-
Numero contenuti
14 -
Iscritto
-
Ultima visita
Su poesia
-
Livello
Iniziato
Contact Methods
-
ICQ
0
Profile Information
-
Sesso
Femmina
-
Dopo aver fatto scansioni varie, utilizzato Ccleaner e altro vorrein allegare il report di Combofix nella speranza possiate fare qualcosa per risolvere il problema : lentezza pc grazie ps: non riesco ad allegare più nessun file, come devo fare per cancellare i vecchi allegati per liberare spazio? grazie ComboFix 10-01-01.01 - HP_Proprietario 02/01/2010 9.41.46.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1022.539 [GMT 1:00] Eseguito da: c:\documents and settings\HP_Proprietario\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 100101-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\HP_Proprietario\Desktop 058 sp 09 .pdf c:\documents and settings\HP_Proprietario\Desktop preliminare .pdf c:\windows\system\hpsysdrv .DAT c:\windows\system\hpsysdrv .exe c:\windows\system32\ctfmon .exe c:\windows\system32\ps2 .exe c:\windows\system32\ps2.bat c:\windows\TEMP\logishrd\LVPrcInj01.dll . ((((((((((((((((((((((((( Files Creati Da 2009-12-02 al 2010-01-02 ))))))))))))))))))))))))))))))))))) . 2009-12-13 16:19 . 2009-12-13 16:19 398336 ----a-w- c:\windows\system32\CF13368.exe 2009-12-08 18:04 . 2009-12-08 18:04 152576 ----a-w- c:\documents and settings\HP_Proprietario\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-08 17:42 . 2009-12-08 17:42 -------- d-----w- c:\windows\system32\wbem\Repository . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-02 08:48 . 2009-01-03 22:59 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-01-02 08:48 . 2009-01-03 22:59 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2010-01-01 09:14 . 2008-10-16 13:50 -------- d-----w- c:\documents and settings\HP_Proprietario\Dati applicazioni\Skype 2010-01-01 09:01 . 2008-10-16 13:58 -------- d-----w- c:\documents and settings\HP_Proprietario\Dati applicazioni\skypePM 2009-12-30 13:11 . 2004-12-10 21:24 81332 ----a-w- c:\windows\system32\perfc010.dat 2009-12-30 13:11 . 2004-12-10 21:24 483246 ----a-w- c:\windows\system32\perfh010.dat 2009-12-08 18:05 . 2005-01-02 12:44 -------- d-----w- c:\programmi\Java 2009-12-08 18:04 . 2009-11-11 15:38 79488 ----a-w- c:\documents and settings\HP_Proprietario\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll 2009-11-25 12:33 . 2009-05-20 20:35 -------- d-----w- c:\programmi\QuickTime 2009-11-24 23:54 . 2009-02-27 11:32 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2009-11-24 23:51 . 2009-02-27 11:32 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-11-24 23:49 . 2009-02-27 11:32 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-24 23:48 . 2009-02-27 11:32 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-24 23:47 . 2009-02-27 11:32 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-11-24 23:47 . 2009-02-27 11:32 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-11-24 21:52 . 2005-01-02 13:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer 2009-11-24 21:48 . 2009-11-24 21:48 -------- d-----w- c:\programmi\File comuni\Apple 2009-11-15 20:45 . 2008-11-27 16:49 -------- d-----w- c:\programmi\VocalReader 2009-10-29 07:40 . 2004-08-19 11:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-21 05:38 . 2004-08-19 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38 . 2004-08-19 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-19 11:00 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:33 . 2004-08-19 12:00 271360 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:38 . 2004-08-19 12:00 150016 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:38 . 2004-08-19 12:00 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-11 03:17 . 2009-02-20 18:51 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-02-22 17:40 . 2009-02-22 17:29 31083672 -c--a-w- c:\programmi\setupita avast.exe 2009-01-18 16:11 . 2009-01-18 16:11 1851544 -c--a-w- c:\programmi\install_flash_player.exe 2009-02-24 19:34 . 2009-02-24 19:34 1044480 -c--a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll 2009-02-24 19:34 . 2009-02-24 19:34 200704 -c--a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll 2005-12-05 22:49 . 2008-05-24 01:59 22 -csha-w- c:\windows\SMINST\HPCD.SYS . <pre> c:\programmi\Alice ti aiuta\SmartBridge\motivesb .exe c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx .exe c:\programmi\File comuni\Symantec Shared\Security Center\usrprmpt .exe c:\programmi\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe c:\programmi\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08 .exe c:\programmi\HP\HP Software Update\hpwuschd2 .exe c:\programmi\Java\jre1.5.0\bin\jusched .exe c:\programmi\Monsters\PowerGramo\powergramo .exe c:\programmi\Monsters\PowerGramo\powergramo .exe c:\programmi\Monsters\PowerGramo\powergramo .exe c:\programmi\SweetIM\Messenger\sweetim .exe c:\windows\SMINST\recguard .exe </pre> ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\programmi\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-03-27 173368] [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2008-03-27 12:12 1164600 ----a-w- c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-29 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [2009-02-22 13836] "RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14820864] "ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2009-02-27 13836] "HPHUPD08"="c:\programmi\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2009-02-27 13836] "iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2005-05-04 278528] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2009-02-27 13836] "HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2009-02-27 13836] "Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2009-02-27 13836] "ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "SweetIM"="c:\programmi\SweetIM\Messenger\SweetIM.exe" [2009-02-27 13836] "KBD"="c:\hp\KBD\KBD.EXE" [2009-02-27 13836] "LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008] "LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992] "QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-11-10 417792] "SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280] c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-5-23 217088] Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] BTTray.lnk - c:\programmi\D-Link\Software Bluetooth\BTTray.exe [2004-11-30 565309] D-Link AirPlus G+ Wireless Adapter Utility.lnk - c:\programmi\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE [2008-5-23 671744] Device Detector 3.lnk - c:\programmi\Olympus\DeviceDetector\DevDtct2.exe [2008-11-18 118784] HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624] Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-1-3 66864] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\MsgPlusLoader.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Programmi\\iTunes\\iTunes.exe"= "c:\\Programmi\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programmi\\NetMeeting\\conf.exe"= "c:\\Programmi\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27/02/2009 12.32.48 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/02/2009 12.32.48 20560] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [01/09/2009 22.00.49 54752] R2 viewer_service;SECTRA Viewer Update Service;c:\programmi\Sectra\IDS5web\bin\viewer_service.exe [04/10/2006 18.09.04 24628] R3 TNET1130;D-Link AirPlus G+ Wireless Adapter;c:\windows\system32\drivers\GPLUS.sys [23/05/2008 18.55.40 283392] S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21.48.42 704864] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?] . Contenuto della cartella 'Scheduled Tasks' 2010-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-01-02 c:\windows\Tasks\User_Feed_Synchronization-{C1020393-804A-471E-9A05-C1747BE33ACD}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Scansione supplementare ------- . uStart Page = hxxp://www.libero.it/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Aggiungi a PDF esistente - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Converti destinazione link in Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Converti in Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Converti selezione in Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Invia a &Bluetooth - c:\programmi\D-Link\Software Bluetooth\btsendto_ie_ctx.htm Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\HP_Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\jccsyydg.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin8.dll FF - plugin: c:\programmi\Mozilla Firefox\plugins\npyaxmpb.dll FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-02 09:49 Windows 5.1.2600 Service Pack 3 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ************************************************************************** . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- Dlls caricate dai processi in esecuzione --------------------- - - - - - - - > 'winlogon.exe'(1304) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(6396) c:\windows\system32\WININET.dll c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Altri processi in esecuzione ------------------------ . c:\windows\system32\Ati2evxx.exe c:\programmi\Alwil Software\Avast4\aswUpdSv.exe c:\programmi\Alwil Software\Avast4\ashServ.exe c:\programmi\D-Link\Software Bluetooth\bin\btwdins.exe c:\programmi\Java\jre6\bin\jqs.exe c:\programmi\File comuni\LightScribe\LSSrvc.exe c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE c:\programmi\Alwil Software\Avast4\ashMaiSv.exe c:\programmi\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\Ati2evxx.exe c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\RTHDCPL.EXE c:\programmi\iPod\bin\iPodService.exe c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe c:\programmi\Alice ti aiuta\bin\mpbtn.exe c:\programmi\HP\Digital Imaging\bin\hpqSTE08.exe c:\programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe . ************************************************************************** . Ora fine scansione: 2010-01-02 09:55:34 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2010-01-02 08:55 Pre-Run: 217.396.453.376 byte disponibili Post-Run: 217.706.397.696 byte disponibili - - End Of File - - 7536CD0838E1478A43C9EC3FF099FE82
-
WOWWWWWWWWWWWWWWWW mERçI BCP...ORA CHIEDETEMI TUTTO!!!!!
-
NON HO IDEA...............CHE DEVO FARE CON QUESTI FILE IN QUARANTENA????? Kaspersky segnala questi file in quarantena (hai eseguito una scansione con tredmicro) C:\Documents and Settings\USER\.housecall6.6\Quarantine\jyqxrhkx.dll.vir.bac_a01552 C:\Documents and Settings\USER\.housecall6.6\Quarantine\nnnNFyYr.dll.vir.bac_a01552 C:\Documents and Settings\USER\.housecall6.6\Quarantine\ooouispk.dll.vir.bac_a01552 ......................................E CON QUEST'ALTRO??????? per i file segnalati nel restore... esempio: C:\System Volume Information\_restore{65D6DC6B-F321-42AB-AB8D-C64BE3F0ECC7}\RP3\A0001304.exe
-
hijackthis_NUOVO.txt Allora non ho aspettato risposte, cercando di eseguire tutto: 1)ho Disabilitato il Ripristino di configurazione su tutte le unità; 2)Fatto la scansione con Rogueremover dal vostro link..."rr-free.setup.exe"IN QUANTO NON VOLEVO AVERE ALTRO CAZZIATONE! MA è normale sia durata 2 secondi?, e vi ho salvato la schermata che è comparsa subito dopo. 3)Fatto nuovo log hijackthis Ora mi chiedo: i punti di ripristino devono restare disabilitati????' Scusate la totale ignoranza! GRAZIE 200000000000 LOL POESIA
-
il rogueremover sarebbe "rr-free.setup.exe o va bene anche installer-46735-34it-rogueremover-free-Italian.exe? so di essere seccante ma non voglio sbagliare anche questo in modalità provvisoria e dopo?
-
scusa..... ma devo andare in modalità provvisoria? prima di disattivare il ripristino? E , se sì, dopo devo riattivare? o fare scansione hijackthis sempre in modalità provvisoria?
-
ComboFix.txtavenger1.txt Salve ho eseguito alla lettera tutto cio che mi hai consigliato anche se dopo la scansione Kaspersky si vedono ancora 7 virus e 12 file infetti (prima mi sembra fossero 9) per cui credo che il lavoro sarà ancora lungo e laborioso per me et (sigh) anche per te...Angelique-Non so se sei uomo o donna, ma sicuramente sei un angelo...e gli angeli non hanno sesso! grazie ancora Poesia hijackthis2.txtReport_kaspersky_1di_Poesia.html
-
http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB è l'indirizzo che compare nelle vostre istruzioni di stamattina ore 7,51
-
poesia ha iniziato a seguire Pop Up E Virus Trojans
-
Scusate sempre io Poesia ma cosa devo fare con teasyinbstall? l'ho scaricato ma dove devo salvalo in una cartella particolare? ha attinenza con le operazioni successive? grazie di rispondermi subito
-
avenger.txthijackthis.log Ecco ...e poi????? Poesia
-
Salve...Combofix non si apriva da questi link pero sono riuscita a scaricarlo da un altro indirizzo ..purtroppo durante l'operazione il mio programma Spydoctor ogni tanto mi bloccava le operazioni perché riconosceva come per cui l'ho disinstallato e ho dovuto sisinstallare anche Spaywarefighter Ecco ti allego il log ...grazie mille..attendo con ansia....PoésiaComboFix.txt
-
hijackthis2.txt Ciao Scusate non so se va bene cosi...vi allego di nuovo il report di Kaspersky e il nuovo log di highjack grazie Poesia Raport_Kaspersky_di_Poesia.html
-
poesia ha iniziato a seguire Report Kaspersky E Nuovo Log Hijackthis
-
hijackthis2.txthijackthis2.txtHo eseguito alla lettera ( o quasi) tutto cio consigliatomi da Angelique, spero che non abbia fatto errori e questi sono i risultati: Vi allego, quindi, il report della scansione on line di kaspersky e il nuovo log di Hijackthis :attendo nuove istruzioni grazie , siete preziosissimi! Poesia Raport_Kaspersky_di_Poesia.html
-
Ciao raga, vi ho trovato e vi chiedo aiuto. Sul mio comp si aprono popup strani e sono stati rilevati dall'antivirus dei trojan. help me please! ecco il log di highjack Logfile of HijackThis v1.99.1 Scan saved at 18.59.11, on 04/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\TomTom HOME\TomTomHOME.exe C:\Programmi\SPYWAREfighter\spftray.exe C:\Programmi\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\sfytyfih.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Programmi\Google\Google Updater\GoogleUpdater.exe C:\Programmi\Intelligent\Common\RaUI.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\Alice ti aiuta\bin\mpbtn.exe C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\Programmi\Spyware Doctor\pctsAuxs.exe C:\Programmi\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\fxssvc.exe C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe C:\Programmi\SPYWAREfighter\spfprc.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\Programmi\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\WgaTray.exe C:\Programmi\eMule\emule.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Programmi\internet explorer\iexplore.exe C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\USER\Desktop\hG\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programmi\Share_Accelerator_MM\tbShar.dll O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Programmi\PC-Antispyware\IeExtension.dll O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programmi\Share_Accelerator_MM\tbShar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programmi\Share_Accelerator_MM\tbShar.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [TrojanScanner] C:\Programmi\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmi\SPYWAREfighter\spftray.exe O4 - HKLM\..\Run: [iSTray] "C:\Programmi\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [Curb tool help dart] C:\Documents and Settings\All Users\Dati applicazioni\Move Bore Curb Tool\Eggs 1.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [2 Itch] C:\DOCUME~1\USER\DATIAP~1\BROWSE~1\Bold dumb.exe O4 - HKCU\..\Run: [hdweskzf] C:\WINDOWS\system32\sfytyfih.exe O4 - Startup: .protected O4 - Global Startup: .protected O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Intelligent Wireless Utility.lnk = C:\Programmi\Intelligent\Common\RaUI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A2C0D414-91DD-4C65-942B-E6044484318B}: NameServer = 85.37.17.11 85.38.28.69 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programmi\SPYWAREfighter\spfprc.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe