Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
abcbid.exe e [num].exe
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
angela_ldv
Mortale devoto
Mortale devoto


Registrato: 02/02/08 00:01
Messaggi: 10
MessaggioInviato: 02 Feb 2008 00:13    Oggetto: abcbid.exe e [num].exe Rispondi citando
Ciao a tutti! E' da qualche giorno che noto in Temp file come abc123.bid e [numero].exe. In più ho dei problemi con i tasti rapidi della tastiera (MS Wireless Multimedia Keybord, con IntelliType Pro 6) e con alcuni programmi, ad esempio il My190 della vodafone che, una volta lanciato, compare in taskmanager ma non nel desktop..
Ho windows Xp professional SP 2 e avast come antivirus (che non rileva nulla, come S&D e ewido).
Questo il log di HJT in modalità provvisoria:

gfile of HijackThis v1.99.1
Scan saved at 22.20.08, on 01/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Anti Spyware\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.economia.unipd.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;rcs
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\Quick Time 7\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVAST4~1\ashDisp.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [itype] "c:\Programmi\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Apri immagine in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1040\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Programmi\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.190.it
O15 - Trusted Zone: http://www.rossoalice.it
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1212145151593
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212144809453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212144795500
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ibet2007.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Avast 4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Avast 4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Avast 4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Avast 4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe



Questo, invece, il log di AWF:


Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit? C ? C
Numero di serie del volume: F061-9124

Directory di C:\PROGRA~1\AVAST4~1\BAK

04/12/2007 14.00 79.224 ashDisp.exe
1 File 79.224 byte
2 Directory 53.062.582.272 byte disponibili
Il volume nell'unit? C ? C
Numero di serie del volume: F061-9124

Directory di C:\PROGRA~1\MICROS~4\BAK

21/11/2006 17.08 813.912 itype.exe
16/05/2003 00.45 114.688 type32.exe
2 File 928.600 byte
2 Directory 53.062.582.272 byte disponibili
Il volume nell'unit? C ? C
Numero di serie del volume: F061-9124

Directory di C:\PROGRA~1\MIFB84~1\BAK

05/02/2007 15.52 849.280 ipoint.exe
16/05/2003 00.41 163.840 point32.exe
2 File 1.013.120 byte
2 Directory 53.062.578.176 byte disponibili
Il volume nell'unit? C ? C
Numero di serie del volume: F061-9124

Directory di C:\WINDOWS\SYSTEM32\BAK

19/08/2004 13.00 15.360 ctfmon.exe
1 File 15.360 byte
2 Directory 53.062.578.176 byte disponibili
Il volume nell'unit? C ? C
Numero di serie del volume: F061-9124

Directory di C:\PROGRA~1\ALICET~1\SMARTB~1\BAK

21/04/2006 14.41 438.359 MotiveSB.exe
1 File 438.359 byte
2 Directory 53.062.578.176 byte disponibili
Il volume nell'unit? C ? C
Numero di serie del volume: F061-9124

Directory di C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

29/09/2004 07.15 344.064 atiptaxx.exe
1 File 344.064 byte
2 Directory 53.062.578.176 byte disponibili
Il volume nell'unit? C ? C
Numero di serie del volume: F061-9124

Directory di C:\PROGRA~1\ELABOR~1\CLONECD\BAK

06/12/2001 13.09 45.056 ElbyCheck.exe
1 File 45.056 byte
2 Directory 53.062.578.176 byte disponibili
Il volume nell'unit? C ? C
Numero di serie del volume: F061-9124

Directory di C:\PROGRA~1\QUICKT~1\QUICKT~1\BAK

27/04/2007 08.41 282.624 qttask.exe
1 File 282.624 byte
2 Directory 53.062.578.176 byte disponibili
Il volume nell'unit? C ? C
Numero di serie del volume: F061-9124

Directory di C:\WINDOWS\SYSTEM32\DLA\BAK

25/03/2004 01.04 122.939 tfswctrl.exe
1 File 122.939 byte
2 Directory 53.062.578.176 byte disponibili
Il volume nell'unit? C ? C
Numero di serie del volume: F061-9124

Directory di C:\PROGRA~1\FILECO~1\SCANSO~1\SSBKGD~1\BAK

14/10/2003 09.22 155.648 SSBkgdupdate.exe
1 File 155.648 byte
2 Directory 53.062.578.176 byte disponibili
Il volume nell'unit? C ? C
Numero di serie del volume: F061-9124

Directory di C:\PROGRA~1\FILECO~1\SONIC\UPDATE~1\BAK

19/08/2003 01.01 110.592 sgtray.exe
1 File 110.592 byte
2 Directory 53.062.578.176 byte disponibili
Il volume nell'unit? C ? C
Numero di serie del volume: F061-9124

Directory di C:\PROGRA~1\JAVA\JRE15~2.0_0\BIN\BAK

26/08/2005 18.14 36.975 jusched.exe
1 File 36.975 byte
2 Directory 53.062.574.080 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

79224 4 Dec 2007 "C:\Programmi\Avast 4\ashDisp.exe"
79224 4 Dec 2007 "C:\Programmi\Avast 4\bak\ashDisp.exe"
14348 26 Jan 2008 "C:\Programmi\Microsoft IntelliType Pro\itype.exe"
813912 21 Nov 2006 "C:\Programmi\Microsoft IntelliType Pro\bak\itype.exe"
114688 16 May 2003 "C:\Programmi\Microsoft IntelliType Pro\bak\type32.exe"
14348 26 Jan 2008 "C:\Programmi\Microsoft IntelliPoint\ipoint.exe"
849280 5 Feb 2007 "C:\Programmi\Microsoft IntelliPoint\bak\ipoint.exe"
163840 16 May 2003 "C:\Programmi\Microsoft IntelliPoint\bak\point32.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
14348 26 Jan 2008 "C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe"
438359 21 Apr 2006 "C:\Programmi\Alice ti aiuta\SmartBridge\bak\MotiveSB.exe"
14348 26 Jan 2008 "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
344064 29 Sep 2004 "C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
14348 26 Jan 2008 "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe"
45056 6 Dec 2001 "C:\Programmi\Elaborate Bytes\CloneCD\bak\ElbyCheck.exe"
14348 26 Jan 2008 "C:\Programmi\QuickTime\Quick Time 7\qttask.exe"
282624 27 Apr 2007 "C:\Programmi\QuickTime\Quick Time 7\bak\qttask.exe"
122939 25 Mar 2004 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
14348 26 Jan 2008 "C:\Programmi\File comuni\Scansoft

Shared\SSBkgdUpdate\SSBkgdupdate.exe"
155648 14 Oct 2003 "C:\Programmi\File comuni\Scansoft

Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"
110592 19 Aug 2003 "C:\Programmi\File comuni\Sonic\Update Manager\bak\sgtray.exe"
36975 6 Dec 2004 "C:\Programmi\Java\jre1.5.0_01\bin\jusched.exe"
14348 26 Jan 2008 "C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe"
36975 26 Aug 2005 "C:\Programmi\Java\jre1.5.0_05\bin\bak\jusched.exe"


end of report


Grazie a chi potrà aiutarmi!!
angela
Top
Profilo Invia messaggio privato
angela_ldv
Mortale devoto
Mortale devoto


Registrato: 02/02/08 00:01
Messaggi: 10
MessaggioInviato: 02 Feb 2008 00:18    Oggetto: Rispondi citando
Dimenticavo, di tanto in tanto mi compariva anche un messaggio di errore come "il file iexplore.exe non è stato trovato.. provare con cerca dal menu start..", che ho "risolto" aggiurnando explorere (da quel momento non appare più),,

ciao intanto
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 02 Feb 2008 00:23    Oggetto: Rispondi citando
Ciao angela_ldv, Ciao

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
Citazione:
Files to delete:
C:\Programmi\Microsoft IntelliType Pro\itype.exe
C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe
C:\Programmi\QuickTime\Quick Time 7\qttask.exe
C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe

Files to move:
C:\Programmi\Microsoft IntelliType Pro\bak\itype.exe | C:\Programmi\Microsoft IntelliType Pro\itype.exe
C:\Programmi\Microsoft IntelliPoint\bak\ipoint.exe | C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\Programmi\Alice ti aiuta\SmartBridge\bak\MotiveSB.exe | C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe
C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe | C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Elaborate Bytes\CloneCD\bak\ElbyCheck.exe | C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe
C:\Programmi\QuickTime\Quick Time 7\bak\qttask.exe | C:\Programmi\QuickTime\Quick Time 7\qttask.exe
C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe | C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
C:\Programmi\Java\jre1.5.0_05\bin\bak\jusched.exe | C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe

Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis.

Scarica DelDomains e salvalo sul desktop (clic con destro sul link > salva oggetto)
poi clic con destro sul file e scegli Installa.

Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.

Segui le istruzioni di questo topic per postare il log di combofix.

PS: se vuoi, puoi presentarti qui
Top
Profilo Invia messaggio privato
angela_ldv
Mortale devoto
Mortale devoto


Registrato: 02/02/08 00:01
Messaggi: 10
MessaggioInviato: 02 Feb 2008 15:04    Oggetto: Rispondi citando
Ecco fatto! Allora i risultati sono:

Avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\oihvdaur

*******************

Script file located at: \??\C:\Documents and Settings\itpjuovf.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\Microsoft IntelliType Pro\itype.exe deleted successfully.
File C:\Programmi\Microsoft IntelliPoint\ipoint.exe deleted successfully.
File C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe deleted successfully.
File C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe deleted successfully.
File C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe deleted successfully.
File C:\Programmi\QuickTime\Quick Time 7\qttask.exe deleted successfully.
File C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe deleted successfully.
File C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe deleted successfully.
File move operation C:\Programmi\Microsoft IntelliType Pro\bak\itype.exe|C:\Programmi\Microsoft IntelliType Pro\itype.exe completed successfully.
File move operation C:\Programmi\Microsoft IntelliPoint\bak\ipoint.exe|C:\Programmi\Microsoft IntelliPoint\ipoint.exe completed successfully.
File move operation C:\Programmi\Alice ti aiuta\SmartBridge\bak\MotiveSB.exe|C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe completed successfully.
File move operation C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe|C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe completed successfully.
File move operation C:\Programmi\Elaborate Bytes\CloneCD\bak\ElbyCheck.exe|C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe completed successfully.
File move operation C:\Programmi\QuickTime\Quick Time 7\bak\qttask.exe|C:\Programmi\QuickTime\Quick Time 7\qttask.exe completed successfully.
File move operation C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe|C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe completed successfully.
File move operation C:\Programmi\Java\jre1.5.0_05\bin\bak\jusched.exe|C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe completed successfully.

Completed script processing.

*******************

Finished! Terminate.



HJT:

Logfile of HijackThis v1.99.1
Scan saved at 13.52.37, on 02/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Avast 4\aswUpdSv.exe
C:\Programmi\Avast 4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\Avast 4\ashMaiSv.exe
C:\Programmi\Avast 4\ashWebSv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVAST4~1\ashDisp.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Microsoft IntelliType Pro\itype.exe
C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\Anti Spyware\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.economia.unipd.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\Quick Time 7\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVAST4~1\ashDisp.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [itype] "c:\Programmi\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Apri immagine in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1040\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Programmi\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1212145151593
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212144809453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212144795500
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ibet2007.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Avast 4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Avast 4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Avast 4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Avast 4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

Combofix:

ComboFix 08-02.02.5 - andang 2008-02-02 12.52.23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.640 [GMT 1:00]
Eseguito da: C:\Documents and Settings\andang\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\10.tmp
C:\WINDOWS\12.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_WINDOWS_LOG


((((((((((((((((((((((((( Files Creati Da 2008-01-02 al 2008-02-02 )))))))))))))))))))))))))))))))))))
.

2008-02-01 23:47 . 2008-02-01 23:47 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-01 23:47 . 2008-02-01 23:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-02-01 22:40 . 2001-07-06 14:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-02-01 22:40 . 2001-07-06 12:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-02-01 22:40 . 2001-07-06 18:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-02-01 22:40 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-02-01 22:40 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-02-01 22:40 . 2001-06-26 08:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-02-01 22:39 . 2008-02-01 22:40 <DIR> d-------- C:\Programmi\Ahead
2008-01-26 12:38 . 2008-01-26 12:38 <DIR> d-------- C:\WINDOWS\system32\it-it
2008-01-26 12:35 . 2008-01-26 12:37 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-01-23 21:13 . 2008-01-23 21:13 <DIR> d-------- C:\WINDOWS\system32\bak
2008-01-16 16:22 . 2008-01-18 23:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-16 16:22 . 2008-01-16 16:22 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 22:31 --------- d-----w C:\Programmi\Microsoft IntelliType Pro
2008-02-01 22:31 --------- d-----w C:\Programmi\Microsoft IntelliPoint
2008-02-01 22:28 --------- d-----w C:\Programmi\Anti Spyware
2008-02-01 21:41 --------- d-----w C:\Documents and Settings\andang\Dati applicazioni\Ahead
2008-02-01 21:40 --------- d-----w C:\Programmi\File comuni\Ahead
2008-02-01 16:26 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-01-30 08:49 --------- d-----w C:\Programmi\ewido anti-spyware 4.0
2008-01-29 17:06 --------- d-----w C:\Programmi\Emule
2008-01-28 14:02 --------- d-----w C:\Documents and Settings\andang\Dati applicazioni\Registry Booster
2008-01-27 15:41 --------- d-----w C:\Programmi\Avast 4
2008-01-25 16:10 --------- d-----w C:\Programmi\Norton AntiVirus
2007-12-16 22:54 --------- d-----w C:\Programmi\VideoPlayer
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
1999-03-10 12:53 99,840 ----a-w C:\Programmi\File comuni\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Programmi\File comuni\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Programmi\File comuni\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Programmi\File comuni\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Programmi\File comuni\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Programmi\File comuni\IRASRIAL.DLL
.
Codice:
<pre>
----a-w         8,405,024 2006-06-22 12:37:55  C:\Programmi\ewido anti-spyware 4.0\ewido anti-malware\Ewido 4 (03-02-2007)\ewido-setup_4.0.0.172a .exe
</pre>



((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 79,224 2007-12-04 13:00:23 C:\Programmi\Avast 4\bak\ashDisp.exe
----a-w 79,224 2007-12-04 13:00:23 C:\Programmi\Avast 4\ashDisp.exe

----a-w 110,592 2003-08-19 00:01:00 C:\Programmi\File comuni\Sonic\Update Manager\bak\sgtray.exe

----a-w 163,840 2003-05-15 23:41:15 C:\Programmi\Microsoft IntelliPoint\bak\point32.exe

----a-w 114,688 2003-05-15 23:45:54 C:\Programmi\Microsoft IntelliType Pro\bak\type32.exe

----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 122,939 2004-03-25 00:04:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00 15360]
"Sonic RecordNow! Deluxe"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 07:15 344064]
"CloneCDElbyCDFL"="C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2001-12-06 13:09 45056]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 18:14 36975]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"SSBkgdUpdate"="C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 09:22 155648]
"CorelDRAW Graphics Suite 11b"="" []
"QuickTime Task"="C:\Programmi\QuickTime\Quick Time 7\qttask.exe" [2007-04-27 08:41 282624]
"avast!"="C:\PROGRA~1\AVAST4~1\ashDisp.exe" [2007-12-04 14:00 79224]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 14:41 438359]
"itype"="c:\Programmi\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08 813912]
"IntelliPoint"="c:\Programmi\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 15:52 849280]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acrobat Assistant.lnk - C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-04-29 14:55:58 49254]
BTTray.lnk - C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2004-11-29 18:55:44 569405]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:56 65588]

R2 ppsio;PrmxPPDev;C:\WINDOWS\system32\drivers\ppsio.sys [1998-01-15 15:46]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S4 Btpcdoocs;Btpcdoocs;C:\WINDOWS\system32\drivers\ks.sys [2004-08-03 22:15]

.
Contenuto della cartella 'Scheduled Tasks'
"2005-07-29 09:56:34 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Programmi\XoftSpy\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 12:57:26
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Avast 4\aswUpdSv.exe
C:\Programmi\Avast 4\ashServ.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\Avast 4\ashMaiSv.exe
C:\Programmi\Avast 4\ashWebSv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Ora fine scansione: 2008-02-02 13:01:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-02 12:01:26
.
2007-10-03 08:04:51 --- E O F ---


E, infine, il link per il risultato di Kaspersky è:
http://www.freefilehosting.net/download/3bbf1

DellDomains installato.


Phew

Attendo istruzioni Very Happy !
ciao e .. Grazie
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 02 Feb 2008 23:33    Oggetto: Rispondi citando
Ok, direi che ci siamo. Razz

Ci sono alcune voci nel ripristino di sistema da cancellare:
Disabilita il ripristino di sistema

Rifai la scansione con Kaspersky e postala come indicato prima. Wink
Top
Profilo Invia messaggio privato
angela_ldv
Mortale devoto
Mortale devoto


Registrato: 02/02/08 00:01
Messaggi: 10
MessaggioInviato: 03 Feb 2008 20:10    Oggetto: Rispondi citando
questo il link al risultato della nuova scansione:
http://www.freefilehosting.net/download/3bd81

I file abc123.pid e [numero].exe non si formano più Evviva
Ho notato, però, che ogni tanto ho dei problemi con internet Grrr : l'icona sulla barra mi dice di essere connesso, ma in realtà non riesco a visualizzare nessuna pagina nè a scaricare la posta.. e nemmeno risco a discnnettermi cliccando col dx sull'icona! al reboot, però, tutto torna normale.. La prima volta mi è successo dopo la prima scansione con kaspersky.. che dici Think ?
Ciao intanto!
Top
Profilo Invia messaggio privato
angela_ldv
Mortale devoto
Mortale devoto


Registrato: 02/02/08 00:01
Messaggi: 10
MessaggioInviato: 05 Feb 2008 11:15    Oggetto: Rispondi citando
Question Question Question
help!!
Top
Profilo Invia messaggio privato
angela_ldv
Mortale devoto
Mortale devoto


Registrato: 02/02/08 00:01
Messaggi: 10
MessaggioInviato: 07 Feb 2008 11:26    Oggetto: Rispondi citando
continuo ad avere dei problemi - e, parallelamente, a non ottenere risposta all'ultimo post. E non capisco perchè, data la gentilezza degli aiuti precedenti!! Se lo avessi saputo, però, mi sarei rivolta ad un altro forum.. Va bè, ciao
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 07 Feb 2008 11:51    Oggetto: Rispondi citando
Forse perché, ogni tanto, mi tocca lavorare e perdo di vista i vari post del forum.

Per i problemi di connessione, prova a fare questi passaggi:

  • Scarica FixWareOut da uno di questi siti:
    Sito 1
    Sito 2
    Sito 3
  • Salvalo sul desktop
  • Avvialo
  • Clicca Next
  • Clicca Install
  • Assicurati che ci sia il segno di spunta su "Run fixit"
  • Clicca Finish.
  • Segui le indicazioni.
  • Ti chiederà di riavviare il pc, fallo.
  • Ci metterà parecchio a riavviarsi. Sii paziente.
  • Alla fine dell'operazione, riavvia ancora il pc.
  • Rifai il log di hijackthis e postalo insieme al file C:\fixwareout\report.txt

Se anche così dovessi avere ancora problemi, prova a chiedere consigli in quest'altra area del forum.
Top
Profilo Invia messaggio privato
angela_ldv
Mortale devoto
Mortale devoto


Registrato: 02/02/08 00:01
Messaggi: 10
MessaggioInviato: 07 Feb 2008 12:57    Oggetto: Rispondi citando
grazie mille, ora provo subito.
Scusa se sono stata brusca prima ma anch'io lavoro..ma con il mio pc che fa le bizze!!
Top
Profilo Invia messaggio privato
angela_ldv
Mortale devoto
Mortale devoto


Registrato: 02/02/08 00:01
Messaggi: 10
MessaggioInviato: 07 Feb 2008 13:29    Oggetto: Rispondi citando
Ecco qua:

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 12.25.31, on 07/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Avast 4\aswUpdSv.exe
C:\Programmi\Avast 4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\Avast 4\ashMaiSv.exe
C:\Programmi\Avast 4\ashWebSv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVAST4~1\ashDisp.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Microsoft IntelliType Pro\itype.exe
C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\Anti Spyware\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.economia.unipd.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;rcs
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\Quick Time 7\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVAST4~1\ashDisp.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [itype] "c:\Programmi\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Apri immagine in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1040\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Programmi\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1212145151593
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212144809453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212144795500
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ibet2007.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Avast 4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Avast 4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Avast 4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Avast 4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe




Fixwareout:

Username "andang" - 07/02/2008 11.59.54 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Svuotata la cache del resolver DNS.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"ATIPTA"="C:\\Programmi\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"CloneCDElbyCDFL"="\"C:\\Programmi\\Elaborate Bytes\\CloneCD\\ElbyCheck.exe\" /L ElbyCDFL"
"SunJavaUpdateSched"="C:\\Programmi\\Java\\jre1.5.0_05\\bin\\jusched.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"SSBkgdUpdate"="\"C:\\Programmi\\File comuni\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"CorelDRAW Graphics Suite 11b"=""
"QuickTime Task"="\"C:\\Programmi\\QuickTime\\Quick Time 7\\qttask.exe\" -atboottime"
"avast!"="C:\\PROGRA~1\\AVAST4~1\\ashDisp.exe"
"Motive SmartBridge"="C:\\PROGRA~1\\ALICET~1\\SMARTB~1\\MotiveSB.exe"
"itype"="\"c:\\Programmi\\Microsoft IntelliType Pro\\itype.exe\""
"IntelliPoint"="\"c:\\Programmi\\Microsoft IntelliPoint\\ipoint.exe\""
"NeroFilterCheck"="C:\\Programmi\\File comuni\\Ahead\\Lib\\NeroCheck.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Sonic RecordNow! Deluxe"=""
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
Top
Profilo Invia messaggio privato
angela_ldv
Mortale devoto
Mortale devoto


Registrato: 02/02/08 00:01
Messaggi: 10
MessaggioInviato: 07 Feb 2008 13:34    Oggetto: Rispondi citando
Quello che mi succede ancora è che non mi appaiono finestre o icone di certe applicazioni, che pure sono visibili nel taskmanager tra i processi! In più qualche volta mi si diconnette (raramente)..
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 07 Feb 2008 14:02    Oggetto: Rispondi citando
Quindi non ti compaiono delle icone di processi attivi e, ogni tanto, si disconnette? Think

Potrebbe esserci qualche rimasuglio dell'infezione precedente.

Fai questa scansione con SystemScan e posta il log su FreeFileHosting come indicato qui.

Tieni conto che l'analisi del log di systemscan richiede parecchio tempo.
Top
Profilo Invia messaggio privato
angela_ldv
Mortale devoto
Mortale devoto


Registrato: 02/02/08 00:01
Messaggi: 10
MessaggioInviato: 10 Feb 2008 19:11    Oggetto: Rispondi
Ecco il link al log di Systemscan:
report52.txt

Ciao Wink
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi