www.MegaLab.it

da **mario 87** » ven lug 17, 2009 7:23 pm

ciao raga ho un problema il mio pc non so se ho un virus perché e diventato lentooooooooo e ogni tanto si blocca poi i miei amici quabdo li contatto con msn mi dicono che vedono una scritta con "questa e la tua foto ed un collegamento ad internet" poi non mi fa più aggiornare gli antivirus e non me li fa + funzionare uno sole funzia e non rileva virus.
vi inserisco gia una scansione se vi puo essere utile.
vi rinagrazio infinitamente ciaoooooooooooooo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.45.30, on 17/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\a-squared Free\a2service.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Programmi\UMDChat\UMDChat.exe
E:\cccliner\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\VIA\RAID\raid_tool.exe
E:\win zip\WinZip\WZQKPICK.EXE
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\wuauclt.exe
E:\WINZIP~1\WINZIP\winzip32.exe
C:\Documents and Settings\User\Impostazioni locali\Temp\HijackThis.exe
C:\DOCUME~1\User\IMPOST~1\Temp\_av_inet.tm~a04052\setupitapro.exe
C:\DOCUME~1\User\IMPOST~1\Temp\_av_sfx.tm~a00300\avast.setup

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\cccliner\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - E:\pdf\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [avast!] E:\antenne\ashDisp.exe
O4 - HKLM\..\Run: [LanzarP2006] "C:\DOCUME~1\User\IMPOST~1\Temp\P2006tmp\Install.exe" /SETUP:"/l0x0010"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Programmi\Registry Cleaner Trial\regclean.exe" -startminimize
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [UMDChat] C:\Programmi\UMDChat\UMDChat.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "E:\cccliner\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: raid_tool.exe.lnk = C:\Programmi\VIA\RAID\raid_tool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = E:\win zip\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Backward &Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\cccliner\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\cccliner\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {31F11DFA-3A23-4BC0-89B4-2FB3FB43525B} - http://67.15.5.151/ProWeb016.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} - http://www.ppstream.com/bin/powerplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - E:\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\antenne\aswUpdSv.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\antenne\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - E:\antenne\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\antenne\ashWebSv.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O24 - Desktop Component 0: (no name) - http://images.absolutenow.com/rp/Mitche ... 063653.jpg

--
End of file - 11314 bytes

Pacopas ricorda che ste_95 ha scritto: inserendolo tra i tag LOG, in questo modo:
Codice: Seleziona tutto
[LOG]qui va inserito il log[/LOG]

da **ste_95** » ven lug 17, 2009 7:32 pm

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:

Codice: Seleziona tutto: [LOG]qui va inserito il log[/LOG]

da **gioia271965** » ven lug 17, 2009 8:05 pm

Il problema del link nella finestra del messenger si sta diffondendo a macchia d'olio. Appena ci clicchi su ti si scarica un exe (se lo salvi) che è probabilmente un virus. Se lo hai fatto anche tu il problema è sicuramente quello. Alcuni amici ho saputo che hanno risolto non sò come, altri hanno preferito formattare...

da **mario 87** » ven lug 17, 2009 8:47 pm

non me lo lsacia installare perché dice che è in conflitto con avast e norton ma avast lo poisso disinsatllare dalle installazioni aplicazioni ma nortot non lo trovo nella lista

da **mario 87** » ven lug 17, 2009 10:46 pm

quindi mi dite che non c'è altro modo oltre che formattare

da **lorenaino** » sab lug 18, 2009 6:54 am

ciao,hai 2 antivirus installati con la protezione in tempo reale attivata?
Prova a disinstallarne uno,disattiva momentaneamente la protezione in tempo reale e scarica combofix con un nome di fantasia.
un'altra domanda: non ti lascia scaricare combofix o quando ci clicchi sopra ti dice che hai gli antivirus attivi?
[^]

da **ste_95** » sab lug 18, 2009 7:59 am

mario 87 ha scritto:quindi mi dite che non c'è altro modo oltre che formattare

Ma no! Figuriamoci!

Segui le indicazioni di lorenaino:

lorenaino ha scritto:Prova a disinstallarne uno,disattiva momentaneamente la protezione in tempo reale e scarica combofix con un nome di fantasia.
un'altra domanda: non ti lascia scaricare combofix o quando ci clicchi sopra ti dice che hai gli antivirus attivi?

da **mario 87** » sab lug 18, 2009 1:12 pm

raga sono riuscito a fare la scansione questo è il risultao

ComboFix 09-07-14.08 - User 18/07/2009 13.31.42.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.511.263 [GMT 2:00]
Eseguito da: c:\documents and settings\User\Documenti\aleeeeeeeeee.exe
AV: avast! antivirus 4.8.1335 [VPS 090717-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton AntiVirus *On-access scanning enabled* (Updated) {B5510F6F-87E1-47F7-A411-360BC453007C}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Dati applicazioni\bcrypt.html
c:\documents and settings\User\Dati applicazioni\bcrypt.html
c:\recycler\S-1-5-21-6119566582-5388551635-474972588-8672
c:\recycler\S-1-5-21-6670879917-4152309736-403702114-0213
c:\recycler\S-1-5-21-7783314009-3488162580-965867873-8621
c:\windows\Downloaded Program Files\Quarantine
c:\windows\Fonts\acrsecB.fon
c:\windows\Fonts\acrsecI.fon
c:\windows\Installer\135363.msp
c:\windows\Installer\1a8dab.msp
c:\windows\Installer\1f5f34.msp
c:\windows\Installer\2347cc.msp
c:\windows\Installer\2358cd8.msi
c:\windows\Installer\2358ce1.msi
c:\windows\Installer\25350a.msp
c:\windows\Installer\25440.msp
c:\windows\Installer\2d115a.msp
c:\windows\Installer\306d27.msi
c:\windows\Installer\3b1c14.msp
c:\windows\Installer\3c005.msi
c:\windows\Installer\42fb08.msp
c:\windows\Installer\44032.msp
c:\windows\Installer\4b468.msp
c:\windows\Installer\58295.msp
c:\windows\Installer\5a0d29.msp
c:\windows\Installer\79018.msp
c:\windows\Installer\a03961.msi
c:\windows\Installer\b7966.msi
c:\windows\Installer\b796e.msi
c:\windows\Installer\b7976.msi
c:\windows\patch.exe
c:\windows\system32\7120.dll
c:\windows\system32\7122.dll
c:\windows\system32\7124.dll
c:\windows\system32\7125.dll
c:\windows\system32\7225.dll
c:\windows\system32\ahtn.htm
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\hjgruimyaobfqt.dat
c:\windows\system32\hjgruiqjcgcidc.dat
c:\windows\system32\kungsfwhosrnpk.dat
c:\windows\system32\open.ico
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\test.ttt
c:\windows\system32\twain32
c:\windows\system32\twain32\local.ds
c:\windows\system32\twain32\user.ds
c:\windows\system32\WanPacket.dll
c:\windows\system32\warning.gif
c:\windows\system32\web.dat
c:\windows\system32\wpcap.dll
C:\winsys.exe

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3550P
-------\Legacy_HJGRUIYKMXENKD
-------\Legacy_MYS_MUTEX_ALGORITHM_SERVICE
-------\Legacy_NPF
-------\Legacy_SYSDRV32
-------\Service_asc3550p
-------\Service_hjgruiykmxenkd
-------\Service_kungsfjxjexmbp
-------\Service_NPF

((((((((((((((((((((((((( Files Creati Da 2009-06-18 al 2009-07-18 )))))))))))))))))))))))))))))))))))
.

2009-07-17 10:47 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-17 10:47 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-17 10:47 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-17 10:47 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-17 10:47 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-17 10:47 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-17 10:47 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-17 10:47 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-17 10:46 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-16 21:35 . 2009-07-16 21:35 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-16 21:14 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-16 20:52 . 2009-07-16 20:52 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-16 20:52 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-07-16 20:50 . 2009-07-16 21:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-07-16 20:50 . 2009-07-16 20:50 -------- d-----w- c:\programmi\Lavasoft
2009-07-16 20:42 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-07-16 20:42 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-07-16 20:42 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-16 20:42 . 2009-07-17 21:47 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-07-16 20:42 . 2009-07-16 20:44 -------- d-----w- c:\programmi\File comuni\PC Tools
2009-07-16 20:42 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-07-16 20:42 . 2009-07-16 20:42 -------- d-----w- c:\documents and settings\User\Dati applicazioni\PC Tools
2009-07-16 20:42 . 2009-07-16 20:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Tools
2009-07-16 10:30 . 2008-03-04 13:59 41144 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys
2009-07-16 10:30 . 2009-06-02 11:12 177416 ----a-w- c:\windows\system32\drivers\PavProc.sys
2009-07-16 10:30 . 2009-07-16 10:30 -------- d-----w- c:\programmi\File comuni\Panda Security
2009-07-10 17:14 . 2009-07-10 17:14 -------- d-----w- c:\documents and settings\Administrator\Tracing
2009-07-10 17:14 . 2009-07-10 17:14 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\MSN6
2009-07-10 16:32 . 2004-08-19 22:39 25088 -c--a-w- c:\windows\system32\dllcache\userinit.exe
2009-07-10 16:32 . 2004-08-19 22:39 25088 ----a-w- c:\windows\system32\userinit.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 10:20 . 2004-03-05 11:54 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-07-10 16:33 . 2001-08-31 11:00 2864 ----a-w- c:\windows\system32\winsock.dll
2009-06-16 14:53 . 2001-08-31 11:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:53 . 2001-08-31 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:25 . 2004-03-05 10:49 1295872 ----a-w- c:\windows\system32\quartz.dll
2009-05-23 06:33 . 2009-05-21 20:22 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-05-21 20:32 . 2001-08-31 11:00 75034 ----a-w- c:\windows\system32\perfc010.dat
2009-05-21 20:32 . 2001-08-31 11:00 449118 ----a-w- c:\windows\system32\perfh010.dat
2009-05-21 20:22 . 2004-05-01 18:11 67928 ----a-w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-05-21 20:21 . 2009-05-21 20:16 -------- d-----w- c:\programmi\Microsoft
2009-05-21 20:21 . 2008-01-20 21:10 -------- d-----w- c:\programmi\Windows Live
2009-05-21 20:21 . 2006-08-26 10:12 -------- d-----w- c:\programmi\Windows Live Toolbar
2009-05-21 20:20 . 2009-05-21 20:20 -------- d-----w- c:\programmi\Microsoft Sync Framework
2009-05-21 20:16 . 2009-05-21 20:16 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-05-21 20:11 . 2009-05-21 20:11 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-05-07 15:41 . 2002-09-09 12:50 346112 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:45 . 2004-02-06 16:08 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:44 . 2004-08-19 22:39 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 20:08 . 2002-09-09 12:45 1846656 ----a-w- c:\windows\system32\win32k.sys
2005-05-07 10:06 . 2005-05-07 10:06 774144 -c--a-w- c:\programmi\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"MsnMsgr"="c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2009-02-06 3885408]
"UMDChat"="c:\programmi\UMDChat\UMDChat.exe" [2007-02-25 778240]
"SpybotSD TeaTimer"="e:\cccliner\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-01-11 136600]
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-19 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-18 2752512]
raid_tool.exe.lnk - c:\programmi\VIA\RAID\raid_tool.exe [2004-3-5 561152]
WinZip Quick Pick.lnk - e:\win zip\WinZip\WZQKPICK.EXE [2004-4-1 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\emule\\emule.exe"=
"d:\\vlc\\vlc.exe"=
"e:\\VLC\\vlc.exe"=
"e:\\winmx\\WinMX\\WinMX.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Programmi\\Windows Media Player\\wmplayer.exe"=
"c:\\Programmi\\UMDChat\\UMDChat.exe"=
"c:\\Programmi\\WinMX\\WinMX.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4725:TCP"= 4725:TCP:ppLive
"3388:UDP"= 3388:UDP:ppLive
"3046:TCP"= 3046:TCP:ppLive
"2494:UDP"= 2494:UDP:ppLive
"86:TCP"= 86:TCP:BroadCam Web Server
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [05/03/2004 13.59.35 75904]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [17/07/2009 12.47.25 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17/07/2009 12.47.25 20560]
R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPortIO.SYS [22/12/2005 12.15.29 3584]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [21/05/2009 22.21.36 55152]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [16/07/2009 12.30.37 177416]
S1 WNMFLT;Wifi Monitor Filter Plugin;\??\c:\windows\system32\Drivers\WNMFLT.SYS -->

c:\windows\system32\Drivers\WNMFLT.SYS [?]

S2 DXSOFTIO;DXSOFTIO; [x]
S3 fsssvc;Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18.08.58 533360]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys -->

c:\windows\system32\PavSRK.sys [?]

.
Contenuto della cartella 'Scheduled Tasks'

2009-07-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

SafeBoot-MYS Mutex Algorithm Service

.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
IE:
IE: &Google Search - c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Backward &Links - c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\programmi\google\GoogleToolbar1.dll/cmcache.html
IE: E&sporta in Microsoft Excel - d:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Si&milar Pages - c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
DPF: {31F11DFA-3A23-4BC0-89B4-2FB3FB43525B} - hxxp://67.15.5.151/ProWeb016.CAB
DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} - hxxp://www.ppstream.com/bin/powerplayer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-18 13:39
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

c:\windows\setupapi.log

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-682003330-362288127-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"

[HKEY_LOCAL_MACHINE\software\Classes\giffile\shell\Open\ddeexec]
@DACL=(02 0000)
@="\"file:%1\",,-1,,,,,"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(464)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4052)
c:\windows\system32\browselc.dll
e:\cccliner\SPYBOT~1\SDHelper.dll
d:\programmi\Microsoft Office\Office10\msohev.dll
d:\progra~1\MICROS~1\Office10\MCPS.DLL
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
e:\a-squared free\a2service.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\File comuni\EPSON\EBAPI\SAgent2.exe
c:\progra~1\Borland\INTERB~1\Bin\ibguard.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\locator.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wdfmgr.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\progra~1\Borland\INTERB~1\Bin\ibserver.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\rundll32.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\programmi\Internet Explorer\iexplore.exe
c:\programmi\Windows Live\Toolbar\wltuser.exe
.
**************************************************************************
.
Ora fine scansione: 2009-07-18 13.46.23 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-07-18 11:46

Pre-Run: 2.663.669.760 byte disponibili
Post-Run: 2.681.708.544 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

289 --- E O F --- 2009-07-17 21:53

una cosa quando stavo facendo la scansione mi è riapparso lo sfodo poi tutto ad una tratto ètornato nero
ora cosa posso fare grazie ciao

da **lorenaino** » sab lug 18, 2009 1:25 pm

ciao,combofix ha fatto il suo dovere,io farei una scansione completa con Malwarebytes' Anti-Malware free:

http://download.cnet.com/Malwarebytes-A ... tag=button

scaricalo,installalo,aggiornalo e dopo la scansione posta il log.
[;)]

www.MegaLab.it

virus o no io non ci capisco + niente

virus o no io non ci capisco + niente

Re: virus o no io non ci capisco + niente

Re: virus o no io non ci capisco + niente

Re: virus o no io non ci capisco + niente

Re: virus o no io non ci capisco + niente

Re: virus o no io non ci capisco + niente

Re: virus o no io non ci capisco + niente

Re: virus o no io non ci capisco + niente

Re: virus o no io non ci capisco + niente

Chi c’è in linea