Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
Internet Exp. pagina bianca, anche dopo rimozione registro
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
BadApple
Mortale devoto
Mortale devoto


Registrato: 11/04/08 22:57
Messaggi: 10
MessaggioInviato: 11 Apr 2008 23:39    Oggetto: Internet Exp. pagina bianca, anche dopo rimozione registro Rispondi citando
Salve a tutti sono un nuovo membro del forum e mi rivolgo a voi nella speranza di trovare una soluzione al mio problema!
..Dunque...Da un po di tempo ogni volta che apro internet explorer si blocca sulla schermata bianca e funzionava solo dopo aver terminato da task manager il processo explorer.exe..sò che questo è un problema già trattato in molti forum infatti cercando in giro ho scoperto che si tratta di un virus/maleware (ora non ricordo il nome esatto) che mi impediva anche di visualizzare tutte le pagine web contenenti le parole che lo riguardavano o di utilizzare programmi x la sicurezza come AVENGER o HJT ecc..
Leggendo i veri forum ho scoperto che x risolvere il problema bastava eliminare la chiave di registro
HKey_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution
Options\explorer.exe
Da quando ho fatto questa operazione infatti hanno ripreso a funzionare tutti i siti internet e i programmi vari ma non ho risolto il problema dell' avvio di explorer...devo sempre terminare il processo per farlo avviare!!
Premetto che ho un sistema operativo winXP sp2 e come antivirus(che naturalmente non rileva nessun virus)AVG.
Spero che qualcuno possa aiutarmi..grazie in anticipo
Top
Profilo Invia messaggio privato
chemicalbit
Dio maturo
Dio maturo


Registrato: 01/04/05 18:59
Messaggi: 18597
Residenza: Milano
MessaggioInviato: 12 Apr 2008 00:30    Oggetto: Rispondi citando
E prima non riuscivi ad eseguire HijackThis, oltre a non poter visulizzare le pagine web che ne contenevano il nome?

E ora?

Se riesciposta un log di HijackThis, vedi qui.
Top
Profilo Invia messaggio privato
BadApple
Mortale devoto
Mortale devoto


Registrato: 11/04/08 22:57
Messaggi: 10
MessaggioInviato: 12 Apr 2008 00:35    Oggetto: Rispondi citando
Esatto prima mi chiudeva automaticamente tutte le pagine web e i programmi inerenti al mio problemma...ora invece non ho più questo problema...

Questo è il log di HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.31.38, on 12/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Sitecom\Sitecom WL-151 Wireless LAN Card\Installer\WLANUTL.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\SysAdmin\Desktop\utorrent.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\MSN Messenger\livecall.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\dwwin.exe
G:\unzipped\prog\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7175de62-7e53-4c0b-865c-c1f0ca76c59a} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [tskfadqc] "c:\windows\system32\tskfadqc.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\ljklih.dll",forkonce
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] C:\WINDOWS\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: mblpcnf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Programmi\Sitecom\Sitecom WL-151 Wireless LAN Card\Installer\WLANUTL.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Read By Natural Voice Reader - C:\Programmi\Natural Voice Reader Standard\read.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Programmi\Natural Voice Reader Standard\read.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall_it.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3C29B390-B4E5-4089-8D20-308AF5D867BA} - http://wm2cqtuut.com/e38c124db90bc36369bc/baihe/CuteToons.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192122400796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192122386906
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-0da02355b328cf41.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {973BCC2A-63BD-47B3-A3A5-72A26D007028} - http://wm2cqtuut.com/6dfbdba388c0408330ec/baihe/CoolNow!.cab
O16 - DPF: {B6E4EEB6-5E44-481F-BDC9-EFB0A78D6C4A} - http://wm2cqtuut.com/0b1dce68fe6b9859cd25/baihe/moxwtgk.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07ECD38C-B6B9-4AD4-951F-423EE7F9B252}: NameServer = 85.37.17.7
O20 - AppInit_DLLs: c:\windows\system32\ddabbay.dll
O20 - Winlogon Notify: actr32 - actr32.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\SysAdmin\Dati applicazioni\tmp3.tmp.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8435 bytes

Grazie mille..aspetto consigli...
Top
Profilo Invia messaggio privato
chemicalbit
Dio maturo
Dio maturo


Registrato: 01/04/05 18:59
Messaggi: 18597
Residenza: Milano
MessaggioInviato: 12 Apr 2008 09:32    Oggetto: Re: Internet Exp. pagina bianca, anche dopo rimozione regist Rispondi citando
BadApple ha scritto:
Da un po di tempo ogni volta che apro internet explorer si blocca sulla schermata bianca e funzionava solo dopo aver terminato da task manager il processo explorer.exe..
explorer.exe (che è il programma che gestisce le cartelel di windows, gestione risorse, il desktop, ecc.) o iexplore.exe (Internet Explorer)?

Anche con altri browser (Firefox, Opera, ecc.) ti succede lo stesso problema?

BadApple ha scritto:
e come antivirus(che naturalmente non rileva nessun virus)AVG
Di antispyware non hai niente? (Es. Lavasoft Adaware o Spybot Search & Destroy).
Top
Profilo Invia messaggio privato
BadApple
Mortale devoto
Mortale devoto


Registrato: 11/04/08 22:57
Messaggi: 10
MessaggioInviato: 12 Apr 2008 11:32    Oggetto: Rispondi citando
Per far avviare correttamente internet explorer devo terminare il processo explorer.exe (e non iexplorer.exe)...in questo modo naturalmente scompare il desktop, poi da task manager lancio nuovamente explorer.exe e a questo punto inizia a funzionare correttamente anche internet explorer..dopo un po' di tempo però(solitamente circa mezzora) si blocca di nuovo sulla pagina bianca e devo ripetere le stesse operazioni.
Sinceramente non ho mai installato altri browser quindi non saprei dire se il problema è legato esclusivamente a internet explorer...comunque posso provare a installarne uno.

Per quanto riguarda gli antyspyware utilizzo Spybot Search & Destroy ma neanche lui mi ha risolto il problema...
Top
Profilo Invia messaggio privato
chemicalbit
Dio maturo
Dio maturo


Registrato: 01/04/05 18:59
Messaggi: 18597
Residenza: Milano
MessaggioInviato: 12 Apr 2008 21:59    Oggetto: Re: Internet Exp. pagina bianca, anche dopo rimozione regist Rispondi citando
BadApple ha scritto:
Leggendo i veri forum ho scoperto che x risolvere il problema bastava eliminare la chiave di registro
HKey_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution
Options\explorer.exe
Hai solo eliminato quella chiave,
o hai anche eseguito qualche programma antimalware, tool, ecc.?

Per il log di HijackThis aspettiamo qualche esperto.

(inizo a chiedere,
Citazione:
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com

Questi siti li conosci? Li hai aggiunti alla "Trusted Zone" cioè in pratica "siti fidati"?)
Top
Profilo Invia messaggio privato
BadApple
Mortale devoto
Mortale devoto


Registrato: 11/04/08 22:57
Messaggi: 10
MessaggioInviato: 13 Apr 2008 00:57    Oggetto: Rispondi citando
Io mi sono limitato a eliminare la chiave
HKey_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution
Options\explorer.exe
Per farlo ho provato a utilizzare diversi tool ma a causa del virus non me li lasciava eseguire...poi sono riuscito a farlo utilizzando RegAssassin.
Poi ho solo provato a fare alcune scansioni con AVG e spybot S&D...non ho altri programmi antimalware...mi consigli di usarne qualcuno in particolare???

Per quanto rigurda i siti
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com

non li ho mai sentiti, come faccio a eliminarli dalla trusted zone?
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 13 Apr 2008 09:28    Oggetto: Rispondi citando
Segui le istruzioni di questo topic per postare il log di combofix.
Top
Profilo Invia messaggio privato
BadApple
Mortale devoto
Mortale devoto


Registrato: 11/04/08 22:57
Messaggi: 10
MessaggioInviato: 13 Apr 2008 14:27    Oggetto: Rispondi citando
Ecco fatto...questo è il log di ComboFix:

ComboFix 08-04-12.7 - SysAdmin 2008-04-13 14:14:01.3 - NTFSx86
Eseguito da: C:\Documents and Settings\SysAdmin\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-03-13 al 2008-04-13 )))))))))))))))))))))))))))))))))))
.

2008-04-12 00:49 . 2008-04-12 00:49 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy152
2008-04-12 00:18 . 2008-04-12 00:18 <DIR> d-------- C:\Programmi\CCleaner
2008-04-09 23:29 . 2008-04-11 21:26 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-03-31 20:08 . 2008-03-31 20:08 <DIR> d-------- C:\Programmi\iTunes
2008-03-31 20:08 . 2008-03-31 20:08 <DIR> d-------- C:\Programmi\iPod
2008-03-31 20:08 . 2008-03-31 20:08 <DIR> d-------- C:\Programmi\Apple Software Update
2008-03-31 20:08 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-03-31 20:07 . 2008-03-31 20:07 <DIR> d-------- C:\Programmi\File comuni\Apple
2008-03-31 12:49 . 2008-03-31 12:49 <DIR> d-------- C:\Programmi\THQ
2008-03-31 12:49 . 2007-09-14 06:21 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-03-31 12:49 . 2007-09-14 06:21 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-03-31 00:05 . 2008-03-31 00:05 <DIR> d-------- C:\Documents and Settings\SysAdmin\Dati applicazioni\Apple Computer
2008-03-31 00:05 . 2008-04-13 14:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-31 00:05 . 2008-03-31 20:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-31 00:01 . 2008-03-31 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-03-17 12:30 . 2008-03-17 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TVU networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 00:40 --------- d-----w C:\Documents and Settings\SysAdmin\Dati applicazioni\uTorrent
2008-04-12 08:56 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-04-12 08:55 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-04-11 22:25 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-04-11 22:24 --------- d-----w C:\Programmi\File comuni\Adobe
2008-03-31 21:30 --------- d-----w C:\Documents and Settings\SysAdmin\Dati applicazioni\AVG7
2008-03-31 11:17 --------- d-----w C:\Programmi\eMule
2008-03-30 22:04 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-03-30 22:03 --------- d-----w C:\Programmi\QuickTime Alternative
2008-03-17 10:30 --------- d-----w C:\Programmi\TVUPlayer
2008-02-16 17:44 --------- d-----w C:\Programmi\TVAnts
2008-02-10 16:37 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-09-03 20:04 524,300 ----a-w C:\Documents and Settings\SysAdmin\Dati applicazioni\position.bin
2007-04-08 23:52 16 ----a-w C:\Programmi\nwnplayer.ini
2007-04-01 11:27 58,176 ----a-w C:\Documents and Settings\SysAdmin\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7175de62-7e53-4c0b-865c-c1f0ca76c59a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-08-19 15:39 1667584]
"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy152\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [2003-01-09 06:42 4608 C:\WINDOWS\system32\carpserv.exe]
"DSLAGENTEXE"="dslagent.exe" [2003-04-01 10:53 16384 C:\WINDOWS\system32\dslagent.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
"nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26 86016]
"tskfadqc"="c:\windows\system32\tskfadqc.exe" [2004-08-19 15:39 29348]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 20:10 579072]
"QuickTime Task"="C:\Programmi\QuickTime Alternative\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:39 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 19:32 219136]

C:\Documents and Settings\SysAdmin\Menu Avvio\Programmi\Esecuzione automatica\
mblpcnf.exe [2007-08-12 20:45:39 3437]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
Sitecom Wireless Utility.lnk - C:\Programmi\Sitecom\Sitecom WL-151 Wireless LAN Card\Installer\WLANUTL.exe [2007-11-24 17:55:23 909312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"5T19I3B27A"= C:\WINDOWS\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\actr32]
actr32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\ddabbay.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmi\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Documents and Settings\\SysAdmin\\Desktop\\utorrent.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule tcp
"4672:UDP"= 4672:UDP:emule udp
"25936:TCP"= 25936:TCP:uTorrent
"5739:UDP"= 5739:UDP:pes2008

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 15:47]
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-09-01 15:50]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2006-11-15 17:23]
R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2006-11-21 21:42]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-08-03 12:10]
S3 efipsk;efipsk;C:\DOCUME~1\SysAdmin\IMPOST~1\Temp\efipsk.sys []
S3 PciCon;PciCon;D:\PciCon.sys []
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2007-01-11 19:20]
S3 SFC4;SFC4;C:\WINDOWS\system32\drivers\SFC4.sys []

.
Contenuto della cartella 'Scheduled Tasks'
"2008-03-31 18:08:19 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2007-05-12 09:54:09 C:\WINDOWS\Tasks\bdviij.job"

E questo è l'ultimo di HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:22, on 2008-04-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Sitecom\Sitecom WL-151 Wireless LAN Card\Installer\WLANUTL.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
G:\unzipped\prog\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: (no name) - {7175de62-7e53-4c0b-865c-c1f0ca76c59a} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [tskfadqc] "c:\windows\system32\tskfadqc.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy152\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] C:\WINDOWS\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: mblpcnf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Programmi\Sitecom\Sitecom WL-151 Wireless LAN Card\Installer\WLANUTL.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Read By Natural Voice Reader - C:\Programmi\Natural Voice Reader Standard\read.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Programmi\Natural Voice Reader Standard\read.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3C29B390-B4E5-4089-8D20-308AF5D867BA} - http://wm2cqtuut.com/e38c124db90bc36369bc/baihe/CuteToons.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192122400796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192122386906
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-0da02355b328cf41.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {973BCC2A-63BD-47B3-A3A5-72A26D007028} - http://wm2cqtuut.com/6dfbdba388c0408330ec/baihe/CoolNow!.cab
O16 - DPF: {B6E4EEB6-5E44-481F-BDC9-EFB0A78D6C4A} - http://wm2cqtuut.com/0b1dce68fe6b9859cd25/baihe/moxwtgk.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07ECD38C-B6B9-4AD4-951F-423EE7F9B252}: NameServer = 85.37.17.7
O20 - Winlogon Notify: actr32 - actr32.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7954 bytes

Domanda: è normale che dopo aver completato la scansione con ComboFix mi è apparsa una nuova icona di collegamento a internet explorer sul desktop??
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 14 Apr 2008 13:41    Oggetto: Rispondi citando
Crea un file di testo con le seguenti istruzioni:
Codice:
File::
C:\Documents and Settings\SysAdmin\Menu Avvio\Programmi\Esecuzione automatica\mblpcnf.exe
C:\WINDOWS\svchost.exe
c:\windows\system32\ddabbay.dll
C:\DOCUME~1\SysAdmin\IMPOST~1\Temp\efipsk.sys
C:\WINDOWS\Tasks\bdviij.job
c:\windows\system32\tskfadqc.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"5T19I3B27A"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tskfadqc"=-

Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:

Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro. Wink
Posta i logs aggiornati di combofix e di hijackthis
Top
Profilo Invia messaggio privato
BadApple
Mortale devoto
Mortale devoto


Registrato: 11/04/08 22:57
Messaggi: 10
MessaggioInviato: 14 Apr 2008 20:46    Oggetto: Rispondi citando
Ecco il nuovo log di ComboFix:

ComboFix 08-04-12.7 - SysAdmin 2008-04-14 20:35:42.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.1132 [GMT 2:00]
Eseguito da: C:\Documents and Settings\SysAdmin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\SysAdmin\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\DOCUME~1\SysAdmin\IMPOST~1\Temp\efipsk.sys
C:\Documents and Settings\SysAdmin\Menu Avvio\Programmi\Esecuzione automatica\mblpcnf.exe
C:\WINDOWS\svchost.exe
c:\windows\system32\ddabbay.dll
c:\windows\system32\tskfadqc.exe
C:\WINDOWS\Tasks\bdviij.job
.
TimedOut: progfile.dat

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\SysAdmin\Menu Avvio\Programmi\Esecuzione automatica\mblpcnf.exe
c:\windows\system32\tskfadqc.exe
C:\WINDOWS\Tasks\bdviij.job

.
((((((((((((((((((((((((( Files Creati Da 2008-03-14 al 2008-04-14 )))))))))))))))))))))))))))))))))))
.

2008-04-12 00:49 . 2008-04-12 00:49 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy152
2008-04-12 00:18 . 2008-04-12 00:18 <DIR> d-------- C:\Programmi\CCleaner
2008-04-09 23:29 . 2008-04-11 21:26 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-03-31 20:08 . 2008-03-31 20:08 <DIR> d-------- C:\Programmi\iTunes
2008-03-31 20:08 . 2008-03-31 20:08 <DIR> d-------- C:\Programmi\iPod
2008-03-31 20:08 . 2008-03-31 20:08 <DIR> d-------- C:\Programmi\Apple Software Update
2008-03-31 20:08 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-03-31 20:07 . 2008-03-31 20:07 <DIR> d-------- C:\Programmi\File comuni\Apple
2008-03-31 12:49 . 2008-03-31 12:49 <DIR> d-------- C:\Programmi\THQ
2008-03-31 12:49 . 2007-09-14 06:21 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-03-31 12:49 . 2007-09-14 06:21 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-03-31 00:05 . 2008-03-31 00:05 <DIR> d-------- C:\Documents and Settings\SysAdmin\Dati applicazioni\Apple Computer
2008-03-31 00:05 . 2008-04-14 20:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-31 00:05 . 2008-03-31 20:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-31 00:01 . 2008-03-31 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-03-17 12:30 . 2008-03-17 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TVU networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 00:40 --------- d-----w C:\Documents and Settings\SysAdmin\Dati applicazioni\uTorrent
2008-04-12 08:56 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-04-12 08:55 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-04-11 22:25 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-04-11 22:24 --------- d-----w C:\Programmi\File comuni\Adobe
2008-03-31 21:30 --------- d-----w C:\Documents and Settings\SysAdmin\Dati applicazioni\AVG7
2008-03-31 11:17 --------- d-----w C:\Programmi\eMule
2008-03-30 22:04 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-03-30 22:03 --------- d-----w C:\Programmi\QuickTime Alternative
2008-03-17 10:30 --------- d-----w C:\Programmi\TVUPlayer
2008-02-16 17:44 --------- d-----w C:\Programmi\TVAnts
2008-02-10 16:37 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-09-03 20:04 524,300 ----a-w C:\Documents and Settings\SysAdmin\Dati applicazioni\position.bin
2007-04-08 23:52 16 ----a-w C:\Programmi\nwnplayer.ini
2007-04-01 11:27 58,176 ----a-w C:\Documents and Settings\SysAdmin\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-04-13_14.17.27.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-13 12:09:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 18:28:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 40,048 2007-05-11 01:06:32 C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe

----a-w 125,440 2003-03-01 15:40:20 C:\Programmi\CursorXP\bak\CursorXP.exe

----a-w 157,592 2006-11-12 10:48:46 C:\Programmi\DAEMON Tools\bak\daemon.exe
----a-w 157,592 2006-11-12 10:48:46 C:\Programmi\DAEMON Tools\daemon.exe

----a-w 180,269 2007-07-30 17:09:33 C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe

----a-w 416,256 2007-04-21 12:19:32 C:\Programmi\Grisoft\AVG7\bak\avgcc.exe
----a-w 579,072 2007-12-20 18:10:35 C:\Programmi\Grisoft\AVG7\avgcc.exe

----a-r 49,152 2002-12-17 09:40:22 C:\Programmi\Hewlett-Packard\HP Software Update\bak\HPWuSchd.exe

----a-w 299,008 2003-04-01 09:32:08 C:\Programmi\IPM\Adsl\DataWay\bak\dslstat.exe

----a-w 482,816 2005-04-21 22:03:50 C:\Programmi\SlySoft\AnyDVD\bak\AnyDVD.exe
----a-w 482,816 2005-04-21 22:03:50 C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe

----a-w 37,376 1998-07-07 14:04:24 C:\Programmi\TextBridge Classic 2.0\Bin\bak\INSTAN~1.EXE

----a-w 12,288 2002-07-23 16:58:06 C:\Programmi\Winamp3\bak\winampa.exe

----a-w 40,960 2004-10-12 16:53:38 C:\WINDOWS\bak\NCLAUNCH.EXe

----a-w 15,360 2004-08-19 13:39:36 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 13:39:36 C:\WINDOWS\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7175de62-7e53-4c0b-865c-c1f0ca76c59a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-08-19 15:39 1667584]
"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy152\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [2003-01-09 06:42 4608 C:\WINDOWS\system32\carpserv.exe]
"DSLAGENTEXE"="dslagent.exe" [2003-04-01 10:53 16384 C:\WINDOWS\system32\dslagent.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
"nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26 86016]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 20:10 579072]
"QuickTime Task"="C:\Programmi\QuickTime Alternative\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:39 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 19:32 219136]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
Sitecom Wireless Utility.lnk - C:\Programmi\Sitecom\Sitecom WL-151 Wireless LAN Card\Installer\WLANUTL.exe [2007-11-24 17:55:23 909312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\actr32]
actr32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmi\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Documents and Settings\\SysAdmin\\Desktop\\utorrent.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule tcp
"4672:UDP"= 4672:UDP:emule udp
"25936:TCP"= 25936:TCP:uTorrent
"5739:UDP"= 5739:UDP:pes2008

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 15:47]
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-09-01 15:50]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2006-11-15 17:23]
R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2006-11-21 21:42]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-08-03 12:10]
S3 efipsk;efipsk;C:\DOCUME~1\SysAdmin\IMPOST~1\Temp\efipsk.sys []
S3 PciCon;PciCon;D:\PciCon.sys []
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2007-01-11 19:20]
S3 SFC4;SFC4;C:\WINDOWS\system32\drivers\SFC4.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d5bd291-dfa2-11db-9e55-00024f300101}]
\Shell\AutoRun\command - F:\autorun.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-03-31 18:08:19 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2007-10-23 17:29:17 C:\WINDOWS\Tasks\omrwea.job"
- c:\windows\system32\tskfadqc.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 20:39:07
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-04-14 20:40:49
ComboFix-quarantined-files.txt 2008-04-14 18:40:44
16 Directory 40,430,583,808 byte disponibili
21 Directory 40,417,562,624 byte disponibili

E quello nuovo di HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.43.32, on 14/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Sitecom\Sitecom WL-151 Wireless LAN Card\Installer\WLANUTL.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Spybot - Search & Destroy152\TeaTimer.exe
C:\WINDOWS\explorer.exe
G:\unzipped\prog\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: (no name) - {7175de62-7e53-4c0b-865c-c1f0ca76c59a} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy152\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Programmi\Sitecom\Sitecom WL-151 Wireless LAN Card\Installer\WLANUTL.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Read By Natural Voice Reader - C:\Programmi\Natural Voice Reader Standard\read.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Programmi\Natural Voice Reader Standard\read.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3C29B390-B4E5-4089-8D20-308AF5D867BA} - http://wm2cqtuut.com/e38c124db90bc36369bc/baihe/CuteToons.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192122400796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192122386906
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-0da02355b328cf41.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {973BCC2A-63BD-47B3-A3A5-72A26D007028} - http://wm2cqtuut.com/6dfbdba388c0408330ec/baihe/CoolNow!.cab
O16 - DPF: {B6E4EEB6-5E44-481F-BDC9-EFB0A78D6C4A} - http://wm2cqtuut.com/0b1dce68fe6b9859cd25/baihe/moxwtgk.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07ECD38C-B6B9-4AD4-951F-423EE7F9B252}: NameServer = 85.37.17.7
O20 - Winlogon Notify: actr32 - actr32.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7924 bytes
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 14 Apr 2008 21:09    Oggetto: Rispondi citando
E' rimasto ancora qualcosina... Razz
Crea un file di testo con le seguenti istruzioni:
Codice:
File::
C:\WINDOWS\Tasks\omrwea.job

Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:

Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro. Wink

Disabilita il ripristino di sistema e avvia il pc in modalità provvisoria
esegui hijackthis
clicca su do a system scan only
metti il segno di spunta a queste voci:
Citazione:
O2 - BHO: (no name) - {7175de62-7e53-4c0b-865c-c1f0ca76c59a} - (no file)
O16 - DPF: {3C29B390-B4E5-4089-8D20-308AF5D867BA} - http://wm2cqtuut.com/e38c124db90bc36369bc/baihe/CuteToons.cab
O16 - DPF: {973BCC2A-63BD-47B3-A3A5-72A26D007028} - http://wm2cqtuut.com/6dfbdba388c0408330ec/baihe/CoolNow!.cab
O16 - DPF: {B6E4EEB6-5E44-481F-BDC9-EFB0A78D6C4A} - http://wm2cqtuut.com/0b1dce68fe6b9859cd25/baihe/moxwtgk.cab
O20 - Winlogon Notify: actr32 - actr32.dll (file missing)

clicca fix checked
Riavvia il pc in modalità normale.

Scarica DelDomains e salvalo sul desktop (clic con destro sul link > salva oggetto)
poi clic con destro sul file e scegli Installa.

Posta i logs aggiornati di combofix e di hijackthis.
Top
Profilo Invia messaggio privato
BadApple
Mortale devoto
Mortale devoto


Registrato: 11/04/08 22:57
Messaggi: 10
MessaggioInviato: 15 Apr 2008 19:33    Oggetto: Rispondi citando
Fatto tutto...
Nuovo log ComboFix:

ComboFix 08-04-12.7 - SysAdmin 2008-04-15 19.11.25.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.1137 [GMT 2:00]
Eseguito da: C:\Documents and Settings\SysAdmin\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
TimedOut: progfile.dat

((((((((((((((((((((((((( Files Creati Da 2008-03-15 al 2008-04-15 )))))))))))))))))))))))))))))))))))
.

2008-04-12 00:49 . 2008-04-12 00:49 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy152
2008-04-12 00:18 . 2008-04-12 00:18 <DIR> d-------- C:\Programmi\CCleaner
2008-04-09 23:29 . 2008-04-11 21:26 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-03-31 20:08 . 2008-03-31 20:08 <DIR> d-------- C:\Programmi\iTunes
2008-03-31 20:08 . 2008-03-31 20:08 <DIR> d-------- C:\Programmi\iPod
2008-03-31 20:08 . 2008-03-31 20:08 <DIR> d-------- C:\Programmi\Apple Software Update
2008-03-31 20:08 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-03-31 20:07 . 2008-03-31 20:07 <DIR> d-------- C:\Programmi\File comuni\Apple
2008-03-31 12:49 . 2008-03-31 12:49 <DIR> d-------- C:\Programmi\THQ
2008-03-31 12:49 . 2007-09-14 06:21 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-03-31 12:49 . 2007-09-14 06:21 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-03-31 00:05 . 2008-03-31 00:05 <DIR> d-------- C:\Documents and Settings\SysAdmin\Dati applicazioni\Apple Computer
2008-03-31 00:05 . 2008-04-15 19:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-31 00:05 . 2008-03-31 20:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-31 00:01 . 2008-03-31 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-03-17 12:30 . 2008-03-17 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TVU networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 00:40 --------- d-----w C:\Documents and Settings\SysAdmin\Dati applicazioni\uTorrent
2008-04-12 08:56 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-04-12 08:55 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-04-11 22:25 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-04-11 22:24 --------- d-----w C:\Programmi\File comuni\Adobe
2008-03-31 21:30 --------- d-----w C:\Documents and Settings\SysAdmin\Dati applicazioni\AVG7
2008-03-31 11:17 --------- d-----w C:\Programmi\eMule
2008-03-30 22:04 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-03-30 22:03 --------- d-----w C:\Programmi\QuickTime Alternative
2008-03-17 10:30 --------- d-----w C:\Programmi\TVUPlayer
2008-02-16 17:44 --------- d-----w C:\Programmi\TVAnts
2008-02-10 16:37 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-09-03 20:04 524,300 ----a-w C:\Documents and Settings\SysAdmin\Dati applicazioni\position.bin
2007-04-08 23:52 16 ----a-w C:\Programmi\nwnplayer.ini
2007-04-01 11:27 58,176 ----a-w C:\Documents and Settings\SysAdmin\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-04-13_14.17.27.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-13 12:09:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-15 17:09:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 40,048 2007-05-11 01:06:32 C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe

----a-w 125,440 2003-03-01 15:40:20 C:\Programmi\CursorXP\bak\CursorXP.exe

----a-w 157,592 2006-11-12 10:48:46 C:\Programmi\DAEMON Tools\bak\daemon.exe
----a-w 157,592 2006-11-12 10:48:46 C:\Programmi\DAEMON Tools\daemon.exe

----a-w 180,269 2007-07-30 17:09:33 C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe

----a-w 416,256 2007-04-21 12:19:32 C:\Programmi\Grisoft\AVG7\bak\avgcc.exe
----a-w 579,584 2008-04-15 10:31:13 C:\Programmi\Grisoft\AVG7\avgcc.exe

----a-r 49,152 2002-12-17 09:40:22 C:\Programmi\Hewlett-Packard\HP Software Update\bak\HPWuSchd.exe

----a-w 299,008 2003-04-01 09:32:08 C:\Programmi\IPM\Adsl\DataWay\bak\dslstat.exe

----a-w 482,816 2005-04-21 22:03:50 C:\Programmi\SlySoft\AnyDVD\bak\AnyDVD.exe
----a-w 482,816 2005-04-21 22:03:50 C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe

----a-w 37,376 1998-07-07 14:04:24 C:\Programmi\TextBridge Classic 2.0\Bin\bak\INSTAN~1.EXE

----a-w 12,288 2002-07-23 16:58:06 C:\Programmi\Winamp3\bak\winampa.exe

----a-w 40,960 2004-10-12 16:53:38 C:\WINDOWS\bak\NCLAUNCH.EXe

----a-w 15,360 2004-08-19 13:39:36 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 13:39:36 C:\WINDOWS\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7175de62-7e53-4c0b-865c-c1f0ca76c59a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-08-19 15:39 1667584]
"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy152\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [2003-01-09 06:42 4608 C:\WINDOWS\system32\carpserv.exe]
"DSLAGENTEXE"="dslagent.exe" [2003-04-01 10:53 16384 C:\WINDOWS\system32\dslagent.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
"nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26 86016]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 12:31 579584]
"QuickTime Task"="C:\Programmi\QuickTime Alternative\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:39 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 19:32 219136]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
Sitecom Wireless Utility.lnk - C:\Programmi\Sitecom\Sitecom WL-151 Wireless LAN Card\Installer\WLANUTL.exe [2007-11-24 17:55:23 909312]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmi\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Documents and Settings\\SysAdmin\\Desktop\\utorrent.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule tcp
"4672:UDP"= 4672:UDP:emule udp
"25936:TCP"= 25936:TCP:uTorrent
"5739:UDP"= 5739:UDP:pes2008

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 15:47]
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-09-01 15:50]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2006-11-15 17:23]
R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2006-11-21 21:42]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-08-03 12:10]
S3 efipsk;efipsk;C:\DOCUME~1\SysAdmin\IMPOST~1\Temp\efipsk.sys []
S3 PciCon;PciCon;D:\PciCon.sys []
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2007-01-11 19:20]
S3 SFC4;SFC4;C:\WINDOWS\system32\drivers\SFC4.sys []

.
Contenuto della cartella 'Scheduled Tasks'
"2008-03-31 18:08:19 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 19:14:54
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-04-15 19.16.22
ComboFix-quarantined-files.txt 2008-04-15 17:16:17
ComboFix2.txt 2008-04-15 10:41:47
ComboFix3.txt 2008-04-14 18:40:49
16 Directory 40,394,272,768 byte disponibili
20 Directory 40,380,178,432 byte disponibili


Nuovo log HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.28.54, on 15/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Sitecom\Sitecom WL-151 Wireless LAN Card\Installer\WLANUTL.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Spybot - Search & Destroy152\TeaTimer.exe
G:\unzipped\prog\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: (no name) - {7175de62-7e53-4c0b-865c-c1f0ca76c59a} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy152\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Programmi\Sitecom\Sitecom WL-151 Wireless LAN Card\Installer\WLANUTL.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Read By Natural Voice Reader - C:\Programmi\Natural Voice Reader Standard\read.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Programmi\Natural Voice Reader Standard\read.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192122400796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192122386906
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-0da02355b328cf41.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07ECD38C-B6B9-4AD4-951F-423EE7F9B252}: NameServer = 85.37.17.7
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7434 bytes

Comunque da quando ho eseguito queste ultime operazioni mi sembra che tutto funzioni regolarmente (almeno per ora)
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 15 Apr 2008 22:17    Oggetto: Rispondi
Infatti, dovresti essere a posto.
Se vuoi, disabilita il tuo antivirus, collegati a BitDefender (con IE) e fai la scansione completa.
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi