Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

URGENTE BISOGNO DI AIUTO

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

URGENTE BISOGNO DI AIUTO

Postdi 84alessia84 » 14/12/08 16:05

Buongiorno a tutti
il mio pc oggi è uscito pazzo...mi è spuntata una schermata nera con scritto WARMING DANGERUOS SPYWARE come sfondo del desktop...e da allora è stata la fine...è lentissimo si blocca continuamente e si aprono continuamente finestre internet per fare scansioni...di continuo...
Non riesco a fare niente...ma il pc è nuovo...volevocopiare il log d hijackthis sul sito per cancellare le voci che hanno comportato tutto cio' ma forse il mio virus è furbo..oltre ad aver disattivato l'antivirus non mi spunta nella pagina del log il tastino ANALIZZA...

Lo copio qui...aiutatemi..
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\VM305_STI.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Pando Networks\Pando\pando.exe
C:\Programmi\TomTom HOME 2\HOMERunner.exe
C:\documents and settings\utente\impostazioni locali\dati applicazioni\bbiwecqx.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ntdll64.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\utente\Desktop\Alessia\programmi per il pc\HijackThis.exe
C:\Documents and Settings\utente\Desktop\Alessia\programmi per il pc\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando] "C:\Programmi\Pando Networks\Pando\pando.exe" /Minimized
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [bbiwecqx] "c:\documents and settings\utente\impostazioni locali\dati applicazioni\bbiwecqx.exe" bbiwecqx
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Programmi\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Programmi\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\docume~1\utente\impost~1\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\utente\impost~1\temp\ntdll64.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextit.oberon-media.com/Game ... meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1870833-29E8-4E2E-885C-8434EF0F371F}: NameServer = 192.168.1.1,192.168.1.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Oggi mia sorella ha scaricato dei giochi...il problema è SICURO questo...
84alessia84
Newbie
 
Post: 7
Iscritto il: 14/12/08 15:56

Sponsor
 

Re: URGENTE BISOGNO DI AIUTO

Postdi Luke57 » 14/12/08 16:13

Ciao, disattiva l'antivirus e scarica combofix sul desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Poi clicca su start>esegui, nel box bianco copia e incolla questo comando, virgolette comprese:

"%userprofile%\desktop\combofix.exe" /killall

Premi OK, se tutto va bene parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , riavia in modalità normale e posta il contenuto del file.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: URGENTE BISOGNO DI AIUTO

Postdi 84alessia84 » 14/12/08 16:57

Ho fatto come mi hai detto, eccoti il log:

ComboFix 08-12-13.03 - utente 2008-12-14 16.43.21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.958.634 [GMT 1:00]
Eseguito da: c:\documents and settings\utente\desktop\combofix.exe
Interruttori di comando utilizzati :: /killall
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Condizioni generali.url
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Disinstalla.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Riservatezza.url
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\WebMediaPlayer.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Website.url
c:\documents and settings\utente\Dati applicazioni\inst.exe
c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\bbiwecqx.dat
c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\bbiwecqx.exe
c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\bbiwecqx_nav.dat
c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\bbiwecqx_navps.dat
c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\wqcmqulmw.dat
c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\wqcmqulmw_nav.dat
c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\wqcmqulmw_navps.dat
c:\documents and settings\utente\Menu Avvio\Programmi\Videos.url
c:\documents and settings\utente\Preferiti\Videos.url
c:\programmi\GamesBar\oberontb.dll
c:\programmi\webmediaplayer
c:\programmi\webmediaplayer\resources\wmp_translation_file.xml
c:\programmi\webmediaplayer\skins\classic.skn
c:\programmi\webmediaplayer\sqlite3.dll
c:\programmi\webmediaplayer\uninst.exe
c:\programmi\webmediaplayer\WebMediaPlayer.exe
c:\windows\system32\dibalcdn.dll
c:\windows\system32\frmwrk32.exe
c:\windows\system32\hkmWFfhk.ini
c:\windows\system32\hkmWFfhk.ini2
c:\windows\system32\iifgFXQh.dll
c:\windows\system32\khfFWmkh.dll
c:\windows\system32\ndclabid.ini
c:\windows\system32\ntdll64.exe
c:\windows\system32\tuvTmLbB.dll
c:\windows\system32\wvUnnMDu.dll
c:\windows\Tasks\tcsovqkz.job

.
((((((((((((((((((((((((( Files Creati Da 2008-11-14 al 2008-12-14 )))))))))))))))))))))))))))))))))))
.

2008-12-14 16:47 . 2008-12-14 16:47 <DIR> d-------- c:\windows\system32\xircom
2008-12-14 16:47 . 2008-12-14 16:47 <DIR> d-------- c:\programmi\microsoft frontpage
2008-12-14 16:39 . 2008-12-14 16:39 7,168 --ahs---- c:\windows\Thumbs.db
2008-12-14 15:28 . 2008-12-14 16:16 4,785 --a------ c:\windows\system32\warning.gif
2008-12-14 15:28 . 2008-12-14 16:16 1,347 --a------ c:\windows\system32\ahtn.htm
2008-12-14 15:28 . 2008-12-14 16:15 461 --a------ c:\windows\system32\win32hlp.cnf
2008-12-14 15:28 . 2008-12-14 15:28 1 --a------ c:\windows\system32\uniq.tll
2008-12-14 15:28 . 2008-12-14 15:28 1 --a------ c:\windows\system32\test.ttt
2008-12-13 14:47 . 2008-12-13 14:47 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Playrix Entertainment
2008-11-30 20:40 . 2008-11-30 20:40 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\wmp
2008-11-30 12:55 . 1998-07-30 18:43 306,176 --a------ c:\windows\IsUn0410.exe
2008-11-30 11:08 . 2008-11-30 11:08 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\TomTom
2008-11-30 11:07 . 2008-11-30 11:07 <DIR> d-------- c:\programmi\TomTom HOME 2
2008-11-30 11:07 . 2008-11-30 11:07 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\TomTom
2008-11-27 21:53 . 2008-11-27 21:53 <DIR> d-------- c:\programmi\Smart-Shopper
2008-11-27 21:53 . 2008-11-27 21:53 <DIR> d-------- c:\programmi\Pando Networks
2008-11-27 21:53 . 2008-12-06 19:50 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\Smart-Shopper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 15:47 --------- d-----w c:\programmi\eMule
2008-12-14 15:43 --------- d-----w c:\programmi\GamesBar
2008-12-14 15:41 --------- d-----w c:\documents and settings\utente\Dati applicazioni\AVG7
2008-12-14 15:41 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg7
2008-12-14 14:03 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-12-13 13:47 --------- d-----w c:\documents and settings\utente\Dati applicazioni\Zylom
2008-12-13 13:46 --------- d-----w c:\programmi\Zylom Games
2008-12-06 20:16 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\GamesBar
2008-11-30 12:46 --------- d-----w c:\documents and settings\utente\Dati applicazioni\mIRC
2008-08-17 16:10 774,144 ----a-w c:\programmi\RngInterstitial.dll
2008-01-02 20:07 92,064 ----a-w c:\documents and settings\utente\mqdmmdm.sys
2008-01-02 20:07 9,232 ----a-w c:\documents and settings\utente\mqdmmdfl.sys
2008-01-02 20:07 79,328 ----a-w c:\documents and settings\utente\mqdmserd.sys
2008-01-02 20:07 66,656 ----a-w c:\documents and settings\utente\mqdmbus.sys
2008-01-02 20:07 6,208 ----a-w c:\documents and settings\utente\mqdmcmnt.sys
2008-01-02 20:07 5,936 ----a-w c:\documents and settings\utente\mqdmwhnt.sys
2008-01-02 20:07 4,048 ----a-w c:\documents and settings\utente\mqdmcr.sys
2008-01-02 20:07 25,600 ----a-w c:\documents and settings\utente\usbsermptxp.sys
2008-01-02 20:07 22,768 ----a-w c:\documents and settings\utente\usbsermpt.sys
2008-01-02 19:49 47,360 ----a-w c:\documents and settings\utente\Dati applicazioni\pcouffin.sys
2007-09-09 21:05 22 ----a-w c:\programmi\zipnew.dat
2007-09-09 21:05 20 ----a-w c:\programmi\rarnew.dat
2004-12-26 18:35 627 ----a-w c:\programmi\Uninstall.lst
2004-12-26 18:34 97,280 ----a-w c:\programmi\Uninstall.exe
2004-12-26 18:34 96,656 ----a-w c:\programmi\Dos.SFX
2004-12-26 18:34 52,736 ----a-w c:\programmi\Default.SFX
2004-12-26 18:34 374,614 ----a-w c:\programmi\WinRAR.hlp
2004-12-26 18:34 35,840 ----a-w c:\programmi\Zip.SFX
2004-12-26 18:34 121,344 ----a-w c:\programmi\RarExt.dll
2004-12-26 18:33 847,360 ----a-w c:\programmi\WinRAR.exe
2004-12-26 18:33 39,936 ----a-w c:\programmi\WinCon.SFX
2004-12-26 18:33 297,984 ----a-w c:\programmi\Rar.exe
2004-12-26 18:33 196,096 ----a-w c:\programmi\UnRAR.exe
2004-12-26 18:33 11,181 ----a-w c:\programmi\WhatsNew.txt
2004-12-26 11:53 9,042 ----a-w c:\programmi\TechNote.txt
2004-12-26 11:53 63,032 ----a-w c:\programmi\Rar.txt
2004-12-26 11:53 502 ----a-w c:\programmi\File_Id.diz
2004-10-25 16:14 17,647 ----a-w c:\programmi\Order.htm
2004-09-02 07:58 8,955 ----a-w c:\programmi\WinRAR.cnt
2004-06-20 17:14 1,684 ----a-w c:\programmi\ReadMe.txt
2004-05-24 19:02 4,482 ----a-w c:\programmi\License.txt
2004-01-25 02:48 1,004,712 ----a-w c:\programmi\wrar330.exe
2004-01-22 16:35 835,584 ----a-w c:\programmi\WinRAR.exe.bak
2003-09-15 16:34 1,020 ----a-w c:\programmi\Descript.ion
2003-01-03 00:48 128 ----a-w c:\programmi\UnrarSrc.txt
2002-09-06 22:36 1,082 ----a-w c:\programmi\RarFiles.lst
2007-11-04 08:57 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2007-11-04 08:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
2007-08-03 14:22 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012007080320070804\index.dat
2007-11-04 08:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
.

------- Sigcheck -------

2008-12-14 15:28 111616 80e4dcba043dee8129d524bfeb8b864c c:\windows\system32\userinit.exe

2007-01-03 11:51 296960 f959d929a6a22d78e3a6851a9361ce18 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"Pando"="c:\programmi\Pando Networks\Pando\pando.exe" [2008-11-20 3647304]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\HOMERunner.exe" [2008-11-27 234856]
"eMuleAutoStart"="c:\programmi\eMule\emule.exe" [2007-05-13 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-16 86016]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"BigDog305"="c:\windows\VM305_STI.EXE" [2007-05-16 61440]
"nwiz"="nwiz.exe" [2006-08-16 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-10-11 c:\windows\system32\advpack.dll]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
InterVideo WinCinema Manager.lnk - c:\programmi\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-08-03 237568]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Programmi\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Motorola Phone Tools\\mPhonetools.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Documents and Settings\\utente\\Desktop\\mIRC.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Pando Networks\\Pando\\pando.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:192.168.1.100
"4672:UDP"= 4672:UDP:192.168.1.100
"58424:TCP"= 58424:TCP:Pando P2P TCP Listening Port
"58424:UDP"= 58424:UDP:Pando P2P UDP Listening Port
"1606:UDP"= 1606:UDP:Windows Media Format SDK (iexplore.exe)
"1607:UDP"= 1607:UDP:Windows Media Format SDK (iexplore.exe)
"1609:UDP"= 1609:UDP:Windows Media Format SDK (iexplore.exe)

R1 BIOS;BIOS;\??\c:\windows\system32\drivers\BIOS.sys [2007-08-03 13696]
R3 ZSMC0305;SUPER 188 PC CAMERA;c:\windows\system32\Drivers\usbVM305.sys [2007-08-13 391743]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{610d1112-bec6-11dd-98ea-00e04d2f1f95}]
\Shell\AutoRun\command - I:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8030e5d2-87b6-11dd-9860-00e04d2f1f95}]
\Shell\AutoRun\command - I:\xn1i9x.com
\Shell\explore\Command - I:\xn1i9x.com
\Shell\open\Command - I:\xn1i9x.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c76fc7ed-7af2-11dc-95eb-00e04d2f1f95}]
\Shell\AutoRun\command - I:\xn1i9x.com
\Shell\explore\Command - I:\xn1i9x.com
\Shell\open\Command - I:\xn1i9x.com
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{A2D260E7-ECBA-4051-84C2-E1491CEA3448} - c:\windows\system32\khfFWmkh.dll
HKCU-Run-bbiwecqx - c:\documents and settings\utente\impostazioni locali\dati applicazioni\bbiwecqx.exe
HKLM-Run-Framework Windows - frmwrk32.exe


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.libero.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Read with DeskBot
IE: {{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {4CF088BD-BE95-40a5-BE9B-677F8683EDEA} - c:\programmi\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
LSP: c:\docume~1\utente\IMPOST~1\Temp\ntdll64.dll
TCP: {A1870833-29E8-4E2E-885C-8434EF0F371F} = 192.168.1.1,192.168.1.2

c:\windows\Downloaded Program Files\OberonGameHost.dll - O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
hxxp://gamenextit.oberon-media.com/Game ... meHost.cab
c:\windows\Downloaded Program Files\OberonGameHost_dbg.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 16:47:19
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\SHSVCS.dll
c:\windows\system32\CLBCATQ.DLL

- - - - - - - > 'lsass.exe'(780)
c:\windows\system32\WLDAP32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\ipsecsvc.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
c:\windows\system32\wscntfy.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-14 16:49:56 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-14 15:49:54

Pre-Run: 10.075.910.144 byte disponibili
Post-Run: 11,232,538,624 byte disponibili

238 --- E O F --- 2008-01-08 21:18:01
84alessia84
Newbie
 
Post: 7
Iscritto il: 14/12/08 15:56

Re: URGENTE BISOGNO DI AIUTO

Postdi 84alessia84 » 14/12/08 17:55

E' tutto ok?
Adesso il pc sembra essere tornato alla normalita?
E' pura illusone?
84alessia84
Newbie
 
Post: 7
Iscritto il: 14/12/08 15:56

Re: URGENTE BISOGNO DI AIUTO

Postdi Luke57 » 14/12/08 18:03

Ciao, adesso apri un file di testo (start>esegui>notepad.exe (lo digiti nello spazio)>OK)
Ci incolli il seguente codice:

Codice: Seleziona tutto
File::
c:\windows\system32\warning.gif
c:\windows\system32\ahtn.htm
c:\windows\system32\win32hlp.cnf
c:\windows\system32\uniq.tll

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8030e5d2-87b6-11dd-9860-00e04d2f1f95}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c76fc7ed-7af2-11dc-95eb-00e04d2f1f95}]


chiamalo obbligatoriamente CFScript.txt e salvalo nella stessa direzione di combofix. Trascinalo con il puntatore del mouse sull'icona di combofix per una nuova scansione. Al riavvio del computer posta il nuovo report.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: URGENTE BISOGNO DI AIUTO

Postdi 84alessia84 » 14/12/08 18:28

Ecco il nuovo log..

ComboFix 08-12-13.03 - utente 2008-12-14 18:21:03.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.958.450 [GMT 1:00]
Eseguito da: c:\documents and settings\utente\Desktop\ComboFix.exe
Interruttori di comando utilizzati :: c:\documents and settings\utente\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

FILE ::
c:\windows\system32\ahtn.htm
c:\windows\system32\uniq.tll
c:\windows\system32\warning.gif
c:\windows\system32\win32hlp.cnf
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ahtn.htm
c:\windows\system32\uniq.tll
c:\windows\system32\warning.gif
c:\windows\system32\win32hlp.cnf

.
((((((((((((((((((((((((( Files Creati Da 2008-11-14 al 2008-12-14 )))))))))))))))))))))))))))))))))))
.

2008-12-14 16:47 . 2008-12-14 16:47 <DIR> d-------- c:\windows\system32\xircom
2008-12-14 16:47 . 2008-12-14 16:47 <DIR> d-------- c:\programmi\microsoft frontpage
2008-12-14 16:39 . 2008-12-14 16:56 7,168 --ahs---- c:\windows\Thumbs.db
2008-12-14 15:28 . 2008-12-14 15:28 1 --a------ c:\windows\system32\test.ttt
2008-12-13 14:47 . 2008-12-13 14:47 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Playrix Entertainment
2008-11-30 20:40 . 2008-11-30 20:40 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\wmp
2008-11-30 12:55 . 1998-07-30 18:43 306,176 --a------ c:\windows\IsUn0410.exe
2008-11-30 11:08 . 2008-11-30 11:08 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\TomTom
2008-11-30 11:07 . 2008-11-30 11:07 <DIR> d-------- c:\programmi\TomTom HOME 2
2008-11-30 11:07 . 2008-11-30 11:07 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\TomTom
2008-11-27 21:53 . 2008-11-27 21:53 <DIR> d-------- c:\programmi\Smart-Shopper
2008-11-27 21:53 . 2008-11-27 21:53 <DIR> d-------- c:\programmi\Pando Networks
2008-11-27 21:53 . 2008-12-06 19:50 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\Smart-Shopper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 15:53 --------- d-----w c:\programmi\eMule
2008-12-14 15:43 --------- d-----w c:\programmi\GamesBar
2008-12-14 15:41 --------- d-----w c:\documents and settings\utente\Dati applicazioni\AVG7
2008-12-14 15:41 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg7
2008-12-14 14:28 111,616 ----a-w c:\windows\system32\userinit.exe
2008-12-14 14:03 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-12-13 13:47 --------- d-----w c:\documents and settings\utente\Dati applicazioni\Zylom
2008-12-13 13:46 --------- d-----w c:\programmi\Zylom Games
2008-12-06 20:16 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\GamesBar
2008-11-30 12:46 --------- d-----w c:\documents and settings\utente\Dati applicazioni\mIRC
2008-08-17 16:10 774,144 ----a-w c:\programmi\RngInterstitial.dll
2008-01-02 20:07 92,064 ----a-w c:\documents and settings\utente\mqdmmdm.sys
2008-01-02 20:07 9,232 ----a-w c:\documents and settings\utente\mqdmmdfl.sys
2008-01-02 20:07 79,328 ----a-w c:\documents and settings\utente\mqdmserd.sys
2008-01-02 20:07 66,656 ----a-w c:\documents and settings\utente\mqdmbus.sys
2008-01-02 20:07 6,208 ----a-w c:\documents and settings\utente\mqdmcmnt.sys
2008-01-02 20:07 5,936 ----a-w c:\documents and settings\utente\mqdmwhnt.sys
2008-01-02 20:07 4,048 ----a-w c:\documents and settings\utente\mqdmcr.sys
2008-01-02 20:07 25,600 ----a-w c:\documents and settings\utente\usbsermptxp.sys
2008-01-02 20:07 22,768 ----a-w c:\documents and settings\utente\usbsermpt.sys
2008-01-02 19:49 47,360 ----a-w c:\documents and settings\utente\Dati applicazioni\pcouffin.sys
2007-09-09 21:05 22 ----a-w c:\programmi\zipnew.dat
2007-09-09 21:05 20 ----a-w c:\programmi\rarnew.dat
2004-12-26 18:35 627 ----a-w c:\programmi\Uninstall.lst
2004-12-26 18:34 97,280 ----a-w c:\programmi\Uninstall.exe
2004-12-26 18:34 96,656 ----a-w c:\programmi\Dos.SFX
2004-12-26 18:34 52,736 ----a-w c:\programmi\Default.SFX
2004-12-26 18:34 374,614 ----a-w c:\programmi\WinRAR.hlp
2004-12-26 18:34 35,840 ----a-w c:\programmi\Zip.SFX
2004-12-26 18:34 121,344 ----a-w c:\programmi\RarExt.dll
2004-12-26 18:33 847,360 ----a-w c:\programmi\WinRAR.exe
2004-12-26 18:33 39,936 ----a-w c:\programmi\WinCon.SFX
2004-12-26 18:33 297,984 ----a-w c:\programmi\Rar.exe
2004-12-26 18:33 196,096 ----a-w c:\programmi\UnRAR.exe
2004-12-26 18:33 11,181 ----a-w c:\programmi\WhatsNew.txt
2004-12-26 11:53 9,042 ----a-w c:\programmi\TechNote.txt
2004-12-26 11:53 63,032 ----a-w c:\programmi\Rar.txt
2004-12-26 11:53 502 ----a-w c:\programmi\File_Id.diz
2004-10-25 16:14 17,647 ----a-w c:\programmi\Order.htm
2004-09-02 07:58 8,955 ----a-w c:\programmi\WinRAR.cnt
2004-06-20 17:14 1,684 ----a-w c:\programmi\ReadMe.txt
2004-05-24 19:02 4,482 ----a-w c:\programmi\License.txt
2004-01-25 02:48 1,004,712 ----a-w c:\programmi\wrar330.exe
2004-01-22 16:35 835,584 ----a-w c:\programmi\WinRAR.exe.bak
2003-09-15 16:34 1,020 ----a-w c:\programmi\Descript.ion
2003-01-03 00:48 128 ----a-w c:\programmi\UnrarSrc.txt
2002-09-06 22:36 1,082 ----a-w c:\programmi\RarFiles.lst
2007-11-04 08:57 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2007-11-04 08:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
2007-08-03 14:22 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012007080320070804\index.dat
2007-11-04 08:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"Pando"="c:\programmi\Pando Networks\Pando\pando.exe" [2008-11-20 3647304]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\HOMERunner.exe" [2008-11-27 234856]
"eMuleAutoStart"="c:\programmi\eMule\emule.exe" [2007-05-13 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-16 86016]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"BigDog305"="c:\windows\VM305_STI.EXE" [2007-05-16 61440]
"nwiz"="nwiz.exe" [2006-08-16 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-10-11 c:\windows\system32\advpack.dll]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
InterVideo WinCinema Manager.lnk - c:\programmi\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-08-03 237568]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Programmi\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Motorola Phone Tools\\mPhonetools.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Documents and Settings\\utente\\Desktop\\mIRC.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Pando Networks\\Pando\\pando.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:192.168.1.100
"4672:UDP"= 4672:UDP:192.168.1.100
"58424:TCP"= 58424:TCP:Pando P2P TCP Listening Port
"58424:UDP"= 58424:UDP:Pando P2P UDP Listening Port
"1606:UDP"= 1606:UDP:Windows Media Format SDK (iexplore.exe)
"1607:UDP"= 1607:UDP:Windows Media Format SDK (iexplore.exe)
"1609:UDP"= 1609:UDP:Windows Media Format SDK (iexplore.exe)

R1 BIOS;BIOS;\??\c:\windows\system32\drivers\BIOS.sys [2007-08-03 13696]
R3 ZSMC0305;SUPER 188 PC CAMERA;c:\windows\system32\Drivers\usbVM305.sys [2007-08-13 391743]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{610d1112-bec6-11dd-98ea-00e04d2f1f95}]
\Shell\AutoRun\command - I:\InstallTomTomHOME.exe
.
.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.libero.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Read with DeskBot
IE: {{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {4CF088BD-BE95-40a5-BE9B-677F8683EDEA} - c:\programmi\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
TCP: {A1870833-29E8-4E2E-885C-8434EF0F371F} = 192.168.1.1,192.168.1.2

c:\windows\Downloaded Program Files\OberonGameHost.dll - O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
hxxp://gamenextit.oberon-media.com/Game ... meHost.cab
c:\windows\Downloaded Program Files\OberonGameHost_dbg.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 18:23:10
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\SHSVCS.dll
c:\windows\system32\CLBCATQ.DLL

- - - - - - - > 'lsass.exe'(776)
c:\windows\system32\WLDAP32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\ipsecsvc.dll
.
Ora fine scansione: 2008-12-14 18:24:07
ComboFix-quarantined-files.txt 2008-12-14 17:23:40
ComboFix2.txt 2008-12-14 15:49:57

Pre-Run: 11,197,956,096 byte disponibili
Post-Run: 11,198,009,344 byte disponibili

181 --- E O F --- 2008-01-08 21:18:01
84alessia84
Newbie
 
Post: 7
Iscritto il: 14/12/08 15:56

Re: URGENTE BISOGNO DI AIUTO

Postdi 84alessia84 » 14/12/08 21:15

C'e' nessunooo?
Coma va il log?
84alessia84
Newbie
 
Post: 7
Iscritto il: 14/12/08 15:56

Re: URGENTE BISOGNO DI AIUTO

Postdi -> EleKtrA <- » 14/12/08 21:37

Ciao 84alessia84, lo script di Combofix ha funzionato benissimo.
Allega un nuovo log di hijackthis come controllo ;)
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: URGENTE BISOGNO DI AIUTO

Postdi 84alessia84 » 14/12/08 21:46

Eccotelo...grazie mille ragazzi, non so come ringraziarvi..

Logfile of HijackThis v1.99.1
Scan saved at 21:45, on 2008-12-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\VM305_STI.EXE
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\TomTom HOME 2\HOMERunner.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programmi\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
C:\Programmi\Nero\Nero 7\Core\nero.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\utente\Desktop\Alessia\programmi per il pc\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando] "C:\Programmi\Pando Networks\Pando\pando.exe" /Minimized
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Programmi\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextit.oberon-media.com/Game ... meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1870833-29E8-4E2E-885C-8434EF0F371F}: NameServer = 192.168.1.1,192.168.1.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
84alessia84
Newbie
 
Post: 7
Iscritto il: 14/12/08 15:56

Re: URGENTE BISOGNO DI AIUTO

Postdi Zlatan_Andria » 16/12/08 11:14

84alessia84 ha scritto:Buongiorno a tutti
il mio pc oggi è uscito pazzo...mi è spuntata una schermata nera con scritto WARMING DANGERUOS SPYWARE come sfondo del desktop...e da allora è stata la fine...è lentissimo si blocca continuamente e si aprono continuamente finestre internet per fare scansioni...di continuo...
Non riesco a fare niente...ma il pc è nuovo...volevocopiare il log d hijackthis sul sito per cancellare le voci che hanno comportato tutto cio' ma forse il mio virus è furbo..oltre ad aver disattivato l'antivirus non mi spunta nella pagina del log il tastino ANALIZZA...

Lo copio qui...aiutatemi..
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\VM305_STI.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Pando Networks\Pando\pando.exe
C:\Programmi\TomTom HOME 2\HOMERunner.exe
C:\documents and settings\utente\impostazioni locali\dati applicazioni\bbiwecqx.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ntdll64.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\utente\Desktop\Alessia\programmi per il pc\HijackThis.exe
C:\Documents and Settings\utente\Desktop\Alessia\programmi per il pc\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando] "C:\Programmi\Pando Networks\Pando\pando.exe" /Minimized
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [bbiwecqx] "c:\documents and settings\utente\impostazioni locali\dati applicazioni\bbiwecqx.exe" bbiwecqx
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Programmi\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Programmi\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\docume~1\utente\impost~1\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\utente\impost~1\temp\ntdll64.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextit.oberon-media.com/Game ... meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1870833-29E8-4E2E-885C-8434EF0F371F}: NameServer = 192.168.1.1,192.168.1.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Oggi mia sorella ha scaricato dei giochi...il problema è SICURO questo...


Salve a tutti, sono un nuovo utente

Ho letto per caso questo topic, ed ho anche io lo stesso problema dell'utente 84alessia84, però il mio PC non si collega più in rete :roll:.....e sto utilizzando la rete dall' ufficio dove lavoro !!!
Va bene la stessa procedura o no ???

HELP ME, PLEASE !!!!
Zlatan_Andria
Newbie
 
Post: 3
Iscritto il: 16/12/08 10:57
Località: Andria (BA)

Re: URGENTE BISOGNO DI AIUTO

Postdi quizface » 16/12/08 13:22

Dovrebbe.... :roll: :roll: non ti resta che provare...che ti costa?
Se non siete sicuri di quello che scrivete, non scrivete niente, nessuno vi obbliga ed eviterete di confondere chi gia' e' confuso. Ciao..ciao

Immagine
Avatar utente
quizface
Utente Senior
 
Post: 14160
Iscritto il: 03/10/04 00:36

Re: URGENTE BISOGNO DI AIUTO

Postdi Zlatan_Andria » 17/12/08 20:12

quizface ha scritto:Dovrebbe.... :roll: :roll: non ti resta che provare...che ti costa?


E' Andato tutto bene, ho risolto.....Il Figlio di Trojan :D se n'è andato !!! :)

GRAZIE anche da parte mia Luke57 e quizface !!!! ;)
Zlatan_Andria
Newbie
 
Post: 3
Iscritto il: 16/12/08 10:57
Località: Andria (BA)


Torna a Sicurezza e Privacy


Topic correlati a "URGENTE BISOGNO DI AIUTO":


Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti