Computer Disastrato

U-Boot · June 15, 2008

Ehilà!

Forse vi ricorderete di me grazie a problemi come "Disinstallazione Avast!" e "Noob in panico".

Ebbene sì, sono tornato!

Ma questa volta il problema (per fortuna) non è mio.

Il computer da cui sto scrivendo è quello della mia ragazza che ha una marea di problemi tra cui, quello più grave, è che non riconosce la scheda video e non c'è su nessun driver.

Il computer in questione è un laptop targato CDC. Non pare ci siano problemi tipo malware o funzionamenti strani, ma va troppo lento per essere un computer fatto dopo il 1950.

Con la speranza che mi aiuterete vi ringrazio in anticipo!

Un saluto di cuore a tutti voi, qua di seguito vi lascio il log di HiJack, almeno avete qualche informazione in più.

Ciao!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 16.06.21, on 15/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Programmi\McAfee\Common Framework\FrameworkService.exe

C:\Programmi\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Programmi\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\Synaptics\SynTP\SynTPLpr.exe

C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Programmi\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE

C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe

C:\WINDOWS\V0250Mon.exe

C:\Programmi\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Programmi\McAfee\Common Framework\UdaterUI.exe

C:\Programmi\iTunes\iTunesHelper.exe

C:\Programmi\McAfee\Common Framework\McTray.exe

C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE

C:\Programmi\Google\Google Updater\GoogleUpdater.exe

C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programmi\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Sergio\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/oggi/indexbb.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmi\McAfee\VirusScan Enterprise\Scriptcl.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: (no name) - {B6F4BAF2-60B5-44D4-B5E0-581CF1D0C728} - C:\WINDOWS\system32\pmkki.dll (file missing)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [synTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [LWBMOUSE] C:\Programmi\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AVFX Engine] C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe

O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Programmi\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Programmi\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S8E.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [iETI] C:\Programmi\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [iETI] C:\Programmi\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')

O4 - Startup: Collegamento a RETE.lnk = C:\RETE.BAT

O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?582c426adf864822aa9e00326b30e53f

O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?582c426adf864822aa9e00326b30e53f

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.alice.it/download/DownloaderActiveX.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

O20 - Winlogon Notify: fccdccb - fccdccb.dll (file missing)

O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Programmi\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programmi\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programmi\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--

End of file - 8911 bytes

Steve75 · June 15, 2008

ciao

fai cosi;

fai uno scan con MalwareBytes Antimalware e posta il suo log

http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

* Scarica VundoFix e salvalo in una cartella creata appositamente per lui

http://www.atribune.org/ccount/click.php?id=4

- clicca su Vundofix.exe per eseguirlo

- Seleziona "Scan for Vundo"

- Attendere....

- Clicca su "Remove Vundo"

- Rispondi SI per avviare la rimozione

(Se il desktop scompare é normale)

- Alla fine della rimozione acconsenti alla richiesta di Riavvio

- Posta il log che verrà visualizzato e che verrà poi collocato in C:\

U-Boot · June 15, 2008

Ciao a tutti!

Grazie della risposta, vi do subito il log.

Malwarebytes' Anti-Malware 1.17

Versione del database: 857

21.10.42 15/06/2008

mbam-log-6-15-2008 (21-10-35).txt

Tipo di scansione: Scansione rapida

Elementi scansionati: 43944

Tempo trascorso: 14 minute(s), 30 second(s)

Processi delle memoria infetti: 0

Moduli della memoria infetti: 0

Chiavi di registro infette: 108

Valori di registro infetti: 6

Elementi dato del registro infetti: 0

Cartelle infette: 18

File infetti: 26

Processi delle memoria infetti:

(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:

(Nessun elemento malevolo rilevato)

Chiavi di registro infette:

HKEY_CLASSES_ROOT\CLSID\{1e0004ec-5df0-48c7-a8f0-fbb0488a3d94} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{d2221ccb-f2bb-4858-aad4-57c754153603} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{00b77587-be1b-4201-b8e9-09fcf50ab771} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{067c6a37-72ea-4437-863a-5be20c246f3c} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{34e29700-0d13-46aa-b9a5-ace68e21a091} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{3661af2d-c27b-499c-9bcf-66c8502a3806} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{99123ac9-7dda-4c82-b252-44c2804bf392} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{08755390-f46d-4d09-968c-3430166b3189} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{5a4737a8-b92a-4e54-970e-c2891d98ce3f} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{ace99e77-aa2a-43c2-8c9d-caf2020fdf2b} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{e0fb1610-b25b-49f6-be20-751b2f230e6f} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{087c4054-0a2b-4f35-b0db-bed3e21650f4} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{3f0915b8-b238-4c2d-ad1e-60db1e14d27a} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{ea58c2ea-be26-49dd-9b9a-c8e4e5ca7791} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{fca28ac5-c1e1-4d67-a5ae-c44d6c374d9f} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{0923208c-e259-4ed5-a778-cb607da350ad} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{1230cf51-6bc4-4a23-b3f1-c7cf0afed619} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{1a2af056-1fe1-47ca-993d-5d09d18e674e} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{4e8b851b-05b0-4baf-b24d-d0dfe88dded3} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{50c3e2b3-4fd7-4cb9-91f9-641a6e6b3689} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{62b0b239-f9ac-4a5b-bfae-62c7a23f7627} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{726f0ab9-b842-4ae4-90c7-230e233e6a99} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{99ccfb8c-6380-4a14-8fdd-ef3e7e95335d} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{b9cc2b92-5611-453f-8381-8b6f72d9c0b8} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{c4543e64-1498-410d-8e72-4744eea99ab9} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{229d2451-a617-4b30-b5e8-8138694240cb} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{2b81f920-6660-4f76-93bf-b1c67bf5d1a0} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{49155dae-c471-40fa-98ee-b2b3cad115ce} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{4d783385-0dda-4188-a529-c97dc3d67cbd} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{5b2e150d-4c8a-40e4-8c36-dd9c02771c67} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{627d894a-8a77-416e-b522-432eaf2c818e} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{6e10479b-31e8-4a3b-81b1-ddaf39097f19} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{7138f250-5b72-48dd-adfb-9a83b429dd9e} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{8971cb48-9fca-445a-be77-e8e8a4cc9df7} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> No action taken.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{ea0b6a1a-6a59-4a58-9c41-9966504898a5} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{e420a65f-9984-4b8c-9fa9-1ed69d3b0a13} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{9720de03-5820-4059-b4a4-639d5e52bd09} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{b247f5bf-bd9d-4ecd-8fc1-365f36a1fda1} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{b88e4484-3ff6-4ea9-815b-a54fe20d4387} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{bbbfb891-98ae-4678-86f3-bd5a2eed86c9} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{bf1bf02c-5a86-4ecf-adac-472c54c4d21e} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{c23fa5a4-1fea-419f-8b14-f7465df062bc} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{ccc6e232-aa4c-4813-a019-9c14b27776b6} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> No action taken.

HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{68354ad6-ac7e-4fe3-a19b-8f8e70ab4252} (Adware.Hotbar) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{68354ad6-ac7e-4fe3-a19b-8f8e70ab4252} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{d10c4db6-cb02-40f4-88ee-c0b64c02adfc} (Adware.Hotbar) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d10c4db6-cb02-40f4-88ee-c0b64c02adfc} (Adware.Hotbar) -> No action taken.

\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

HKEY_CURRENT_USER\Software\MalwareAlarm (Rogue.Malware.Alarm) -> No action taken.

HKEY_CURRENT_USER\Software\ShoppingReport (Adware.Shopping.Report) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.

Valori di registro infetti:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Adware.BHO) -> No action taken.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> No action taken.

Elementi dato del registro infetti:

(Nessun elemento malevolo rilevato)

Cartelle infette:

C:\Programmi\Hotbar (Adware.Hotbar) -> No action taken.

C:\Programmi\Hotbar\bin (Adware.Hotbar) -> No action taken.

C:\Programmi\Hotbar\bin\10.0.368.0 (Adware.Hotbar) -> No action taken.

C:\Programmi\Hotbar\bin\10.0.368.0\firefox (Adware.Hotbar) -> No action taken.

C:\Programmi\Hotbar\bin\10.0.368.0\firefox\extensions (Adware.Hotbar) -> No action taken.

C:\Programmi\Hotbar\bin\10.0.368.0\firefox\extensions\components (Adware.Hotbar) -> No action taken.

C:\Programmi\Hotbar\bin\10.0.368.0\firefox\extensions\plugins (Adware.Hotbar) -> No action taken.

C:\Programmi\ShoppingReport (Adware.Shopping.Report) -> No action taken.

C:\Programmi\ShoppingReport\Bin (Adware.Shopping.Report) -> No action taken.

C:\Programmi\ShoppingReport\cs (Adware.Shopping.Report) -> No action taken.

C:\Programmi\ShoppingReport\Bin\2.0.26 (Adware.Shopping.Report) -> No action taken.

C:\Documents and Settings\Sergio\Dati applicazioni\ShoppingReport (Adware.Shopping.Report) -> No action taken.

C:\Documents and Settings\Sergio\Dati applicazioni\ShoppingReport\cs (Adware.Shopping.Report) -> No action taken.

C:\Documents and Settings\Sergio\Dati applicazioni\ShoppingReport\cs\db (Adware.Shopping.Report) -> No action taken.

C:\Documents and Settings\Sergio\Dati applicazioni\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> No action taken.

C:\Documents and Settings\Sergio\Dati applicazioni\ShoppingReport\cs\report (Adware.Shopping.Report) -> No action taken.

C:\Documents and Settings\Sergio\Dati applicazioni\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> No action taken.

C:\Documents and Settings\All Users\Dati applicazioni\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> No action taken.

File infetti:

C:\Programmi\Hotbar\bin\10.0.368.0\CoreSrv.dll (Adware.Hotbar) -> No action taken.

C:\Programmi\Hotbar\bin\10.0.368.0\Wallpaper.dll (Adware.Zango) -> No action taken.

C:\Programmi\Hotbar\bin\10.0.368.0\Toolbar.dll (Adware.Zango) -> No action taken.

C:\Programmi\Hotbar\bin\10.0.368.0\HostIE.dll (Adware.Zango) -> No action taken.

C:\Programmi\Hotbar\bin\10.0.368.0\InstIE.dll (Adware.Zango) -> No action taken.

C:\Programmi\Hotbar\bin\10.0.368.0\arrow.ico (Adware.Hotbar) -> No action taken.

C:\Programmi\Hotbar\bin\10.0.368.0\Cml.exe (Adware.Hotbar) -> No action taken.

C:\Programmi\Hotbar\bin\10.0.368.0\copyright.txt (Adware.Hotbar) -> No action taken.

C:\Programmi\Hotbar\bin\10.0.368.0\HotbarSA.exe (Adware.Hotbar) -> No action taken.

C:\Programmi\Hotbar\bin\10.0.368.0\HotbarSAAX.dll (Adware.Hotbar) -> No action taken.

C:\Programmi\Hotbar\bin\10.0.368.0\link.ico (Adware.Hotbar) -> No action taken.

C:\Programmi\Hotbar\bin\10.0.368.0\Srv.exe (Adware.Hotbar) -> No action taken.

C:\Programmi\Hotbar\bin\10.0.368.0\Weather.exe (Adware.Hotbar) -> No action taken.

C:\Programmi\Hotbar\bin\10.0.368.0\WeSkin.dll (Adware.Hotbar) -> No action taken.

C:\Programmi\Hotbar\bin\10.0.368.0\firefox\extensions\chrome.manifest (Adware.Hotbar) -> No action taken.

C:\Programmi\Hotbar\bin\10.0.368.0\firefox\extensions\install.rdf (Adware.Hotbar) -> No action taken.

C:\Programmi\Hotbar\bin\10.0.368.0\firefox\extensions\components\npclntax.xpt (Adware.Hotbar) -> No action taken.

C:\Programmi\Hotbar\bin\10.0.368.0\firefox\extensions\plugins\npclntax_HotbarSA.dll (Adware.Hotbar) -> No action taken.

C:\Programmi\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> No action taken.

C:\Documents and Settings\Sergio\Dati applicazioni\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> No action taken.

C:\Documents and Settings\Sergio\Dati applicazioni\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> No action taken.

C:\Documents and Settings\Sergio\Dati applicazioni\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> No action taken.

C:\Documents and Settings\Sergio\Dati applicazioni\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> No action taken.

C:\Documents and Settings\Sergio\Dati applicazioni\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> No action taken.

C:\Documents and Settings\Sergio\Dati applicazioni\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> No action taken.

C:\Documents and Settings\Sergio\Dati applicazioni\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> No action taken.

Vundo non mi ha dato nessun log perchè non ha trovato malfunzionamenti.

Il log qua sopra dice "no action taken", ma dopo che ha buttato fuori il log ho avuto la bella pensata di eliminare gli errori trovati.

Vi precederò nel tempo scaricando adesso Revo e faccio un po' di pulizia.

Grazie ancora.

Il problema principale rimane sempre il driver della scheda video che rende tutto abbastanza "scattoso".

Steve75 · June 16, 2008

si elimina quanto trovato da malwarebytes...

Revo ??? cos'è?

per i driver fatti aiutare nell'apposita sezione dove sapranno consigliarti di sicuro meglio di me.....

anche se non credo che il tuo pc sia completamente pulito ...

U-Boot · June 16, 2008

Revo Unistaller, me l'avete consigliato una volta voi di Winizio, è un disinstallatore molto efficace, lo adoro.

Ora posterò nella sezione Driver il tutto, intanto sul portatile in questione disinstallerò gli antivirus (ha TEMPORANEAMENTE McCafe e Norton) e metterò su un tranquillo Avast!.

Per ora il computer funziona meglio di prima.

Dimmi te se devo postare un altro log di HiJack!

Ciao e grazie ancora!

Steve75 · June 16, 2008

disinstalla i due antivirus e metti Antivir non avast

ceruzzo · June 16, 2008

ciao, io mi ricordo di te e delle risate che mii sono fatto quando ti ho letto l'altra volta....

Per il problema della scheda posta >qui< che é la sezione giusta..

.........e mi raccomando segui l'ultimo consiglio di steve e >qui< trovi la guida per settare antivir..

U-Boot · June 17, 2008

Bella Ceruzzo!

Allora, gli ho deletato praticamente tutti gli antivirus che aveva su, tra cui strani eseguibili di sconosciuti antivirus online e gli ho buttato su AntiVir.

Lei non fa un uso del computer particolarmente elevato, lo usa giusto per spettegolare su msn e per guardare i siti che piacciono tanto alle donne.

Il problema del driver continua e ho pure scoperto che non so minimamente quale scheda grafica ha su...

Comunque per il driver sto stressando dall'altra parte, qua mi limiterò a postarvi un log di HiJack appena avrò un po' di tempo.

Saluti!

U-Boot · June 20, 2008

Ehilà! ecco a voi il log di HiJack!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 15.51.42, on 20/06/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\Synaptics\SynTP\SynTPLpr.exe

C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programmi\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE

C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe

C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Programmi\Windows Live\Messenger\usnsvc.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe

c:\programmi\avira\antivir personaledition classic\avcenter.exe

C:\Documents and Settings\Sergio\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=66028

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {B6F4BAF2-60B5-44D4-B5E0-581CF1D0C728} - (no file)

O4 - HKLM\..\Run: [synTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [LWBMOUSE] C:\Programmi\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [startCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"