Condividi:        

Problemi doppia connesione

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Problemi doppia connesione

Postdi burberix » 19/09/10 09:05

Buongiorno a tutti, ieri erroneamente ho aperto un file exe, mi sono apparse due icone strane sul desktop che non riesco a togliere, non solo mi sono apparse anche due notifiche di connessione.
Ho eseguito scansione con hija che vi allego potete dirmi cosa posso fare per eliminare questo problema?
Grazie

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9.56.23, on 19/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\Programmi\AVG\AVG9\avgchsvx.exe
G:\Programmi\AVG\AVG9\avgrsx.exe
G:\Programmi\AVG\AVG9\avgcsrvx.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\ASUS\Six Engine\SixEngine.exe
G:\PROGRA~1\AVG\AVG9\avgtray.exe
G:\Programmi\Microsoft Student\Microsoft Encarta 2009 - Premium + Student DVD\EDICT.EXE
G:\Programmi\Messenger\msmsgs.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Documents and Settings\andrea\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.29\GoogleCrashHandler.exe
G:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\WINDOWS\SYSTEM32\astsrv.exe
G:\Programmi\AVG\AVG9\avgwdsvc.exe
G:\Programmi\Bonjour\mDNSResponder.exe
G:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S30RP1.EXE
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\Programmi\Java\jre6\bin\jqs.exe
G:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\IoctlSvc.exe
G:\WINDOWS\System32\svchost.exe
G:\Programmi\AVG\AVG9\avgnsx.exe
G:\Programmi\Photodex\ProShowProducer\ScsiAccess.exe
G:\WINDOWS\system32\svchost.exe
G:\Programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
G:\Programmi\Canon\CAL\CALMAIN.exe
G:\Programmi\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
G:\WINDOWS\system32\wbem\wmiapsrv.exe
G:\WINDOWS\System32\svchost.exe
G:\Documents and Settings\andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
G:\Documents and Settings\andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
G:\Documents and Settings\andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
G:\Documents and Settings\andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
G:\Documents and Settings\andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
G:\Documents and Settings\andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
G:\Documents and Settings\andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
G:\Documents and Settings\andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
G:\WINDOWS\system32\msiexec.exe
G:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/403
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - G:\Programmi\myBabylon_English\tbmyB1.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - G:\Programmi\Orbitdownloader\orbitcth.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - G:\Programmi\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - G:\Programmi\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - G:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - G:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - G:\Programmi\myBabylon_English\tbmyB1.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - G:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - G:\Programmi\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - G:\Programmi\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - G:\Programmi\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - G:\Programmi\myBabylon_English\tbmyB1.dll
O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - G:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll
O4 - HKLM\..\Run: [Six Engine] "G:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [ASUS Update Checker] G:\Programmi\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "G:\Programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "G:\Programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] G:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] G:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [L09IXLRD_4767375] "G:\Programmi\Microsoft Student\Microsoft Encarta 2009 - Premium + Student DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [Google Update] "G:\Documents and Settings\andrea\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "G:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://G:\Programmi\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://G:\Programmi\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://G:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Aggiungi a PDF esistente - res://G:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://G:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://G:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://G:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://G:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://G:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://G:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://G:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://G:\Programmi\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://G:\Programmi\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica link utilizzando Mega Manager... - G:\Programmi\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - G:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - G:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - G:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Selezione intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - G:\Programmi\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Programmi\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - G:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: g:\progra~1\wi9130~1\datamngr\datamngr.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - G:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - G:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - G:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - G:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - G:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - G:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - G:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - G:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - G:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - G:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - g:\windows\system32\mssrv32.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - G:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - G:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - G:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ScsiAccess - Unknown owner - G:\Programmi\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - G:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - G:\Programmi\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - G:\Programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 14673 bytes
burberix
Utente Junior
 
Post: 21
Iscritto il: 12/06/06 13:22

Sponsor
 

Re: Problemi doppia connesione

Postdi Luke57 » 19/09/10 10:37

Ciao, ti ho cancellato il report degli ADS che non serve a granchè. Innanzi tutto disistalla le numerose toolbar che hai sul computer, poi apri hijackthis, disconnesso da internet e con le applicazioni chiuse, premi "do a system scan only", cerca e spunta le voci seguenti (non ti segnalo tutte quelle riferite alle toolbar):

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - G:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll
O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - G:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - g:\windows\system32\mssrv32.exe (file missing)

premi fix checked

Poi da start>esegui>copia e incolla nello spazio questi due comandi in neretto uno dietro l'altro

sc stop msupdate> premi OK
sc delete msupdate> premi OK

Poi scarica malwarebytes da qui:
http://www.malwarebytes.org/

installalo e aggiornalo. Fai una scansione completa del disco fisso, al termine della scansione sarà rilasciato un log, copialo e incollalo in un post.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Problemi doppia connesione

Postdi burberix » 19/09/10 14:47

ci ha messo un bel po' ecco il risultato
Al riavvio del pc mi compaioni sempre due connessione


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4650

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19/09/2010 15.41.37
mbam-log-2010-09-19 (15-41-37).txt

Tipo di scansione: Scansione completa (C:\|F:\|G:\|H:\|J:\|)
Elementi esaminati: 909936
Tempo trascorso: 3 ore, 43 minuti, 31 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 2
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 29

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msupdate (Rootkit.Agent) -> No action taken.

Valori di registro infetti:
HKEY_CURRENT_USER\Software\Microsoft\bk (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\idln2 (Malware.Trace) -> No action taken.

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
F:\Documents and Settings\Administrator\Impostazioni locali\Temp\winasnet.tmp (Trojan.Injector) -> No action taken.
F:\Programmi\FileRescue Pro\Media\patch.exe (Trojan.Downloader) -> No action taken.
F:\Programmi\FileRescue Pro\Media\Crack\patch.exe (Trojan.Downloader) -> No action taken.
F:\System Volume Information\_restore{98A9FEE2-E537-4C69-9FE8-6F968A11C19D}\RP54\A0002310.dll (Adware.Seekmo) -> No action taken.
F:\System Volume Information\_restore{98A9FEE2-E537-4C69-9FE8-6F968A11C19D}\RP54\A0002295.dll (Adware.Seekmo) -> No action taken.
F:\System Volume Information\_restore{98A9FEE2-E537-4C69-9FE8-6F968A11C19D}\RP54\A0002298.dll (Adware.Seekmo) -> No action taken.
F:\System Volume Information\_restore{98A9FEE2-E537-4C69-9FE8-6F968A11C19D}\RP54\A0002299.exe (Adware.Seekmo) -> No action taken.
F:\System Volume Information\_restore{98A9FEE2-E537-4C69-9FE8-6F968A11C19D}\RP54\A0002305.exe (Adware.Seekmo) -> No action taken.
F:\System Volume Information\_restore{98A9FEE2-E537-4C69-9FE8-6F968A11C19D}\RP54\A0002306.dll (Adware.Seekmo) -> No action taken.
F:\System Volume Information\_restore{98A9FEE2-E537-4C69-9FE8-6F968A11C19D}\RP54\A0002307.exe (Adware.Seekmo) -> No action taken.
F:\System Volume Information\_restore{98A9FEE2-E537-4C69-9FE8-6F968A11C19D}\RP54\A0002308.dll (Adware.Zango) -> No action taken.
F:\System Volume Information\_restore{98A9FEE2-E537-4C69-9FE8-6F968A11C19D}\RP54\A0002309.exe (Adware.Seekmo) -> No action taken.
F:\System Volume Information\_restore{98A9FEE2-E537-4C69-9FE8-6F968A11C19D}\RP54\A0002312.dll (Adware.Seekmo) -> No action taken.
F:\System Volume Information\_restore{98A9FEE2-E537-4C69-9FE8-6F968A11C19D}\RP54\A0002334.dll (Adware.Seekmo) -> No action taken.
F:\System Volume Information\_restore{98A9FEE2-E537-4C69-9FE8-6F968A11C19D}\RP54\A0002351.dll (Adware.Seekmo) -> No action taken.
F:\System Volume Information\_restore{98A9FEE2-E537-4C69-9FE8-6F968A11C19D}\RP87\A0003166.exe (Adware.Seekmo) -> No action taken.
G:\Documents and Settings\andrea\Documenti\Abbyy Finereader Professional\ABBYY_FineReader_9\ABBYY FineReader 9\NoPE\abbyy.finereader.professional.multilanguage.9.0.0.662-NoPE\abbyy.finereader.professional.multilanguage.9.0.0.662-NoPE.exe (Trojan.Downloader) -> No action taken.
G:\Documents and Settings\andrea\Documenti\download\TunUUti.2010.90420016_edi67\TuneUp.Utilities.2010.9.0.4200.16\Keygen.exe (Trojan.Agent.CK) -> No action taken.
G:\Documents and Settings\andrea\Documenti\download\TUUT10\Keygen\keygen.exe (Trojan.Agent.CK) -> No action taken.
G:\Documents and Settings\andrea\Documenti\Downloads\Sony Vegas Pro 9.0e - mashem\Keygen.exe (Trojan.Agent.CK) -> No action taken.
G:\Documents and Settings\andrea\Documenti\Scarica da megaupload\office 2010\Office 2010 KeyGen 1.1\Office 2010 KeyGen 1.1\mini-KMS_Activator_v1.1_Office.2010.VL.ENG.exe (Riskware.Keygen) -> No action taken.
G:\Programmi\eMule\Incoming\Photodex.ProShow.Producer.v4.1.2737\Photodex ProShow Producer v4.1.2737\keygen.exe (Trojan.Agent.CK) -> No action taken.
G:\System Volume Information\_restore{B9CAFE93-8F06-48E0-A6A0-00969640B90F}\RP222\A0039567.exe (Trojan.Agent) -> No action taken.
G:\System Volume Information\_restore{B9CAFE93-8F06-48E0-A6A0-00969640B90F}\RP222\A0039588.exe (Rootkit.Agent) -> No action taken.
J:\Documents and Settings\User\Documenti\Downloads\Sony Vegas PRO 9.0 Build 562 32-64bit\Keygen.exe (Trojan.Agent.CK) -> No action taken.
J:\Programmi\DAEMON Tools\SetupDTSB.exe (Adware.WhenU) -> No action taken.
J:\System Volume Information\_restore{B9CAFE93-8F06-48E0-A6A0-00969640B90F}\RP214\A0037599.exe (Trojan.Agent.CK) -> No action taken.
J:\WINDOWS\system32\iasads32.dll (Malware.Packer.Gen) -> No action taken.
G:\WINDOWS\system32\Userinitxx.exe (Trojan.Agent) -> No action taken.
burberix
Utente Junior
 
Post: 21
Iscritto il: 12/06/06 13:22

Re: Problemi doppia connesione

Postdi Luke57 » 19/09/10 14:58

Ciao, riapri malwarebytes, seleziona le infezioni trovare e premi Rimuovi elementi selezionati. Poi Scarica Combofix da qui, mettilo sul sul desktop del computer
http://www.bleepingcomputer.com/combofi ... e-combofix

all'interno della pagina troverai una guida sul corretto utilizzo del programma, leggila attentamente.
Non installare la Console di Ripristino.

Portati, finita la scansione, in C:\ apri il file di testo ComboFix.txt copia ed incolla il suo contenuto in un prossimo post.

NB
durante la rimozione non dev'essere attiva la connessione internet e l'antivirus dev'essere disattivato.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Problemi doppia connesione

Postdi burberix » 19/09/10 15:30

eccolo
ComboFix 10-09-17.04 - andrea 19/09/2010 16.15.58.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3327.2670 [GMT 2:00]
Eseguito da: g:\documents and settings\andrea\Desktop\ComboFix.exe

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSUPDATE


((((((((((((((((((((((((( Files Creati Da 2010-08-19 al 2010-09-19 )))))))))))))))))))))))))))))))))))
.

2010-09-19 09:47 . 2010-09-19 09:47 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Malwarebytes
2010-09-19 09:47 . 2010-04-29 13:39 38224 ----a-w- g:\windows\system32\drivers\mbamswissarmy.sys
2010-09-19 09:47 . 2010-09-19 09:47 -------- d-----w- g:\programmi\Malwarebytes' Anti-Malware
2010-09-19 09:47 . 2010-09-19 09:47 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-09-19 09:47 . 2010-04-29 13:39 20952 ----a-w- g:\windows\system32\drivers\mbam.sys
2010-09-19 08:41 . 2010-09-19 08:41 -------- d-----w- g:\programmi\DynDNS Updater
2010-09-19 08:41 . 2010-09-19 08:41 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\DynDNS
2010-09-19 07:55 . 2010-09-19 07:55 388096 ----a-r- g:\documents and settings\andrea\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-19 07:55 . 2010-09-19 07:55 -------- d-----w- g:\programmi\Trend Micro
2010-09-19 07:34 . 2010-09-19 07:34 360584 ----a-w- g:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtdix.sys
2010-09-19 07:34 . 2010-09-19 07:34 333192 ----a-w- g:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgldx86.sys
2010-09-19 07:34 . 2010-09-19 07:34 28424 ----a-w- g:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgmfx86.sys
2010-09-19 07:32 . 2010-09-19 07:26 1007896 ----a-w- g:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.exe
2010-09-19 07:32 . 2010-09-19 07:26 613656 ----a-w- g:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgiproxy.exe
2010-09-19 07:32 . 2010-09-19 07:26 1658136 ----a-w- g:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2010-09-19 07:32 . 2010-09-19 07:26 800536 ----a-w- g:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avginet.dll
2010-09-18 15:33 . 2010-09-18 16:48 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\searchqutb
2010-09-18 15:33 . 2010-09-18 15:33 -------- d-----w- g:\programmi\Windows Searchqu Toolbar
2010-09-18 15:32 . 2010-09-18 15:32 -------- d-----w- g:\programmi\icons
2010-09-18 12:16 . 2010-09-18 12:16 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\Driver Whiz
2010-09-12 08:43 . 2010-09-12 08:43 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Danea
2010-09-12 08:43 . 2010-09-12 08:47 -------- d-----w- g:\programmi\Danea Easyfatt
2010-09-12 07:38 . 2010-09-12 07:45 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\vlc
2010-09-12 07:23 . 2010-09-12 07:23 -------- d-----w- g:\programmi\Photodex Presenter
2010-09-12 07:23 . 2010-09-12 07:23 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Netscape
2010-09-12 07:22 . 2010-09-12 07:22 -------- d-----w- g:\programmi\Photodex
2010-09-12 07:20 . 2010-09-12 07:20 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Photodex
2010-09-12 07:20 . 2010-09-12 07:23 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\Photodex
2010-09-12 07:13 . 2010-09-12 07:13 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Babylon
2010-09-12 07:13 . 2010-09-12 07:13 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\Babylon
2010-09-08 09:26 . 2010-09-10 19:54 4204704 ----a-w- g:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\WPFFontCache_v0400-S-1-5-21-1547161642-1275210071-1801674531-1003-0.dat
2010-09-07 11:21 . 2010-09-10 19:54 429274 ----a-w- g:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\WPFFontCache_v0400-System.dat
2010-09-07 11:18 . 2008-07-12 06:18 3851784 ----a-w- g:\windows\system32\D3DX9_39.dll
2010-09-07 11:18 . 2010-09-07 11:18 -------- d-----w- g:\windows\Logs
2010-09-07 11:17 . 2010-09-07 11:19 -------- d-----w- g:\programmi\Microsoft Expression
2010-08-29 08:17 . 2010-07-12 12:49 52552 ----a-w- g:\windows\system32\ftserui2.dll
2010-08-29 08:17 . 2010-07-12 12:49 67400 ----a-w- g:\windows\system32\ftcserco.dll
2010-08-29 08:17 . 2010-07-12 12:48 73032 ----a-w- g:\windows\system32\drivers\ftser2k.sys
2010-08-22 08:00 . 2010-08-22 08:00 -------- d-----w- g:\documents and settings\LocalService\Dati applicazioni\TuneUp Software
2010-08-22 07:28 . 2009-10-30 13:08 29512 ----a-w- g:\windows\system32\TURegOpt.exe
2010-08-22 07:28 . 2009-10-30 13:01 30024 ----a-w- g:\windows\system32\uxtuneup.dll
2010-08-22 07:28 . 2010-08-22 07:28 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\TuneUp Software
2010-08-22 07:28 . 2010-09-19 13:58 -------- d-----w- g:\programmi\TuneUp Utilities 2010
2010-08-22 07:27 . 2010-08-22 07:28 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2010-08-22 07:27 . 2010-08-22 07:27 -------- d-sh--w- g:\documents and settings\All Users\Dati applicazioni\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-08-22 07:19 . 2010-08-22 07:19 -------- d-----w- g:\programmi\Halto

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-19 14:22 . 2010-05-15 06:50 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Orbit
2010-09-19 14:08 . 2010-03-14 07:19 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\avg9
2010-09-19 07:39 . 2010-08-03 05:27 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Onzi
2010-09-19 07:39 . 2010-01-08 10:10 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Doorah
2010-09-19 07:19 . 2010-01-04 13:26 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Uvzy
2010-09-19 07:12 . 2010-06-18 17:47 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\HPAppData
2010-09-18 15:32 . 2010-08-05 06:46 -------- d-----w- g:\programmi\myBabylon_English
2010-09-17 16:44 . 2010-08-09 16:49 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Fiakez
2010-09-14 20:43 . 2010-01-04 07:53 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\uTorrent
2010-09-14 17:30 . 2010-01-03 21:16 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-09-13 10:02 . 2010-01-03 21:22 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Skype
2010-09-13 09:33 . 2010-01-03 21:35 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\skypePM
2010-09-12 08:59 . 2010-06-26 07:49 654256 ----a-w- g:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-09-12 07:45 . 2010-06-26 16:17 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\dvdcss
2010-09-11 13:00 . 2010-06-09 18:11 -------- d-----w- g:\programmi\FotoTaxi3
2010-09-08 16:37 . 2010-02-25 19:45 -------- d-----w- g:\programmi\Microsoft Silverlight
2010-09-07 10:44 . 2008-04-14 12:00 546884 ----a-w- g:\windows\system32\perfh010.dat
2010-09-07 10:44 . 2008-04-14 12:00 100724 ----a-w- g:\windows\system32\perfc010.dat
2010-09-06 06:22 . 2010-01-04 07:54 -------- d-----w- g:\programmi\uTorrent
2010-09-04 13:23 . 2010-06-03 17:07 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\U3
2010-09-03 16:49 . 2010-02-28 07:08 -------- d-----w- g:\programmi\Duolabs
2010-08-25 16:54 . 2010-01-06 09:06 -------- d-----w- g:\programmi\Google
2010-08-17 13:17 . 2008-04-14 12:00 58880 ----a-w- g:\windows\system32\spoolsv.exe
2010-08-17 06:24 . 2008-04-14 12:00 48650 ----a-w- g:\windows\system32\userinit.exe.tmp
2010-08-07 15:10 . 2010-01-03 21:13 -------- d-----w- g:\programmi\AVS4YOU
2010-08-07 15:10 . 2010-01-03 21:14 -------- d-----w- g:\programmi\File comuni\AVSMedia
2010-08-07 09:04 . 2010-08-07 09:04 -------- d-----w- g:\programmi\File comuni\Skype
2010-08-05 06:46 . 2010-08-05 06:46 -------- d-----w- g:\programmi\Conduit
2010-08-05 06:46 . 2010-08-05 06:46 -------- d-----w- g:\programmi\Babylon
2010-08-04 06:48 . 2010-08-04 06:47 1901 ----a-w- g:\windows\panose.bin
2010-08-04 06:37 . 2010-08-04 06:37 -------- d-----w- g:\programmi\File comuni\Vbox
2010-08-04 06:37 . 2010-01-04 08:05 -------- d-----w- g:\programmi\File comuni\Adobe
2010-08-02 06:20 . 2010-08-02 06:20 -------- d-----w- g:\programmi\Xenocode
2010-08-02 06:17 . 2010-08-02 06:15 -------- d-----w- g:\programmi\Image Resizer
2010-07-22 15:48 . 2008-04-14 12:00 590848 ----a-w- g:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 06:25 5632 ----a-w- g:\windows\system32\xpsp4res.dll
2010-07-12 11:50 . 2010-07-12 11:50 198464 ----a-w- g:\windows\system32\ftd2xx.dll
2010-07-12 11:50 . 2010-07-12 11:50 105288 ----a-w- g:\windows\system32\ftbusui.dll
2010-07-12 11:49 . 2010-07-12 11:49 197952 ----a-w- g:\windows\system32\FTLang.dll
2010-07-12 11:49 . 2010-07-12 11:49 60104 ----a-w- g:\windows\system32\drivers\ftdibus.sys
2010-06-30 12:31 . 2008-04-14 12:00 149504 ----a-w- g:\windows\system32\schannel.dll
2010-06-24 12:22 . 2008-04-14 12:00 916480 ----a-w- g:\windows\system32\wininet.dll
2010-06-24 09:02 . 2008-04-14 12:00 1851904 ----a-w- g:\windows\system32\win32k.sys
2010-06-23 06:35 . 2010-06-23 06:35 2568656 ----a-w- g:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\install_flash_player.exe
2010-06-21 15:27 . 2008-04-14 12:00 354304 ----a-w- g:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "g:\programmi\myBabylon_English\tbmyB1.dll" [2010-09-18 2735200]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-09-18 15:33 2735200 ----a-w- g:\programmi\myBabylon_English\tbmyB1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "g:\programmi\myBabylon_English\tbmyB1.dll" [2010-09-18 2735200]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "g:\programmi\myBabylon_English\tbmyB1.dll" [2010-09-18 2735200]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"L09IXLRD_4767375"="g:\programmi\Microsoft Student\Microsoft Encarta 2009 - Premium + Student DVD\EDICT.EXE" [2009-03-02 351000]
"Google Update"="g:\documents and settings\andrea\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-03-22 136176]
"ctfmon.exe"="g:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="g:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-03 5964800]
"ASUS Update Checker"="g:\programmi\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688]
"AdobeAAMUpdater-1.0"="g:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="g:\programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="g:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"QuickTime Task"="g:\programmi\QuickTime\qttask.exe" [2009-11-10 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="g:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

g:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Orbit.lnk - g:\programmi\Orbitdownloader\orbitdm.exe [2010-5-15 1809680]

[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Synchronizer.lnk]
path=g:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Synchronizer.lnk
backup=g:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Acrobat.lnk]
path=g:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Acrobat.lnk
backup=g:\windows\pss\Avvio veloce di Adobe Acrobat.lnkCommon Startup

[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^DesktopEarth AutoStart.lnk]
path=g:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\DesktopEarth AutoStart.lnk
backup=g:\windows\pss\DesktopEarth AutoStart.lnkCommon Startup

[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=g:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=g:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Orbit.lnk]
path=g:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Orbit.lnk
backup=g:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Register PhotoFrame 4.0 Professional Edition.lnk]
path=g:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Register PhotoFrame 4.0 Professional Edition.lnk
backup=g:\windows\pss\Register PhotoFrame 4.0 Professional Edition.lnkCommon Startup

[HKLM\~\startupfolder\G:^Documents and Settings^andrea^Menu Avvio^Programmi^Esecuzione automatica^3263874.lnk]
path=g:\documents and settings\andrea\Menu Avvio\Programmi\Esecuzione automatica\3263874.lnk
backup=g:\windows\pss\3263874.lnkStartup

[HKLM\~\startupfolder\G:^Documents and Settings^andrea^Menu Avvio^Programmi^Esecuzione automatica^3754068.lnk]
path=g:\documents and settings\andrea\Menu Avvio\Programmi\Esecuzione automatica\3754068.lnk
backup=g:\windows\pss\3754068.lnkStartup

[HKLM\~\startupfolder\G:^Documents and Settings^andrea^Menu Avvio^Programmi^Esecuzione automatica^MagicDisc.lnk]
path=g:\documents and settings\andrea\Menu Avvio\Programmi\Esecuzione automatica\MagicDisc.lnk
backup=g:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2006-10-22 22:24 620152 ----a-w- g:\programmi\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ----a-w- g:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-08-29 15:09 171464 ----a-w- g:\programmi\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- g:\programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 07:38 241664 ----a-w- g:\programmi\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- g:\programmi\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-05-04 18:51 176128 ----a-w- g:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2004-05-05 09:49 491520 ----a-w- g:\windows\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2004-04-01 15:03 49152 ----a-w- g:\programmi\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 15:06 1840424 ----a-w- g:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33 141600 ----a-w- g:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L09IXLRD_1131375]
2009-03-02 04:59 351000 ----a-w- g:\programmi\Microsoft Student\Microsoft Encarta 2009 - Premium + Student DVD\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:14 1695232 ------w- g:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- g:\programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 08:31 2221352 ----a-w- g:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-06-19 08:53 570664 ----a-w- g:\programmi\File comuni\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- g:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-01-03 20:56 17881600 ----a-w- g:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 15:57 26192168 ----a-r- g:\programmi\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-01 14:23 61440 ----a-w- g:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- g:\programmi\File comuni\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07 199752 ----a-w- g:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"g:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"g:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"g:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"g:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"g:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"g:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"g:\\Programmi\\uTorrent\\uTorrent.exe"=
"g:\\Programmi\\TeamViewer\\Version5\\TeamViewer.exe"=
"g:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"g:\\Programmi\\iTunes\\iTunes.exe"=
"g:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"g:\\Programmi\\ClubDelGioco\\jre\\jre\\bin\\javaw.exe"=
"g:\\Programmi\\Messenger\\msmsgs.exe"=
"g:\\Programmi\\totalcmd\\TOTALCMD.EXE"=
"g:\\Programmi\\DreamBoxEdit\\dreamboxedit.exe"=
"g:\\Programmi\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"g:\\Programmi\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"g:\\Programmi\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"g:\\Programmi\\eMule\\emule.exe"=
"g:\\WINDOWS\\system32\\fxsclnt.exe"=
"g:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"g:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"g:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"g:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"g:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"g:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"g:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"g:\\Documents and Settings\\andrea\\Documenti\\dreambox\\dcc296\\DCC.exe"=
"g:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"g:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4360:TCP"= 4360:TCP:emule
"49907:UDP"= 49907:UDP:emule

R0 mv61xx;mv61xx;g:\windows\system32\drivers\mv61xx.sys [24/06/2008 0.21.48 150568]
R2 DynDNS Updater;DynDNS Updater;g:\programmi\DynDNS Updater\DynUpSvc.exe [16/04/2010 18.19.28 103800]
R2 SBKUPNT;SBKUPNT;g:\windows\system32\drivers\SBKUPNT.SYS [19/03/2010 0.17.01 14976]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;g:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30/10/2009 15.05.48 1021256]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;g:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 7.24.44 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;g:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S3 Ambfilt;Ambfilt;g:\windows\system32\drivers\Ambfilt.sys [03/01/2010 22.56.25 1684736]
S3 epmntdrv;epmntdrv;g:\windows\system32\epmntdrv.sys [19/03/2010 0.32.07 13192]
S3 EuGdiDrv;EuGdiDrv;g:\windows\system32\EuGdiDrv.sys [19/03/2010 0.32.07 8456]
S3 SwitchBoard;SwitchBoard;g:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13.37.14 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;g:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
S4 sptd;sptd;g:\windows\system32\drivers\sptd.sys [13/03/2010 16.29.06 685816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2010-07-30 g:\windows\Tasks\AppleSoftwareUpdate.job
- g:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-09-11 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1275210071-1801674531-1003Core.job
- g:\documents and settings\andrea\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-03-22 06:50]

2010-09-19 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1275210071-1801674531-1003UA.job
- g:\documents and settings\andrea\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-03-22 06:50]

2010-09-19 g:\windows\Tasks\HP Usg Daily.job
- g:\programmi\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 15:03]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.searchqu.com/403
IE: &Download by Orbit - g:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - g:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - g:\windows\system32\GPhotos.scr/200
IE: Aggiungi a PDF esistente - g:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti destinazione link in Adobe PDF - g:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - g:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - g:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - g:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - g:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in Adobe PDF - g:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - g:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Do&wnload selected by Orbit - g:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - g:\programmi\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - g:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Scarica link utilizzando Mega Manager... - g:\programmi\Megaupload\Mega Manager\mm_file.htm
FF - ProfilePath - g:\documents and settings\andrea\Dati applicazioni\Mozilla\Firefox\Profiles\s5zx03cr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=403&q=
FF - plugin: g:\documents and settings\andrea\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll
FF - plugin: g:\documents and settings\andrea\Dati applicazioni\Mozilla\plugins\np-mswmp.dll
FF - plugin: g:\documents and settings\andrea\Impostazioni locali\Dati applicazioni\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: g:\documents and settings\andrea\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: g:\programmi\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: g:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: g:\programmi\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: g:\programmi\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: g:\programmi\Photodex Presenter\npPxPlay.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - g:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
g:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
g:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
g:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-{40780F9D-64B7-CFFF-261D-A904449DBF39} - g:\documents and settings\andrea\Dati applicazioni\Onzi\ozerw.exe
MSConfigStartUp-{9A6BC445-EBFE-F1A8-7DCD-F196CAE7D6A7} - g:\documents and settings\andrea\Dati applicazioni\Doorah\voerx.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-19 16:22
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1547161642-1275210071-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3C88BD92-F1A7-880C-4BA8-7B1D67DD00C5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1547161642-1275210071-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CA0543F-8314-AC2B-F11B-5C8801A577F2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1547161642-1275210071-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92C1845F-9629-E837-45B3-5CE2552BF71B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"pahpjcpdjladbnpclaechbfdopiccmef"=hex:61,62,6d,6f,69,66,6f,69,61,67,66,6d,70,
70,6c,6a,66,61,62,65,6a,63,6e,68,67,6e,6c,62,64,69,6c,63,68,6c,00,7c
"pabpckcocccejelfjjnllpmbbponhadi"=hex:61,62,6d,6f,69,66,6f,69,61,67,66,6d,70,
70,6c,6a,66,61,62,65,6b,63,61,64,68,61,6e,68,6f,61,65,6d,66,65,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@g:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="g:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(764)
g:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3576)
g:\windows\system32\WININET.dll
g:\windows\system32\msi.dll
g:\windows\system32\webcheck.dll
g:\windows\system32\WPDShServiceObj.dll
g:\windows\system32\PortableDeviceTypes.dll
g:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
g:\windows\system32\Ati2evxx.exe
g:\windows\system32\Ati2evxx.exe
g:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
g:\windows\SYSTEM32\astsrv.exe
g:\programmi\Bonjour\mDNSResponder.exe
g:\documents and settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S30RP1.EXE
g:\programmi\Java\jre6\bin\jqs.exe
g:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
g:\windows\system32\IoctlSvc.exe
g:\documents and settings\andrea\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.29\GoogleCrashHandler.exe
g:\programmi\Photodex\ProShowProducer\ScsiAccess.exe
g:\programmi\Orbitdownloader\orbitnet.exe
g:\programmi\Canon\CAL\CALMAIN.exe
g:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
g:\windows\system32\wscntfy.exe
g:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-09-19 16:26:20 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-09-19 14:26

Pre-Run: 255.151.710.208 byte disponibili
Post-Run: 255.058.092.032 byte disponibili

- - End Of File - - 095FDCCF2E4F94C07933407FB2277187
burberix
Utente Junior
 
Post: 21
Iscritto il: 12/06/06 13:22

Re: Problemi doppia connesione

Postdi Luke57 » 19/09/10 16:15

Ciao,Apri il block notes di windows
Copia e incolla all'interno del file testo il seguente script:

Codice: Seleziona tutto
RegNull::
[HKEY_USERS\S-1-5-21-1547161642-1275210071-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell
Extensions\Approved\{3C88BD92-F1A7-880C-4BA8-7B1D67DD00C5}*]
[HKEY_USERS\S-1-5-21-1547161642-1275210071-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CA0543F-8314-AC2B-F11B-5C8801A577F2}*]
[HKEY_USERS\S-1-5-21-1547161642-1275210071-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92C1845F-9629-E837-45B3-5CE2552BF71B}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib*]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}*]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32*]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib*]

DirLook::
g:\documents and settings\andrea\Dati applicazioni\Doorah
g:\documents and settings\andrea\Dati applicazioni\Uvzy
g:\documents and settings\andrea\Dati applicazioni\HPAppData
g:\documents and settings\andrea\Dati applicazion\Fiakez



Salva il file testo nella stessa posizione dove è presente combofix.exe nel desktop, e chiamalo CFScript.txt
Disconettiti da internet.

Adesso trascina il file CFScript.txt su ComboFix.exe
Il programma eseguirà una nuova scansione,al termine riavvia il pc se ti viene richiesto dal programma.

Posta il nuovo report.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Problemi doppia connesione

Postdi burberix » 20/09/10 07:27

Scusa ma ieri sera avevo gente a cena.
Ti posto il report, pensi che riusciremo a risolvere?...
Grazie comunque

ComboFix 10-09-17.04 - andrea 20/09/2010 8.18.36.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3327.2835 [GMT 2:00]
Eseguito da: g:\documents and settings\andrea\Desktop\ComboFix.exe
Opzioni usate :: g:\documents and settings\andrea\Desktop\CFScript.txt

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-08-20 al 2010-09-20 )))))))))))))))))))))))))))))))))))
.

2010-09-19 09:47 . 2010-09-19 09:47 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Malwarebytes
2010-09-19 09:47 . 2010-04-29 13:39 38224 ----a-w- g:\windows\system32\drivers\mbamswissarmy.sys
2010-09-19 09:47 . 2010-09-19 09:47 -------- d-----w- g:\programmi\Malwarebytes' Anti-Malware
2010-09-19 09:47 . 2010-09-19 09:47 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-09-19 09:47 . 2010-04-29 13:39 20952 ----a-w- g:\windows\system32\drivers\mbam.sys
2010-09-19 08:41 . 2010-09-19 08:41 -------- d-----w- g:\programmi\DynDNS Updater
2010-09-19 08:41 . 2010-09-19 08:41 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\DynDNS
2010-09-19 07:55 . 2010-09-19 07:55 388096 ----a-r- g:\documents and settings\andrea\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-19 07:55 . 2010-09-19 07:55 -------- d-----w- g:\programmi\Trend Micro
2010-09-19 07:34 . 2010-09-19 07:34 360584 ----a-w- g:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtdix.sys
2010-09-19 07:34 . 2010-09-19 07:34 333192 ----a-w- g:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgldx86.sys
2010-09-19 07:34 . 2010-09-19 07:34 28424 ----a-w- g:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgmfx86.sys
2010-09-19 07:32 . 2010-09-19 07:26 1007896 ----a-w- g:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.exe
2010-09-19 07:32 . 2010-09-19 07:26 613656 ----a-w- g:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgiproxy.exe
2010-09-19 07:32 . 2010-09-19 07:26 1658136 ----a-w- g:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2010-09-19 07:32 . 2010-09-19 07:26 800536 ----a-w- g:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avginet.dll
2010-09-18 15:33 . 2010-09-18 16:48 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\searchqutb
2010-09-18 15:33 . 2010-09-18 15:33 -------- d-----w- g:\programmi\Windows Searchqu Toolbar
2010-09-18 15:32 . 2010-09-18 15:32 -------- d-----w- g:\programmi\icons
2010-09-18 12:16 . 2010-09-18 12:16 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\Driver Whiz
2010-09-12 08:43 . 2010-09-12 08:43 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Danea
2010-09-12 08:43 . 2010-09-12 08:47 -------- d-----w- g:\programmi\Danea Easyfatt
2010-09-12 07:38 . 2010-09-12 07:45 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\vlc
2010-09-12 07:23 . 2010-09-12 07:23 -------- d-----w- g:\programmi\Photodex Presenter
2010-09-12 07:23 . 2010-09-12 07:23 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Netscape
2010-09-12 07:22 . 2010-09-12 07:22 -------- d-----w- g:\programmi\Photodex
2010-09-12 07:20 . 2010-09-12 07:20 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Photodex
2010-09-12 07:20 . 2010-09-12 07:23 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\Photodex
2010-09-12 07:13 . 2010-09-12 07:13 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Babylon
2010-09-12 07:13 . 2010-09-12 07:13 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\Babylon
2010-09-08 09:26 . 2010-09-10 19:54 4204704 ----a-w- g:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\WPFFontCache_v0400-S-1-5-21-1547161642-1275210071-1801674531-1003-0.dat
2010-09-07 11:21 . 2010-09-10 19:54 429274 ----a-w- g:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\WPFFontCache_v0400-System.dat
2010-09-07 11:18 . 2008-07-12 06:18 3851784 ----a-w- g:\windows\system32\D3DX9_39.dll
2010-09-07 11:18 . 2010-09-07 11:18 -------- d-----w- g:\windows\Logs
2010-09-07 11:17 . 2010-09-07 11:19 -------- d-----w- g:\programmi\Microsoft Expression
2010-08-29 08:17 . 2010-07-12 12:49 52552 ----a-w- g:\windows\system32\ftserui2.dll
2010-08-29 08:17 . 2010-07-12 12:49 67400 ----a-w- g:\windows\system32\ftcserco.dll
2010-08-29 08:17 . 2010-07-12 12:48 73032 ----a-w- g:\windows\system32\drivers\ftser2k.sys
2010-08-22 08:00 . 2010-08-22 08:00 -------- d-----w- g:\documents and settings\LocalService\Dati applicazioni\TuneUp Software
2010-08-22 07:28 . 2009-10-30 13:08 29512 ----a-w- g:\windows\system32\TURegOpt.exe
2010-08-22 07:28 . 2009-10-30 13:01 30024 ----a-w- g:\windows\system32\uxtuneup.dll
2010-08-22 07:28 . 2010-08-22 07:28 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\TuneUp Software
2010-08-22 07:28 . 2010-09-19 13:58 -------- d-----w- g:\programmi\TuneUp Utilities 2010
2010-08-22 07:27 . 2010-08-22 07:28 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2010-08-22 07:27 . 2010-08-22 07:27 -------- d-sh--w- g:\documents and settings\All Users\Dati applicazioni\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-08-22 07:19 . 2010-08-22 07:19 -------- d-----w- g:\programmi\Halto

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 06:14 . 2010-05-15 06:50 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Orbit
2010-09-19 14:08 . 2010-03-14 07:19 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\avg9
2010-09-19 07:39 . 2010-08-03 05:27 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Onzi
2010-09-19 07:39 . 2010-01-08 10:10 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Doorah
2010-09-19 07:19 . 2010-01-04 13:26 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Uvzy
2010-09-19 07:12 . 2010-06-18 17:47 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\HPAppData
2010-09-18 15:32 . 2010-08-05 06:46 -------- d-----w- g:\programmi\myBabylon_English
2010-09-17 16:44 . 2010-08-09 16:49 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Fiakez
2010-09-14 20:43 . 2010-01-04 07:53 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\uTorrent
2010-09-14 17:30 . 2010-01-03 21:16 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-09-13 10:02 . 2010-01-03 21:22 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Skype
2010-09-13 09:33 . 2010-01-03 21:35 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\skypePM
2010-09-12 08:59 . 2010-06-26 07:49 654256 ----a-w- g:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-09-12 07:45 . 2010-06-26 16:17 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\dvdcss
2010-09-11 13:00 . 2010-06-09 18:11 -------- d-----w- g:\programmi\FotoTaxi3
2010-09-08 16:37 . 2010-02-25 19:45 -------- d-----w- g:\programmi\Microsoft Silverlight
2010-09-07 10:44 . 2008-04-14 12:00 546884 ----a-w- g:\windows\system32\perfh010.dat
2010-09-07 10:44 . 2008-04-14 12:00 100724 ----a-w- g:\windows\system32\perfc010.dat
2010-09-06 06:22 . 2010-01-04 07:54 -------- d-----w- g:\programmi\uTorrent
2010-09-04 13:23 . 2010-06-03 17:07 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\U3
2010-09-03 16:49 . 2010-02-28 07:08 -------- d-----w- g:\programmi\Duolabs
2010-08-25 16:54 . 2010-01-06 09:06 -------- d-----w- g:\programmi\Google
2010-08-17 13:17 . 2008-04-14 12:00 58880 ----a-w- g:\windows\system32\spoolsv.exe
2010-08-17 06:24 . 2008-04-14 12:00 48650 ----a-w- g:\windows\system32\userinit.exe.tmp
2010-08-07 15:10 . 2010-01-03 21:13 -------- d-----w- g:\programmi\AVS4YOU
2010-08-07 15:10 . 2010-01-03 21:14 -------- d-----w- g:\programmi\File comuni\AVSMedia
2010-08-07 09:04 . 2010-08-07 09:04 -------- d-----w- g:\programmi\File comuni\Skype
2010-08-05 06:46 . 2010-08-05 06:46 -------- d-----w- g:\programmi\Conduit
2010-08-05 06:46 . 2010-08-05 06:46 -------- d-----w- g:\programmi\Babylon
2010-08-04 06:48 . 2010-08-04 06:47 1901 ----a-w- g:\windows\panose.bin
2010-08-04 06:37 . 2010-08-04 06:37 -------- d-----w- g:\programmi\File comuni\Vbox
2010-08-04 06:37 . 2010-01-04 08:05 -------- d-----w- g:\programmi\File comuni\Adobe
2010-08-02 06:20 . 2010-08-02 06:20 -------- d-----w- g:\programmi\Xenocode
2010-08-02 06:17 . 2010-08-02 06:15 -------- d-----w- g:\programmi\Image Resizer
2010-07-22 15:48 . 2008-04-14 12:00 590848 ----a-w- g:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 06:25 5632 ----a-w- g:\windows\system32\xpsp4res.dll
2010-07-12 11:50 . 2010-07-12 11:50 198464 ----a-w- g:\windows\system32\ftd2xx.dll
2010-07-12 11:50 . 2010-07-12 11:50 105288 ----a-w- g:\windows\system32\ftbusui.dll
2010-07-12 11:49 . 2010-07-12 11:49 197952 ----a-w- g:\windows\system32\FTLang.dll
2010-07-12 11:49 . 2010-07-12 11:49 60104 ----a-w- g:\windows\system32\drivers\ftdibus.sys
2010-06-30 12:31 . 2008-04-14 12:00 149504 ----a-w- g:\windows\system32\schannel.dll
2010-06-24 12:22 . 2008-04-14 12:00 916480 ----a-w- g:\windows\system32\wininet.dll
2010-06-24 09:02 . 2008-04-14 12:00 1851904 ----a-w- g:\windows\system32\win32k.sys
2010-06-23 06:35 . 2010-06-23 06:35 2568656 ----a-w- g:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\install_flash_player.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of g:\documents and settings\andrea\Dati applicazion\Fiakez ----


---- Directory of g:\documents and settings\andrea\Dati applicazioni\Doorah ----


---- Directory of g:\documents and settings\andrea\Dati applicazioni\HPAppData ----


---- Directory of g:\documents and settings\andrea\Dati applicazioni\Uvzy ----

2010-09-19 07:19 . 2010-09-19 07:19 4150 ----a-w- g:\documents and settings\andrea\Dati applicazioni\Uvzy\rero.guo


((((((((((((((((((((((((((((( SnapShot@2010-09-19_14.21.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-20 06:13 . 2010-09-20 06:13 16384 g:\windows\Temp\Perflib_Perfdata_538.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "g:\programmi\myBabylon_English\tbmyB1.dll" [2010-09-18 2735200]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-09-18 15:33 2735200 ----a-w- g:\programmi\myBabylon_English\tbmyB1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "g:\programmi\myBabylon_English\tbmyB1.dll" [2010-09-18 2735200]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "g:\programmi\myBabylon_English\tbmyB1.dll" [2010-09-18 2735200]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"L09IXLRD_4767375"="g:\programmi\Microsoft Student\Microsoft Encarta 2009 - Premium + Student DVD\EDICT.EXE" [2009-03-02 351000]
"Google Update"="g:\documents and settings\andrea\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-03-22 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="g:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-03 5964800]
"ASUS Update Checker"="g:\programmi\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688]
"AdobeAAMUpdater-1.0"="g:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="g:\programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="g:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"QuickTime Task"="g:\programmi\QuickTime\qttask.exe" [2009-11-10 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="g:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

g:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Orbit.lnk - g:\programmi\Orbitdownloader\orbitdm.exe [2010-5-15 1809680]

[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Synchronizer.lnk]
path=g:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Synchronizer.lnk
backup=g:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Acrobat.lnk]
path=g:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Acrobat.lnk
backup=g:\windows\pss\Avvio veloce di Adobe Acrobat.lnkCommon Startup

[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^DesktopEarth AutoStart.lnk]
path=g:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\DesktopEarth AutoStart.lnk
backup=g:\windows\pss\DesktopEarth AutoStart.lnkCommon Startup

[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=g:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=g:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Orbit.lnk]
path=g:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Orbit.lnk
backup=g:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Register PhotoFrame 4.0 Professional Edition.lnk]
path=g:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Register PhotoFrame 4.0 Professional Edition.lnk
backup=g:\windows\pss\Register PhotoFrame 4.0 Professional Edition.lnkCommon Startup

[HKLM\~\startupfolder\G:^Documents and Settings^andrea^Menu Avvio^Programmi^Esecuzione automatica^3263874.lnk]
path=g:\documents and settings\andrea\Menu Avvio\Programmi\Esecuzione automatica\3263874.lnk
backup=g:\windows\pss\3263874.lnkStartup

[HKLM\~\startupfolder\G:^Documents and Settings^andrea^Menu Avvio^Programmi^Esecuzione automatica^3754068.lnk]
path=g:\documents and settings\andrea\Menu Avvio\Programmi\Esecuzione automatica\3754068.lnk
backup=g:\windows\pss\3754068.lnkStartup

[HKLM\~\startupfolder\G:^Documents and Settings^andrea^Menu Avvio^Programmi^Esecuzione automatica^MagicDisc.lnk]
path=g:\documents and settings\andrea\Menu Avvio\Programmi\Esecuzione automatica\MagicDisc.lnk
backup=g:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2006-10-22 22:24 620152 ----a-w- g:\programmi\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ----a-w- g:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-08-29 15:09 171464 ----a-w- g:\programmi\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- g:\programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 07:38 241664 ----a-w- g:\programmi\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- g:\programmi\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-05-04 18:51 176128 ----a-w- g:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2004-05-05 09:49 491520 ----a-w- g:\windows\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2004-04-01 15:03 49152 ----a-w- g:\programmi\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 15:06 1840424 ----a-w- g:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33 141600 ----a-w- g:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L09IXLRD_1131375]
2009-03-02 04:59 351000 ----a-w- g:\programmi\Microsoft Student\Microsoft Encarta 2009 - Premium + Student DVD\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:14 1695232 ------w- g:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- g:\programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 08:31 2221352 ----a-w- g:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-06-19 08:53 570664 ----a-w- g:\programmi\File comuni\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- g:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-01-03 20:56 17881600 ----a-w- g:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 15:57 26192168 ----a-r- g:\programmi\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-01 14:23 61440 ----a-w- g:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- g:\programmi\File comuni\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07 199752 ----a-w- g:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"g:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"g:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"g:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"g:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"g:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"g:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"g:\\Programmi\\uTorrent\\uTorrent.exe"=
"g:\\Programmi\\TeamViewer\\Version5\\TeamViewer.exe"=
"g:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"g:\\Programmi\\iTunes\\iTunes.exe"=
"g:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"g:\\Programmi\\ClubDelGioco\\jre\\jre\\bin\\javaw.exe"=
"g:\\Programmi\\Messenger\\msmsgs.exe"=
"g:\\Programmi\\totalcmd\\TOTALCMD.EXE"=
"g:\\Programmi\\DreamBoxEdit\\dreamboxedit.exe"=
"g:\\Programmi\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"g:\\Programmi\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"g:\\Programmi\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"g:\\Programmi\\eMule\\emule.exe"=
"g:\\WINDOWS\\system32\\fxsclnt.exe"=
"g:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"g:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"g:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"g:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"g:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"g:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"g:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"g:\\Documents and Settings\\andrea\\Documenti\\dreambox\\dcc296\\DCC.exe"=
"g:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"g:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4360:TCP"= 4360:TCP:emule
"49907:UDP"= 49907:UDP:emule

R0 mv61xx;mv61xx;g:\windows\system32\drivers\mv61xx.sys [24/06/2008 0.21.48 150568]
R2 DynDNS Updater;DynDNS Updater;g:\programmi\DynDNS Updater\DynUpSvc.exe [16/04/2010 18.19.28 103800]
R2 SBKUPNT;SBKUPNT;g:\windows\system32\drivers\SBKUPNT.SYS [19/03/2010 0.17.01 14976]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;g:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30/10/2009 15.05.48 1021256]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;g:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 7.24.44 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;g:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S3 Ambfilt;Ambfilt;g:\windows\system32\drivers\Ambfilt.sys [03/01/2010 22.56.25 1684736]
S3 epmntdrv;epmntdrv;g:\windows\system32\epmntdrv.sys [19/03/2010 0.32.07 13192]
S3 EuGdiDrv;EuGdiDrv;g:\windows\system32\EuGdiDrv.sys [19/03/2010 0.32.07 8456]
S3 SwitchBoard;SwitchBoard;g:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13.37.14 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;g:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
S4 sptd;sptd;g:\windows\system32\drivers\sptd.sys [13/03/2010 16.29.06 685816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2010-07-30 g:\windows\Tasks\AppleSoftwareUpdate.job
- g:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-09-11 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1275210071-1801674531-1003Core.job
- g:\documents and settings\andrea\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-03-22 06:50]

2010-09-19 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1275210071-1801674531-1003UA.job
- g:\documents and settings\andrea\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-03-22 06:50]

2010-09-19 g:\windows\Tasks\HP Usg Daily.job
- g:\programmi\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 15:03]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.searchqu.com/403
IE: &Download by Orbit - g:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - g:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - g:\windows\system32\GPhotos.scr/200
IE: Aggiungi a PDF esistente - g:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti destinazione link in Adobe PDF - g:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - g:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - g:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - g:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - g:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in Adobe PDF - g:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - g:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Do&wnload selected by Orbit - g:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - g:\programmi\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - g:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Scarica link utilizzando Mega Manager... - g:\programmi\Megaupload\Mega Manager\mm_file.htm
FF - ProfilePath - g:\documents and settings\andrea\Dati applicazioni\Mozilla\Firefox\Profiles\s5zx03cr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=403&q=
FF - plugin: g:\documents and settings\andrea\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll
FF - plugin: g:\documents and settings\andrea\Dati applicazioni\Mozilla\plugins\np-mswmp.dll
FF - plugin: g:\documents and settings\andrea\Impostazioni locali\Dati applicazioni\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: g:\documents and settings\andrea\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: g:\programmi\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: g:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: g:\programmi\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: g:\programmi\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: g:\programmi\Photodex Presenter\npPxPlay.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - g:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
g:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
g:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
g:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-20 08:24
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@g:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="g:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(768)
g:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1552)
g:\windows\system32\WININET.dll
g:\windows\system32\msi.dll
g:\windows\system32\webcheck.dll
g:\windows\system32\WPDShServiceObj.dll
g:\windows\system32\PortableDeviceTypes.dll
g:\windows\system32\PortableDeviceApi.dll
g:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
g:\programmi\Microsoft Office\Office12\1040\GrooveIntlResource.dll
g:\programmi\Megaupload\Mega Manager\MegaIEMn.dll
g:\programmi\File comuni\Nero\Lib\NeroDigitalExt.dll
g:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
g:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
.
Ora fine scansione: 2010-09-20 08:25:28
ComboFix-quarantined-files.txt 2010-09-20 06:25
ComboFix2.txt 2010-09-19 14:26

Pre-Run: 255.105.142.784 byte disponibili
Post-Run: 255.087.472.640 byte disponibili

- - End Of File - - DE999833F92B23130F466F9F365D5AC8
burberix
Utente Junior
 
Post: 21
Iscritto il: 12/06/06 13:22

Re: Problemi doppia connesione

Postdi Luke57 » 20/09/10 10:21

Ciao, senti devo verificare alcune cose, per cui scarica sul desktop systemscan
http://www.suspectfile.com/upload/files ... .exeaprilo ed assicurati che tutte le opzioni siano spuntate, clicca su "Scan Now" al termine della scansione verranno rilasciati (sempre sul desktop all'interno della cartella suspectfile) due file.
Inserisci il file con estensione .zip in wikisend (fai l'upload del file e poi fornisci il link in un prossimo post per poterlo vedere).
http://wikisend.com/
Ricordati d'effettuare la scansione senza connessione attiva e con l'antivirus disabilitato salvo poi riattivarlo a scansione terminata.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Problemi doppia connesione

Postdi burberix » 20/09/10 20:41

burberix
Utente Junior
 
Post: 21
Iscritto il: 12/06/06 13:22

Re: Problemi doppia connesione

Postdi Luke57 » 20/09/10 21:29

Ciao, Prova ad avviare systemscan, clicca su "Removal script", All'interno della finestra copia/incolla i valori seguenti :

Codice: Seleziona tutto
Files to delete:
G:\WINDOWS\system32\userinit.exe.tmp

Folders to delete:
G:\DOCUME~1\andrea\IMPOST~1\Temp
G:\Windows\temp


Clicca su "Proceed with removal", dopo il riavvio portati in C:\ e copia/incolla in un post il contenuto del file avenger.txt .

Conosci queste cartelle?
g:\documents and settings\andrea\Dati applicazion\Fiakez ----

g:\documents and settings\andrea\Dati applicazioni\Doorah ----

g:\documents and settings\andrea\Dati applicazioni\HPAppData ----

g:\documents and settings\andrea\Dati applicazioni\Uvzy ----
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Problemi doppia connesione

Postdi burberix » 20/09/10 22:13

http://wikisend.com/download/551224/20_ ... report.zip
20_09_2010_23_04_report.zip

le cartelle forse sono l'origine del problema
possiamo cancellarle?
burberix
Utente Junior
 
Post: 21
Iscritto il: 12/06/06 13:22

Re: Problemi doppia connesione

Postdi Luke57 » 21/09/10 09:17

Ciao, sempre con systemscan, clicca su "Removal script", All'interno della finestra copia/incolla i valori seguenti :

Codice: Seleziona tutto
Files to delete:
G:\WINDOWS\system32\drivers\jtapdkvc.sys
G:\leecapmc.bat
G:\DOCUME~1\andrea\IMPOST~1\Temp\NTEXPL~1.EXE
G:\DOCUME~1\andrea\IMPOST~1\Temp\a2dspi.exe

Folders to delete:
G:\Documents and Settings\andrea\Dati applicazioni\Doorah
G:\Documents and Settings\andrea\Dati applicazioni\Onzi
G:\Documents and Settings\andrea\Dati applicazioni\Uvzy
G:\Documents and Settings\andrea\Dati applicazioni\HPAppData
G:\Documents and Settings\andrea\Dati applicazioni\Fiakez

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | wxkgjmlm


Clicca su "Proceed with removal", dopo il riavvio portati in G:\ e copia/incolla in un post il contenuto del file avenger.txt .
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Problemi doppia connesione

Postdi burberix » 21/09/10 14:54

Ciao, innanzitutto grazie per l'aiuto, stasera appena torno a casa provvedo a fare la scansioen.
Pensi che riusciremo a risolvere il problema..?
spero di non dover formattare il disco...
GrAzie
Stefano
burberix
Utente Junior
 
Post: 21
Iscritto il: 12/06/06 13:22

Re: Problemi doppia connesione

Postdi burberix » 22/09/10 07:22

burberix
Utente Junior
 
Post: 21
Iscritto il: 12/06/06 13:22

Re: Problemi doppia connesione

Postdi Luke57 » 22/09/10 07:51

Ciao, adesso le cartelle non ci sono più, hai sempre problemi?
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Problemi doppia connesione

Postdi burberix » 22/09/10 10:30

ho riacceso il pc e per ora la doppia connessione è sparita....
Grazie mille per l'aiuto.
Se posso contraccambiare fammi sapere.
Grazie Stefano
burberix
Utente Junior
 
Post: 21
Iscritto il: 12/06/06 13:22

Re: Problemi doppia connesione

Postdi burberix » 22/09/10 18:09

è riapparsa la doppia connessione...
burberix
Utente Junior
 
Post: 21
Iscritto il: 12/06/06 13:22

Re: Problemi doppia connesione

Postdi Luke57 » 22/09/10 21:40

Ciao, utilizzi dispositivi usb? Scarica dds.cr da qui, sul desktop:
http://download.bleepingcomputer.com/sUBs/dds.scr

avvialo con doppio click, si aprirà una finestra dos e la scansione partirà immediatamente, al termine si apriranno due differenti file di log:
DDS.txt e Attach.txt

Salvali sul desktop, zippali e inseriscili sul solito sito di hosting affinchè si possano vedere.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Problemi doppia connesione

Postdi burberix » 24/09/10 18:26

burberix
Utente Junior
 
Post: 21
Iscritto il: 12/06/06 13:22

Re: Problemi doppia connesione

Postdi Luke57 » 24/09/10 20:09

Ciao, nel report non ho trovato niente, riesegui combofix e posta il report.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "Problemi doppia connesione":


Chi c’è in linea

Visitano il forum: Nessuno e 33 ospiti