Olimpo Informatico

[COCCHINA871]

Ciao a tutti!Spero di postare nel posto giusto, see così non fosse vi prego di scusarmi!

Allora il mio problema è piuttosto esteso,ora vi spiego.

Ho beccato dei virus scaricando un gioco e il mio antivirus, Avast, non riesce ne a cestinarli,ne a ripararli ne a cancellarli.

Così ho voluto provare a scaricare un'altro antivirus free (McAfee mi pare) ma l'installazione provabilmente non è terminata e non riesco ne a rinstallarlo, ne a cancellarlo.Io voglio cancellarlo, perkè ho visto ke da dei problemi (rallentamenti e blocchi al computer), ma non riesco, non c'è nulla per disinstallarlo e da pannello di controllo--->installazione applicazione non lo rimuove!!!

Ora ke fare? Sicuramente ho visrus non debellati, un programma semiinstallato ke non si disinstalla e un pc rallentato!

Ho anche provato a cancellare la cartella dai programmi, ma non si riesce!
(sempre qui ho visto ke ci sono cartelle di vecchi programmi ormai disinstallati,come mai?come cancellare completamente questi file dal computer?)

Vi prego...aiutatemi!Tutto ciò ke potevo fare da sola l'ho fatto, ma ora non so più come fare!



Grazie a tutti!

[bdoriano]

Ciao COCCHINA871,

Comincia a disinstallare sia Avast! che McAfee, i programmi per la rimozione, li trovi indicati in quest'altra discussione.

Dopo, fai queste altre operazioni:

• Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
  
• Segui le istruzioni di questo topic per usare MBAM.
  
• Segui le istruzioni di questo topic per eseguire combofix.
  
• Segui le istruzioni di questo topic per postare il log di HiJackThis.
  
• Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
  
  • Carica il log di MBAM su WikiSend e posta il Forum Link che ti viene assegnato.
    
  • Carica il log di Combofix su WikiSend e posta il Forum Link che ti viene assegnato.
    
  • Carica il log di HiJackThis su WikiSend e posta il Forum Link che ti viene assegnato.

[COCCHINA871]

uffi.....non funzionano i 2 programmi!E non riesco nemmeno ad entrare in modalità provvisoria!Cosa devo fare......?

[bdoriano]

Giusto per informazione, riesci a fare qualcuna delle scansioni che ti ho chiesto?

[COCCHINA871]

grazie BDORIANO per la tua pazienza.

Allora i programmi li ho scaricati e in questo momento sto facendo la scansione con Malwarebytes.E' da venti minuti ke va avanti...più o meno quanto impiegherà?

grazie infinite per il tuo aiuto!

[COCCHINA871]

Allora....
1)Ho rimosso avast, senza il programma ke mi hai dato, o almeno non risulta esserci più da installazione e applicazioni dal pannello di controllo.

2)I 2 programmi pr la rimozione degl'antivirus non sono riuscita ad usarli,cioè non mi funzionano, uno mi da operaz. fallita e l'altro non ho capito come funziona (quello di avast)

3)ho usato tutti e 2 i cleaner

4)Questo è ciò ke ho ottenuto con MBAM

Malwarebytes' Anti-Malware 1.28
Versione del database: 1180
Windows 5.1.2600 Service Pack 2

20/09/2008 16.45.46
mbam-log-2008-09-20 (16-45-46).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 44588
Tempo trascorso: 23 minute(s), 59 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 1
File infetti: 81

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Delete on reboot.

File infetti:
C:\WINDOWS\system32\drivers\downld\101866.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\downld\1047626.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1063208.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\128454.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\128745.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\129265.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1294851.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1298417.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1307740.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1322411.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1326327.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\133311.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1363760.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\137227.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1393053.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\144057.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\150226.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1508779.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15269446.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1527486.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15286260.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15335631.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15412532.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15419732.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15514188.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15533666.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1568445.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1577748.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1666366.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1686545.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\185847.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\189011.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\213186.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\220426.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\221027.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\229960.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\238082.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\251591.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\254435.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\258481.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\275355.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\291108.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\295424.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\347719.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\350123.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\350413.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\350974.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\369361.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\400836.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\513007.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\519797.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\521549.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\529821.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\615535.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\633901.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\635323.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\643665.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\66034.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\668200.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\673278.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\679046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\705224.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\72374.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\744049.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\754014.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\760844.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\768144.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\79354.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\81477.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\821641.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\842431.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\868458.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\885573.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\88987.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\940562.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\947171.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\95998.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
C:\WINDOWS\system32\drivers\srosa.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\hldrrr.exe (Rootkit.Agent) -> Delete on reboot.

5) Qesto è ciò ke ho ottenuto con Combofix

ComboFix 08-09-19.10 - Michela 2008-09-20 16.56.28.1 - NTFSx86
Eseguito da: C:\Documents and Settings\Michela\Desktop\COMBO-FIX.EXE
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Michela\Menu Avvio\Programmi\Videos.url
C:\sdlflzoip
C:\WINDOWS\system32\ban_list.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA
-------\Service_srosa


((((((((((((((((((((((((( Files Creati Da 2008-08-20 al 2008-09-20 )))))))))))))))))))))))))))))))))))
.

2008-09-20 16:29 . 2008-09-20 16:29 318,369 --a------ C:\HiJackThis.zip
2008-09-20 16:13 . 2008-09-20 16:13 <DIR> d-------- C:\Documents and Settings\Michela\Dati applicazioni\Malwarebytes
2008-09-20 16:12 . 2008-09-20 16:16 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-09-20 16:12 . 2008-09-20 16:12 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-09-20 16:12 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-20 16:12 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-20 10:20 . 2008-09-20 10:20 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
2008-09-19 23:22 . 2008-09-19 23:22 <DIR> d-------- C:\Programmi\Yahoo!
2008-09-19 23:12 . 2008-09-19 23:15 <DIR> d-------- C:\Programmi\VS Revo Group
2008-09-19 22:04 . 2008-09-19 22:04 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\McAfee.com
2008-09-19 22:03 . 2008-09-19 22:06 <DIR> d-------- C:\Programmi\McAfee.com
2008-09-19 22:03 . 2005-07-18 12:03 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2008-09-19 22:03 . 2005-05-24 19:23 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2008-09-18 21:05 . 2008-09-18 21:05 <DIR> d-------- C:\Programmi\directx
2008-09-18 18:38 . 2008-09-18 18:39 <DIR> d-------- C:\Programmi\Eidos Interactive
2008-09-18 18:20 . 2008-09-18 18:20 <DIR> d-------- C:\Documents and Settings\Michela\Dati applicazioni\DAEMON Tools
2008-09-18 18:20 . 2008-09-18 18:20 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-09-18 18:00 . 2008-09-18 18:02 24 --ahs---- C:\WINDOWS\S561A25D1.tmp
2008-09-18 17:58 . 2008-09-18 18:14 <DIR> d-------- C:\Programmi\SlySoft
2008-09-18 09:54 . 2008-09-18 09:54 <DIR> d-------- C:\Documents and Settings\Michela\Saved Games
2008-09-18 09:54 . 2008-09-18 09:54 <DIR> d-------- C:\Documents and Settings\Michela\Dati applicazioni\FloodLightGames
2008-09-18 09:54 . 2008-09-18 09:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\FloodLightGames
2008-09-18 09:49 . 2008-09-18 10:51 <DIR> d-------- C:\Programmi\Oberon Media
2008-09-18 09:49 . 2008-09-18 09:49 <DIR> d-------- C:\Programmi\File comuni\Oberon Media
2008-09-04 21:36 . 2008-09-04 21:36 <DIR> d-------- C:\My Music
2008-09-04 21:35 . 2008-09-04 21:35 <DIR> d-------- C:\Programmi\Real
2008-09-04 21:35 . 2008-09-04 21:42 <DIR> d-------- C:\Programmi\File comuni\Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-18 19:12 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-09-18 15:09 --------- d-----w C:\Documents and Settings\Michela\Dati applicazioni\foobar2000
2008-09-18 08:50 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-09-01 09:15 --------- d-----w C:\Programmi\Lphant
2008-07-26 15:13 17,528 ----a-w C:\Documents and Settings\Michela\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 462,848 2003-10-29 13:11:30 C:\Programmi\digicomt\Michelangelo USB ADSL\bak\CnxDslTb.exe

----a-w 68,856 2007-05-19 12:33:48 C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe

----a-w 132,496 2007-09-24 23:11:35 C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe

----a-w 40,960 2005-10-11 09:11:08 C:\Programmi\Samsung\Samsung Media Studio\bak\SamsungMediaStudioAgent.exe

----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-r 155,648 2001-07-09 09:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

----a-w 98,304 2004-04-09 03:00:00 C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_FATI9CE.EXE

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6b284373-1765-4464-a587-80fbc2b2eefa}"= "C:\Programmi\LphantBar\tbLph1.dll" [2008-07-08 1569304]

[HKEY_CLASSES_ROOT\clsid\{6b284373-1765-4464-a587-80fbc2b2eefa}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6b284373-1765-4464-a587-80fbc2b2eefa}"= "C:\Programmi\LphantBar\tbLph1.dll" [2008-07-08 1569304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6B284373-1765-4464-A587-80FBC2B2EEFA}"= "C:\Programmi\LphantBar\tbLph1.dll" [2008-07-08 1569304]

[HKEY_CLASSES_ROOT\clsid\{6b284373-1765-4464-a587-80fbc2b2eefa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YeppStudioAgent"="C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [N/A]
"McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" [2008-09-20 139264]
"MCAgentExe"="C:\PROGRA~1\McAfee.com\Agent\mcagent.exe" [2008-09-20 303104]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe" [2008-09-20 212992]
"Cmaudio"="cmicnfg.cpl" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Lphant\\eLePhantClient.exe"=

R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2003-09-12 10:26]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2003-09-12 10:26]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2003-10-29 15:02]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a1cde62-859e-11dd-b828-000795ca15bb}]
\Shell\AutoRun\command - E:\autorun.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Michela\Dati applicazioni\Mozilla\Firefox\Profiles\ra9hsbd2.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://italian.eazel.com/index.php?rvs=hompag
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 17:00:52
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\WINDOWS\system32\WGATray.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Ora fine scansione: 2008-09-20 17:08:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-20 15:08:54

Pre-Run: 24.547.917.824 byte disponibili
Post-Run: 24,934,813,696 byte disponibili

143 --- E O F --- 2008-09-10 10:08:15



6)Questo è ciò ke ho ottenuto con HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.13.10, on 20/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?hl=it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Programmi\LphantBar\tbLph1.dll
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Programmi\LphantBar\tbLph1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Programmi\LphantBar\tbLph1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E831AEFF-B660-4F0A-9E27-86C7DD947993}: NameServer = 213.205.32.70 213.205.36.70
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmi\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Unknown owner - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

--
End of file - 5754 bytes


Ecco tutto ciò ke mi hai richiesto!

[Riverside]

Drirei che siamo sulla buona strada, per ora.
Ci sono ancora diversi problemi da sistemare.
La prima cosa che devi fare ora è verificare se riesci ad accedere al sistema in modalità provvisoria.
Fammi sapere.

[COCCHINA871]

meno male...

Cmq ho controllato, riesco ad entrare in modalità provvsoria!

[Riverside]

[COCCHINA871]

Scusa ma temo di non aver capito!
Molte delle operazioni le ho già fatte e ho postato ciò ke ho ottenuto con i vari programmi nei messaggi precedenti!Devo rifare tutto?Cosa serve wikisend?Non ho capito....
Perdonami....

[chemicalbit]

[COCCHINA871]

eccomi!Scusatemi...ma sono stata indaffarata!Allora le operazioni da voi richieste,le ho fatte tutte,l'unica cosa non ho pubblicato i log su quel sito!
Ora dopo aver usato tutti questi programmi,posso dire di aver il computer pulito, o c'è ancora qlc da fare?Uno di questi programmi ke mi avete consigliato di scaricare è un antivirus?Altrimenti in questo momento sono priva di ogni protezione....!

[chemicalbit]

[Riverside]

[COCCHINA871]

Questo è il log ke mi ha dato hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.13.45, on 13/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Corel\Corel Snapfire\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?hl=it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Programmi\LphantBar\tbLph1.dll
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Programmi\LphantBar\tbLph1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Programmi\LphantBar\tbLph1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Programmi\Corel\Corel Snapfire\Corel Photo Downloader.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E831AEFF-B660-4F0A-9E27-86C7DD947993}: NameServer = 213.205.32.70 213.205.36.70
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmi\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Unknown owner - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

--
End of file - 6082 bytes



Ora cosa devo fare?

[COCCHINA871]

Aiutatemi vi prego....
Ho tutti i programmi che mi avete detto di scaricare sul computer e provab. nessun antivirus.
Ho paura di beccare un virus, se già non ne ho.....cosa devo fare?Non mi abbandonate....

[Riverside]

[COCCHINA871]

Scusa eh...ma perchè mi devi aggredire in questo modo?Ho avuto dei problemi e non ho potuto usare il pc.Poi questo è un forum per gente che ha bisogno...giusto?Beh...io ho bisogno di aiuto!Se non vuoi darmelo tu pazienza. E poi potrà anche essere vero ciò che dici, ne ho pubblicati uno su 3...ma non ho capito come si faceva quella operazione, perchè usate termini tecnici e alcuni danno per scontato passaggi e altro, ma io mica sono laureata in informatica?Con ciò non voglio generalizzare, perchè ci sono state molte persone pazienti che mi hanno sempre aiutato quando ne avevo bisogno. Dopo di chè...ringrazio tutti coloro che mi hanno aiutato e mi aggiusterò in un altra maniera.Ciao a tutti!

[Riverside]

Scusa ma se ti rileggi l'intera discussione, ad un certo punto ti avevo detto csa dovevi fare: rifai tutte le scansioni richieste e posta i relatvi log.
Senza quelli non possiamo di certo risolvere il problema.

[COCCHINA871]

ok, ora rinizio tutte le procedure....ti ringrazio per il tuo aiuto e scusami per lo sfogo! Posso solo chiederti una cortesia?Dove li pubblico i log?Su quel programma o qui nel forum?