supermarco81

Pc Lento, Si Avvia E Dopo 5 Minuti Rallenta E Diventa Inutilizzabile

Iniziato da supermarco81,

6 messaggi in questa discussione

Inviato

ciao ragazzi, mi accade una cosa strana da qualche giorno. accendo il pc, dopo 3-5 min in cui ha caricato tutto inizia a andare lentissimo. non riesco a fare nemmeno l'antivirus..uso avira..che tra l'altro spesso all'accensione mi trova 2 virus, li elimino ma forse non basta..poi durante la scansione rallenta e si blocca, sono bloccato..che faccio?

tra le varie cose mi mette questo file:fdcf6nfcok.txt nella casella temp come virus..che sarà??

ecco hijackthis grazie

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21.20.28, on 03/04/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programmi\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Avira\AntiVir Desktop\sched.exe

C:\Programmi\Avira\AntiVir Desktop\avguard.exe

C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE

C:\VIRUSfighter\Bin\ZLH.EXE

C:\Programmi\Ahead\InCD\InCD.exe

C:\Programmi\iTunes\iTunesHelper.exe

C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Programmi\Bonjour\mDNSResponder.exe

C:\Programmi\Avira\AntiVir Desktop\avgnt.exe

C:\Programmi\Spyware Doctor\pctsTray.exe

C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Programmi\TomTom HOME 2\HOMERunner.exe

C:\Programmi\DNA\btdna.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe

C:\Programmi\Nikon\PictureProject\NkbMonitor.exe

C:\Programmi\McAfee\SiteAdvisor\McSACore.exe

C:\Programmi\Microsoft LifeCam\MSCamS32.exe

C:\Programmi\Spyware Doctor\pctsAuxs.exe

C:\windows\iexplore.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programmi\Spyware Doctor\pctsSvc.exe

C:\Documents and Settings\utente\Desktop\HijackThis.exe

C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\svchost.exe

C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"

O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copia 1)" /O6 "USB001" /M "Stylus CX3600"

O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\Bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [inCD] C:\Programmi\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iexplore.exe] C:\windows\iexplore.exe

O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [iSTray] "C:\Programmi\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [EPSON Stylus CX3600 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copia 1)" /M "Stylus CX3600" /EF "HKCU"

O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe"

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\HOMERunner.exe" -s

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programmi\DNA\btdna.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [y478hjdjkdkge] C:\Documents and Settings\utente\Dati applicazioni\zzangohj.exe

O4 - HKCU\..\Run: [iexplore.exe] C:\windows\iexplore.exe

O4 - HKCU\..\Run: [0x017] 0x017

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe

O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL

O23 - Service: ncvbads (7aasht6rf) - Unknown owner - C:\Programmi\File comuni\tysarekb\zamsdyg.exe (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe

O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe

O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Programmi\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 11062 bytes

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Niente da dire .... quel computer è messo male (inoltre il sistema operativo non è aggiornato).

Per ora:

Scarica Combofix: clicca qui per il download

● crea una cartella apposita sul Desktop e, al suo interno, posiziona, il tool che hai scaricato

● disconnettiti da Internet

● sconnetti, fisicamente, il modem dal computer

● disabilita temporaneamente il tuo antivirus

● lancia ComboFix

● verrà chiesto di installare la Console di ripristino: non la installare

● prosegui seguendo le istruzioni che verranno rilasciate per eseguire la scansione

● senza eseguire altre operazioni, lascia che il tool completi la scansione e la fase di creazione del log

● al termine della operazione, il sistema verrà riavviato automaticamente (in caso contraio, riavvialo tu)

Note: durante la scansione

● verranno creati alcuni file sul desktop e poi eliminati

● spariranno, per un attimo, tutte le icone presenti sul Desktop

● protrebbe venire rilasciato un messaggio in relazione all'antivirus in uso: prosegui ingnorando il messaggio

● il firewall, se attivo, potrebbe rilasciare un avviso che verranno rimossi alcuni driver (consentire)

Verrà creato un log in Disco Locale C: dal nome combofix.txt che dovrai allegare

> ricollega, fisicamente, il modem al computer e connettiti a Internet ed allega il log di Combofix

> ripeti una scansione con Hijacthis ed allega il relativo log assieme a quello di Combofix

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

ciao, ho fatto il combo

ecco il report:

ComboFix 10-04-04.01 - utente 05/04/2010 11.14.01.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.447.118 [GMT 2:00]

Eseguito da: C:\Documents and Settings\utente\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000000-0000-0000-0000-000000000000}

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-2C24-9E7C08000A00}

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00200000-EE94-0012-94EE-120094EE1200}

AV: avast! antivirus 4.7.892 [VPS 0639-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\cleansweep.exe

C:\cleansweep.exe\cleansweep.exe

C:\cleansweep.exe\config.bin

C:\Documents and Settings\utente\Dati applicazioni\okefw.exe

C:\WINDOWS\iexplore.exe

C:\WINDOWS\system32\asr3232.dll

C:\WINDOWS\system32\dumphive.exe

C:\WINDOWS\system32\Process.exe

C:\WINDOWS\system32\SrchSTS.exe

C:\WINDOWS\system32\tmp.reg

C:\WINDOWS\system32\VCCLSID.exe

C:\WINDOWS\system32\WS2Fix.exe

.

((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_SSHNAS

((((((((((((((((((((((((( Files Creati Da 2010-03-05 al 2010-04-05 )))))))))))))))))))))))))))))))))))

.

2010-04-02 20:04:11 . 2010-04-02 20:50:16 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion

2010-04-02 20:04:11 . 2010-04-02 20:04:11 -------- d-----w- C:\Documents and Settings\utente\Dati applicazioni\Yahoo!

2010-04-02 20:03:46 . 2010-04-02 20:04:18 -------- d-----w- C:\Programmi\Yahoo!

2010-04-02 19:06:26 . 2004-08-03 20:59:44 95360 -c--a-w- C:\WINDOWS\system32\dllcache\atapi.sys

2010-04-02 19:06:26 . 2004-08-03 20:59:44 95360 ----a-w- C:\WINDOWS\system32\drivers\atapi.sys

2010-03-07 16:11:56 . 2009-11-25 10:19:02 56816 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys

2010-03-07 16:11:56 . 2009-03-30 08:33:11 96104 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys

2010-03-07 16:11:56 . 2009-02-13 10:29:15 22360 ----a-w- C:\WINDOWS\system32\drivers\avgntmgr.sys

2010-03-07 16:11:56 . 2009-02-13 10:17:49 45416 ----a-w- C:\WINDOWS\system32\drivers\avgntdd.sys

2010-03-07 16:11:49 . 2010-03-07 16:11:49 -------- d-----w- C:\Programmi\Avira

2010-03-07 16:11:49 . 2010-03-07 16:11:49 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Avira

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-05 09:28:00 . 2009-06-17 11:19:05 -------- d-----w- C:\Programmi\DNA

2010-04-05 09:28:00 . 2009-06-17 11:19:05 -------- d-----w- C:\Documents and Settings\utente\Dati applicazioni\DNA

2010-04-05 09:26:21 . 2007-08-17 12:22:51 -------- d---a-w- C:\Documents and Settings\All Users\Dati applicazioni\TEMP

2010-04-05 09:03:59 . 2010-01-01 19:57:26 -------- d-----w- C:\Programmi\Spyware Doctor

2010-04-03 08:19:53 . 2007-01-20 10:39:24 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy

2010-04-02 20:02:04 . 2007-09-06 12:44:25 -------- d-----w- C:\Programmi\CCleaner

2010-04-02 19:05:43 . 2005-11-21 21:41:42 -------- d-----w- C:\Programmi\easycalendarmakereval

2010-04-02 17:39:22 . 2001-08-31 10:00:00 81314 ----a-w- C:\WINDOWS\system32\perfc010.dat

2010-04-02 17:39:22 . 2001-08-31 10:00:00 479922 ----a-w- C:\WINDOWS\system32\perfh010.dat

2010-03-13 21:27:00 . 2006-05-10 08:07:29 -------- d-----w- C:\Documents and Settings\utente\Dati applicazioni\Skype

2010-03-13 20:47:37 . 2009-08-29 08:18:32 -------- d-----w- C:\Documents and Settings\utente\Dati applicazioni\skypePM

2010-03-07 18:14:45 . 2010-03-04 20:15:43 169936 ----a-w- C:\ff.exe

2010-03-07 16:24:17 . 2009-12-05 17:30:49 -------- d-sh--r- C:\Programmi\File comuni\tysarekb

2010-03-07 16:14:23 . 2010-03-19 19:27:14 479602 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\BACKUP\aerdl.dll

2010-03-07 16:14:22 . 2010-03-19 19:27:11 426356 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\BACKUP\aepack.dll

2010-03-07 16:14:21 . 2010-03-19 19:26:57 196987 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\BACKUP\aeoffice.dll

2010-03-02 21:29:29 . 2010-03-01 20:59:09 169936 ----a-w- C:\be.exe

2010-02-12 20:50:18 . 2008-12-25 18:47:01 -------- d-----w- C:\Programmi\McAfee

2009-03-02 16:05:39 . 2009-03-02 16:05:39 869 ----a-w- C:\Programmi\AVS Video Converter 6.lnk

2004-03-11 12:27:22 . 2007-02-15 08:47:08 40960 ----a-w- C:\Programmi\Uninstall_CDS.exe

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"0x017"="0x017" [X]

"EPSON Stylus CX3600 Series (Copia 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 03:00:00 98304]

"TomTomHOME.exe"="C:\Programmi\TomTom HOME 2\HOMERunner.exe" [2008-12-09 10:12:30 234856]

"BitTorrent DNA"="C:\Programmi\DNA\btdna.exe" [2009-11-16 22:08:00 323392]

"Google Update"="C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-01-08 20:44:58 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2004-05-14 07:47:18 67072]

"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 10:52:00 339968]

"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 03:00:00 98304]

"EPSON Stylus CX3600 Series (Copia 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 03:00:00 98304]

"Norman ZANDA"="C:\VIRUSfighter\Bin\ZLH.EXE" [2005-05-25 12:11:16 135168]

"InCD"="C:\Programmi\Ahead\InCD\InCD.exe" [2004-04-06 17:36:14 1298542]

"LifeCam"="C:\Programmi\Microsoft LifeCam\LifeExp.exe" [2007-05-17 21:45:32 279912]

"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2009-01-05 14:18:48 413696]

"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2009-04-02 14:11:02 342312]

"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 03:08:38 35696]

"Adobe ARM"="C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 11:08:30 935288]

"avgnt"="C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 11:08:52 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 13:39:36 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\

NkbMonitor.exe.lnk - C:\Programmi\Nikon\PictureProject\NkbMonitor.exe [2007-9-2 118784]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\dplaysvr.exe"=

"C:\\Programmi\\Messenger\\msmsgs.exe"=

"C:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=

"C:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=

"C:\\Programmi\\VirtualDJ\\virtualdj.exe"=

"C:\\Programmi\\eMule3\\emule.exe"=

"C:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=

"C:\\Programmi\\iTunes\\iTunes.exe"=

"C:\\Programmi\\SightSpeed\\SightSpeed.exe"=

"C:\\Programmi\\BitTorrent\\bittorrent.exe"=

"C:\\Programmi\\DNA\\btdna.exe"=

"C:\\Programmi\\eMule3bis\\emule.exe"=

"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"iexplore.exe"= C:\windows\iexplore.exe

"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 PCTCore;PCTools KDS;C:\WINDOWS\system32\drivers\PCTCore.sys [01/01/2010 21.58.19 207792]

R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [23/09/2009 15.11.22 722416]

R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [07/09/2007 9.16.17 45312]

R2 Browser Defender Update Service;Browser Defender Update Service;C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe [01/01/2010 22.24.04 112592]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Programmi\McAfee\SiteAdvisor\McSACore.exe [25/12/2008 20.47.47 93320]

S2 7aasht6rf;ncvbads;"C:\Programmi\File comuni\tysarekb\zamsdyg.exe" --> C:\Programmi\File comuni\tysarekb\zamsdyg.exe [?]

S3 sdAuxService;PC Tools Auxiliary Service;C:\Programmi\Spyware Doctor\pctsAuxs.exe [01/01/2010 21.57.28 359624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contenuto della cartella 'Scheduled Tasks'

2009-01-03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57:52 . 2008-07-30 11:34:12]

2010-03-13 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-113007714-725345543-1003Core.job

- C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-01-08 20:45:07 . 2010-01-08 20:44:58]

2010-04-03 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-113007714-725345543-1003UA.job

- C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-01-08 20:45:07 . 2010-01-08 20:44:58]

2010-04-05 C:\WINDOWS\Tasks\XoftSpySE 2.job

- C:\Programmi\XoftSpySE\XoftSpy.exe [2007-03-30 09:17:00 . 2007-03-30 09:17:00]

2007-09-07 C:\WINDOWS\Tasks\XoftSpySE.job

- C:\Programmi\XoftSpySE\XoftSpy.exe [2007-03-30 09:17:00 . 2007-03-30 09:17:00]

.

.

------- Scansione supplementare -------

.

uStart Page = hxxp://www.google.it/

IE: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm

DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab

.

- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-PowerBar - (no file)

HKCU-Run-Creative WebCam Tray - C:\Programmi\Creative\Shared Files\CamTray.exe

HKCU-Run-y478hjdjkdkge - C:\Documents and Settings\utente\Dati applicazioni\zzangohj.exe

HKCU-Run-iexplore.exe - C:\windows\iexplore.exe

HKU-Default-Run-Nokia.PCSync - C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe

AddRemove-Macromedia Shockwave Player - C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE

AddRemove-{6E7DD182-9FC6-4651-0095-2E666CC6AF35} - C:\Programmi\EA GAMES\The Sims 2\EAUninstall.exe

AddRemove-{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe

AddRemove-Octoshape add-in for Adobe Flash Player - C:\Documents and Settings\utente\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-05 11:27:18

Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

EPSON Stylus CX3600 Series (Copia 1) = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copia 1)" /M "Stylus CX3600" /EF "HKCU"??????????????????????????????p???g??w0??w????*??w???w????O??w?????????????????VZ????w????????????????????T???????????g??w???w???????w???w?VZ????????????w???????????????????????????????|?????????VZ?????????????O??ws??w???w'??w?????????????? ?????????"????i??????|???????4????a?w????????????????P???????????????T????b?w????P????????S??????????????h??w????P???????z??wP???????8???????????`??

Scansione files nascosti ...

Scansione completata con successo

Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x84F8A1F8]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf74e2fc3

\Driver\ACPI -> ACPI.sys @ 0xf732ccb8

\Driver\atapi -> 0x84f8a1f8

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094

ParseProcedure -> ntoskrnl.exe @ 0x8056f08e

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094

ParseProcedure -> ntoskrnl.exe @ 0x8056f08e

NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7181bc3

PacketIndicateHandler -> NDIS.sys @ 0xf716fa0b

SendHandler -> NDIS.sys @ 0xf7183b31

Warning: possible MBR rootkit infection !

user & kernel MBR OK

**************************************************************************

.

--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2128)

c:\PROGRA~1\mcafee\SITEAD~1\saHook.dll

C:\WINDOWS\system32\webcheck.dll

C:\WINDOWS\system32\IEFRAME.dll

C:\WINDOWS\system32\WPDShServiceObj.dll

C:\WINDOWS\system32\btncopy.dll

C:\Programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

C:\Programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL

C:\Programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr

C:\Programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

C:\WINDOWS\system32\PortableDeviceTypes.dll

C:\WINDOWS\system32\PortableDeviceApi.dll

- - - - - - - > 'explorer.exe'(2912)

c:\PROGRA~1\mcafee\SITEAD~1\saHook.dll

C:\WINDOWS\system32\ieframe.dll

C:\WINDOWS\system32\browselc.dll

C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll

C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA

C:\Programmi\WinRAR\rarext.dll

C:\Programmi\Avira\AntiVir Desktop\shlext.dll

C:\Programmi\Spyware Doctor\SDContextExt32.dll

C:\Programmi\Scintilla Text Editor\wscitecm.dll

C:\Programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

C:\Programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL

C:\Programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr

C:\Programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

C:\WINDOWS\system32\wpdshext.dll

C:\WINDOWS\system32\PortableDeviceApi.dll

C:\WINDOWS\system32\ODBC32.dll

C:\WINDOWS\system32\Audiodev.dll

C:\WINDOWS\system32\WMVCore.DLL

C:\WINDOWS\system32\WMASF.DLL

.

------------------------ Altri processi in esecuzione ------------------------

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programmi\Ahead\InCD\InCDsrv.exe

C:\Programmi\Avira\AntiVir Desktop\sched.exe

C:\Programmi\Avira\AntiVir Desktop\avguard.exe

C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programmi\Bonjour\mDNSResponder.exe

C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe

C:\Programmi\Microsoft LifeCam\MSCamS32.exe

C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programmi\iPod\bin\iPodService.exe

.

**************************************************************************

.

Ora fine scansione: 2010-04-05 11:41:28 - Il pc è stato riavviato

ComboFix-quarantined-files.txt 2010-04-05 09:41:09

Pre-Run: 13.436.190.720 byte disponibili

Post-Run: 13.289.390.080 byte disponibili

- - End Of File - - 142812CE8FAE722220263191D02A8A83

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11.42.03, on 05/04/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programmi\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Avira\AntiVir Desktop\sched.exe

C:\Programmi\Avira\AntiVir Desktop\avguard.exe

C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programmi\Bonjour\mDNSResponder.exe

C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe

C:\Programmi\McAfee\SiteAdvisor\McSACore.exe

C:\Programmi\Microsoft LifeCam\MSCamS32.exe

C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\svchost.exe

C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE

C:\Programmi\Ahead\InCD\InCD.exe

C:\Programmi\iTunes\iTunesHelper.exe

C:\Programmi\Avira\AntiVir Desktop\avgnt.exe

C:\Programmi\TomTom HOME 2\HOMERunner.exe

C:\Programmi\DNA\btdna.exe

C:\Programmi\Nikon\PictureProject\NkbMonitor.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\utente\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"

O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copia 1)" /O6 "USB001" /M "Stylus CX3600"

O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\Bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [inCD] C:\Programmi\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [EPSON Stylus CX3600 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copia 1)" /M "Stylus CX3600" /EF "HKCU"

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\HOMERunner.exe" -s

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programmi\DNA\btdna.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [0x017] 0x017

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe

O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL

O23 - Service: ncvbads (7aasht6rf) - Unknown owner - C:\Programmi\File comuni\tysarekb\zamsdyg.exe (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe

O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe

O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Programmi\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 10105 bytes

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato (modificato)

Ok, l'infezione appare risolta (un altro controllo lo faremo dopo), ora prosegui in questo modo:

1) scarica, sul desktop, OTC by OldTimer: clicca qui per il download

● doppio clic sulla icona per eseguirlo

● clicca su CleanUP

● clicca su Yes e nuovamente su Yes e verrà disinstallato Combofix

● riavvia il sistema.

2) svuota del suo contenuto la cartella Prefetch:

● Start

● clicca su Risorse del Computer

● clicca su Disco locale C:

● cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila e individua la cartella Prefetch

● aprila ed elimina tutte le voci conservate al suo interno (mi raccomando, non eliminare la cartella)

3) Da Installazione Applicazioni, disinstalla le vecchie versioni di:

Abobe Reader

Adobe flash player

tutte le eventuali toobar che trovi installate

Scarica ed installa le versioni aggiornate di:

● Adobe Reader: clicca qui per il download

● Adobe Flash Player: clicca qui per il download

● JavaSun: clicca qui per il download

Una volta installato Adobe Reader lancialo e dopo aver accettato la licenza:

● nella barra degli strumenti clicca sul ?

● clicca su Ricerca aggiornamenti ed esegui gli aggioramenti che veranno proposti.

Note:

JavaSun provvederà, anche, alla disinstallazione automatica di tutte le vecchie versioni, precedentemente installate (a meno che non siano ancora installate alcune precedenti alla versione 6.13 - controlla - caso mai le vecchie le disinstalli da Installazione Applicazioni);

● Per tutti e tre i software, in fase di installazione, verrà richiesto di installare la toolbar di Google (o altro): non la installarlare; quindi, togli la spunta alla relativa voce.

4) da Windows Update aggiorna il sistema al Servicepack3 (e scarica anche tutti gli altri aggiornamenti disponibili);

5) Al termine riavvia ed allega un nuovo log di Hijackthis.

Una cosa: per allegare i log usa l'apposita funzione Allega che trovi appena sotto l'editor di testo.

Modificato da Riverside

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Aggiungo che sembra tu abbia 2 antivirus installati, Avast e Avira.

Al di là della mia personale preferenza, scegline uno e rimuovi completamente l'altro.

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao supermarco81,

fai sapere appena concludi la procedura di Riverside perchè ci sono ancora dei virus da eliminare

:P:)

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora
Vai alla lista Discussioni HiJackThis - Posta qui i Log