io pc si blocca tipo fotografia ho un trojan???

[strangedays2]

fate conto che ho comodo e avira ma mi sta capitando questo gia 2 volte.. cosa diavolo è' mi tocca resettare.. grazie saluti.

[menatwork]

ciao strangedays2

a parte che dovresti specificare meglio qual'e' il tuo problema.....

scarica questo programma e mettilo nella directory C dove avrai preparato una cartella con il suo nome.
Lanci l'eseguibile e clicchi su " do a system scan and save a log" alla fine salvi questo file con estensione *.TXT e lo alleghi ad un post sul forum.

[strangedays2]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15.01.42, on 01/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDE T.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\COMODO\COMODO Internet Security\cfp.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Program Files\B's CLiP\Win2K\BSCLIP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\PeerBlock\peerblock.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Webroot\Washer\WasherSvc.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT1105889
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Asking Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Programmi\LphantBar\tbLph0.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Programmi\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\I E\rpbrowserrecordplugin.dll
O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll
O2 - BHO: Asking Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Programmi\LphantBar\tbLph0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O3 - Toolbar: Asking Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Programmi\LphantBar\tbLph0.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Programmi\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDE T.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [B'sCLiP] C:\Program Files\B's CLiP\Win2K\BSCLIP.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [PeerBlock] C:\Programmi\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mozilla Firefox (2).lnk = C:\Programmi\Mozilla Firefox\firefox.exe
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Programmi\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Programmi\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) -
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - Invalid registry found
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Programmi\Webroot\Washer\WasherSvc.exe

--
End of file - 7772 bytes







GRAZIE DELLA DRITTA MA DEVO AMMETTERE HE HA SMESSO DI FARE QUESTO STRANO BLOCCO.. PERO' NON TOGLIE CHE CI SIA QUALCOSA LOSTESSO.. TU COSA VEDI DI STRANO??'

[strangedays2]

ha ricominciato..

[menatwork]

se non conosci questo indirizzo

http://search.conduit.com

fixa questa riga con hijackthis

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSou...;ctid=CT1105889

scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(non installare la recovery console)
devi rinominare il file prima di salvarlo sul desktop in abc.exe
(per rinominare il file, quando lo scarichi ti chiede dove salvarlo e ti compare la casella "nome file" ,basta che cambi il nome che ti appare in abc.exe)
Fatto questo, clicca su start>esegui, nel box bianco copia e incolla questo comando, virgolette comprese:

"%userprofile%\desktop\abc.exe" /killall

Premi OK, se tutto va bene parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , riavvia in modalità normale e posta il contenuto del file o allegalo.

[strangedays2]

grazie dell'assistenza.. ho fatto tutto come mi hai detto ecco qua




ComboFix 10-10-05.06 - Oreste Lionello 07/10/2010 0.24.23.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.630 [GMT 2:00]
Eseguito da: c:\documents and settings\Oreste Lionello\desktop\abc.exe
Opzioni usate :: /killall
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000010-0000-0000-0000-0000D8023D00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0012-0014-00DC-FD7F00000802}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0012-0014-00EC-FD7F00000802}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0012-0014-00FC-FD7F00000802}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {0012EE84-FFFC-FFFF-0200-00004FBCC4F1}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {001300D4-0000-0000-1000-00007454927C}
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

c:\windows\system32\Drivers\iftjodkvwmui.sys
c:\windows\system32\drivers\lxtuyqwqevmx.sys
c:\windows\system32\Drivers\ovlvjdebncvj.sys
c:\windows\system32\drivers\xvpmxhafyjfv.sys
c:\windows\system32\vbzlib1.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_iftjodkvwmui
-------\Legacy_lxtuyqwqevmx
-------\Legacy_xvpmxhafyjfv
-------\Service_iftjodkvwmui
-------\Service_lxtuyqwqevmx
-------\Service_xvpmxhafyjfv


((((((((((((((((((((((((( Files Creati Da 2010-09-06 al 2010-10-06 )))))))))))))))))))))))))))))))))))
.

2010-10-04 17:46 . 2010-10-04 17:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2010-10-04 17:22 . 2010-10-04 17:22 503808 ----a-w- c:\documents and settings\Default User\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 \7ec4bf04-3e350b32-n\msvcp71.dll
2010-10-04 17:22 . 2010-10-04 17:22 499712 ----a-w- c:\documents and settings\Default User\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 \7ec4bf04-3e350b32-n\jmc.dll
2010-10-04 17:22 . 2010-10-04 17:22 348160 ----a-w- c:\documents and settings\Default User\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 \7ec4bf04-3e350b32-n\msvcr71.dll
2010-10-04 17:22 . 2010-10-04 17:22 12800 ----a-w- c:\documents and settings\Default User\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 2\4488892a-69a233a2-n\decora-d3d.dll
2010-10-04 17:22 . 2010-10-04 17:22 61440 ----a-w- c:\documents and settings\Default User\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 2\4488892a-69a233a2-n\decora-sse.dll
2010-10-04 17:16 . 2010-10-04 17:16 503808 ----a-w- c:\documents and settings\Oreste Lionello\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 \7ec4bf04-17ab251e-n\msvcp71.dll
2010-10-04 17:16 . 2010-10-04 17:16 499712 ----a-w- c:\documents and settings\Oreste Lionello\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 \7ec4bf04-17ab251e-n\jmc.dll
2010-10-04 17:16 . 2010-10-04 17:16 348160 ----a-w- c:\documents and settings\Oreste Lionello\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 \7ec4bf04-17ab251e-n\msvcr71.dll
2010-10-04 17:16 . 2010-10-04 17:16 61440 ----a-w- c:\documents and settings\Oreste Lionello\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 2\4488892a-5e9cb65e-n\decora-sse.dll
2010-10-04 17:16 . 2010-10-04 17:16 12800 ----a-w- c:\documents and settings\Oreste Lionello\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 2\4488892a-5e9cb65e-n\decora-d3d.dll
2010-10-04 17:14 . 2010-07-17 03:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-03 19:15 . 2010-10-04 17:01 79488 ----a-w- c:\documents and settings\Oreste Lionello\Dati applicazioni\Sun\Java\jre1.6.0_20\gtapi.dll
2010-10-03 19:15 . 2010-10-04 17:01 152576 ----a-w- c:\documents and settings\Oreste Lionello\Dati applicazioni\Sun\Java\jre1.6.0_20\lzma.dll
2010-10-03 16:18 . 2010-10-03 17:35 -------- d-----w- c:\windows\system32\NtmsData
2010-10-03 15:33 . 2010-10-03 15:33 -------- d-----w- c:\documents and settings\Oreste Lionello\Dati applicazioni\Avira
2010-10-02 14:08 . 2010-10-02 14:08 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-02 13:55 . 2010-10-02 13:55 -------- dc----w- c:\windows\system32\DRVSTORE
2010-10-02 13:55 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-10-02 13:45 . 2010-10-02 13:45 -------- d-----w- c:\documents and settings\Oreste Lionello\Impostazioni locali\Dati applicazioni\Sunbelt Software
2010-10-02 13:29 . 2010-10-02 13:30 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-10-02 13:29 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-10-02 13:28 . 2010-10-02 13:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2010-10-02 13:28 . 2010-10-02 13:28 -------- d-----w- c:\programmi\Lavasoft
2010-10-01 13:00 . 2010-10-01 13:00 388096 ----a-r- c:\documents and settings\Oreste Lionello\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-01 13:00 . 2010-10-01 13:00 -------- d-----w- c:\programmi\Trend Micro
2010-09-07 16:48 . 2010-08-28 21:28 796192 ----a-w- c:\documents and settings\Oreste Lionello\Dati applicazioni\Mozilla\Firefox\Profiles\nz6f47m2.def ault\extensions\keyscrambler@qfx.software.corporat ion\components\KeyScramblerIE.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2010-10-06 22:29 . 2010-05-21 13:33 384 -c--a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-20021102}.dat
2010-10-06 22:29 . 2010-05-21 13:33 384 -c--a-w- c:\windows\system32\DVCState-{00000002-00000000-00000009-00001102-00000004-20021102}.dat
2010-10-06 17:31 . 2010-04-24 09:34 -------- d-----w- c:\programmi\PeerBlock
2010-10-06 08:08 . 2008-08-27 10:06 -------- d-----w- c:\documents and settings\Oreste Lionello\Dati applicazioni\Media Player Classic
2010-10-04 17:49 . 2008-07-20 17:47 -------- d-----w- c:\programmi\QuickTime
2010-10-04 17:22 . 2008-11-14 15:07 -------- d-----w- c:\programmi\File comuni\Java
2010-10-04 17:21 . 2008-11-14 15:08 -------- d-----w- c:\programmi\Java
2010-10-02 14:14 . 2004-08-19 12:00 79292 ----a-w- c:\windows\system32\perfc010.dat
2010-10-02 14:14 . 2004-08-19 12:00 478808 ----a-w- c:\windows\system32\perfh010.dat
2010-10-01 12:39 . 2010-04-10 20:11 -------- d-----w- c:\documents and settings\Oreste Lionello\Dati applicazioni\vlc
2010-09-29 17:17 . 2009-11-12 16:54 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-09-29 08:34 . 2010-06-10 08:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Comodo
2010-09-29 08:32 . 2010-06-01 17:00 285480 ----a-w- c:\windows\system32\guard32.dll
2010-09-29 08:32 . 2010-06-01 17:00 91560 -c--a-w- c:\windows\system32\drivers\inspect.sys
2010-09-29 08:32 . 2010-06-01 17:00 25240 -c--a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-09-29 08:32 . 2010-06-01 17:00 15592 -c--a-w- c:\windows\system32\drivers\cmderd.sys
2010-09-29 08:32 . 2010-06-04 09:55 239240 -c--a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-09-22 21:54 . 2010-07-27 16:24 -------- d-----w- c:\programmi\LphantBar
2010-09-19 12:23 . 2010-02-14 10:02 -------- d-----w- c:\programmi\Glary Utilities
2010-09-19 10:36 . 2008-07-07 00:54 -------- d-----w- c:\programmi\CCleaner
2010-09-07 16:48 . 2010-06-23 08:03 -------- d-----w- c:\programmi\KeyScrambler
2010-09-01 12:22 . 2010-03-08 20:22 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-01 12:22 . 2009-05-19 21:48 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-30 12:34 . 2010-09-03 09:38 1496064 ----a-w- c:\documents and settings\Oreste Lionello\Dati applicazioni\Mozilla\Firefox\Profiles\nz6f47m2.def ault\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-30 12:33 . 2010-09-03 09:38 43008 ----a-w- c:\documents and settings\Oreste Lionello\Dati applicazioni\Mozilla\Firefox\Profiles\nz6f47m2.def ault\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-30 12:33 . 2010-09-03 09:38 338944 ----a-w- c:\documents and settings\Oreste Lionello\Dati applicazioni\Mozilla\Firefox\Profiles\nz6f47m2.def ault\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-30 12:33 . 2010-09-03 09:38 346112 ----a-w- c:\documents and settings\Oreste Lionello\Dati applicazioni\Mozilla\Firefox\Profiles\nz6f47m2.def ault\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-08-19 10:35 . 2010-08-19 10:11 -------- d-----w- c:\programmi\DsNET Corp
2010-08-19 10:14 . 2010-08-19 10:14 -------- d-----w- c:\programmi\WinPcap
2010-08-18 13:10 . 2010-08-18 13:10 -------- d-----w- c:\documents and settings\Oreste Lionello\Dati applicazioni\Foxit Software
2010-08-17 13:17 . 2004-08-19 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:48 . 2004-08-19 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-13 19:30 . 2009-01-09 11:26 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-01-21 16:11 . 2009-01-21 16:11 336 -c--a-w- c:\programmi\setup.ini
.

[strangedays2]

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6b284373-1765-4464-a587-80fbc2b2eefa}"= "c:\programmi\LphantBar\tbLph0.dll" [2010-09-22 2735200]

[HKEY_CLASSES_ROOT\clsid\{6b284373-1765-4464-a587-80fbc2b2eefa}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6b284373-1765-4464-a587-80fbc2b2eefa}]
2010-09-22 21:54 2735200 ----a-w- c:\programmi\LphantBar\tbLph0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6b284373-1765-4464-a587-80fbc2b2eefa}"= "c:\programmi\LphantBar\tbLph0.dll" [2010-09-22 2735200]

[HKEY_CLASSES_ROOT\clsid\{6b284373-1765-4464-a587-80fbc2b2eefa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6B284373-1765-4464-A587-80FBC2B2EEFA}"= "c:\programmi\LphantBar\tbLph0.dll" [2010-09-22 2735200]

[HKEY_CLASSES_ROOT\clsid\{6b284373-1765-4464-a587-80fbc2b2eefa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ccleaner"="c:\programmi\CCleaner\ccleaner.exe " [2010-08-26 1779512]
"PeerBlock"="c:\programmi\PeerBlock\peerblock. exe" [2009-09-28 1524824]
"SetDefaultMIDI"="MIDIDef.exe" [2002-12-03 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"SBDrvDet"="c:\programmi\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"CTSysVol"="c:\programmi\Creative\SBAudigy2ZS\Surr ound Mixer\CTSysVol.exe" [2003-07-02 57344]
"CTDVDDET"="c:\programmi\Creative\SBAudigy2ZS\DVDA udio\CTDVDDET.EXE" [2003-06-17 45056]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-05-03 86016]
"COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2010-09-29 2500552]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-05-08 202256]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2010-09-08 421888]
"B'sCLiP"="c:\program files\B's CLiP\Win2K\BSCLIP.exe" [2004-01-08 1392640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Oreste Lionello\Menu Avvio\Programmi\Esecuzione automatica\
Mozilla Firefox (2).lnk - c:\programmi\Mozilla Firefox\firefox.exe [2010-9-2 910296]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-03 03:46 1630208 -c--a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-disabled]
"RemoteControl"="c:\programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Lphant\\eLePhantClient.exe"=

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [20/07/2008 18.30.13 9344]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [02/10/2010 15.55.36 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [04/05/2010 14.20.53 28552]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.s ys [18/01/2010 19.23.34 30320]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347 s.sys [07/07/2008 3.35.42 5248]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [01/06/2010 19.00.20 15592]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [04/06/2010 11.55.58 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [01/06/2010 19.00.22 25240]
R2 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [20/07/2008 18.30.10 394496]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16/11/2009 18.33.38 50704]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [18/01/2010 19.22.03 57248]
R2 wwEngineSvc;Window Washer Engine;c:\programmi\Webroot\Washer\WasherSvc.exe [07/07/2008 2.56.04 598856]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\driv ers\keyscrambler.sys [23/06/2010 10.03.30 114952]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [18/01/2010 19.23.33 24400]
S1 SASDIFSV;SASDIFSV; [x]
S1 SASKUTIL;SASKUTIL; [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [12/08/2010 14.15.19 1357464]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMM ONFX.sys [23/06/2009 14.34.30 99416]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDF X.sys [23/06/2009 14.34.40 555096]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTER FXFX.sys [23/06/2009 14.35.04 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLF X.sys [23/06/2009 14.34.52 566360]
S3 pbfilter;pbfilter;c:\programmi\PeerBlock\pbfilter. sys [24/04/2010 11.34.15 14424]
S3 SASENUM;SASENUM; [x]
S4 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347 b.sys [07/07/2008 3.35.42 159616]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - Lavasoft Kernexplorer
.
Contenuto della cartella 'Scheduled Tasks'

2010-10-06 c:\windows\Tasks\Ad-Aware Scan (opiab).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 08:43]

2010-10-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 08:43]

2010-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-10-06 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2010-02-14 08:32]

2010-10-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-484763869-261903793-839522115-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-10-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-261903793-839522115-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Scansione supplementare -------
.
FF - ProfilePath - c:\documents and settings\Oreste Lionello\Dati applicazioni\Mozilla\Firefox\Profiles\nz6f47m2.def ault\
FF - prefs.js: browser.startup.homepage - google.it
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=it&q=
FF - component: c:\documents and settings\Oreste Lionello\Dati applicazioni\Mozilla\Firefox\Profiles\nz6f47m2.def ault\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Oreste Lionello\Dati applicazioni\Mozilla\Firefox\Profiles\nz6f47m2.def ault\extensions\keyscrambler@qfx.software.corporat ion\components\KeyScramblerIE.dll
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\M ozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Oreste Lionello\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava 1.dll
FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin8.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - (no file)

[strangedays2]

.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,1c,bb ,92,9e,57,28,4d,a5,5d,17,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,1c,bb ,92,9e,57,28,4d,a5,5d,17,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil9n.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il9n.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(928)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(284)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\DVDRAMSV.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Raxco\PerfectDisk\PDAgent.exe
c:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\MsPMSPSv.exe
c:\programmi\Raxco\PerfectDisk\PDEngine.exe
c:\windows\system32\RUNDLL32.EXE
.
************************************************** ************************
.
Ora fine scansione: 2010-10-07 01:32:06 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-10-06 23:32

Pre-Run: 40.341.090.304 byte disponibili
Post-Run: 40.220.729.344 byte disponibili

- - End Of File - - DCE97384AE3C6A968E90729DA79517DA

[strangedays2]

mi auguro che non sia deceduto l'utente che mi aveva consigliato i seguenti programmi log etc..dato che ho ancora diversi blocchi di sistema (cosa ultimamente non rara e riscontrata pure altrove..) per il resto condolianze.. non sono + in grado di concepire siti come questi.. se si da una mano che sia realmente una mano seno chiudete hwu e html.it no ditemi voi obiettivamente.. uno perde tempo.. inolte son passate 3 settimane.. adesso capisco perchè si sono dimezzato gli utenti anni e anni fa erano un brulicare assurdo..

[menatwork]

no non sono deceduto per tua fortuna e' che la tua discussione e' andata in fondo mi spiace

scarica antivir_rootkit

scompattalo

clicca su ''start scan''

quando finisce vai in basso su ''view report'' e copia il rapporto che rilascia