giuliadill

Ripristinare Connessione Wireless Dopo Il Virus Bagle O Beagle...

5 messaggi in questa discussione

salve a tutti!

non so se questa è la sezione giusta, ma non sapevo dove postare il mio topic...

ho un acer travelmate 6592 con windows vista business, service pack 1.

un paio di mesi fa un giorno l'ho acceso e mi è comparso un avviso che diceva che i database dell'antivirus (kaspersky) erano corrotti, ho provato ad aggiornarli, ma non ce l'ha fatta, ed è comparsa una schermata a righe orizzontali. ho provato a riavviare, ma la situazione è solo peggiorata, più andavo avanti, prima le righe comparivano. ho portato il computer in assistenza, non sapevano neanche loro che fare, alla fine hanno cambiato la ram, fatto una pulizia e una scansione con antivirus e adesso il pc funziona abbstanza bene, a parte il fatto che è rallentato (soprattutto nelle operazioni di copia e incolla da dischi esterni).

il problema principale è però che non riesco più a vedere le reti wireless: se clicco su "determina perchè non è possibile trovare alcuna rete" mi dice che non è avviato il servizio wireless di windows, clicco su "avviare il servizio wireless di windows" ma mi compare un avviso "impossibile risolvere il problema, contattare l'amministratore della rete o il provider di servizi internet". inoltre dalla scheda "servizi" vedo che "configurazione automatica WLAN" non è avviata, anche se è impostata su automatico, e se provo ad avviarla mi dà un messaggio di errore "impossibile avviare il servizio di configurazione automatica WLAN su Computer locale. Errore 3: Impossibile trovare il percorso specificato."

cosa devo fare per potermi di nuovo collegare?

GRAZIE MILLE a chiunque risponda, non so che fare!

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Benvenuto/a!
:) Ciao e Benvenuto/a nel forum, giuliadill.

Perché non personalizzi la tua presenza in WinInizio aggiungendo una firma e un'immagine al tuo profilo personale ? se non sai come fare, clicca qui.

Se sei una ragazza e vuoi essere aggiunta al gruppo delle WinGirls non dovrai fare altro che presentarti in questo thread o contattare un membro dello staff; se invece hai meno di 18 anni potresti far parte degli Juniores, per farlo presentati qui o contatta un membro dello staff.

Il gruppo WinGirls e Juniores offrono alcuni vantaggi speciali, scoprili nell'apposito thread di presentazione!

Ricordati, infine, che un titolo appropriato per dare visibilità alle tue nuove discussioni è essenziale: chiamare una discussione "Aiuto" o "Consiglio" non permette di capire subito la tua richiesta e rende più difficili le ricerche per gli altri utenti.

Link utili:

- Regolamento
- Netiquette
- Glossario
- Thread di Benvenuto
- Guida all'uso di WinInizio

Ciao giuliadill,

scarica Combofix sul desktop

devi rinominare il file prima di salvarlo sul desktop in abc.exe

(per rinominare il file, quando lo scarichi ti chiede dove salvarlo e ti compare la casella "nome file", cambia il nome che ti appare in abc.exe e salvalo obbligatoriamente sul desktop)

start > esegui, nel box bianco copia e incolla questo comando, virgolette comprese:

"%userprofile%\desktop\abc.exe" /killall

Premi OK

(se usi vista start > tutti i programmi accessori > esegui)

se tutto va bene parte il programma che potrebbe impiegare molto

attendi pazientemente il termine delle operazioni e posta il report C:\ComboFix.txt

:P:P

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

ecco il file:

ComboFix 09-08-25.01 - Giulia 25/08/2009 22.46.06.1.2 - NTFSx86

Microsoft® Windows Vista™ Business 6.0.6001.1.1252.39.1040.18.3069.2176 [GMT 2:00]

Eseguito da: c:\users\Giulia\Desktop\abc.exe

Opzioni usate :: /killall

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

SP: Kaspersky Anti-Virus *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

* Creato nuovo punto di ripristino

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\$recycle.bin\S-1-5-21-1326288836-2769008155-457131023-500

c:\$recycle.bin\S-1-5-21-2455369639-1584203781-3666114389-1001

c:\program files\FunWebProducts

c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera

c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera \Uninstall.lnk

c:\users\Default\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\17DC.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\1AFE.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\1E1E.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\224F.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\23C.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\2565.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\2EDA.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\2FD5.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\3301.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\3357.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\362D.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\3959.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\3BE7.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\3C85.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\474F.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\49C6.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\528F.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\54D3.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\60D8.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\74EC.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\7532.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\7798.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\7AE4.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\7CD6.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\7D26.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\86f47dc8-f6f2-f9a7-06f0-d390790a1228

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\8C90.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\94FA.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\A165.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\AEF9.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\BBE1.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\C377.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\C4F2.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\C506.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\C651.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\CC0C.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\CF38.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 114

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 122

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 133

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 155

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 168

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 172

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 299

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 322

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 343

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 347

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 355

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 386

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 393

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 422

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 435

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 442

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 447

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 45

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 458

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 460

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 467

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 478

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 513

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 516

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 527

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 553

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 554

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 581

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 641

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 709

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 72

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 756

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 76

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 768

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 827

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 839

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 85

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 869

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 871

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 906

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 928

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 933

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 953

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 987

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 99

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 999

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\D15A.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\D24D.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\D7DD.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\DDD9.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\E112.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\E37F.tmp

c:\users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\FE65.tmp

c:\users\Giulia\NTUSER.DAT{3d4e88f0-6a70-11db-b1ba-d64300c9c793}.TxR.0.regtrans-ms

c:\users\Giulia\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms

c:\users\Giulia\ntuser.dat{63717ffc-d125-11dd-a7c9-883c44c47b61}.TMContainer00000000000000000001.regtrans-ms

c:\users\Public\NTUSER.DAT{65442ae7-9150-11dd-bda1-bd39887d4802}.TMContainer00000000000000000001.regtrans-ms

c:\users\Public\NTUSER.DAT{db4a995e-62d2-11dd-981f-a6b11b6b2742}.TMContainer00000000000000000001.regtrans-ms

c:\windows\system32\a0338c7c-c248-5b7f-609d-198b2b122d67.exe

c:\windows\system32\config\systemprofile\ntuser.dat{5d04d6a3-c7c1-11dc-b97b-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

c:\windows\system32\vpipajqabkwav.exe

c:\users\Giulia\ntuser.dat{b006cad1-3279-11de-ad03-9d403085194f}.TMContainer00000000000000000001.regtrans-ms . . . . Eliminazione Fallita

c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{3d4e88e9-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms . . . . Eliminazione Fallita

c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{3d4e88e5-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms . . . . Eliminazione Fallita

.

((((((((((((((((((((((((( Files Creati Da 2009-07-25 al 2009-08-25 )))))))))))))))))))))))))))))))))))

.

2009-08-25 20:58 . 2009-08-25 21:01 -------- d-----w- c:\users\Giulia\AppData\Local\temp

2009-08-25 20:58 . 2009-08-25 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-08-22 00:12 . 2009-08-22 00:12 -------- d-----w- c:\users\Giulia\AppData\Roaming\Intel

2009-08-22 00:12 . 2009-08-22 00:12 -------- d-----w- c:\users\Public\Roaming

2009-08-22 00:12 . 2009-08-22 00:12 -------- d-----w- c:\users\Giulia\Roaming

2009-08-22 00:12 . 2009-08-22 00:12 -------- d-----w- c:\users\Default\Roaming

2009-08-22 00:12 . 2009-08-22 00:12 -------- d-----w- c:\programdata\Roaming

2009-08-22 00:11 . 2009-08-22 00:11 -------- d-----w- c:\programdata\Intel

2009-08-22 00:11 . 2009-08-22 00:11 -------- d-----w- c:\program files\Cisco

2009-08-21 19:06 . 2009-08-21 19:06 -------- d-----w- c:\users\Giulia\AppData\Roaming\PeerNetworking

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-25 20:58 . 2009-01-11 20:04 688160 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-08-25 20:58 . 2009-01-11 20:04 5135904 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-08-25 20:58 . 2009-01-11 20:04 4480 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-08-25 20:58 . 2009-01-11 20:04 43300 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-08-25 20:58 . 2008-05-23 09:34 12 ----a-w- c:\windows\bthservsdp.dat

2009-08-25 20:46 . 2008-01-21 06:45 662846 ----a-w- c:\windows\system32\perfh010.dat

2009-08-25 20:46 . 2008-01-21 06:45 120326 ----a-w- c:\windows\system32\perfc010.dat

2009-08-25 20:42 . 2009-01-11 20:04 -------- d-----w- c:\programdata\Kaspersky Lab

2009-08-22 00:15 . 2008-04-15 11:59 -------- d-----w- c:\program files\DIFX

2009-08-22 00:10 . 2008-04-15 11:37 -------- d-----w- c:\program files\Intel

2009-07-05 20:48 . 2008-06-27 12:58 -------- d-----w- c:\programdata\Google Updater

2009-07-02 23:58 . 2009-01-11 20:05 96645 ----a-w- c:\windows\system32\drivers\klin.dat

2009-07-02 23:58 . 2009-01-11 20:05 87941 ----a-w- c:\windows\system32\drivers\klick.dat

2009-06-06 10:08 . 2008-11-26 18:06 1356 ----a-w- c:\users\Giulia\AppData\Local\d3d9caps.dat

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{abfa7ed0-ef6c-2010-be4b-3a39c6aa3a7d}]

2009-04-13 17:08 688128 ----a-w- c:\windows\System32\nsw5A82.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]

"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-04-20 404248]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Bio-Protection fingerprint solution\PdtWzd.exe" [2008-05-23 3870208]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-05 201992]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-28 4472832]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-5-23 1216512]

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-6-27 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]

2008-05-23 09:37 2869760 ----a-w- c:\program files\Acer\Bio-Protection fingerprint solution\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]

2007-05-03 10:40 331264 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk

backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Giulia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]

path=c:\users\Giulia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk

backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{21ED23B3-0504-4D7C-8240-9A8C60833633}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD

"{323AC93D-4D84-4212-9AA9-D16AC5948DF5}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM

"{ED8EB2C9-F8C5-430D-B965-A06968C27431}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{5FD082A0-B6EE-4140-8150-47ABB581349E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{A2040715-C98F-48B9-8323-6EE7568AA295}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{C79E81A6-D3CD-40CA-986A-831EA4E2484B}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"TCP Query User{0A339EE7-F3E0-4F93-B195-4B382726F17F}c:\\program files\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare\bearshare.exe:BearShare

"UDP Query User{84A41491-B16D-40DE-A3BB-E845664F6172}c:\\program files\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare\bearshare.exe:BearShare

"{16F2E502-E4AA-429A-A7FA-A4BA6D3B1201}"= UDP:63331:Windows Live OneCare

"{AAB7433C-D6F1-46AF-9B70-4C3605C836E5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{067A6584-A5D8-42F1-99C7-F69E1E2A2FF8}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{DF03961A-4868-4997-9B96-49C61BF548FC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{8997E614-264E-4E3F-BCC4-E93F852624C7}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{E13DCF08-A9CE-4C70-8241-65D7C7C3F112}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{1619124A-8229-4C1E-B25C-A4E559084C5C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [29/01/2008 18.29.38 33808]

R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [15/04/2008 22.15.07 39680]

R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [15/04/2008 22.15.07 35712]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [26/03/2008 13.10.16 20496]

R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [15/04/2008 14.42.42 51200]

R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [23/05/2008 11.38.24 233472]

R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [15/04/2008 13.53.49 1489688]

R3 ITEIRDA;ITE Infrared Device Driver;c:\windows\System32\drivers\ITEirda.sys [15/04/2008 13.58.58 23552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

.

Contenuto della cartella 'Scheduled Tasks'

2009-08-25 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-27 20:48]

.

- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_04\bin\jusched.exe

HKLM-Run-eRecoveryService - (no file)

.

------- Scansione supplementare -------

.

uStart Page = hxxp://it.yahoo.com/

mStart Page = hxxp://it.intl.acer.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: {E214B4FB-6E11-4D5B-BE7D-FB0DADF6D056} = 192.168.1.1

FF - ProfilePath - c:\users\Giulia\AppData\Roaming\Mozilla\Firefox\Profiles\ut7bhxqi.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=

FF - prefs.js: browser.search.selectedEngine - Yoog Search

FF - prefs.js: browser.startup.homepage - hxxp://it.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=

---- FIREFOX POLICIES ----

FF - user.js: google.toolbar.linkdoctor.enabled - false

FF - user.js: browser.search.defaultenginename - Yoog Search

FF - user.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=

FF - user.js: browser.search.selectedEngine - Yoog Search

FF - user.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=

FF - user.js: keyword.enabled - true

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-25 23:01

Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo

Files nascosti: 0

**************************************************************************

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1326288836-2769008155-457131023-1000\Software\ATI\ACE\Settings\Runtime\Graphics\UDID\PCI_VEN_1002&DEV_94C8&SUBSYS_011A1025&REV_00_4&1AFC49&*&0008A]

"AccessTHme"="06/06/2009 10.50.57"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(3492)

c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

.

------------------------ Altri processi in esecuzione ------------------------

.

c:\windows\System32\Ati2evxx.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\Ati2evxx.exe

c:\program files\Common Files\SPBA\upeksvr.exe

c:\program files\Acer\Bio-Protection fingerprint solution\CompPtcVUI.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Intel\AMT\atchksrv.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

c:\acer\Empowering Technology\eLock\Service\eLockServ.exe

c:\acer\Empowering Technology\eNet\eNet Service.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

c:\windows\System32\IFXSPMGT.exe

c:\windows\System32\IFXTCS.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Intel\AMT\LMS.exe

c:\acer\Mobility Center\MobilityService.exe

c:\program files\O2Micro Oz128 Driver\o2flash.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\System32\drivers\XAudio.exe

c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe

c:\acer\Empowering Technology\eSettings\Service\capuserv.exe

c:\acer\Empowering Technology\ePower\ePowerSvc.exe

c:\windows\System32\wbem\unsecapp.exe

c:\windows\System32\wbem\WMIADAP.exe

.

**************************************************************************

.

Ora fine scansione: 2009-08-25 23.08.10 - Il pc è stato riavviato

ComboFix-quarantined-files.txt 2009-08-25 21:08

Pre-Run: 79.368.990.720 byte disponibili

Post-Run: 80.496.504.832 byte disponibili

383

grazie mille!!

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao giuliadill,

combofix ha eliminato un pò di roba, ora ripulisci il sistema con Ccleaner e scansiona con Malwarebytes come descritto QUI

allega il report di malwarebytes

:P:)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao a tutti!

io ho lo stesso problema di cui si parla qui...e non sono ancora riuscito a risolverlo...qualcuno potrebbe aiutarmi??

Grazie!

Dani Kn|sH

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora