) C:\Documents and Settings\USER\.housecall6.6\Quarantine\jyqxrhkx.dll.vir.bac_a01552 C:\Documents and Settings\USER\.housecall6.6\Quarantine\nnnNFyYr.dll.vir.bac_a01552 C:\Documents and Settings\USER\.housecall6.6\Quarantine\ooouispk.dll.vir.bac_a01552 ......................................E CON QUEST'ALTRO??????? per i file segnalati nel restore... esempio: C:\System Volume Information\_restore{65D6DC6B-F321-42AB-AB8D-C64BE3F0ECC7}\RP3\A0001304.exe

hijackthis_NUOVO.txt Allora non ho aspettato risposte, cercando di eseguire tutto: 1)ho Disabilitato il Ripristino di configurazione su tutte le unità; 2)Fatto la scansione con Rogueremover dal vostro link..."rr-free.setup.exe"IN QUANTO NON VOLEVO AVERE ALTRO CAZZIATONE! MA è normale sia durata 2 secondi?, e vi ho salvato la schermata che è comparsa subito dopo. 3)Fatto nuovo log hijackthis Ora mi chiedo: i punti di ripristino devono restare disabilitati????' Scusate la totale ignoranza! GRAZIE 200000000000 LOL POESIA

il rogueremover sarebbe "rr-free.setup.exe o va bene anche installer-46735-34it-rogueremover-free-Italian.exe? so di essere seccante ma non voglio sbagliare anche questo in modalità provvisoria e dopo?

scusa..... ma devo andare in modalità provvisoria? prima di disattivare il ripristino? E , se sì, dopo devo riattivare? o fare scansione hijackthis sempre in modalità provvisoria?

ComboFix.txtavenger1.txt Salve ho eseguito alla lettera tutto cio che mi hai consigliato anche se dopo la scansione Kaspersky si vedono ancora 7 virus e 12 file infetti (prima mi sembra fossero 9) per cui credo che il lavoro sarà ancora lungo e laborioso per me et (sigh) anche per te...Angelique-Non so se sei uomo o donna, ma sicuramente sei un angelo...e gli angeli non hanno sesso! grazie ancora Poesia hijackthis2.txtReport_kaspersky_1di_Poesia.html

http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB è l'indirizzo che compare nelle vostre istruzioni di stamattina ore 7,51

Scusate sempre io Poesia ma cosa devo fare con teasyinbstall? l'ho scaricato ma dove devo salvalo in una cartella particolare? ha attinenza con le operazioni successive? grazie di rispondermi subito

avenger.txthijackthis.log Ecco ...e poi????? Poesia

Salve...Combofix non si apriva da questi link pero sono riuscita a scaricarlo da un altro indirizzo ..purtroppo durante l'operazione il mio programma Spydoctor ogni tanto mi bloccava le operazioni perché riconosceva come per cui l'ho disinstallato e ho dovuto sisinstallare anche Spaywarefighter Ecco ti allego il log ...grazie mille..attendo con ansia....PoésiaComboFix.txt

hijackthis2.txt Ciao Scusate non so se va bene cosi...vi allego di nuovo il report di Kaspersky e il nuovo log di highjack grazie Poesia Raport_Kaspersky_di_Poesia.html

hijackthis2.txthijackthis2.txtHo eseguito alla lettera ( o quasi) tutto cio consigliatomi da Angelique, spero che non abbia fatto errori e questi sono i risultati: Vi allego, quindi, il report della scansione on line di kaspersky e il nuovo log di Hijackthis :attendo nuove istruzioni grazie , siete preziosissimi! Poesia Raport_Kaspersky_di_Poesia.html

Ciao raga, vi ho trovato e vi chiedo aiuto. Sul mio comp si aprono popup strani e sono stati rilevati dall'antivirus dei trojan. help me please! ecco il log di highjack Logfile of HijackThis v1.99.1 Scan saved at 18.59.11, on 04/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\TomTom HOME\TomTomHOME.exe C:\Programmi\SPYWAREfighter\spftray.exe C:\Programmi\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\sfytyfih.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Programmi\Google\Google Updater\GoogleUpdater.exe C:\Programmi\Intelligent\Common\RaUI.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\Alice ti aiuta\bin\mpbtn.exe C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\Programmi\Spyware Doctor\pctsAuxs.exe C:\Programmi\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\fxssvc.exe C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe C:\Programmi\SPYWAREfighter\spfprc.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\Programmi\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\WgaTray.exe C:\Programmi\eMule\emule.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Programmi\internet explorer\iexplore.exe C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\USER\Desktop\hG\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programmi\Share_Accelerator_MM\tbShar.dll O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Programmi\PC-Antispyware\IeExtension.dll O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programmi\Share_Accelerator_MM\tbShar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programmi\Share_Accelerator_MM\tbShar.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [TrojanScanner] C:\Programmi\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmi\SPYWAREfighter\spftray.exe O4 - HKLM\..\Run: [iSTray] "C:\Programmi\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [Curb tool help dart] C:\Documents and Settings\All Users\Dati applicazioni\Move Bore Curb Tool\Eggs 1.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [2 Itch] C:\DOCUME~1\USER\DATIAP~1\BROWSE~1\Bold dumb.exe O4 - HKCU\..\Run: [hdweskzf] C:\WINDOWS\system32\sfytyfih.exe O4 - Startup: .protected O4 - Global Startup: .protected O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Intelligent Wireless Utility.lnk = C:\Programmi\Intelligent\Common\RaUI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A2C0D414-91DD-4C65-942B-E6044484318B}: NameServer = 85.37.17.11 85.38.28.69 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programmi\SPYWAREfighter\spfprc.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe