Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Aiuto!!Beagle-AHD

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Aiuto!!Beagle-AHD

Messaggioda ligabeppe » lun feb 02, 2009 7:53 pm

Ciao a tutti,
premetto che sono un principiante al computer...

Ho preso questo virus Beagle-AHD che Avast mi segnala all'infinito...ho letto un po nel forum ed ho visto che non sono l'unico...

a me segnalava il virus nella cartella
c/documentandsetting/giuseppe/dati applicazioni/driver/download

e all'interno di questa cartella che era nascosta era pieno di file !

Ho usato il programma findkill che sembrava mi avesse risolto il problema ieri sera...pero' oggi mi ricollego e mi ritorna sempre sto Beagle ma stavolta me lo segnala nella cartella
c/system volume information/restore....

e io questa cartella non ce l'ho...

non so cosa fare potete darmi una mano pf???

grazie 1000

ciao Beppe
Avatar utente
ligabeppe
Aficionado
Aficionado
 
Messaggi: 38
Iscritto il: gio set 28, 2006 1:44 am

Re: Aiuto!!Beagle-AHD

Messaggioda ligabeppe » lun feb 02, 2009 11:24 pm

vi inoltro Hijack e combofix
che devo fare ??

grazie 1000!!
Ultima modifica di ligabeppe il mar feb 03, 2009 8:19 am, modificato 1 volta in totale.
Avatar utente
ligabeppe
Aficionado
Aficionado
 
Messaggi: 38
Iscritto il: gio set 28, 2006 1:44 am

Re: Aiuto!!Beagle-AHD

Messaggioda ste_95 » mar feb 03, 2009 7:29 am

Correggi i tuoi log seguendo queste regole. Grazie.

Disabilita il ripristino configurazione di sistema.
Sei fortunato perché il malware non si è installato completamente, e non ti ha fatto danni. [^]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am


Re: Aiuto!!Beagle-AHD

Messaggioda ligabeppe » mar feb 03, 2009 8:08 am

CIAO
scusami ma non sono pratico...

ti riallego i file spero nel sistema corretto....

cosa mi consigli di fare?

grazie 1000
buona giornata
Beppe

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:48:06, on 01.02.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\essspk.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.live.com/ppsecure/post.sr ... 1213726813
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Provided by Tele2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AnyDVD] D:\Anydvd 4.1.0.1\Crack\AnyDVD.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VoipBuster] "C:\programmi\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://chkr-web.ifolor.net/ORDERINGGENE ... r_chkr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-CH/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0500045643
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6462483933
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/ch/it/importer/ImageUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoworld.it/public/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\programmi\a-squared free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10843 bytes



ComboFix 09-02-02.03 - Giuseppe Tocci 2009-02-02 21:23:16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1024.423 [GMT 1:00]
Eseguito da: c:\documents and settings\Giuseppe Tocci\Desktop\Documenti Beppe\combo77.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ftpupd.exe
c:\windows\system32\msssc.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_LOG
-------\Service_Windows Log


((((((((((((((((((((((((( Files Creati Da 2009-01-02 al 2009-02-02 )))))))))))))))))))))))))))))))))))
.

2009-02-01 22:51 . 2009-02-02 00:54 <DIR> d-------- c:\programmi\FindyKill
2009-02-01 22:47 . 2009-02-01 22:47 <DIR> d-------- c:\programmi\Trend Micro
2009-02-01 17:30 . 2009-02-02 21:33 729,120 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-02-01 17:30 . 2009-02-02 21:28 10,568 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-02-01 17:26 . 2009-02-01 17:26 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\MailFrontier
2009-02-01 17:26 . 2008-07-09 09:05 75,248 --a------ c:\windows\zllsputility.exe
2009-02-01 17:26 . 2008-07-09 09:05 54,672 --a------ c:\windows\system32\vsutil_loc0410.dll
2009-02-01 17:26 . 2008-07-09 09:05 42,384 --a------ c:\windows\zllsputility_loc0410.dll
2009-02-01 17:26 . 2008-07-09 09:05 21,904 --a------ c:\windows\system32\imsinstall_loc0410.dll
2009-02-01 17:26 . 2008-07-09 09:05 17,808 --a------ c:\windows\system32\imslsp_install_loc0410.dll
2009-02-01 17:26 . 2004-04-27 04:40 11,264 --a------ c:\windows\system32\SpOrder.dll
2009-02-01 17:26 . 2009-02-01 17:28 4,212 ---h----- c:\windows\system32\zllictbl.dat
2009-02-01 17:25 . 2009-02-01 17:25 <DIR> d-------- c:\programmi\Zone Labs
2009-02-01 17:24 . 2009-02-02 21:18 <DIR> d-------- c:\windows\Internet Logs
2009-01-04 12:15 . 2009-01-04 12:15 <DIR> d-------- c:\programmi\CCleaner
2009-01-03 15:24 . 2009-01-03 15:25 <DIR> d-------- c:\programmi\Disk Cleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-01 17:34 1,343,488 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-01-31 07:48 --------- d-----w c:\programmi\Cacheman
2009-01-03 14:29 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-01-01 19:34 --------- d-----w c:\programmi\Lphant
2008-12-18 22:46 --------- d-----w c:\documents and settings\Giuseppe Tocci\Dati applicazioni\DVD Shrink
2008-12-18 18:08 --------- d-----w c:\programmi\Ahead
2008-12-18 17:54 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-12-18 17:45 --------- d-----w c:\programmi\a-squared Free
2008-12-18 05:48 --------- d-----w c:\programmi\Java
2008-12-18 05:47 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\ifolor
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-04-24 16:48 98,696 ----a-w c:\documents and settings\Giuseppe Tocci\Dati applicazioni\GDIPFONTCACHEV1.DAT
2006-05-13 08:08 341 ---ha-w c:\documents and settings\Giuseppe Tocci\hpothb07.dat
2005-03-23 17:52 19,885,056 ----a-w c:\programmi\eTax_ticino04_inst_Win_CD.exe
2004-11-26 19:08 836 ----a-w c:\documents and settings\Giuseppe Tocci\Dati applicazioni\ViewerApp.dat
2004-11-01 10:03 2,636,408 ----a-w c:\programmi\aawsepersonal.exe
2008-10-03 21:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008100320081004\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PcSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"CTSyncU.exe"="c:\programmi\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\ati-cpanel\atiptaxx.exe" [2003-06-05 335872]
"Microsoft Works Update Detection"="c:\programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe" [2002-08-07 28672]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"PCSuiteTrayApplication"="c:\programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-08-13 185896]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Smapp"="c:\programmi\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"EssSpkPhone"="essspk.exe" [2001-10-19 c:\windows\essspk.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BlueSoleil.lnk - c:\programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-06-08 1044480]
hp psc 1000 series.lnk - c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2003-08-29 83360]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2004-12-16 118784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\BitTorrent_DNA\\dna.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\Lphant\\eLePhantClient.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-01 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-01 20560]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [2008-08-07 112835]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2008-06-30 45696]
S3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [2008-08-07 5325]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2008-06-30 56960]
.
Contenuto della cartella 'Scheduled Tasks'

2009-01-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2005-09-16 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1117907600.job
- c:\programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-VoipBuster - c:\programmi\voipbuster.com\voipbuster\voipbuster.exe
HKCU-Run-Uniblue RegistryBooster 2 - c:\programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKLM-Run-AnyDVD - d:\anydvd 4.1.0.1\Crack\AnyDVD.exe
HKU-Default-Run-msvsc32 - MSDEV.EXE
MSConfigStartUp-VoipBuster - c:\programmi\VoipBuster.com\VoipBuster\VoipBuster.exe


.
------- Scansione supplementare -------
.
uStart Page = https://login.live.com/ppsecure/post.sr ... 1213726813
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mStart Page = hxxp://home.sweetim.com
mWindow Title = Microsoft Internet Explorer - Provided by Tele2
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} - hxxp://chkr-web.ifolor.net/ORDERINGGENE ... r_chkr.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-02 21:30:23
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,4f,40,b3,f4,b7,
97,dd,51,c8,28,51,af,b0,29,a3,98,ef,d0,89,4c,5a,58,af,76,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,99,49,d5,32,62,
48,3e,76,71,3b,04,66,8b,46,0d,96,e0,02,97,b6,0c,ee,75,6a,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,60,31,9c,e4,a1,
c8,56,1e,25,da,ec,7e,55,20,c9,26,3e,c7,4d,0c,be,19,54,33,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,7d,7d,66,de,3d,
84,e0,21,3e,1e,9e,e0,57,5a,93,61,d0,54,90,65,71,2c,7d,4b,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,e0,4d,4a,d1,99,
e9,13,f6,cd,44,cd,b9,a6,33,6c,cd,7f,c5,1d,3a,b5,1a,21,72,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,1e,32,e5,17,0a,
47,97,fd,b0,18,ed,a7,3f,8d,37,a4,8a,69,00,ec,b8,ef,22,fd,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,d1,75,b3,21,8c,
22,26,c4,31,77,e1,ba,b1,f8,68,02,ff,df,18,96,d5,f3,05,b4,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,33,21,19,9e,45,
55,17,ed,83,6c,56,8b,a0,85,96,ab,71,6f,d9,1f,67,83,86,80,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,32,a8,ff,75,1d,
82,95,3f,51,fa,6e,91,28,9e,14,cc,07,99,61,c2,0b,2a,1f,75,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,76,dc,ec,99,09,
0c,ba,a1,b1,cd,45,5a,a8,c4,f8,b9,5f,37,a1,1d,78,70,44,66,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,e0,a2,21,a1,ce,
98,a7,e8,e3,0e,66,d5,eb,bc,2f,6b,b9,c0,ab,a3,8d,26,0d,97,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,fa,08,ef,39,46,
49,80,c6,fa,ea,66,7f,d4,3b,6b,70,c4,84,82,23,53,d9,46,0d,6c,43,2d,1e,aa,22,\
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\IVT Corporation\BlueSoleil\BTNtService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\CTSVCCDA.EXE
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\programmi\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
c:\programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
c:\programmi\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Ora fine scansione: 2009-02-02 21:37:42 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-02-02 20:37:37

Pre-Run: 49'525'874'688 byte disponibili
Post-Run: 49,449,074,688 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

246 --- E O F --- 2009-02-02 02:02:53




Avatar utente
ligabeppe
Aficionado
Aficionado
 
Messaggi: 38
Iscritto il: gio set 28, 2006 1:44 am

Re: Aiuto!!Beagle-AHD

Messaggioda ste_95 » mar feb 03, 2009 8:10 am

ligabeppe ha scritto:CIAO
scusami ma non sono pratico...

ti riallego i file spero nel sistema corretto....

Esatto, questo è il modo giusto. Ora clicca su Modifica nel tuo messaggio, e correggilo.
Se hai svuotato il ripristino configurazione di sistema, nient'altro, sei a posto. [^]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Aiuto!!Beagle-AHD

Messaggioda ligabeppe » mar feb 03, 2009 8:22 am

...ora l'ho modificato...scusami ancora... [^]

non ho ancora fatto l'operazione di svuotare il ripristino....secondo te basta quello e poi riattivarlo senza fare nient'altro?

come ti sembrano i file che ti ho allegato?? sono positivi??

grazie 1000 e scusa il disturbo
Avatar utente
ligabeppe
Aficionado
Aficionado
 
Messaggi: 38
Iscritto il: gio set 28, 2006 1:44 am

Re: Aiuto!!Beagle-AHD

Messaggioda ste_95 » mar feb 03, 2009 8:31 am

ligabeppe ha scritto:non ho ancora fatto l'operazione di svuotare il ripristino....secondo te basta quello e poi riattivarlo senza fare nient'altro?

Sì. [^]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Aiuto!!Beagle-AHD

Messaggioda ligabeppe » mar feb 03, 2009 8:35 am

ok stasera appena arrivo a casa provo e ti faccio sapere..


grazie 1000 in anticipo
Avatar utente
ligabeppe
Aficionado
Aficionado
 
Messaggi: 38
Iscritto il: gio set 28, 2006 1:44 am

Re: Aiuto!!Beagle-AHD

Messaggioda ligabeppe » mer feb 04, 2009 7:50 am

ciao!

Ho disattivato il ripristino configurazione di sistema come consigliato, ho riavviato il pc ed ho subito riattivato il ripristino...

ora sembra andare..almeno il pc ha passato una notte indenne... [^]

grazie 1000
Avatar utente
ligabeppe
Aficionado
Aficionado
 
Messaggi: 38
Iscritto il: gio set 28, 2006 1:44 am

Re: Aiuto!!Beagle-AHD

Messaggioda ste_95 » mer feb 04, 2009 2:46 pm

[^]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising