misonsanbea

Il Portatile è Bloccato

11 messaggi in questa discussione

chiedo umilmente aiuto a chiunque può darmi una mano a liberarmi da un probabilissimo virus

Mi hanno caricato dei file copiati da amici (spero di perderli !!) con il risultato che il portatile quando parte, dopo pochi attimi diventa instabile e non riesco neppure a prendere il controllo con ctr-alt-del

Ho fatto girare avast ma senza grossi risultati.

Non riesco ad essere più preciso perchè la macchina è bloccata.

Vi chiederei se potete darmi qualceh suggerimento per cercare di superare il problema.

Come al solito sul portatile ci sono i soliti file della vita che non posso perdere.

Grazie per l'aiuto

ciao

Moreno :)badmoon1.gifbadmoon1.gifbadmoon1.gif

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

"Senza grossi risultati"..cioè??

Cmq fai una scansione se riesci con HiJackThis..e posta il log..

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao moreghi,

Scarica Combofix sul desktop > GUIDA <

start > esegui, nel box bianco copia e incolla questo comando, virgolette comprese:

"%userprofile%\desktop\combofix.exe" /killall

allega il report

:P:)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Grazie Bios83

rispondo a te non avendo ancora visto il contributo di angelique a cui do subito seguito

Ho fatto la HiJackThis e ti allego i risultati.

spero tu possa darmi una risposta confortante

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9.18.20, on 16/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe

c:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe

c:\Programmi\File comuni\Symantec Shared\ccProxy.exe

C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

C:\Programmi\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Programmi\File comuni\Symantec Shared\ccApp.exe

C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe

C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

C:\Programmi\HP\QuickPlay\QPService.exe

C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe

C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Programmi\QuickTime\qttask.exe

C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe

C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programmi\Skype\Phone\Skype.exe

C:\Programmi\Adobe\Acrobat 7.0\Distillr\AcroDist.exe

C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Programmi\File comuni\LightScribe\LSSrvc.exe

C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe

C:\Programmi\Skype\Plugin Manager\skypePM.exe

C:\Programmi\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\eHome\ehmsas.exe

c:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

C:\Programmi\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [ccApp] "c:\Programmi\File comuni\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [iS CfgWiz] c:\Programmi\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"

O4 - HKLM\..\Run: [sSC_UserPrompt] "c:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Programmi\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?

O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=64&bd=pavilion&pf=laptop

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1216670101129

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Programmi\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Programmi\Norton Internet Security\comHost.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe

O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - c:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe

O23 - Service: Servizio di Norton Protection Center (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programmi\TuneUp Utilities 2006\WinStylerThemeSvc.exe

O23 - Service: UPnPService - Unknown owner - C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe

--

End of file - 13927 bytes

aspetto con ansia

ciao

Morenobadmoon1.gifcensored.gif

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti
Ciao moreghi,

Scarica Combofix sul desktop > GUIDA <

start > esegui, nel box bianco copia e incolla questo comando, virgolette comprese:

"%userprofile%\desktop\combofix.exe" /killall

allega il report

:P:)

ho fatto la scansione di combofix.

ti allego il log

non ho fatto il comando "%userprofile%\desktop\combofix.exe" /killall che mi avevi indicato.

aspetto un conforto del log.

ciao

Moreno

log di combofix

ComboFix 08-11-14.01 - User_Giulia 2008-11-16 11.29.39.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1415 [GMT 1:00]

Eseguito da: c:\documents and settings\User_Giulia\Desktop\emergenza\ComboFix.exe

* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

c:\windows\IE4 Error Log.txt

c:\windows\system32\Cache

D:\Autorun.inf

F:\autorun.inf

.

((((((((((((((((((((((((( Files Creati Da 2008-10-16 al 2008-11-16 )))))))))))))))))))))))))))))))))))

.

2008-11-16 11:14 . 2008-11-16 09:02 106,370 -r-hs---- C:\0w.com

2008-11-16 09:22 . 2008-11-16 09:22 268 --ah----- C:\sqmdata09.sqm

2008-11-16 09:22 . 2008-11-16 09:22 244 --ah----- C:\sqmnoopt09.sqm

2008-11-16 09:17 . 2008-11-16 09:17 <DIR> d-------- c:\programmi\Trend Micro

2008-11-16 09:02 . 2008-11-16 09:02 85,504 -r-hs---- c:\windows\system32\gasretyw1.dll

2008-11-15 21:56 . 2008-11-15 21:56 <DIR> d-------- c:\documents and settings\User_Giulia\Application Data\TuneUp Software

2008-11-15 21:01 . 2008-11-15 21:01 <DIR> d-------- c:\windows\CLT08GOW4CKS08GO

2008-11-15 14:16 . 2008-11-15 14:16 <DIR> d-------- c:\programmi\Alwil Software

2008-11-15 09:10 . 2008-11-16 09:02 106,370 -r-hs---- c:\windows\system32\kamsoft.exe

2008-11-15 09:10 . 2008-11-16 11:26 85,504 -r-hs---- c:\windows\system32\gasretyw0.dll

2008-11-11 14:06 . 2008-11-11 14:06 <DIR> d--h----- c:\windows\PIF

2008-11-01 19:55 . 2008-11-01 19:55 268 --ah----- C:\sqmdata08.sqm

2008-11-01 19:55 . 2008-11-01 19:55 244 --ah----- C:\sqmnoopt08.sqm

2008-11-01 13:54 . 2008-11-01 13:54 268 --ah----- C:\sqmdata07.sqm

2008-11-01 13:54 . 2008-11-01 13:54 244 --ah----- C:\sqmnoopt07.sqm

2008-11-01 11:21 . 2008-11-01 11:21 268 --ah----- C:\sqmdata06.sqm

2008-11-01 11:21 . 2008-11-01 11:21 244 --ah----- C:\sqmnoopt06.sqm

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-16 08:06 --------- d-----w c:\documents and settings\User_Giulia\Application Data\Skype

2008-11-16 08:02 --------- d-----w c:\documents and settings\User_Giulia\Application Data\skypePM

2008-10-13 22:33 --------- d-----w c:\documents and settings\User_Giulia\Application Data\AdobeUM

2008-10-13 17:46 --------- d-----w c:\programmi\File comuni\Adobe

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-04-11 15360]

"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-13 68856]

"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-09-23 21755688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-18 64512]

"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]

"SunJavaUpdateSched"="c:\programmi\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]

"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2005-09-17 52848]

"IS CfgWiz"="c:\programmi\Norton Internet Security\cfgwiz.exe" [2005-09-30 120464]

"SSC_UserPrompt"="c:\programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-05 218240]

"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]

"QPService"="c:\programmi\HP\QuickPlay\QPService.exe" [2006-07-19 102400]

"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]

"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]

"Cpqset"="c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]

"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]

"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]

"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-03-11 98304]

"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]

"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-12 81000]

"MsmqIntCert"="mqrt.dll" [2006-04-11 c:\windows\system32\mqrt.dll]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 c:\windows\system32\CHDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-04-11 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\

Avvio rapido HP Photosmart Premier.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=

"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Programmi\\Messenger\\msmsgs.exe"=

"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-15 110160]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-15 20560]

R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\Drivers\5U870CAP.sys [2006-06-06 61952]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [2007-05-29 1527900]

S3 UPnPService;UPnPService;c:\programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [2007-07-07 647242]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45824ab0-a0f2-11dc-95bb-0018de9ab26c}]

\Shell\Auto\command - Cn911.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dab2e8e-ac9d-11db-9444-0018de9ab26c}]

\Shell\AutoRun\command - F:\0w.com

\Shell\explore\Command - F:\0w.com

\Shell\open\Command - F:\0w.com

*Newly Created Service* - COMHOST

*Newly Created Service* - PROCEXP90

.

Contenuto della cartella 'Scheduled Tasks'

2008-11-14 c:\windows\Tasks\1-Click Maintenance.job

- c:\programmi\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-21 22:35]

2006-10-28 c:\windows\Tasks\Symantec NetDetect.job

- c:\programmi\Symantec\LiveUpdate\NDETECT.EXE [2005-09-25 12:57]

.

.

------- Supplementare di scansione -------

.

FireFox -: Profile - c:\documents and settings\User_Giulia\Application Data\Mozilla\Firefox\Profiles\z58q53jo.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://it.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official

FF -: plugin - c:\programmi\Java\jre1.5.0_06\bin\NPJava11.dll

FF -: plugin - c:\programmi\Java\jre1.5.0_06\bin\NPJava12.dll

FF -: plugin - c:\programmi\Java\jre1.5.0_06\bin\NPJava13.dll

FF -: plugin - c:\programmi\Java\jre1.5.0_06\bin\NPJava14.dll

FF -: plugin - c:\programmi\Java\jre1.5.0_06\bin\NPJava32.dll

FF -: plugin - c:\programmi\Java\jre1.5.0_06\bin\NPJPI150_06.dll

FF -: plugin - c:\programmi\Java\jre1.5.0_06\bin\NPOJI610.dll

FF -: plugin - c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-16 11:35:42

Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe??@?????????????L?@??????V??????`?@?????L?@

Scansione files nascosti ...

Scansione completata con successo

Files nascosti: 0

**************************************************************************

.

Ora fine scansione: 2008-11-16 11.40.02

ComboFix-quarantined-files.txt 2008-11-16 10:39:46

Pre-Run: 19.780.009.984 byte disponibili

Post-Run: 19,998,343,168 byte disponibili

144

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao, apri un file di testo, incollaci il seguente codice:

File::
c:\windows\system32\gasretyw1.dll
c:\windows\system32\kamsoft.exe
c:\windows\system32\gasretyw0.dll

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45824ab0-a0f2-11dc-95bb-0018de9ab26c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dab2e8e-ac9d-11db-9444-0018de9ab26c}]

salvalo nella stessa direzione di combofix con il nome obbligatorio di CFScript.txt

Trascinalo con il puntatore del mouse sull'icona di combofix per una nuova scansione. Al termine riavvia e posta il nuovo report , se prodotto.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Confermo quanto consigliato da Luke57 :P ed aggiungo che dovresti disinstallare Avast in quanto hai già la Suite Symantec

come pagina iniziale di Internet Explorer, penso convenga avere Google, puoi impostarla da Strumenti > opzioni > pagina iniziale

Disinstalla la Ask Toolbar e la Adobe PDF toolbar (da pannello di controllo)

Inoltre potresti alleggerire l'avvio del computer fixando queste voci inutili:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = htxtp://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop (puoi sostituire la pagina iniziale)

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe (virus)

O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\HP\Digital Imaging\bin

O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?

*************************

Una volta completato il passaggio con Combofix, esegui una scansione online con Kaspersky (su "my computer")ed allega il report

:P:)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti
Ciao, apri un file di testo, incollaci il seguente codice:

File::
c:\windows\system32\gasretyw1.dll
c:\windows\system32\kamsoft.exe
c:\windows\system32\gasretyw0.dll

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45824ab0-a0f2-11dc-95bb-0018de9ab26c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dab2e8e-ac9d-11db-9444-0018de9ab26c}]

salvalo nella stessa direzione di combofix con il nome obbligatorio di CFScript.txt

Trascinalo con il puntatore del mouse sull'icona di combofix per una nuova scansione. Al termine riavvia e posta il nuovo report , se prodotto.

ciao Luke57

grazie per la cortese risposta

Ho eseguito lo script e ti riporto il nuovo report

fammi sapere per cortesia se la situazione è migliorata

ciao

Moreno

ComboFix 08-11-14.01 - User_Giulia 2008-11-16 18.49.58.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1450 [GMT 1:00]

Eseguito da: f:\emergenza\ComboFix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((( Files Creati Da 2008-10-16 al 2008-11-16 )))))))))))))))))))))))))))))))))))

.

2008-11-16 12:15 . 2008-11-16 12:15 268 --ah----- C:\sqmdata10.sqm

2008-11-16 12:15 . 2008-11-16 12:15 244 --ah----- C:\sqmnoopt10.sqm

2008-11-16 11:14 . 2008-11-16 09:02 106,370 -r-hs---- C:\0w.com

2008-11-16 09:22 . 2008-11-16 09:22 268 --ah----- C:\sqmdata09.sqm

2008-11-16 09:22 . 2008-11-16 09:22 244 --ah----- C:\sqmnoopt09.sqm

2008-11-16 09:17 . 2008-11-16 09:17 <DIR> d-------- c:\programmi\Trend Micro

2008-11-16 09:02 . 2008-11-16 09:02 85,504 -r-hs---- c:\windows\system32\gasretyw1.dll

2008-11-15 21:56 . 2008-11-15 21:56 <DIR> d-------- c:\documents and settings\User_Giulia\Application Data\TuneUp Software

2008-11-15 21:01 . 2008-11-15 21:01 <DIR> d-------- c:\windows\CLT08GOW4CKS08GO

2008-11-15 14:16 . 2008-11-15 14:16 <DIR> d-------- c:\programmi\Alwil Software

2008-11-15 09:10 . 2008-11-16 09:02 106,370 -r-hs---- c:\windows\system32\kamsoft.exe

2008-11-15 09:10 . 2008-11-16 11:26 85,504 -r-hs---- c:\windows\system32\gasretyw0.dll

2008-11-11 14:06 . 2008-11-11 14:06 <DIR> d--h----- c:\windows\PIF

2008-11-01 19:55 . 2008-11-01 19:55 268 --ah----- C:\sqmdata08.sqm

2008-11-01 19:55 . 2008-11-01 19:55 244 --ah----- C:\sqmnoopt08.sqm

2008-11-01 13:54 . 2008-11-01 13:54 268 --ah----- C:\sqmdata07.sqm

2008-11-01 13:54 . 2008-11-01 13:54 244 --ah----- C:\sqmnoopt07.sqm

2008-11-01 11:21 . 2008-11-01 11:21 268 --ah----- C:\sqmdata06.sqm

2008-11-01 11:21 . 2008-11-01 11:21 244 --ah----- C:\sqmnoopt06.sqm

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-16 17:47 --------- d-----w c:\documents and settings\User_Giulia\Application Data\skypePM

2008-11-16 10:37 --------- d-----w c:\documents and settings\User_Giulia\Application Data\Skype

2008-10-13 22:33 --------- d-----w c:\documents and settings\User_Giulia\Application Data\AdobeUM

2008-10-13 17:46 --------- d-----w c:\programmi\File comuni\Adobe

.

((((((((((((((((((((((((((((( snapshot@2008-11-16_11.39.27,23 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-11-16 10:26:43 228,621 ----a-w c:\windows\system32\inetsrv\MetaBase.bin

+ 2008-11-16 17:47:03 228,617 ----a-w c:\windows\system32\inetsrv\MetaBase.bin

+ 2008-11-16 17:46:44 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_778.dat

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-04-11 15360]

"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-13 68856]

"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-09-23 21755688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-18 64512]

"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]

"SunJavaUpdateSched"="c:\programmi\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]

"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2005-09-17 52848]

"IS CfgWiz"="c:\programmi\Norton Internet Security\cfgwiz.exe" [2005-09-30 120464]

"SSC_UserPrompt"="c:\programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-05 218240]

"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]

"QPService"="c:\programmi\HP\QuickPlay\QPService.exe" [2006-07-19 102400]

"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]

"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]

"Cpqset"="c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]

"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]

"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]

"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-03-11 98304]

"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]

"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-12 81000]

"MsmqIntCert"="mqrt.dll" [2006-04-11 c:\windows\system32\mqrt.dll]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 c:\windows\system32\CHDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-04-11 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\

Avvio rapido HP Photosmart Premier.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=

"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Programmi\\Messenger\\msmsgs.exe"=

"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-15 110160]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-15 20560]

R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\Drivers\5U870CAP.sys [2006-06-06 61952]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [2007-05-29 1527900]

S3 UPnPService;UPnPService;c:\programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [2007-07-07 647242]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45824ab0-a0f2-11dc-95bb-0018de9ab26c}]

\Shell\Auto\command - Cn911.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dab2e8e-ac9d-11db-9444-0018de9ab26c}]

\Shell\AutoRun\command - F:\0w.com

\Shell\explore\Command - F:\0w.com

\Shell\open\Command - F:\0w.com

*Newly Created Service* - COMHOST

.

Contenuto della cartella 'Scheduled Tasks'

2008-11-14 c:\windows\Tasks\1-Click Maintenance.job

- c:\programmi\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-21 22:35]

2006-10-28 c:\windows\Tasks\Symantec NetDetect.job

- c:\programmi\Symantec\LiveUpdate\NDETECT.EXE [2005-09-25 12:57]

.

.

------- Supplementare di scansione -------

.

FireFox -: Profile - c:\documents and settings\User_Giulia\Application Data\Mozilla\Firefox\Profiles\z58q53jo.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://it.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official

FF -: plugin - c:\programmi\Java\jre1.5.0_06\bin\NPJava11.dll

FF -: plugin - c:\programmi\Java\jre1.5.0_06\bin\NPJava12.dll

FF -: plugin - c:\programmi\Java\jre1.5.0_06\bin\NPJava13.dll

FF -: plugin - c:\programmi\Java\jre1.5.0_06\bin\NPJava14.dll

FF -: plugin - c:\programmi\Java\jre1.5.0_06\bin\NPJava32.dll

FF -: plugin - c:\programmi\Java\jre1.5.0_06\bin\NPJPI150_06.dll

FF -: plugin - c:\programmi\Java\jre1.5.0_06\bin\NPOJI610.dll

FF -: plugin - c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-16 18:53:56

Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe??@?????????????L?@??????V??????`?@?????L?@

Scansione files nascosti ...

Scansione completata con successo

Files nascosti: 0

**************************************************************************

.

Ora fine scansione: 2008-11-16 18.59.32

ComboFix-quarantined-files.txt 2008-11-16 17:59:25

ComboFix2.txt 2008-11-16 10:40:03

Pre-Run: 19.982.811.136 byte disponibili

Post-Run: 19,969,990,656 byte disponibili

143

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao moreghi,

spero non ti dispiaccia se rispondo io :P la situazione non è cambiata...

Salva questo testo in un file che chiamerai fix.reg (l'estensione è reg non txt)

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45824ab0-a0f2-11dc-95bb-0018de9ab26c}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dab2e8e-ac9d-11db-9444-0018de9ab26c}]

Scarica the Avenger

lo salvi in una cartella, scompatti il file .zip

Individua avenger.exe, lo avvii

Inserisci questo script nel box bianco

Registry values to replace with dummy:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Files to delete:

c:\windows\system32\gasretyw1.dll

c:\windows\system32\kamsoft.exe

c:\windows\system32\gasretyw0.dll

folders to delete:

C:\WINDOWS\temp

C:\WINDOWS\Tasks

Programs to launch on reboot:

C:\fix.reg

Clicca su Execute

Il pc dovrebbe riavviarsi (se così non fosse, fallo tu)

Posta il log che verrà creato in C:\Avenger

Segui anche quanto ti ho consigliato nell'altro messaggio.

:P:)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti
ANGELIQUE SII UNA POTENZA DI AFFIDABILITA!!!!QUANTO VORREI ESSERE COME TE!!!!COME POSSO FARE?

...la chirurgia plastica fa miracoli :)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

[OT on]

basta non affidarsi a "Greg Anatomy" :P :P

[OT off]

:) Dinop..

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora