Olimpo Informatico

[maggiethebest86]

Ciao a tutti ho un enorme problema!!!allora è da un po' di giorni che nn riesco più ad istallare nessun tipo di antivirus...mi si creano milioni di errori...io ho il dubbio di aver cattato un virus ma nn potando fare nessuna scansione come faccio a saperlo...
qst è qll che sono riuscita a trovare...ovviamente nn c'ho capito nulla..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.36.52, on 25/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\HP DigitalMedia Archive\DMAScheduler.exe
C:\Programmi\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Roper\AirBlue Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Roper\AirBlue Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=IT_IT&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=IT_IT&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Programmi\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Programmi\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [System Services Monitor] C:\WINDOWS\winfp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.gisonweb.it/provincia.milano/progetto/advscriptscfm/mgaxctrl.cab
O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - http://www.cartografia.regione.lombardia.it/include/ecwplugins/ncs.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://maggielamigliore.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6163072-5205-44F9-9708-65781950C6A3}: NameServer = 85.37.17.4 85.38.28.70
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Unknown owner - C:\Programmi\a-squared Free\a2service.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\Roper\AirBlue Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Programmi\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11171 bytes



cmq se qualcuno riesce a dirmi che diavolo di virus o cosaltro potrebbe essere mi risolverebbe un gran problema!!!!
grazie grazie confido in voi!

[bdoriano]

Ciao maggiethebest86,

Ho editato il titolo del tuo messaggio.

Hijackthis va salvato in una sua cartella non temporanea e non sul desktop.

Qualcosina si vede.
Per cortesia, fai questo passaggio

PS: se vuoi, puoi presentarti qui

[maggiethebest86]

Ciao!!!scusa nn sapevo che farmene di Hijackthis ...cmq ho fatto il passaggio che mi hai detto ...almeno credo...e mi è uscito qst

ComboFix 07-11-19.3 - HP_Administrator 2007-11-25 20.51.26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.549 [GMT 1:00]
Eseguito da: C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\J0EZYYE5\ComboFix[1].exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\exefld
C:\WINDOWS\exefld\15006546.exe
C:\WINDOWS\exefld\173656.exe
C:\WINDOWS\exefld\192078.exe
C:\WINDOWS\recover.reg
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SROSA
-------\srosa


((((((((((((((((((((((((( Files Creati Da 2007-10-25 al 2007-11-25 )))))))))))))))))))))))))))))))))))
.

2007-11-25 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2007-11-25 19:48 2,139,648 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2007-11-25 18:57 <DIR> d-------- C:\Programmi\Windows Defender
2007-11-25 18:57 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-25 12:57 4,933 --a------ C:\WINDOWS\system32\ban_list.txt
2007-11-22 20:30 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-11-22 18:12 <DIR> d--h----- C:\Documents and Settings\HP_Administrator\Dati applicazioni\m
2007-11-22 17:49 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Dati applicazioni\ArcSoft
2007-11-22 17:48 <DIR> d--h----- C:\C_DILLA
2007-11-22 15:31 <DIR> d-------- C:\Programmi\Earth Resource Mapping
2007-11-20 18:16 <DIR> d-------- C:\Programmi\plugins
2007-11-20 18:16 <DIR> d-------- C:\Programmi\language
2007-11-20 18:16 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Dati applicazioni\InstallShield
2007-11-20 18:16 1,933,312 --a------ C:\Programmi\MegaManager.exe
2007-11-20 18:16 839,680 --a------ C:\Programmi\libeay32.dll
2007-11-20 18:16 307,200 --a------ C:\Programmi\res.dll
2007-11-20 18:16 212,480 --a------ C:\Programmi\PCDLIB32.DLL
2007-11-20 18:16 159,744 --a------ C:\Programmi\ssleay32.dll
2007-11-20 18:16 151,552 --a------ C:\Programmi\wwwcore.dll
2007-11-20 18:16 110,592 --a------ C:\Programmi\MegaIEMn.dll
2007-11-20 18:16 77,824 --a------ C:\Programmi\wwwhttp.dll
2007-11-20 18:16 62,464 --a------ C:\Programmi\hs_regex.dll
2007-11-20 18:16 61,440 --a------ C:\Programmi\wwwhtml.dll
2007-11-20 18:16 61,440 --a------ C:\Programmi\wwwapp.dll
2007-11-20 18:16 36,352 --a------ C:\Programmi\wwwutils.dll
2007-11-20 18:16 33,280 --a------ C:\Programmi\wwwftp.dll
2007-11-20 18:16 29,696 --a------ C:\Programmi\wwwmime.dll
2007-11-20 18:16 28,672 --a------ C:\Programmi\wwwfile.dll
2007-11-20 18:16 23,552 --a------ C:\Programmi\wwwcache.dll
2007-11-20 18:16 23,040 --a------ C:\Programmi\wwwstream.dll
2007-11-20 18:16 18,944 --a------ C:\Programmi\MegaIeFn.dll
2007-11-20 18:16 18,432 --a------ C:\Programmi\wwwtrans.dll
2007-11-20 18:16 17,920 --a------ C:\Programmi\wwwdir.dll
2007-11-20 18:16 16,384 --a------ C:\Programmi\wwwinit.dll
2007-11-20 18:16 12,288 --a------ C:\Programmi\wwwssl.dll
2007-11-20 18:16 3,584 --a------ C:\Programmi\wwwdll.dll
2007-11-15 20:29 <DIR> d-------- C:\Programmi\BestClass
2007-11-15 20:29 249,856 --------- C:\WINDOWS\Setup1.exe
2007-11-15 20:29 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-11-11 12:41 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Dati applicazioni\Megaupload
2007-11-11 12:39 <DIR> d-------- C:\Programmi\MegauploadToolbar
2007-11-11 12:39 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Dati applicazioni\MegauploadToolbar
2007-10-30 20:52 <DIR> d-------- C:\Programmi\Telecom Italia
2007-10-29 23:33 <DIR> d-------- C:\Programmi\Virtual Earth 3D
2007-10-28 18:55 1,140 --a------ C:\WINDOWS\mozver.dat
2007-10-28 14:44 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Dati applicazioni\Talkback

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 19:21 --------- d-----w C:\Programmi\a-squared Free
2007-11-25 18:52 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-11-25 00:02 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Avira
2007-11-22 19:58 --------- d-----w C:\Programmi\eMule
2007-11-21 23:33 --------- d-----w C:\Programmi\Kyodai Mahjongg
2007-11-21 23:27 756 ----a-w C:\Programmi\Collegamento a kmj.lnk
2007-11-01 16:55 --------- d-----w C:\Programmi\File comuni\InstallShield
2007-10-30 20:48 --------- d-----w C:\Programmi\Motive
2007-10-28 13:39 --------- d-----w C:\Programmi\DivX
2007-10-22 13:51 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\nView_Profiles
2007-10-08 17:03 1,336 ----a-w C:\Programmi\readme.txt
2007-10-08 16:09 26,184 ----a-w C:\Programmi\megamanager-1.0.xpi
2007-10-03 21:36 --------- d-----w C:\Programmi\Java
2007-10-03 21:36 --------- d-----w C:\Programmi\Google
2007-09-28 16:07 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-09-27 14:59 --------- d-----w C:\Programmi\vanBasco's Karaoke Player
2007-09-27 12:23 --------- d-----w C:\Programmi\UltraStar
2007-08-16 14:20 1,265,392 ----a-w C:\Programmi\mega.smf
2007-07-09 12:16 160 ----a-w C:\Documents and Settings\HP_Administrator\Dati applicazioni\wklnhst.dat
2007-01-16 08:44 168 ----a-w C:\Programmi\thirdPartyNotice.txt
2006-07-27 15:36 9,702 ----a-w C:\Programmi\logo.gif
2006-05-20 14:59 81 ----a-w C:\Programmi\product.url
2006-05-20 14:58 81 ----a-w C:\Programmi\support.url
2006-05-20 14:58 81 ----a-w C:\Programmi\company.url
2006-04-05 17:06 1,453 ----a-w C:\Programmi\mm_file.htm
2004-07-20 09:32 2,728 ----a-w C:\Programmi\HS_License.html
2003-08-13 14:20 4,164 ----a-w C:\Programmi\W3C_License.html
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 08:27]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2006-10-19 04:05]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 05:00]
"System Services Monitor"="C:\WINDOWS\winfp.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-18 04:40]
"ftutil2"="ftutil2.dll" [2004-06-07 13:05 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-22 00:56 C:\WINDOWS\RTHDCPL.EXE]
"NvCplDaemon"="RUNDLL32.exe" [2004-09-07 05:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-31 13:35 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Programmi\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 08:05]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14]
"HPBootOp"="C:\Programmi\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 05:11]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2006-09-29 02:18]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57]
"Acrobat Assistant 7.0"="C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 01:12]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-04 17:16]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" []
"Windows Defender"="C:\Programmi\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 18:48]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1034-4700-7760-000000000002}\SC_Acrobat.exe [2007-06-22 10:09:55]
BTTray.lnk - C:\Programmi\Roper\AirBlue Bluetooth Software\BTTray.exe [2005-09-19 15:02:54]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart16.exe [2005-03-05 11:18:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

La chiave di registro SafeBoot ha bisogno di essere riparata. Questo pc non pu? avviarsi in Modalit? Provvisoria.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

R3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 C-Dilla;C-Dilla;\??\C:\WINDOWS\system32\drivers\CDANT.SYS
S3 zlportio;zlportio;\??\C:\Programmi\UltraStar\zlportio.sys

.
Contenuto della cartella 'Scheduled Tasks'
"2007-11-25 18:00:29 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 20:55:31
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2007-11-25 20:56:53 - machine was rebooted
.
--- E O F ---


ovviamente nn so cosa significa e nn so nemmeno se ho fatto la cosa giusta ma incolpo il pc...ha fatto tutto lui e alla fine si è aperto qst

[bdoriano]

Ok.
Fai anche questo passaggio.

[maggiethebest86]

fatto fatto fatto...qst è il risultato..


Sun Nov 25 21:12:31 2007
EliBagle v10.73 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\FLEC006.EXE.Muestra EliBagle v10.73
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\DATI APPLICAZIONI\M\FLEC006.EXE --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"

Sun Nov 25 21:12:50 2007
EliBagle v10.73 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Programmi\Google\GoogleToolbarNotifier\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle
C:\qoobox\Quarantine\C\WINDOWS\exefld\15006546.EXE.VIR --> Eliminado Bagle
C:\qoobox\Quarantine\C\WINDOWS\exefld\173656.EXE.VIR --> Eliminado Bagle
C:\qoobox\Quarantine\C\WINDOWS\exefld\192078.EXE.VIR --> Eliminado Bagle
C:\qoobox\Quarantine\C\WINDOWS\system32\WINTEMS.EXE.VIR --> Eliminado Bagle
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\HIDR.EXE.VIR --> Eliminado Bagle
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\SROSA.SYS.VIR --> Eliminado Bagle (rootkit)

Nº Total de Directorios: 9925
Nº Total de Ficheros: 115684
Nº de Ficheros Analizados: 11679
Nº de Ficheros Infectados: 7
Nº de Ficheros Limpiados: 7

[masso4321]

Fai anche l'upload su virustotal di questo file che hai nella directory windows: Winfp.exe
http://www.virustotal.com/it/
Dovrebbe essere riconosciuto come:
Backdoor.Win32.SdBot.bvu

Io personalmente ti suggerisco di portare il tuo portatile presso un centro di assistenza hp e farti reinstallare il sistema operativo.E' troppo compromesso.Non risolvi niente disinfettandolo semplicemente perchè i virus che hai preso hanno la brutta abitudine di corrompere i file di registro di windows con personalizzazioni delle caratteristiche di connessione in rete e col caricamento di librerie fantasma (che sono copie di backup degli stessi virus)ad ogni esecuzione di files con estensioni casuali.Il tuo computer anche se lo disinfetti continuerebbe a essere molto lento.
Bagle è un worm molto tenace che viene usato come testa di ponte per disattivare gli antivirus (come avast e microsoft defender che tu avevi già installato nel tuo computer)e scaricare altro mallware e usare il tuo computer come mailbot e spedire gli stessi virus ad altri.
Ti suggerisco anche di acquistare una licenza annuale dell'antivirus kaspersky o avira o nod32 (avast purtroppo ha una percentuale di rilevamento di 10 punti inferiore a questi).Se non vuoi spendere soldi ti suggerisco d'ora in poi di non aprire o scaricare da msn messenger o internet explorer o programmi p2p nessun file eseguibile.
In bocca al lupo

[bdoriano]

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

[maggiethebest86]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\udjlmlsd

*******************

Script file located at: \??\C:\WINDOWS\system32\cmkdurpg.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:


qst è qll che mi è uscito...


File C:\WINDOWS\winfp.exe not found!
Deletion of file C:\WINDOWS\winfp.exe failed!

Could not process line:
C:\WINDOWS\winfp.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

[chemicalbit]

ciao masso4321, benvenuto/a!

[bdoriano]

maggiethebest86

Un ultimissimo passaggio e siamo in dirittura d'arrivo.

Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.

[maggiethebest86]

ok fatto...qst è il risultato


rapportokaspersky.html

io ho messo tutto nn si sa mai...

[bdoriano]

Ok. Ci siamo.

Ultime operazioni da fare (disconnesso da internet):
- Disabilita il ripristino di sistema per eliminare le ultime tracce del virus.
- Riavvia il pc
- Ri-abilita il ripristino di sistema.
- Reinstalla il tuo antivirus e aggiornalo (riconnettiti a internet).
- cancella i files temporanei con ATF-Cleaner
- ripulisci il file di registro
- deframmenta il disco

Buona giornata!

[maggiethebest86]

grande!!!ora funziona di nuovo tutto!!grazie grazie