Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Desktop 'Vuoto'

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Desktop 'Vuoto'

Messaggioda andymaster » mar ott 14, 2008 7:57 pm

Ciao a tutti,
sono nuovo del forum e mi presento con un bel problemino, che da quello che sono riuscito a capire si era già presentato tempo fa, ma a nulla sono servite le soluzioni utilizzate ll'epoca...
Da qualche giorno il pc (Win XP Pro Sp3) ha gli stessi sintomi segnalati nell'articolo "www.MegaLab.it/2761/2", ho provato a eseguire tutti i passaggi indicati in quell'articolo ma niente da fare.
Avast (fatto scansione all'avvio) ha eliminato qualche cosa, ma quando parte il pc il Desktop resta vuoto(compare solo l'immagine dello sfondo), niente barra; Ctrl+Alt+Canc funziona e se provo a lanciare il comando 'explorer' il desktopo inizia a caricaricarsi a intermittenza.
Nel registro nessuna cartella explorer o iexplorer...
Per caso avete qualche soluzione?
Di seguito il log di HijackThis.

Grazie mille in anticipo a chi mi darà una mano!!

Andrea

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.53.54, on 14/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Programmi\Cyberlink\Shared Files\brs.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Andrea\Desktop\Magic\Magic.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Documents and Settings\Andrea\Desktop\Hjack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wintricks.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.eutelia.net:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*, *.edisontel.it, *.eutelia.net, intra.*, intramq.eutelia.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl8] C:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] C:\Programmi\CyberLink\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [BDRegion] C:\Programmi\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Player] C:\Documents and Settings\Andrea\Dati applicazioni\Adobe\Player.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FreePOPs.lnk = C:\Programmi\FreePOPs\freepopsd.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\Andrea\Desktop\Bittorrent\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\Andrea\Desktop\Bittorrent\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\Andrea\Desktop\Bittorrent\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programmi\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programmi\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .rx: C:\Programmi\Internet Explorer\Plugins\iewrqxrx.dll
O12 - Plugin for .rxc: C:\Programmi\Internet Explorer\Plugins\iewrqxrx.dll
O15 - Trusted Zone: http://www.1987324.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascinstie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 0277014875
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1167666828
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/it/it/importer/ImageUploader4.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://it.photobox.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://85.18.102.181:2345/activex/AMC.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B948FBB4-810E-4C29-ADB9-C7888B9415F3}: NameServer = 212.216.172.62,62.94.0.41
O18 - Protocol: bw+0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vskype - (no CLSID) - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - C:\Jetstream\\Vbroker50\bin\osagent.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Programmi\File comuni\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 24893 bytes
Avatar utente
andymaster
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: lun ott 13, 2008 8:02 am

Re: Desktop 'Vuoto'

Messaggioda ste_95 » mer ott 15, 2008 6:24 am

Segui le istruzioni prima di questo, e poi di questo articolo.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Desktop 'Vuoto'

Messaggioda crazy.cat » mer ott 15, 2008 7:43 am

Fai analizzare i file indicati nelle prime due righe sul sito www.virustotal.com e vedi cosa ti dicono, se sono infetti devi eliminarli e poi cancellare le righe che ti ho indicato qui sotto rifacendo la scansione con hijackthis e selezionando le caselle di queste righe, poi premi fix checked per eliminarle.

O4 - HKCU\..\Run: [Player] C:\Documents and Settings\Andrea\Dati applicazioni\Adobe\Player.exe
O12 - Plugin for .rx: C:\Programmi\Internet Explorer\Plugins\iewrqxrx.dll
O12 - Plugin for .rxc: C:\Programmi\Internet Explorer\Plugins\iewrqxrx.dll
O15 - Trusted Zone: http://www.1987324.com
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre


Re: Desktop 'Vuoto'

Messaggioda ste_95 » mer ott 15, 2008 1:25 pm

crazy.cat ha scritto:O12 - Plugin for .rx: C:\Programmi\Internet Explorer\Plugins\iewrqxrx.dll
O12 - Plugin for .rxc: C:\Programmi\Internet Explorer\Plugins\iewrqxrx.dll

Questo è probabilmente Vundo, che si vede anche in avvio, per quello gli ho linkato all'articolo.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Desktop 'Vuoto'

Messaggioda andymaster » mer ott 15, 2008 8:30 pm

Signori, grazie mille per la sollecita risposta...
ho seguito entrambe le indicazioni, ma nulla, nonostante siano state rilevate voci nel registro dai vari pulitori ecc ecc, al riavvio i sintomi sono gli stessi!!

Sto impazzendo...

Vi allego l'attulae log di HijackThis... HELLP!!

Grazie mille ancora!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.18.39, on 15/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Andrea\Desktop\Hjack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wintricks.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.eutelia.net:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*, *.edisontel.it, *.eutelia.net, intra.*, intramq.eutelia.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl8] C:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] C:\Programmi\CyberLink\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [BDRegion] C:\Programmi\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FreePOPs.lnk = C:\Programmi\FreePOPs\freepopsd.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programmi\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programmi\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascinstie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 0277014875
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1167666828
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/it/it/importer/ImageUploader4.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://it.photobox.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://85.18.102.181:2345/activex/AMC.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B948FBB4-810E-4C29-ADB9-C7888B9415F3}: NameServer = 212.216.172.62,62.94.0.41
O18 - Protocol: offline-8876480 - {F3B1CFCB-1E3E-48AE-A5FC-CF8AA146B4E8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vskype - (no CLSID) - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - C:\Jetstream\\Vbroker50\bin\osagent.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Programmi\File comuni\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 12391 bytes
Avatar utente
andymaster
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: lun ott 13, 2008 8:02 am

Re: Desktop 'Vuoto'

Messaggioda ste_95 » gio ott 16, 2008 6:25 am

ste_95 ha scritto:Segui le istruzioni prima di questo, e poi di questo articolo.

Hai letto anche il secondo?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Desktop 'Vuoto'

Messaggioda andymaster » gio ott 16, 2008 8:01 am

Del secondo non ho eseguito il passaggio con Combo...
Avatar utente
andymaster
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: lun ott 13, 2008 8:02 am

Re: Desktop 'Vuoto'

Messaggioda helga » gio ott 16, 2008 9:00 am

Anche io ho avuto questo problema pochi giorni fa che ho risolto con il ripristino della configurazione di sistema. [:)]
Avatar utente
helga
Neo Iscritto
Neo Iscritto
 
Messaggi: 15
Iscritto il: gio ott 16, 2008 8:26 am

Re: Desktop 'Vuoto'

Messaggioda ste_95 » gio ott 16, 2008 1:41 pm

andymaster ha scritto:Del secondo non ho eseguito il passaggio con Combo...

In hijackthis, seleziona a sinistra questa voce e premi in basso il pulsante Fix Checked:

O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\System32\ptipbmf.dll


Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Se Avenger riporta un errore, prova a riscrivere manualmente la prima riga (Files to delete:) ricordando i due punti. Se il problema persiste prova con la vecchia versione di Avenger.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Desktop 'Vuoto'

Messaggioda Amantide » gio ott 16, 2008 1:57 pm

ste_95 ha scritto:In hijackthis, seleziona a sinistra questa voce e premi in basso il pulsante Fix Checked:

O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode

....
Files to delete:
C:\WINDOWS\System32\ptipbmf.dll


Io direi che si tratta della voce alquanto legittima:
Codice: Seleziona tutto
Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controller

Codice: Seleziona tutto
ptipbmf.dll
Ptipbmf.dll is related to Promise RAID Controller.
Manufacturer: Promise Technology, Inc.
www.promise.com


http://www.bleepingcomputer.com/startup ... -4650.html
http://www.techspot.com/startup/7162/
http://www.greatis.com/appdata/a/p/ptipbmf.dll.htm
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: Desktop 'Vuoto'

Messaggioda ste_95 » gio ott 16, 2008 2:35 pm

Oh, sembrava così tanto trojan Vundo. [acc2]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Desktop 'Vuoto'

Messaggioda Amantide » gio ott 16, 2008 4:25 pm

andymaster ha scritto:Del secondo non ho eseguito il passaggio con Combo...

Ed invece ComboFix era il primo da eseguire. Almeno che non viene bloccato dal trojan stesso, si rivela essere un ottimo strumento non solo per la rimozione di vari malware, ma anche per il ripristino delle impostazioni di sistema antecedente all'infezione.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: Desktop 'Vuoto'

Messaggioda andymaster » ven ott 17, 2008 8:59 pm

RAGAZZI MITICI!!!
Grazie Grazie Grazie e ancora ...grazie!
Come diceva Amantide, facendo girare Combo ho ripulito gli ultimi (e a quanto pare fondamentali) problemi!!
Purtoppo in questi giorni ho potuto seguire la cosa 'a pezzi' e ho finito solo ora...ma sollievo!

Allego per info il log di Combo.

Grazie ancora!

ComboFix 08-10-15.06 - Andrea 2008-10-17 19.21.13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.926 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Andrea\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÃ+O - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÃ+O INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\104468.exe
C:\WINDOWS\system32\drivers\downld\112453.exe
C:\WINDOWS\system32\drivers\downld\116890.exe
C:\WINDOWS\system32\drivers\downld\117937.exe
C:\WINDOWS\system32\drivers\downld\129937.exe
C:\WINDOWS\system32\drivers\downld\132203.exe
C:\WINDOWS\system32\drivers\downld\132609.exe
C:\WINDOWS\system32\drivers\downld\151171.exe
C:\WINDOWS\system32\drivers\downld\165546.exe
C:\WINDOWS\system32\drivers\downld\182843.exe
C:\WINDOWS\system32\drivers\downld\186218.exe
C:\WINDOWS\system32\drivers\downld\192937.exe
C:\WINDOWS\system32\drivers\downld\196984.exe
C:\WINDOWS\system32\drivers\downld\198671.exe
C:\WINDOWS\system32\drivers\downld\209609.exe
C:\WINDOWS\system32\drivers\downld\217765.exe
C:\WINDOWS\system32\drivers\downld\227812.exe
C:\WINDOWS\system32\drivers\downld\229218.exe
C:\WINDOWS\system32\drivers\downld\234453.exe
C:\WINDOWS\system32\drivers\downld\238578.exe
C:\WINDOWS\system32\drivers\downld\245875.exe
C:\WINDOWS\system32\drivers\downld\262515.exe
C:\WINDOWS\system32\drivers\downld\268031.exe
C:\WINDOWS\system32\drivers\downld\279546.exe
C:\WINDOWS\system32\drivers\downld\288937.exe
C:\WINDOWS\system32\drivers\downld\301468.exe
C:\WINDOWS\system32\drivers\downld\308609.exe
C:\WINDOWS\system32\drivers\downld\316796.exe
C:\WINDOWS\system32\drivers\downld\321390.exe
C:\WINDOWS\system32\drivers\downld\327640.exe
C:\WINDOWS\system32\drivers\downld\360500.exe
C:\WINDOWS\system32\drivers\downld\364421.exe
C:\WINDOWS\system32\drivers\downld\385703.exe
C:\WINDOWS\system32\drivers\downld\407203.exe
C:\WINDOWS\system32\drivers\downld\413671.exe
C:\WINDOWS\system32\drivers\downld\416828.exe
C:\WINDOWS\system32\drivers\downld\425734.exe
C:\WINDOWS\system32\drivers\downld\443031.exe
C:\WINDOWS\system32\drivers\downld\453203.exe
C:\WINDOWS\system32\drivers\downld\458671.exe
C:\WINDOWS\system32\drivers\downld\83718.exe
C:\WINDOWS\system32\drivers\downld\96156.exe
C:\WINDOWS\system32\drivers\downld\97078.exe
C:\WINDOWS\system32\drivers\downld\99906.exe
C:\WINDOWS\system32\rXyJkUvw.ini
C:\WINDOWS\system32\rXyJkUvw.ini2
C:\WINDOWS\system32\wvUkJyXr.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Creati Da 2008-09-17 al 2008-10-17 )))))))))))))))))))))))))))))))))))
.

2008-10-15 20:57 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\000001_.tmp
2008-10-15 19:20 . 2008-10-15 20:08 <DIR> d-------- C:\VundoFix Backups
2008-10-14 21:12 . 2008-04-13 19:14 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-10-14 21:12 . 2001-08-30 23:08 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-10-14 21:12 . 2001-08-30 23:08 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-10-14 21:12 . 2001-08-30 23:08 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-10-14 21:12 . 2008-04-13 09:34 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-10-14 21:12 . 2008-04-13 19:14 18,944 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-10-14 21:12 . 2001-08-17 20:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-10-14 21:12 . 2008-04-13 09:34 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-10-14 21:12 . 2001-08-30 23:08 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-10-14 21:11 . 2001-08-17 21:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-10-14 21:11 . 2008-04-13 09:35 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-10-14 21:11 . 2001-08-30 20:46 35,402 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-10-14 21:11 . 2008-04-13 11:36 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-10-14 21:09 . 2001-08-17 21:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-10-14 21:08 . 2001-08-17 22:01 241,664 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd02.sys
2008-10-14 21:07 . 2001-08-30 19:49 286,816 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-10-14 21:06 . 2001-08-30 23:08 99,328 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2008-10-14 21:06 . 2001-08-17 20:11 48,736 --a--c--- C:\WINDOWS\system32\dllcache\srwlnd5.sys
2008-10-14 21:06 . 2001-08-30 23:08 24,660 --a--c--- C:\WINDOWS\system32\dllcache\spxupchk.dll
2008-10-14 21:05 . 2001-08-30 23:08 114,688 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.dll
2008-10-14 21:05 . 2001-08-30 23:08 106,584 --a--c--- C:\WINDOWS\system32\dllcache\spdports.dll
2008-10-14 21:05 . 2001-08-17 21:51 61,824 --a--c--- C:\WINDOWS\system32\dllcache\speed.sys
2008-10-14 21:05 . 2001-08-17 20:51 37,040 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.sys
2008-10-14 21:05 . 2001-08-17 20:51 20,752 --a--c--- C:\WINDOWS\system32\dllcache\sonync.sys
2008-10-14 21:05 . 2001-08-17 22:07 19,072 --a--c--- C:\WINDOWS\system32\dllcache\sparrow.sys
2008-10-14 21:05 . 2001-08-17 21:53 9,600 --a--c--- C:\WINDOWS\system32\dllcache\sonymc.sys
2008-10-14 21:05 . 2001-08-17 21:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-10-14 21:05 . 2008-04-13 11:40 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonyait.sys
2008-10-14 21:05 . 2001-08-17 21:53 7,040 --a--c--- C:\WINDOWS\system32\dllcache\snyaitmc.sys
2008-10-14 21:01 . 2001-08-30 23:07 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-10-14 21:00 . 2001-08-30 23:07 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-10-14 20:59 . 2001-08-30 23:07 182,272 --a--c--- C:\WINDOWS\system32\dllcache\s3mt3d.dll
2008-10-14 20:54 . 2001-08-30 22:10 899,754 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-10-14 20:53 . 2001-08-17 22:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-10-14 20:52 . 2001-08-17 20:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
2008-10-14 20:52 . 2001-08-30 23:07 123,776 --a--c--- C:\WINDOWS\system32\dllcache\nv3.dll
2008-10-14 20:52 . 2001-08-17 20:49 51,552 --a--c--- C:\WINDOWS\system32\dllcache\ntgrip.sys
2008-10-14 20:45 . 2008-04-13 11:46 51,200 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys
2008-10-14 20:45 . 2008-04-13 11:46 49,024 --a--c--- C:\WINDOWS\system32\dllcache\mstape.sys
2008-10-14 20:45 . 2001-08-17 22:02 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys
2008-10-14 20:45 . 2008-04-13 11:54 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
2008-10-14 20:45 . 2001-08-17 21:52 17,280 --a--c--- C:\WINDOWS\system32\dllcache\mraid35x.sys
2008-10-14 20:45 . 2001-08-17 21:48 12,416 --a--c--- C:\WINDOWS\system32\dllcache\msriffwv.sys
2008-10-14 20:45 . 2001-08-17 21:48 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys
2008-10-14 20:43 . 2008-04-13 19:13 254,464 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-10-14 20:43 . 2001-08-17 20:12 70,730 --a--c--- C:\WINDOWS\system32\dllcache\lne100tx.sys
2008-10-14 20:43 . 2008-04-13 19:13 49,152 --a--c--- C:\WINDOWS\system32\dllcache\kdsui.dll
2008-10-14 20:43 . 2001-08-30 23:07 37,376 --a--c--- C:\WINDOWS\system32\dllcache\kousd.dll
2008-10-14 20:43 . 2008-04-13 11:40 34,688 --a--c--- C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2008-10-14 20:43 . 2001-08-30 20:03 26,986 --a--c--- C:\WINDOWS\system32\dllcache\lanepic5.sys
2008-10-14 20:43 . 2001-08-17 20:11 25,065 --a--c--- C:\WINDOWS\system32\dllcache\lmndis3.sys
2008-10-14 20:43 . 2001-08-17 20:12 20,573 --a--c--- C:\WINDOWS\system32\dllcache\lne100.sys
2008-10-14 20:43 . 2001-08-17 20:12 19,016 --a--c--- C:\WINDOWS\system32\dllcache\ktc111.sys
2008-10-14 20:43 . 2001-08-30 20:06 15,872 --a--c--- C:\WINDOWS\system32\dllcache\lit220p.sys
2008-10-14 20:43 . 2001-08-17 21:53 4,992 --a--c--- C:\WINDOWS\system32\dllcache\loop.sys
2008-10-14 20:42 . 2001-08-30 23:07 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2008-10-14 20:42 . 2001-08-30 23:07 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2008-10-14 20:40 . 2001-08-30 23:07 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-10-14 20:39 . 2001-08-30 21:33 634,166 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-10-14 20:38 . 2001-08-30 20:33 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-10-14 20:37 . 2001-08-30 20:28 715,338 --a--c--- C:\WINDOWS\system32\dllcache\cbmdmkxx.sys
2008-10-14 20:36 . 2001-08-17 21:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-10-14 20:35 . 2001-08-17 21:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-10-14 20:34 . 2001-08-30 23:07 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-10-14 20:07 . 2008-10-14 20:21 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-14 19:31 . 2008-10-14 19:31 <DIR> d-------- C:\Programmi\Avira
2008-10-14 19:31 . 2008-10-14 19:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-10-14 19:30 . 2008-08-14 15:22 2,192,896 --a--c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-14 19:30 . 2008-08-14 15:22 2,069,760 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-14 19:12 . 2008-10-14 19:12 <DIR> d-------- C:\~ErdUserProfile.$$$
2008-10-12 21:49 . 2008-10-12 21:49 35,840 --a------ C:\WINDOWS\system32\qoMeEXpm.dll
2008-10-12 21:49 . 2008-10-12 21:49 35,840 --a------ C:\WINDOWS\system32\mlJdcbXN.dll.vir
2008-10-07 20:47 . 2008-10-07 20:48 <DIR> d-------- C:\Documents and Settings\Andrea\Dati applicazioni\ICQ
2008-10-07 20:46 . 2008-10-07 20:48 <DIR> d-------- C:\Programmi\ICQ6
2008-10-06 18:42 . 2008-10-06 18:43 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-09-23 20:23 . 2008-10-09 23:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-23 20:23 . 2008-09-23 20:23 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-13 19:50 --------- d-----w C:\Programmi\Cain
2008-10-12 20:04 --------- d-----w C:\Documents and Settings\Andrea\Dati applicazioni\uTorrent
2008-10-12 19:54 --------- d-----w C:\Documents and Settings\Andrea\Dati applicazioni\Skype
2008-10-12 16:58 --------- d-----w C:\Documents and Settings\Andrea\Dati applicazioni\skypePM
2008-10-07 18:48 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-09-11 20:25 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-03 22:05 --------- d-----w C:\Documents and Settings\Andrea\Dati applicazioni\Windows Search
2008-09-03 17:36 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Elaborate Bytes
2008-08-22 16:41 --------- d-----w C:\Programmi\Nokia
2008-08-22 16:41 --------- d-----w C:\Programmi\File comuni\PCSuite
2008-08-22 16:41 --------- d-----w C:\Programmi\File comuni\Nokia
2008-08-22 16:40 --------- d-----w C:\Programmi\PC Connectivity Solution
2008-08-22 16:38 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-08-19 18:00 --------- d-----w C:\Programmi\Microsoft Silverlight
2008-08-17 20:43 --------- d-----w C:\Documents and Settings\Andrea\Dati applicazioni\Windows Desktop Search
2008-08-17 20:42 --------- d-----w C:\Programmi\Windows Desktop Search
2007-11-29 17:27 1,038 ----a-w C:\Documents and Settings\Andrea\SDM-2.4.1-C837-c837-k9o3y6-mz.124-4.T.bin
2007-11-18 13:39 732 ----a-w C:\Documents and Settings\Andrea\SDM-2.3.3-C837-c837-k9o3y6-mz.124-4.T.bin
2007-11-16 22:10 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-04-04 20:48 1,038 ----a-w C:\Documents and Settings\Andrea\SDM-2.3.3-C837-c837-k9o3sy6-mz.122-13.ZH4.bin
2007-01-16 21:09 24,192 ----a-w C:\Documents and Settings\Andrea\usbsermptxp.sys
2007-01-16 21:09 22,768 ----a-w C:\Documents and Settings\Andrea\usbsermpt.sys
2007-01-15 19:43 92,064 ----a-w C:\Documents and Settings\Andrea\mqdmmdm.sys
2007-01-15 19:43 9,232 ----a-w C:\Documents and Settings\Andrea\mqdmmdfl.sys
2007-01-15 19:43 79,328 ----a-w C:\Documents and Settings\Andrea\mqdmserd.sys
2007-01-15 19:43 66,656 ----a-w C:\Documents and Settings\Andrea\mqdmbus.sys
2007-01-15 19:43 6,208 ----a-w C:\Documents and Settings\Andrea\mqdmcmnt.sys
2007-01-15 19:43 5,936 ----a-w C:\Documents and Settings\Andrea\mqdmwhnt.sys
2007-01-15 19:43 4,048 ----a-w C:\Documents and Settings\Andrea\mqdmcr.sys
2003-07-31 09:53 147,456 ----a-w C:\WINDOWS\inf\EL2K_XP.sys
2003-07-31 09:50 448,768 ----a-w C:\WINDOWS\inf\EL2K_N64.sys
2003-07-31 09:43 147,456 ----a-w C:\WINDOWS\inf\EL2K_2K.sys
2005-02-22 21:25 8 --sha-r C:\WINDOWS\system32\5864AC3FD7.sys
2006-04-22 11:35 5 --sha-w C:\WINDOWS\system32\fccdce7_s.dll
.

------- Sigcheck -------

2005-05-25 21:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2008-04-13 12:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-08-12 23:53 361600 cd00787894008369f56153b91fc28847 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 68856]
"PC Suite Tray"="C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"LDM"="C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2005-02-25 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"zBrowser Launcher"="C:\Programmi\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"DeviceDiscovery"="C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"HP Component Manager"="C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 13529088]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RemoteControl8"="C:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="C:\Programmi\Cyberlink\Shared Files\brs.exe" [2008-02-21 91432]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920]
"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 86016]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 C:\WINDOWS\LOGI_MWX.EXE]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 C:\WINDOWS\system32\ptipbmf.dll]
"nwiz"="nwiz.exe" [2008-05-02 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

C:\Documents and Settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\
FreePOPs.lnk - C:\Programmi\FreePOPs\freepopsd.exe [2008-06-11 49152]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
VPN Client.lnk - C:\WINDOWS\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2008-05-14 6144]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^AutoStart IR.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2005-05-19 15:47 57344 C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-06-25 12:24 49152 C:\Programmi\Hewlett-Packard\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:14 1695232 C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2008-01-22 14:23 81920 C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-02-21 17:52 32876 C:\Programmi\Java\j2re1.5.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmi\\NetMeeting\\conf.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Programmi\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"C:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programmi\\concept design\\onlineTV 3\\onlineTV.exe"=
"C:\\Programmi\\ASUS\\AsusUpdate\\Update.exe"=
"C:\\Programmi\\Reflection\\Rx.exe"=
"C:\\Programmi\\InCode Solutions\\RemoveIT Pro XT2 - SE\\removeit.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\Andrea\\Desktop\\utorrent.exe"=
"C:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\AutoScan\\bin\\autoscan-network-daemon.exe"=
"C:\\Programmi\\Net Tools\\nettools4.exe"=
"C:\\Programmi\\Look@LAN\\LookAtLan.exe"=
"C:\\Programmi\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"C:\\Programmi\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Look@LAN\\LookAtHost.exe"=
"C:\\Documents and Settings\\Andrea\\Desktop\\Mulo\\emule.exe"=
"C:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Programmi\\ICQ6\\ICQ.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"40328:TCP"= 40328:TCP:Utorrent
"40328:UDP"= 40328:UDP:Utorrent
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Programmi\CyberLink\PowerDVD\000.fcl [2008-01-18 23:01 41456]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2006-01-25 472644]
S3 AF05BDA;AF9005 BDA Device;C:\WINDOWS\system32\drivers\AF05BDA.sys [2005-12-29 122752]
S3 AF15BDA;AF9015 BDA Filter;C:\WINDOWS\system32\Drivers\AF15BDA.sys [2007-03-20 300544]
S3 DCamUSBIntel;Tecnologia Videocamera USB per Intel Proshare;C:\WINDOWS\system32\DRIVERS\usbintel.sys [2008-04-13 15872]
S3 ES-620;Edisonsoft ES-620 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\ES-620.sys [2003-04-17 29076]
S3 LSWL_USB;Instant Wireless USB Network Adapter ver.2.5 Driver;C:\WINDOWS\system32\DRIVERS\LSWLUSB.sys [2001-09-28 41232]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [ ]
S3 osagent;VisiBroker Smart Agent;C:\Jetstream\\Vbroker50\bin\osagent.exe [2002-01-31 278528]
.
Contenuto della cartella 'Scheduled Tasks'

2008-10-17 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Programmi\RegCure\RegCure.exe [2007-08-02 09:20]

2008-05-16 C:\WINDOWS\Tasks\RegCure.job
- C:\Programmi\RegCure\RegCure.exe [2007-08-02 09:20]
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{9F75820D-E578-49D4-BB4C-2738C784AA67} - C:\WINDOWS\system32\wvUkJyXr.dll
ShellExecuteHooks-{20D23232-AED6-490D-A3C2-F08BA539A1FE} - (no file)
MSConfigStartUp-TCASUTIEXE - TCAUDIAG.exe


.
------- Supplementare di scansione -------
.
FireFox -: Profile - C:\Documents and Settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\keg9sqti.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - http://www.wintricks.it
FF -: plugin - C:\Programmi\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Programmi\Mozilla Firefox\plugins\NPnsv_vp3_mp3.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-17 19:32:21
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Programmi\CyberLink\PowerDVD\000.fcl"
.
------------------------ Altri processi in esecuzione ------------------------
.
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Logitech\MouseWare\system\EM_EXEC.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\system32\searchfilterhost.exe
.
**************************************************************************
.
Ora fine scansione: 2008-10-17 19:41:19 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-10-17 17:41:13

Pre-Run: 14.033.350.656 byte disponibili
Post-Run: 13,909,434,368 byte disponibili

373 --- E O F --- 2008-10-14 18:21:38
Avatar utente
andymaster
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: lun ott 13, 2008 8:02 am

Re: Desktop 'Vuoto'

Messaggioda Amantide » ven ott 17, 2008 9:25 pm

Scarica The Avenger, estrailo in una cartella ed avvia il file avenger.exe.
Incolla il seguente spript nello spazio bianco sotto alla voce Input script here, togli la spunta alla voce Scan for rootkits e clicca su Execute.
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo manualmente.
Al riavvio dovrebbe apparire il log avenger.txt, posta qui il suo contenuto.
Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\000001_.tmp
C:\WINDOWS\system32\qoMeEXpm.dll
C:\WINDOWS\system32\mlJdcbXN.dll.vir
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\QTFont.for
C:\WINDOWS\system32\5864AC3FD7.sys
C:\WINDOWS\system32\fccdce7_s.dll
C:\WINDOWS\system32\wvUkJyXr.dll


Fai anche la scansione con AboutBuster ed allega qui il suo log di scansione.

[Off Topic] Speriamo che oltre a risanare il pc vorrai anche cambiare la homepage nel tuo browser.. ;-D [/Off Topic]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: Desktop 'Vuoto'

Messaggioda andymaster » ven ott 17, 2008 10:29 pm

Ecco fatto!
Grazie ancora...

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "C:\WINDOWS\000001_.tmp" deleted successfully.
File "C:\WINDOWS\system32\qoMeEXpm.dll" deleted successfully.
File "C:\WINDOWS\system32\mlJdcbXN.dll.vir" deleted successfully.
File "C:\WINDOWS\QTFont.qfn" deleted successfully.
File "C:\WINDOWS\QTFont.for" deleted successfully.
File "C:\WINDOWS\system32\5864AC3FD7.sys" deleted successfully.
File "C:\WINDOWS\system32\fccdce7_s.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\wvUkJyXr.dll" not found!
Deletion of file "C:\WINDOWS\system32\wvUkJyXr.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.


AboutBuster 6.07
Scan started on [17/10/2008] at [23.24.15]
-------------------------------------------------------------
C:\WINDOWS\system32\aswBoot.exe
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 23.25.23
Avatar utente
andymaster
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: lun ott 13, 2008 8:02 am

Re: Desktop 'Vuoto'

Messaggioda Amantide » ven ott 17, 2008 10:42 pm

Ok [^]

Ho visto che ce l'hai installati sia Avast che Avira, disinstalla Avast e lascia solo il secondo.

E per terminare con la cilieggina sulla torta... fai anche la scansione con Malwarebytes' Anti-Malware e tienilo da parte per fare la scansione di prevenzione ogni tanto.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: Desktop 'Vuoto'

Messaggioda andymaster » sab ott 18, 2008 4:19 pm

Perfetto! fatto anche quello...ecco il log.
Ora dorvremmo esserci...giusto?
Grazie ancora!

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\Programmi\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Programmi\AdwareAlert\Quarantine (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Programmi\AdwareAlert\Quarantine\27-7-2005-0-51-41 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Programmi\AdwareAlert\Registry Backups (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Programmi\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\DAP (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\DAP\LOG (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\DAP\NTLOG (Trojan.Agent) -> Quarantined and deleted successfully.

File infetti:
C:\Qoobox\Quarantine\C\WINDOWS\system32\wvUkJyXr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C5AD267-F00B-4D1D-92FE-7C2E4556E1D9}\RP174\A0032798.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C5AD267-F00B-4D1D-92FE-7C2E4556E1D9}\RP176\A0034498.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\cygcrypt-0.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programmi\AdwareAlert\SpyLog.txt (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Programmi\AdwareAlert\Quarantine\27-7-2005-0-51-41\ 10000.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Programmi\AdwareAlert\Quarantine\27-7-2005-0-51-41\ 10000.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Programmi\AdwareAlert\Quarantine\27-7-2005-0-51-41\ 10001.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Programmi\AdwareAlert\Quarantine\27-7-2005-0-51-41\ 10002.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Programmi\AdwareAlert\Quarantine\27-7-2005-0-51-41\ 10003.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Programmi\AdwareAlert\Quarantine\27-7-2005-0-51-41\ 10003.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Programmi\AdwareAlert\Settings\CustomScan.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Programmi\AdwareAlert\Settings\IgnoreList.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Programmi\AdwareAlert\Settings\ScanInfo.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Programmi\AdwareAlert\Settings\SelectedFolders.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Programmi\AdwareAlert\Settings\Settings.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\cygwin1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\Driver32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\New Text Document (14).txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\New Text Document (2).txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\servicelogon.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\servicesmgr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\svchostlogon.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\win32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\win32.dll~ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\winlogon.dll (Trojan.Agent) -> Quarantined and deleted successfully.
Avatar utente
andymaster
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: lun ott 13, 2008 8:02 am

Re: Desktop 'Vuoto'

Messaggioda Amantide » sab ott 18, 2008 4:26 pm

Ok, anche il Malwarebytes ha svolto il suo sporco lavoro. [^]

Ricordati di usarlo ogni tanto anche a scopo preventivo.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: Desktop 'Vuoto'

Messaggioda andymaster » sab ott 18, 2008 7:55 pm

Infatti!
Grazie mille ancora!!! [brindisi]
...non sono proprio a digiuno di queste cose, ma non mi era mai capitata un'infezione simile! Se non ci foste stati voi...
...ora devo risolvere ancora un problemino: non mi si aprono i link diretti dalle mail....

Ciao, Andrea
Avatar utente
andymaster
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: lun ott 13, 2008 8:02 am

Re: Desktop 'Vuoto'

Messaggioda andymaster » sab ott 18, 2008 8:15 pm

...lascia perdere...non sono degno di risposta...

Risolto...
Strumenti>>Opzioni Internet>>Programmi ... ecc ecc

Ciao, Andrea
Avatar utente
andymaster
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: lun ott 13, 2008 8:02 am


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising