www.MegaLab.it

[Jigen94]

Ciao raga,
finalmente riesco a scrivervi...
Il mio pc da qualche giorno è diventato lentissimo... Ho la CPU al 100% anche quando non ho nessuna applicazione aperta... Girando un po' nel task manager ho visto che sono sempre diversi i processi che occupano molta cpu, a volte svchost.exe e altre volte altri... comunque ho fatto una scansione con Spybot Search&Destroy e nn mi ha rilevato nulla mentre con Malwarebytes ho trovato più o meno una decina di virus tra trojan e rootkit... Il problema è che anche dopo la rimozione dei virus con questa ultimo la situazione nn è cambiata.... Ormai il pc è ingestibile... nn posso fare più nulla.... :(

Aiutatemi... vi posto il log di HiJackThis nel caso servisse....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.34.37, on 13/07/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Microsoft IntelliType Pro\itype.exe
C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sardano\Desktop\PROGRAMMINI\progammi di protezione\eliminare il bagle\MegaLab.it_H_i_J_a_C_k_T_h_I_s.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [itype] "C:\Programmi\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: srvklw32.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 1539319500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1539064515
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EA0AE9C-9153-4603-8BB3-981F78429315}: NameServer = 85.37.17.49 85.38.28.91
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\Skype4COM.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10145 bytes

PS su HijackThis mi rileva questo file srvklw32.exe che si avvia sempre, ritenendo fosse questa la causa dei miei problemi l'ho spuntata su HiJackThis per fixarla ma nessun risultato; ho provato anche con start-esegui-msconfig nella sezione avvio l'ho disabilitato ma ritorna puntualmente... sapreste dirmi di cosa si tratta? grz

[farbix89]

una bella scansione in provvisoria è quello che ci vuole

- disinstalla ogni antivirus installato

- Scarica Avira ma non installarlo

- riavvia e premi ripetutamente F8 fino alla scelta delle opzioni

- scegli modalità provvisoria

- avviata la modalità provvisoria,installa Avira.

- installato avira,avvialo e fai partire una scansione completa

- finita la scansione,riavvia(tornerai in modalità normale)

- Il sistema sarà molto più pulito,scansiona ulteriormente se ritieni necessario.


Puoi installare CCleaner per rimuovere voci inutili e tracce dei malware.
Sempre da CCleaner,controlla anche "applicazioni d'avvio" per snellire un po' il sistema.

[Jigen94]

scansiono e vi faccio sapere.... :) grz

[ste_95]

E anche http://www.MegaLab.it/3502/computer-len ... ei-malware

[crazy.cat]

- disinstalla ogni antivirus installato

Lui ha già avira, piuttosto che installi un antivirus diverso come avast.
Direi che non è niente di buono, O4 - Startup: srvklw32.exe comincia con l'eliminarlo.

Poi potresti fare una scansione con combofix e postare il suo log per vedere che non ci siano rootkit.

[farbix89]

Lui ha già avira, piuttosto che installi un antivirus diverso come avast..

Sfuggito dal log

In questo caso puoi scansionare in provvisoria con avira che già hai,o disinstallarlo,provando avast in modalità provvisoria.

[Jigen94]

ho fatto tutto quello che mi avete detto.... ho pulito il pc anche con ccleaner....
il file srvklw32.exe cm avevate detto era un virus (trojan).... comunque vi allego il log di combofix.... ditemi che altro fare... grz

ComboFix 09-05-06.05 - Sardano 14/07/2010 21.19.53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.1279.891 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Sardano\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
AV: AntiVir Desktop *On-access scanning enabled* (Updated)
AV: Malware Defense *On-access scanning enabled* (Outdated)

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\srosa2.sys

.
((((((((((((((((((((((((( Files Creati Da 2010-06-14 al 2010-07-14 )))))))))))))))))))))))))))))))))))
.

2010-07-14 14:30:14 . 2010-07-14 14:30:14 0 d-----w C:\Documents and Settings\All Users\Dati applicazioni\Avira
2010-07-14 14:30:14 . 2010-07-14 14:30:14 0 d-----w C:\Programmi\Avira
2010-07-10 07:44:46 . 2010-07-14 19:21:04 540672 ----a-w C:\WINDOWS\system32\drivers\vonxddl.sys
2010-07-10 07:44:27 . 2010-07-10 07:44:38 16 ----a-w C:\Documents and Settings\NetworkService\Dati applicazioni\hwzypv.dat
2010-07-09 18:21:12 . 2010-07-09 18:21:57 0 d-----w C:\WINDOWS\system32\NtmsData
2010-07-09 08:23:03 . 2004-08-03 20:59:34 34688 -c--a-w C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2010-07-09 08:23:03 . 2004-08-03 20:59:34 34688 ----a-w C:\WINDOWS\system32\drivers\lbrtfdc.sys
2010-07-09 08:21:57 . 2004-08-03 21:00:52 8192 -c--a-w C:\WINDOWS\system32\dllcache\i2omgmt.sys
2010-07-09 08:21:57 . 2004-08-03 21:00:52 8192 ----a-w C:\WINDOWS\system32\drivers\i2omgmt.sys
2010-07-09 08:21:23 . 2004-08-03 21:00:14 8192 -c--a-w C:\WINDOWS\system32\dllcache\changer.sys
2010-07-09 08:20:33 . 2010-07-10 07:44:33 140 ----a-w C:\WINDOWS\system32\fjhdyfhsn.bat
2010-07-09 08:20:29 . 2010-07-09 08:20:29 12 ----a-w C:\Documents and Settings\Sardano\Dati applicazioni\hwzypv.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 19:22:10 . 2010-01-05 11:30:59 0 d-----w C:\Programmi\Malwarebytes' Anti-Malware
2010-07-11 19:22:07 . 2008-06-05 12:38:04 0 d-----w C:\Programmi\uTorrent
2010-07-02 17:02:27 . 2010-01-10 21:12:44 0 d-----w C:\Programmi\File comuni\Adobe AIR
2010-06-14 14:48:06 . 2009-03-25 18:57:12 0 d-----w C:\Programmi\Windows Live Safety Center
2010-05-31 16:35:59 . 2010-05-31 11:37:20 3082 ----a-w C:\WINDOWS\system32\affv300053706p4now.sys
2010-05-31 16:17:26 . 2010-05-31 16:17:26 0 d-----w C:\Programmi\FreeTime
2010-05-07 22:40:14 . 2010-05-30 17:11:54 311296 ----a-w C:\WINDOWS\system32\TubeFinder.exe
2010-04-30 11:19:14 . 2006-03-02 12:00:00 78324 ----a-w C:\WINDOWS\system32\perfc010.dat
2010-04-30 11:19:14 . 2006-03-02 12:00:00 475968 ----a-w C:\WINDOWS\system32\perfh010.dat
2010-04-29 13:39:38 . 2010-01-14 21:21:16 38224 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39:26 . 2010-01-14 21:21:11 20952 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 15:07:20 2260480]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 16:24:37 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 12:00:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 09:43:18 248040]
"itype"="C:\Programmi\Microsoft IntelliType Pro\itype.exe" [2009-05-21 18:25:15 1501064]
"avgnt"="C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 11:08:52 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 12:00:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^VPro530.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\VPro530.lnk
backup=C:\WINDOWS\pss\VPro530.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ONDA Autorun CDROM Monitor"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\Sardano\\Desktop\\Essenza\\WinMX.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
"C:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3975:TCP"= 3975:TCP:tmsrlgsd

R0 24113142;24113142 Boot Guard Driver;C:\WINDOWS\system32\drivers\24113142.sys [21/01/2010 14.34.01 37392]
R1 24113141;24113141;C:\WINDOWS\system32\drivers\24113141.sys [21/01/2010 14.34.01 128016]
R1 setup_9.0.0.722_21.01.2010_13-59drv;setup_9.0.0.722_21.01.2010_13-59drv;C:\WINDOWS\system32\drivers\2411314.sys [21/01/2010 14.34.01 315408]
S2 rokmfv;Monitor Windows;C:\WINDOWS\system32\svchost.exe -k netsvcs [02/03/2006 14.00.00 14336]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [15/08/2009 19.49.12 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [15/08/2009 19.49.13 8320]
S3 phaudlwr;Philips Audio Filter;C:\WINDOWS\system32\drivers\phaudlwr.sys [26/01/2010 9.49.04 88704]
S3 SPC530;Philips SPC530NC PC Camera;C:\WINDOWS\system32\drivers\spc530.sys [26/01/2010 9.48.57 486912]
S3 SPC530m;Philips SPC530NC PC Cameram;C:\WINDOWS\system32\drivers\spc530m.sys [26/01/2010 9.48.57 7680]
S3 uti3ndu1;AVZ Kernel Driver;C:\WINDOWS\system32\drivers\uti3ndu1.sys [21/01/2010 17.53.05 7168]
S4 ONDA Autorun CDROM Monitor;ONDA Autorun CDROM Monitor;C:\WINDOWS\system32\SupportAppXL\onda_mon.exe [08/03/2009 8.15.30 86016]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - vonxddl

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
rokmfv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24a5c155-8a34-11de-b90f-001cf05cb6b6}]
\Shell\AutoRun\command - E:\ceegdk.exe
\Shell\explore\Command - E:\ceegdk.exe
\Shell\open\Command - E:\ceegdk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ac748f6-7e90-11de-b8f5-001cf05cb6b6}]
\Shell\AutoRun\command - ceegdk.exe
\Shell\explore\Command - ceegdk.exe
\Shell\open\Command - ceegdk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61787f02-211c-11de-b847-001cf05cb6b6}]
\Shell\AutoRun\command - E:\VFPcAssistant.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61787f03-211c-11de-b847-001cf05cb6b6}]
\Shell\AutoRun\command - E:\VFPcAssistant.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61787f04-211c-11de-b847-001cf05cb6b6}]
\Shell\AutoRun\command - E:\VFPcAssistant.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a387468-0ba8-11de-b822-001cf05cb6b6}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb16a4b4-65b0-11df-baa4-001cf05cb6b6}]
\ShelL\AutoRun\command - rNAnfO.eXe
\ShelL\OPeN\COmmanD - RNanFo.EXe
.
Contenuto della cartella 'Scheduled Tasks'

2010-07-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34:12 . 2008-07-30 10:34:12]

2010-03-04 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- C:\Programmi\Microsoft IntelliType Pro\itype.exe [2009-05-21 18:25:15 . 2009-05-21 18:25:15]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
IE: Aggiungi all'elenco di stampa Easy-WebPrint - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stampa ad alta velocità Easy-WebPrint - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

[crazy.cat]

Il log di combofix mi sembra incompleto.
Qui c'è anche un bagle in azione. Ma ti funziona l'antivirus?

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\drivers\srosa2.sys

Il disco E: è una tua partizione o un disco esterno?

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
rokmfv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24a5c155-8a34-11de-b90f-001cf05cb6b6}]
\Shell\AutoRun\command - E:\ceegdk.exe
\Shell\explore\Command - E:\ceegdk.exe
\Shell\open\Command - E:\ceegdk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ac748f6-7e90-11de-b8f5-001cf05cb6b6}]
\Shell\AutoRun\command - ceegdk.exe
\Shell\explore\Command - ceegdk.exe
\Shell\open\Command - ceegdk.exe

Fai una scansione con findykill e posta il suo log.

[Jigen94]

vi allego il post di findykill....

############################## | FindyKill V5.045 |

# User : Sardano (Administrators) # SARDANO-D058E51
# Update on 23/06/2010 by El Desaparecido
# Start at: 14.38.28 | 18/07/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# Intel(R) Pentium(R) 4 CPU 2.53GHz
# Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

# A:\ # Disco floppy, 3,5 pollici
# C:\ # Disco rigido locale # 74,52 Go (10,78 Go free) # NTFS
# D:\ # Disco CD-ROM

################## | Infected File |


################## | Registry |

[HKCR\ed2k]
[HKCU\Software\Classes\ed2k]

################## | State |

# Showing of hidden files : OK

# Safe boot mode : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | End of Report # FindyKill V5.045 ! |

ditemi cosa devo fare.... vi prego

[crazy.cat]

Non mi hai risposto

Il disco E: è una tua partizione o un disco esterno?

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24a5c155-8a34-11de-b90f-001cf05cb6b6}]
\Shell\AutoRun\command - E:\ceegdk.exe
\Shell\explore\Command - E:\ceegdk.exe
\Shell\open\Command - E:\ceegdk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ac748f6-7e90-11de-b8f5-001cf05cb6b6}]
\Shell\AutoRun\command - ceegdk.exe
\Shell\explore\Command - ceegdk.exe
\Shell\open\Command - ceegdk.exe

Il pc come va?

[Jigen94]

scusami avevo dimenticato di rispondere a quella domanda.... comunque E è un disco rimovibile precisamente una pen drive....
per quanto riguarda il pc leggermente più veloce ma la cpu è sempre al 100% e l'utilizzo file di paging sempre a 507 MB....

[crazy.cat]

comunque E è un disco rimovibile precisamente una pen drive....

Che potrebbe essere infetto.

Scarica avira rescue cd, lo masterizzi e fai una scansione del pc e magari anche della penna se te la lascia controllare.
Trovi l'articolo nel sito su come farlo.