www.MegaLab.it

[babyloon]

Buongiorno a tutti!! dopo mesi e mesi rieccomi qua! :)
circa 10 giorni fa, credo di aver preso un virus nel portatile. Mi faceva accendere il pc ma nn avviava Windows, un bel problema visto che n avevo nè backup nè cd di installazione (visto che mi trovo a Londra nn è così semplice trovarli!). Così dopo tantissimi tentativi di ripristino dell'avvio, scansioni alla memoria, ripristino a un momento precedente (tutti falliti). Ho fatto il ripristino parziale Packard Bell (ripristina i programmi iniziali e salva i dati in una cartella) e sono riuscita ad avviarlo ma è come se l'avessi appena comprato, mi ha fatto fare di nuovo la registrazione all'avvio. Solo che adesso ho tutte le icone e le cartelle dei programmi che avevo installati ma nn me li fa utilizzare, nè disinstallare perché nn li vede ma quando accendo il pc e avvia windows mi apre delle finestre di errore (perché nn trova i programmi). La domanda è questa: mi conviene cercare un tecnico o potete darmi una mano a rimetterlo in sesto?
I miei dati sono riuscita a salvarli, ma se ci sono tutte le cartelle dei vecchi programmi e c'era un virus, questo rimane latente e potrebbe rispuntare fuori??
...aspetto i preziosi consigli :)
grazie

[ste_95]

Prendi nota di tutti i programmi che avevi installati, e reinstallali da zero, quelli ormai sono inutilizzabili. Il virus era molto probabilmente nella cartella del sistema operativo, non ti preoccupare.
Procedi però a una scansione dei tuoi dati con un antivirus decente visto che è possibile che vi sia annidato il file che ha generato l'infezione.

[babyloon]

Prendi nota di tutti i programmi che avevi installati, e reinstallali da zero, quelli ormai sono inutilizzabili. Il virus era molto probabilmente nella cartella del sistema operativo, non ti preoccupare.
Procedi però a una scansione dei tuoi dati con un antivirus decente visto che è possibile che vi sia annidato il file che ha generato l'infezione.

ok, ma che fare delle cartelle con i file di tutti i vecchi programmi? li elimino così? nn c'è il file x disinstallarli..e poi ho notato che il pc è lentissimo e si blocca spesso

[ste_95]

Si, cancella pure la cartella vecchia dei Programmi.

Scarica HijackThis
Salvalo in una cartella (non aprirlo direttamente, sennò non farà i backup!)
Apri l'eseguibile
Clicca quindi su "Do a System Scan and Save a Logfile"
Attendi che finisca la scansione
Posta sul forum il risultato facendo attenzione a queste regole.

[babyloon]

ok

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.10.21, on 26/05/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\Vale\Downloads\aswclnr.exe
C:\Users\Vale\Downloads\aswclnr.tmp
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Users\Vale\AppData\Local\Temp\Temp1_HiJackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/r ... ey=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/r ... ey=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Mostra barra degli strumenti di Norton - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7980 bytes

[ste_95]

Questi li conosci?
C:\Users\Vale\Downloads\aswclnr.exe
C:\Users\Vale\Downloads\aswclnr.tmp

Io inizierei a rimuovere Norton e installare un anti-malware più leggero come Antivir.

[babyloon]

sono i file per installare avast cleaner. Norton l'avevo già disinstallato tempo fa, era in dotazione quando l'ho acquistato...devo cercare e scaricare tutti i programmi, compresi antivirus e remover x norton

[babyloon]

non mi permette di installare gli antivirus. ho provato prima con avira e nn mi fa finire l'installaz. poi con avast dice che ci sono degli errori, questo è il log

26.05.2009 21:48:38 general: Started: 26.05.2009, 21:48:38
26.05.2009 21:48:38 system: Operating system: Windows Vista ver 6.0, build 6000, sp 0.0
26.05.2009 21:48:38 system: Memory: 39% load. Phys:1255516/2086720K free, Page:3427164/4194303K free, Virt:2038160/2097024K free
26.05.2009 21:48:38 system: Computer WinName: PC-VALE
26.05.2009 21:48:38 system: Windows Net User: PC-Vale\Vale
26.05.2009 21:48:38 general: Old version: ffffffff (-1)
26.05.2009 21:48:38 system: Using temp: C:\Users\Vale\AppData\Local\Temp\_av_inet.tm~a01932 (92516M free)
26.05.2009 21:48:38 internet: SYNCER: Type: use IE settings
26.05.2009 21:48:38 internet: SYNCER: Auth: another authentication, use WinInet
26.05.2009 21:48:38 general: Install check: Program folder does NOT exist in registry
26.05.2009 21:48:38 general: SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 0
26.05.2009 21:48:45 general: progress thread start
26.05.2009 21:48:45 general: Destination: C:\Users\Vale\AppData\Local\Temp\_av_inet.tm~a01932
26.05.2009 21:48:45 general: Starting download: http://www.avast.com/go.php?verb=get-av ... langid=ita
26.05.2009 21:48:45 general: Download finished from server http://www.avast.com, result: 0x00000000, server response: 200
26.05.2009 21:48:45 general: C:\Users\Vale\AppData\Local\Temp\_av_inet.tm~a01932\setupita.exe, size: 879. md5: 9494FE4F964AB43120B1F61F3353C489, computemd5 returned 0x00000000, sig: 00000000000000000000000000000000000000000000000000000000000000000000000000000000 returned 0x2000000B
26.05.2009 21:48:45 general: Stats http://www.avast.com, server response: 536870923
26.05.2009 21:49:16 general: POST result: 0x20000004, server response: 0

ah..poi c'è un'altra cosa strana...il pc ogni tanto emette dei suoni, tipo un campanello ma nn riesco a capire quando...cioè nn lo associo a nessuna cosa

[crazy.cat]

Prova a fare una scansione con combofix e vediamo poi il log.

[babyloon]

ok crazy, x fargli fare la scansione mi è venuta l'ansia xchè continua a suonare...

ComboFix 09-05-29.01 - Vale 30/05/2009 1.36.38.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.39.1040.18.2038.1222 [GMT 2:00]
Eseguito da: c:\users\Vale\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {001D36C8-077F-0000-0000-000000001D00}
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {00230148-0053-0078-0000-000000002300}
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {00310034-0034-0034-6300-630066003100}
AV: avast! antivirus 4.8.1335 [VPS 090526-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: AntiVir Desktop *disabled* (Outdated) {001D36C8-077F-0000-0000-000000001D00}
SP: AntiVir Desktop *disabled* (Outdated) {00230148-0053-0078-0000-000000002300}
SP: AntiVir Desktop *disabled* (Outdated) {00310034-0034-0034-6300-630066003100}
SP: avast! antivirus 4.8.1335 [VPS 090526-0] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Creati Da 2009-04-28 al 2009-05-29 )))))))))))))))))))))))))))))))))))
.

2009-05-26 21:06 . 2009-05-29 23:05 -------- d-----w c:\users\Vale\Tracing
2009-05-26 21:04 . 2006-11-29 11:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-05-26 21:03 . 2009-05-26 21:03 712704 ----a-w c:\windows\system32\WindowsCodecs.dll
2009-05-26 21:03 . 2009-05-26 21:03 347648 ----a-w c:\windows\system32\WindowsCodecsExt.dll
2009-05-26 20:35 . 2009-05-26 20:13 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-26 20:15 . 2009-02-05 21:06 51376 ----a-w c:\windows\system32\drivers\aswTdi.sys
2009-05-26 20:15 . 2009-02-05 21:06 23152 ----a-w c:\windows\system32\drivers\aswRdr.sys
2009-05-26 20:15 . 2009-02-05 21:04 97480 ----a-w c:\windows\system32\AvastSS.scr
2009-05-26 20:15 . 2009-02-05 21:07 114768 ----a-w c:\windows\system32\drivers\aswSP.sys
2009-05-26 20:15 . 2009-02-05 21:07 20560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
2009-05-26 20:15 . 2009-02-05 20:11 1256296 ----a-w c:\windows\system32\aswBoot.exe
2009-05-26 20:13 . 2009-05-26 20:12 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-26 20:10 . 2009-05-26 20:10 -------- d-----w c:\users\Vale\AppData\Local\Paint.NET
2009-05-26 19:54 . 2009-05-26 19:54 -------- d-----w c:\program files\Softonic_Italia
2009-05-26 19:54 . 2009-05-26 19:54 -------- d-----w c:\program files\Conduit
2009-05-26 19:54 . 2009-03-26 19:44 51200 ----a-w c:\users\Vale\AppData\Roaming\Mozilla\Firefox\Profiles\2anvn2k5.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\FFExternalAlert.dll
2009-05-26 19:54 . 2009-03-26 19:44 114688 ----a-w c:\users\Vale\AppData\Roaming\Mozilla\Firefox\Profiles\2anvn2k5.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\npmozax.dll
2009-05-26 19:48 . 2001-10-28 14:42 116224 ----a-w c:\windows\system32\pdfcmnnt.dll
2009-05-26 19:48 . 1998-08-05 05:45 122128 ----a-w c:\windows\system32\VB6IT.DLL
2009-05-26 19:48 . 1998-08-05 05:45 150528 ----a-w c:\windows\system32\MSCMCIT.DLL
2009-05-26 19:48 . 1998-08-05 05:45 63488 ----a-w c:\windows\system32\MSCC2IT.DLL
2009-05-26 19:48 . 1998-07-05 22:00 23552 ----a-w c:\windows\system32\MSMPIDE.DLL
2009-05-26 19:30 . 2009-05-26 19:30 -------- d-----w c:\users\Vale\AppData\Roaming\Webshots
2009-05-26 19:28 . 2009-05-26 19:28 -------- d-----w c:\users\Vale\AppData\Local\PowerCinema
2009-05-26 18:55 . 2009-05-26 18:55 51224 ----a-w c:\windows\system32\wuauclt.exe
2009-05-26 18:55 . 2009-05-26 18:55 43544 ----a-w c:\windows\system32\wups2.dll
2009-05-26 18:55 . 2009-05-26 18:55 1524736 ----a-w c:\windows\system32\wucltux.dll
2009-05-26 18:55 . 2009-05-26 18:55 1809944 ----a-w c:\windows\system32\wuaueng.dll
2009-05-26 18:54 . 2009-05-26 18:54 83456 ----a-w c:\windows\system32\wudriver.dll
2009-05-26 18:54 . 2009-05-26 18:54 561688 ----a-w c:\windows\system32\wuapi.dll
2009-05-26 18:54 . 2009-05-26 18:54 34328 ----a-w c:\windows\system32\wups.dll
2009-05-26 18:53 . 2009-05-26 18:53 31232 ----a-w c:\windows\system32\wuapp.exe
2009-05-26 18:53 . 2009-05-26 18:53 162064 ----a-w c:\windows\system32\wuwebv.dll
2009-05-26 11:58 . 2009-05-26 18:46 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-26 11:16 . 2008-04-17 11:12 15464 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-26 11:16 . 2008-04-17 11:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-26 11:16 . 2009-05-26 20:13 -------- dc----w c:\windows\system32\DRVSTORE
2009-05-26 00:13 . 2009-05-26 00:13 -------- d-----w c:\users\Vale\AppData\Roaming\Symantec
2009-05-26 00:06 . 2009-05-26 00:06 -------- d-----w c:\users\Vale\AppData\Local\Packard Bell
2009-05-26 00:03 . 2009-05-26 00:03 -------- d-----w c:\users\Vale\AppData\Roaming\CyberLink
2009-05-26 00:03 . 2009-05-26 00:03 92 ----a-w c:\users\Vale\AppData\Local\fusioncache.dat
2009-05-26 00:03 . 2009-05-29 23:05 -------- d-----w c:\users\Vale\AppData\Local\ApplicationHistory
2009-05-26 00:03 . 2009-05-26 00:03 -------- d-----w c:\users\Vale\AppData\Roaming\Roxio
2009-05-26 00:03 . 2009-05-26 00:03 64048 ----a-w c:\users\Vale\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-26 00:02 . 2009-05-26 19:12 -------- d-----w c:\users\Vale\AppData\Roaming\Packard Bell
2009-05-26 00:02 . 2009-05-26 00:07 -------- d-----w c:\users\Vale\AppData\Local\Google
2009-05-26 00:01 . 2009-05-26 00:03 -------- d-----w c:\users\Vale\AppData\Local\VirtualStore
2009-05-25 23:57 . 2009-05-25 23:57 -------- d-----w c:\users\Vale\AppData\Roaming\InstallShield
2009-05-25 23:39 . 2009-05-25 23:39 -------- d-----w c:\users\Vale\AppData\Roaming\Talkback
2009-05-25 23:39 . 2009-05-25 23:39 0 ----a-w c:\windows\nsreg.dat
2009-05-25 23:39 . 2009-05-25 23:39 -------- d-----w c:\users\Vale\AppData\Local\Mozilla
2009-05-25 23:06 . 2009-05-25 23:32 -------- d-----w C:\Utenti_ripristinato
2009-05-16 08:29 . 2009-05-16 08:30 -------- d-----w c:\program files\QuickTime
2009-05-16 08:22 . 2009-05-16 08:27 -------- d-----w c:\program files\Kodak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 23:31 . 2008-12-19 19:25 -------- d-----w c:\program files\Avira
2009-05-29 23:27 . 2006-03-10 14:42 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-29 23:10 . 2006-03-10 22:25 692196 ----a-w c:\windows\system32\perfh010.dat
2009-05-29 23:10 . 2006-03-10 22:25 119556 ----a-w c:\windows\system32\perfc010.dat
2009-05-26 19:49 . 2008-02-29 17:16 -------- d-----w c:\program files\PDFCreator
2009-05-26 19:30 . 2008-02-18 10:33 -------- d-----w c:\program files\Webshots
2009-05-26 19:29 . 2006-03-10 14:14 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-26 19:29 . 2006-03-10 14:42 -------- d-----w c:\program files\CyberLink
2009-05-26 19:29 . 2006-03-10 14:14 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-26 19:22 . 2006-03-10 14:44 -------- d-----w c:\program files\Norton 360
2009-05-26 11:33 . 2009-05-26 11:33 27240 ----a-w c:\users\Vale\AppData\Roaming\nvModes.dat
2009-05-25 23:57 . 2006-03-10 14:10 -------- d-----w c:\program files\Intel
2009-05-25 23:35 . 2008-02-01 14:01 -------- d-----w c:\program files\Disk Cleaner
2009-03-30 08:33 . 2009-05-29 23:31 96104 ----a-w c:\windows\system32\drivers\avipbb.sys
2009-03-24 14:08 . 2009-05-29 23:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2006-03-10 14:41 . 2006-03-10 14:41 157184 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-10-11 08:04 . 2006-03-10 14:34 61036 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2006-03-10 14:34 48742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2006-03-10 14:34 29313 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2006-03-10 14:34 41082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2006-03-10 14:34 166510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2006-03-10 22:33 . 2006-03-10 22:31 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]
2009-03-10 09:47 2079256 ----a-w c:\program files\Softonic_Italia\tbSoft.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 1120568]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-23 857648]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-16 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-16 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-03-10 243200]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-26 518488]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2008-2-29 2859008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6BC4D179-3973-45AF-8BF7-08956D1F5121}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [26/05/2009 22.13.33 64160]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [26/05/2009 22.15.31 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [26/05/2009 22.15.31 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [24/05/2008 16.55.55 51792]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23.34.37 1005904]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [10/03/2006 16.17.19 46592]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - AVGIO
*NewlyCreated* - AVIPBB
.
Contenuto della cartella 'Scheduled Tasks'

2009-05-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 20:12]

2009-05-29 c:\windows\Tasks\Garanzia estesa.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-03-10 16:38]

2009-05-26 c:\windows\Tasks\HDReg.job
- c:\program files\HDReg\HDRegRem.exe [2003-07-15 08:14]

2009-05-26 c:\windows\Tasks\PBRegbk.job
- c:\program files\HDReg\HDRegApp.exe [2005-06-21 12:05]

2009-05-29 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-03-10 16:34]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

SafeBoot-procexp90.Sys


.
------- Scansione supplementare -------
.
uStart Page = hxxp://format.packardbell.com/cgi-bin/r ... ey=IESTART
FF - ProfilePath - c:\users\Vale\AppData\Roaming\Mozilla\Firefox\Profiles\2anvn2k5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\progra~1\MOZILL~1\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\progra~1\MOZILL~1\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\progra~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\users\Vale\AppData\Roaming\Mozilla\Firefox\Profiles\2anvn2k5.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\FFExternalAlert.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-30 01:40
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2009-05-29 1.41.42
ComboFix-quarantined-files.txt 2009-05-29 23:41

Pre-Run: 95.171.104.768 byte disponibili
Post-Run: 94.918.422.528 byte disponibili

205

[babyloon]

girando su internet ho trovato questo sito http://www.dinoxpc.com/Guide/BIOS/BEEP/BEEP_BIOS-2.ASP dove spiega il significato dei beep...devo ascoltare i beep???? il computer mi parla?

ok, stamattina ho fatto una scansione con avira, non ha trovato nessun virus ma quando ha emesso i beep ha analizzato questi file

Avvio della scansione dei file eseguibili (registro):
Il registro è stato scansionato ( 40 file ).


Avvio della scansione del file selezionati:

Inizia con la scansione di 'C:\' <HDD>
C:\hiberfil.sys
[AVVISO] Impossibile aprire il file!
[NOTA] Questo è un file di sistema di Windows.
[NOTA] Impossibile aprire questo file per la scansione.
C:\pagefile.sys
[AVVISO] Impossibile aprire il file!
[NOTA] Questo è un file di sistema di Windows.
[NOTA] Impossibile aprire questo file per la scansione.


Fine della scansione: sabato 30 maggio 2009 12:05
Tempo impiegato: 1:10:30 Ora(e)

La scansione è stata completamente eseguita.

15141 Directory scansionate
276809 I file sono stati scansionati
0 Rilevati virus e/o programmi indesiderati
0 I file sono stati classificati come sospetti
0 I file sono stati eliminati
0 I virus o i programmi indesiderati sono stati riparati
0 File spostati in quarantena
0 File rinominati
2 Impossibile scansionare i file
276807 File non infetti
2369 Archivi scansionati
2 Avvisi
2 Note
56852 Oggetti scansionati durante la scansione dei rootkit
0 Sono stati rilevati oggetti nascosti

. Ha suonato solo queste 2 volte, la prima 1+8 la seconda 1+5 ( ma nn ho ancora guardato qual è il tipo di scheda madre).
Quindi in questo caso devo proprio portarlo da un tecnico, è un problema fisico del pc? cosa succede se non si risolve

[babyloon]

...nessun consiglio?

[ste_95]

girando su internet ho trovato questo sito http://www.dinoxpc.com/Guide/BIOS/BEEP/BEEP_BIOS-2.ASP dove spiega il significato dei beep...devo ascoltare i beep???? il computer mi parla?

Sì! Anche qui su MegaLab.it abbiamo un articolo simile.

[babyloon]

si l'avevo letto subiro dopo http://www.MegaLab.it/2246/come-interpretare-i-beep-dei-bios ma non ho trovato nessuna sequenza che sembri una di queste...