Olimpo Informatico

[Faffy]

Salve, un paio di giorni fa, mentre navigavo, mi è comparsa una finestra d'allarme (non era il mio antivirus ) che mi avvertiva che il pc era esposto a rischio infezione virus e mi chiedeva se procedere all'installazione di uno strumento di riparazione.
Come una deficiente, non mi sono resa conto immediatamente del pericolo ed ho clikkato su "yes"
Ora, a intervalli di pochi minuti, ogni volta che mi collego ad internet mi appare questa finestrella d'allarme che mi invita ad installare questo coso.
Non è solo questo, poichè mi sono resa conto che non riesco a d accedere al pannello alla sezione "Installazione applicazioni" poichè mi indica che ci sono state effettuate delle restrizioni sul sistema
Bè, io sono abbastanza incapace, ma vedo che qui ci sono molti esperti. Vi incollo il file di log di HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 11.43.48, on 30/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\printer.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\FILECO~1\IDVISI~1\ugcw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Belfiore\IMPOST~1\Temp\Rar$EX00.000\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.it/8SEITIT030000TBR/FRWCompleteTBSiteFinalMSGR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator 10\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Programmi\ScanSoft\OmniPageSE2.0\EregIta\Ereg.exe" -r "C:\Programmi\ScanSoft\OmniPageSE2.0\EregIta\ereg.ini"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKLM\..\Run: [IDVisitor=13578&NumAccess=1] C:\Programmi\IDVisitor=13578&NumAccess=1\pgs.exe
O4 - HKLM\..\Run: [ugcw] "C:\PROGRA~1\FILECO~1\IDVISI~1\ugcw.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - Startup: system.exe
O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9BDCBE9-3647-4D2E-996D-9B27289EB7C8}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: sulimo.dat
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

[bdoriano]

Ciao Faffy,

Scarica Rogue Remover Free, installalo, aggiornalo e fagli fare una scansione del tuo pc. Se trova qualcosa, faglielo eliminare.

Poi scarica anche ATF-Cleaner. (così eliminiamo i files temporanei)
Avvia ATF-Cleaner
Metti il segno di spunta a Select All
(se vuoi conservare i files del cestino, togli il segno di spunta a Recycle bin)
Clicca su Empty selected

Al termine, posta un log aggiornato di hijackthis.

PS: se vuoi, puoi presentarti qui

[Faffy]

grazie per l'immediata risposta!
ho seguito tutte le istruzioni, questo è il log aggiornato:


Logfile of HijackThis v1.99.1
Scan saved at 13.50.51, on 30/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\printer.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\FILECO~1\IDVISI~1\ugcw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Belfiore\IMPOST~1\Temp\Rar$EX00.860\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.it/8SEITIT030000TBR/FRWCompleteTBSiteFinalMSGR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator 10\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Programmi\ScanSoft\OmniPageSE2.0\EregIta\Ereg.exe" -r "C:\Programmi\ScanSoft\OmniPageSE2.0\EregIta\ereg.ini"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IDVisitor=13578&NumAccess=1] C:\Programmi\IDVisitor=13578&NumAccess=1\pgs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: system.exe
O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9BDCBE9-3647-4D2E-996D-9B27289EB7C8}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: sulimo.dat
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

[ste_95]

seleziona queste oci e premi fix chekced:

F2 - REG:system.ini: Shell=Explorer.exe
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

poi elimina il file C:\windows\printer.exe

[bdoriano]

Disabilita il ripristino di sistema e avvia il pc in modalità provvisoria
esegui hijackthis
clicca su do a system scan only
metti il segno di spunta a queste voci:

[Faffy]

ho provato a disabilitare il ripristino di sistema, ma nel momento in cui provo a visualizzare le proprietà di Risorse del computer, una finestrina di avviso torna a dirmi che è un'operazione che non posso effettuare poichè sono presenti delle restrizioni

[ste_95]

prima fixa questa voce

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

e poi prova a disattivarlo...

[Faffy]

nulla...non riesco a visualizzare nemmeno il pannello di controllo, continua ad avvertirmi delle restrizioni

[ste_95]

la voce la hai fixata?

prova a fare una scansione con combofix e poi postane il log...

http://www.techsupportforum.com/sectools/combofix.exe

[Faffy]

si, la voce l'ho fixata.

Comunque, questo è il log di Combofix:

ComboFix 07-10-29.1 - Belfiore 2007-10-30 15.07.22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.426 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Belfiore\Impostazioni locali\Temporary Internet Files\Content.IE5\NL06RIIP\ComboFix[1].exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\autorun.exe
C:\Documents and Settings\Belfiore\Dati applicazioni\install_it[1].exe
C:\Documents and Settings\Belfiore\Menu Avvio\Programmi\Esecuzione automatica\system.exe
C:\Documents and Settings\Belfiore\ResErrors.log
C:\WINDOWS\system32\nvrssk.dll
C:\WINDOWS\system32\nvrssl.dll
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\vtr.dll
C:\WINDOWS\system32\WinAvXX.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FMTR


((((((((((((((((((((((((( Files Creati Da 2007-09-28 al 2007-10-30 )))))))))))))))))))))))))))))))))))
.

2007-10-30 15:11 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-10-30 15:11 <DIR> d-------- C:\Programmi\microsoft frontpage
2007-10-30 15:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-30 13:44 <DIR> d-------- C:\Programmi\RogueRemover FREE
2007-10-23 14:25 <DIR> d-------- C:\Programmi\IDVisitor=13578&NumAccess=1
2007-10-23 14:25 <DIR> d-------- C:\Programmi\File comuni\IDVisitor=13578&NumAccess=1
2007-10-23 14:25 <DIR> d-------- C:\Documents and Settings\Belfiore\Dati applicazioni\IDVisitor=13578&NumAccess=1
2007-10-23 14:15 59,392 --a------ C:\WINDOWS\wgie2wbp.exe
2007-10-22 16:56 <DIR> d-------- C:\Documents and Settings\Belfiore\Dati applicazioni\Canon
2007-10-12 19:52 <DIR> d-------- C:\Programmi\WinAVI Video Converter
2007-10-12 15:40 <DIR> d-------- C:\Programmi\WinMPG VideoConvert
2007-10-12 13:48 <DIR> d-------- C:\Documents and Settings\Belfiore\Dati applicazioni\AVSMedia
2007-10-12 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\AVS4YOU
2007-10-12 13:46 <DIR> d-------- C:\Programmi\File comuni\AVSMedia
2007-10-12 13:46 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2007-10-12 13:46 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2007-10-12 13:46 638,976 --a------ C:\WINDOWS\system32\divx.dll
2007-10-12 13:46 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-10-12 13:46 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-10-12 13:46 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-10-12 13:46 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-10-12 13:46 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-10-04 16:25 <DIR> d-------- C:\Programmi\Real
2007-10-04 16:25 <DIR> d-------- C:\Programmi\Google
2007-10-04 16:25 <DIR> d-------- C:\Programmi\File comuni\xing shared
2007-10-04 16:25 <DIR> d-------- C:\Programmi\File comuni\Real
2007-10-04 16:23 <DIR> d-------- C:\Scaricamenti
2007-10-04 14:26 <DIR> d--h----- C:\Documents and Settings\All Users\Dati applicazioni\CanonBJ
2007-10-04 14:19 <DIR> d--h----- C:\WINDOWS\system32\CanonMP Uninstaller Information
2007-10-03 09:36 <DIR> d-------- C:\Programmi\FreePOPs
2007-10-02 12:27 36,096 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2007-10-02 12:26 <DIR> d-------- C:\VEXPLITE
2007-10-01 15:11 <DIR> d-------- C:\Documents and Settings\Belfiore\Dati applicazioni\AdobeUM
2007-09-29 14:23 <DIR> d-------- C:\WINDOWS\Cache
2007-09-29 14:23 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-09-29 14:23 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-09-29 14:23 8,704 --a------ C:\WINDOWS\system32\vidccleaner.exe
2007-09-29 14:22 <DIR> d-------- C:\Programmi\Samsung
2007-09-29 14:22 217,088 --a------ C:\WINDOWS\system32\skjpeg40.dll
2007-09-29 14:22 83,968 --a------ C:\WINDOWS\system32\Skbase40.dll
2007-09-27 09:50 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2007-09-26 11:18 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\nView_Profiles
2007-09-25 19:27 <DIR> d-------- C:\Documents and Settings\Belfiore\Dati applicazioni\CyberLink
2007-09-25 19:09 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2007-09-25 18:31 <DIR> d-------- C:\Programmi\Windows Live
2007-09-25 18:23 <DIR> d-------- C:\Programmi\Messenger Plus! Live
2007-09-25 17:23 <DIR> d-------- C:\Documents and Settings\Belfiore\Contacts
2007-09-25 17:12 <DIR> d-------- C:\Programmi\Motive
2007-09-25 17:12 <DIR> d-------- C:\Programmi\Common Files
2007-09-25 17:12 <DIR> d-------- C:\Programmi\Alice ti aiuta
2007-09-25 17:11 <DIR> d-------- C:\Programmi\Telecom Italia
2007-09-25 17:03 140,288 --a------ C:\WINDOWS\system32\CNMLM7K.DLL
2007-09-25 17:03 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-09-25 17:03 8,704 --a------ C:\WINDOWS\system32\CNMVS7K.DLL
2007-09-25 17:01 <DIR> d-------- C:\Programmi\ScanSoft
2007-09-25 17:01 <DIR> d-------- C:\Programmi\File comuni\ScanSoft Shared
2007-09-25 17:01 <DIR> d-------- C:\Documents and Settings\Belfiore\Dati applicazioni\ScanSoft
2007-09-25 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SSScanWizard
2007-09-25 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SSScanAppDataDir
2007-09-25 17:00 <DIR> d-------- C:\Programmi\ArcSoft
2007-09-25 17:00 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-09-25 16:58 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-09-25 16:57 <DIR> d-------- C:\WINDOWS\StartHtmico
2007-09-25 16:57 221,184 --a------ C:\WINDOWS\system32\CNCC150.DLL
2007-09-25 16:57 139,264 --a------ C:\WINDOWS\system32\CNCL150.DLL
2007-09-25 16:57 69,632 --a------ C:\WINDOWS\system32\CNCI150.DLL
2007-09-25 16:57 49,152 --a------ C:\WINDOWS\system32\cncisco.dll
2007-09-25 16:56 <DIR> d-------- C:\Programmi\Canon
2007-09-25 16:55 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-09-25 16:54 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-09-25 15:24 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-09-25 15:24 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-09-25 15:24 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-09-25 15:21 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\AVG7
2007-09-25 15:21 <DIR> d-------- C:\Documents and Settings\Belfiore\Dati applicazioni\AVG7
2007-09-25 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg7
2007-09-25 15:21 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-09-25 15:18 <DIR> d-------- C:\WINDOWS\pss
2007-09-25 15:08 <DIR> d-------- C:\Programmi\Webshots
2007-09-25 15:08 <DIR> d-------- C:\Documents and Settings\Belfiore\Dati applicazioni\Webshots
2007-09-25 15:07 <DIR> d-------- C:\WINDOWS\nview
2007-09-25 15:06 <DIR> d-------- C:\NVIDIA
2007-09-25 15:04 <DIR> d-------- C:\Programmi\Windows Live Favorites
2007-09-25 15:03 <DIR> d-------- C:\Programmi\Windows Live Toolbar
2007-09-25 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Windows Live Toolbar
2007-09-25 15:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-25 15:00 <DIR> d-------- C:\Programmi\MSN Messenger
2007-09-25 15:00 <DIR> d-------- C:\Programmi\eMule

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-08 11:50 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2007-10-04 09:51 --------- d-----w C:\Documents and Settings\Belfiore\Dati applicazioni\Ahead
2007-09-29 13:22 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-09-25 13:59 --------- d-----w C:\Programmi\VideoLAN
2007-09-25 13:58 --------- d-----w C:\Programmi\Power Translator 10
2007-09-25 13:55 --------- d-----w C:\Programmi\MSBuild
2007-09-25 13:55 --------- d-----w C:\Programmi\Microsoft Works
2007-09-25 13:53 --------- d-----w C:\Programmi\File comuni\SpeechEngines
2007-09-25 13:53 --------- d-----w C:\Programmi\File comuni\ODBC
2007-09-25 13:48 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\CyberLink
2007-09-25 13:45 --------- d-----w C:\Programmi\File comuni\InstallShield
2007-09-25 13:45 --------- d-----w C:\Programmi\CyberLink
2007-09-25 13:41 --------- d-----w C:\Programmi\File comuni\Ahead
2007-09-25 13:40 --------- d-----w C:\Programmi\Nero
2007-09-25 13:40 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2007-09-25 13:34 --------- d-----w C:\Programmi\File comuni\Adobe
2007-09-25 12:21 --------- d-----w C:\Programmi\Silicon Integrated Systems
2007-09-25 12:19 --------- d-----w C:\Programmi\C-Media 3D Audio
2007-09-25 12:03 --------- d-----w C:\Programmi\Servizi in linea
2007-09-25 12:02 --------- d-----w C:\Programmi\File comuni\MSSoap
2007-09-25 12:00 --------- d-----w C:\Programmi\Windows Media Connect 2
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2004-03-24 03:04 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-03-24 03:04]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-03-24 03:04]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-09-25 15:23]
"OpwareSE2"="C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00]
"OPSE reminder"="C:\Programmi\ScanSoft\OmniPageSE2.0\EregIta\Ereg.exe" [2003-07-07 08:30]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-10-04 16:25]
"IDVisitor=13578&NumAccess=1"="C:\Programmi\IDVisitor=13578&NumAccess=1\pgs.exe" [2007-08-22 09:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"updateMgr"="C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-16 15:38]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

C:\Documents and Settings\Belfiore\Menu Avvio\Programmi\Esecuzione automatica\
Webshots.lnk - C:\Programmi\Webshots\Launcher.exe [2007-09-25 15:08:18]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=C:\WINDOWS\pss\Avvio veloce di Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hotplug]
C:\Programmi\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
C:\WINDOWS\SiSUSBrg.exe

R0 SiSRaid;SiSRaid;C:\WINDOWS\system32\DRIVERS\SiSRaid.sys
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

.
Contenuto della cartella 'Scheduled Tasks'
"2007-10-30 13:31:00 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-30 15:11:22
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2007-10-30 15:12:17 - machine was rebooted
.
--- E O F ---

[ste_95]

di roba ne avevi anche che non si vedeva nel log...

come va?

[Faffy]

bene!Adesso pare che la situazione sia tornata normale!

Grazie grazie grazie!
Mi siete stati di grandissimo aiuto!

[ste_95]

[bdoriano]

Riporto l'ultima frase del mio messaggio: