Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Problema virus

2 pages: [1] 2
Problema virus Opzioni
Topic Precedente · Topic Sucessivo
danda
Inviato: Friday, January 15, 2010 11:47:13 PM
Rank: Newbie

Iscritto dal : 1/15/2010
Posts: 8
Salve a tutti!
Il mio Antivir ha individuato il seguente virus: c windows system32 sshnas.dll . Ovviamente ho provato ad eliminarlo e ciò non è stato possibile, ho fatto anche una scansione con Ad-Aware ma non ha dato risultati.
Il log di hijackthis è il seguente, dovreste solo indicarmi le righe da eliminare.
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 22.44.36, on 15/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\FixCamera.exe
C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\tsnpstd3.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Messenger\msmsgs.exe
C:\documents and settings\entry\impostazioni locali\dati applicazioni\dhnapub.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Alice MOBILE\Alice MOBILE.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Windows Live\Toolbar\wltuser.exe
C:\DOCUME~1\entry\IMPOST~1\Temp\c.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programmi\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmi\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\msb.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: ITALIA version Toolbar - {323d5e65-9ec7-481e-a888-5bbe30b80dfb} - C:\Programmi\ITALIA_version\tbITA1.dll
R3 - URLSearchHook: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Programmi\PHPNukeIT\tbPHP1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Programmi\PHPNukeIT\tbPHP1.dll
O2 - BHO: ITALIA version Toolbar - {323d5e65-9ec7-481e-a888-5bbe30b80dfb} - C:\Programmi\ITALIA_version\tbITA1.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ITALIA version Toolbar - {323d5e65-9ec7-481e-a888-5bbe30b80dfb} - C:\Programmi\ITALIA_version\tbITA1.dll
O3 - Toolbar: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Programmi\PHPNukeIT\tbPHP1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [fssui] "C:\Programmi\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AAK8K3J4FL] C:\DOCUME~1\entry\IMPOST~1\Temp\c.exe
O4 - HKCU\..\Run: [dhnapub] "c:\documents and settings\entry\impostazioni locali\dati applicazioni\dhnapub.exe" dhnapub
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 9159 bytes

Vi ringrazio anticipatamente!
Claudia
Torna in alto
 
Sponsor
Inviato: Friday, January 15, 2010 11:47:13 PM

 
Torna in alto
 
r16
Inviato: Friday, January 15, 2010 11:55:48 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Fai queste 2 scansioni:
1)Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Elimina gli eventuali file infetti trovati
Posta il log.


2)Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
Torna in alto
 
lui49
Inviato: Friday, January 15, 2010 11:57:07 PM
Rank: AiutAmico

Iscritto dal : 5/4/2003
Posts: 2,845
ok
Torna in alto
 
r16
Inviato: Saturday, January 16, 2010 12:03:09 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
@lui49 :
Elimina questo Post, e lo posti nel topic di Tommy.
Adesso è tardi per controllarlo con la lente d'ingrandimento, ma domani ti darò una risposta.
Ci sentiamo.
Torna in alto
 
danda
Inviato: Saturday, January 16, 2010 2:06:44 PM
Rank: Newbie

Iscritto dal : 1/15/2010
Posts: 8
r16 ha scritto:
@lui49 :
Elimina questo Post, e lo posti nel topic di Tommy.
Adesso è tardi per controllarlo con la lente d'ingrandimento, ma domani ti darò una risposta.
Ci sentiamo.


Scusami, ma il log di hijackthis non è sufficiente per eliminare quel tipo di virus?Non sono abbastanza pratica col pc quindi se la cosa si potesse risolvere in questo modo mi faresti un gran favore...
Torna in alto
 
panchoz
Inviato: Saturday, January 16, 2010 2:19:38 PM

Rank: AiutAmico

Iscritto dal : 11/6/2008
Posts: 2,452
"ma il log di hijackthis non è sufficiente per eliminare quel tipo di virus?"


NO Brick wall
Torna in alto
 
fdaccc
Inviato: Saturday, January 16, 2010 6:24:14 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
chr te ne fai della PHP Toolbar?=)
un consiglio, disinstalla le toolbar non necessarie, rallentano solo l'avvio di IE..
Torna in alto
 
monsee
Inviato: Saturday, January 16, 2010 7:44:49 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
panchoz ha scritto:
"ma il log di hijackthis non è sufficiente per eliminare quel tipo di virus?"


NO Brick wall


Confermo: HijackThis NON SERVE A GRAN CHE contro i virus.
Torna in alto
 
danda
Inviato: Sunday, January 17, 2010 1:25:42 PM
Rank: Newbie

Iscritto dal : 1/15/2010
Posts: 8
Hoi scaricato entrambi i programmi ed ho effettuato la scansione.
Questi sono i log:
ComboFix 10-01-16.03 - entry 17/01/2010 12.32.40.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.173 [GMT 1:00]
Eseguito da: c:\documents and settings\entry\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-12-17 al 2010-01-17 )))))))))))))))))))))))))))))))))))
.

2010-01-15 21:42 . 2010-01-15 21:42 388096 ----a-r- c:\documents and settings\entry\Dati applicazioni\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-15 21:42 . 2010-01-15 21:42 -------- d-----w- c:\programmi\TrendMicro
2010-01-07 21:56 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-06 21:09 . 2010-01-06 21:09 862040 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-06 21:09 . 2010-01-06 21:09 206944 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-06 21:09 . 2010-01-06 21:09 390288 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-06 21:09 . 2010-01-06 21:09 537576 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-06 21:09 . 2010-01-06 21:09 370744 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-01-06 21:09 . 2010-01-06 21:09 194104 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-06 21:08 . 2010-01-15 21:11 6296864 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-06 21:08 . 2010-01-06 21:08 933120 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-06 21:08 . 2010-01-06 21:08 816272 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-06 21:08 . 2010-01-06 21:08 822904 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-01-06 21:08 . 2010-01-06 21:08 1643272 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-06 21:08 . 2010-01-06 21:08 788880 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-06 21:08 . 2010-01-06 21:08 1181328 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-06 21:06 . 2010-01-06 21:06 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-06 21:06 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 11:09 . 2008-12-04 19:54 -------- d-----w- c:\programmi\Alice MOBILE
2010-01-17 11:02 . 2009-01-20 17:32 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-17 11:02 . 2009-07-13 18:49 5115823 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-16 19:30 . 2008-08-18 18:56 -------- d-----w- c:\programmi\eMule
2010-01-07 15:07 . 2009-01-20 17:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-01-20 17:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 21:06 . 2009-01-10 19:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft
2010-01-06 21:06 . 2009-01-10 11:52 -------- d-----w- c:\programmi\Lavasoft
2010-01-06 20:22 . 2009-12-08 18:00 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-01-06 20:22 . 2009-12-08 18:00 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-01-04 16:52 . 2009-09-02 17:56 -------- d-----w- c:\programmi\LG PC Suite II
2009-12-10 11:53 . 2009-11-11 20:02 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-09 11:52 . 2009-01-11 12:47 -------- d-----w- c:\programmi\ITALIA_version
2009-12-03 13:14 . 2009-01-18 11:08 -------- d-----w- c:\programmi\PHPNukeIT
2009-12-02 13:19 . 2009-08-26 14:03 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-23 17:02 . 2009-06-23 13:57 -------- d-----w- c:\programmi\PokerStars.IT
2009-11-17 21:59 . 2001-08-31 10:00 69916 ----a-w- c:\windows\system32\perfc010.dat
2009-11-17 21:59 . 2001-08-31 10:00 437604 ----a-w- c:\windows\system32\perfh010.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]


Questo è l'altro

Malwarebytes' Anti-Malware 1.44
Versione del database: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

17/01/2010 13.15.56
mbam-log-2010-01-17 (13-15-56).txt

Tipo di scansione: Scansione completa (A:\|C:\|D:\|E:\|F:\|G:\|)
Elementi scansionati: 201654
Tempo trascorso: 27 minute(s), 52 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 3

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Programmi\ITALIA_version\tbITAL.dll (Adware.NetPumper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{786D76E2-2667-4085-B19D-7835F7ABA770}\RP89\A0125241.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{786D76E2-2667-4085-B19D-7835F7ABA770}\RP89\A0126327.sys (Malware.Trace) -> Quarantined and deleted successfully.

Le operazioni effettuate sono sufficienti o dovrei fare qualcos'altro?Pare che il pc non abbia più i soliti rallentamenti...
Torna in alto
 
r16
Inviato: Sunday, January 17, 2010 1:47:47 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Ti consiglio di disistallare Ad-Aware, e di sostituirlo con Malwarebytes, molto più valido.
Posta un log aggiornato di HijackThis .
P.S:
Il log di Combofix NON è completo.
Mi fai una cortesia di postarlo integralmente?
Torna in alto
 
danda
Inviato: Sunday, January 17, 2010 1:51:45 PM
Rank: Newbie

Iscritto dal : 1/15/2010
Posts: 8
r16 ha scritto:
Ciao.
Ti consiglio di disistallare Ad-Aware, e di sostituirlo con Malwarebytes, molto più valido.
Posta un log aggiornato di HijackThis .


Ecco il log
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 13.50.51, on 17/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\FixCamera.exe
C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\tsnpstd3.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Alice MOBILE\Alice MOBILE.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {323d5e65-9ec7-481e-a888-5bbe30b80dfb} - (no file)
R3 - URLSearchHook: (no name) - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [fssui] "C:\Programmi\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 7713 bytes

Ora provvederò a disistallare ad aware.
Torna in alto
 
r16
Inviato: Sunday, January 17, 2010 1:53:48 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Chiedo scusa, ma mi sono accorto in ritardo che il log di Combofix è incompleto.
Vorrei vederlo integralmente.
Torna in alto
 
danda
Inviato: Sunday, January 17, 2010 1:56:57 PM
Rank: Newbie

Iscritto dal : 1/15/2010
Posts: 8
r16 ha scritto:
Chiedo scusa, ma mi sono accorto in ritardo che il log di Combofix è incompleto.
Vorrei vederlo integralmente.


Ecco

ComboFix 10-01-16.03 - entry 17/01/2010 12.32.40.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.173 [GMT 1:00]
Eseguito da: c:\documents and settings\entry\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-12-17 al 2010-01-17 )))))))))))))))))))))))))))))))))))
.

2010-01-15 21:42 . 2010-01-15 21:42 388096 ----a-r- c:\documents and settings\entry\Dati applicazioni\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-15 21:42 . 2010-01-15 21:42 -------- d-----w- c:\programmi\TrendMicro
2010-01-07 21:56 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-06 21:09 . 2010-01-06 21:09 862040 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-06 21:09 . 2010-01-06 21:09 206944 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-06 21:09 . 2010-01-06 21:09 390288 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-06 21:09 . 2010-01-06 21:09 537576 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-06 21:09 . 2010-01-06 21:09 370744 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-01-06 21:09 . 2010-01-06 21:09 194104 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-06 21:08 . 2010-01-15 21:11 6296864 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-06 21:08 . 2010-01-06 21:08 933120 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-06 21:08 . 2010-01-06 21:08 816272 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-06 21:08 . 2010-01-06 21:08 822904 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-01-06 21:08 . 2010-01-06 21:08 1643272 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-06 21:08 . 2010-01-06 21:08 788880 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-06 21:08 . 2010-01-06 21:08 1181328 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-06 21:06 . 2010-01-06 21:06 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-06 21:06 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 11:09 . 2008-12-04 19:54 -------- d-----w- c:\programmi\Alice MOBILE
2010-01-17 11:02 . 2009-01-20 17:32 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-17 11:02 . 2009-07-13 18:49 5115823 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-16 19:30 . 2008-08-18 18:56 -------- d-----w- c:\programmi\eMule
2010-01-07 15:07 . 2009-01-20 17:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-01-20 17:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 21:06 . 2009-01-10 19:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft
2010-01-06 21:06 . 2009-01-10 11:52 -------- d-----w- c:\programmi\Lavasoft
2010-01-06 20:22 . 2009-12-08 18:00 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-01-06 20:22 . 2009-12-08 18:00 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-01-04 16:52 . 2009-09-02 17:56 -------- d-----w- c:\programmi\LG PC Suite II
2009-12-10 11:53 . 2009-11-11 20:02 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-09 11:52 . 2009-01-11 12:47 -------- d-----w- c:\programmi\ITALIA_version
2009-12-03 13:14 . 2009-01-18 11:08 -------- d-----w- c:\programmi\PHPNukeIT
2009-12-02 13:19 . 2009-08-26 14:03 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-23 17:02 . 2009-06-23 13:57 -------- d-----w- c:\programmi\PokerStars.IT
2009-11-17 21:59 . 2001-08-31 10:00 69916 ----a-w- c:\windows\system32\perfc010.dat
2009-11-17 21:59 . 2001-08-31 10:00 437604 ----a-w- c:\windows\system32\perfh010.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{323d5e65-9ec7-481e-a888-5bbe30b80dfb}"= "c:\programmi\ITALIA_version\tbITA1.dll" [2009-12-09 2166296]
"{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"= "c:\programmi\PHPNukeIT\tbPHP1.dll" [2009-12-03 2166296]

[HKEY_CLASSES_ROOT\clsid\{323d5e65-9ec7-481e-a888-5bbe30b80dfb}]

[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
2009-12-03 13:15 2166296 ----a-w- c:\programmi\PHPNukeIT\tbPHP1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{323d5e65-9ec7-481e-a888-5bbe30b80dfb}]
2009-12-09 11:52 2166296 ----a-w- c:\programmi\ITALIA_version\tbITA1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{323d5e65-9ec7-481e-a888-5bbe30b80dfb}"= "c:\programmi\ITALIA_version\tbITA1.dll" [2009-12-09 2166296]
"{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"= "c:\programmi\PHPNukeIT\tbPHP1.dll" [2009-12-03 2166296]

[HKEY_CLASSES_ROOT\clsid\{323d5e65-9ec7-481e-a888-5bbe30b80dfb}]

[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{323D5E65-9EC7-481E-A888-5BBE30B80DFB}"= "c:\programmi\ITALIA_version\tbITA1.dll" [2009-12-09 2166296]
"{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF}"= "c:\programmi\PHPNukeIT\tbPHP1.dll" [2009-12-03 2166296]

[HKEY_CLASSES_ROOT\clsid\{323d5e65-9ec7-481e-a888-5bbe30b80dfb}]

[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-10 39408]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"fssui"="c:\programmi\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-10 20480]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SMSTray"="c:\programmi\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-10 270336]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\xxx\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 1.0.1.lnk - c:\programmi\OpenOffice.org1.0.1\program\quickstart.exe [2002-7-4 61440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [26/08/2009 15.03.38 64288]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [11/01/2009 0.07.32 54752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [02/12/2009 14.19.01 1181328]
S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [16/04/2009 14.39.12 81920]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22.48.42 704864]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [20/01/2009 18.32.16 38224]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [16/04/2009 14.40.19 104960]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [16/04/2009 14.40.19 110080]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [16/04/2009 14.40.19 104960]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [16/04/2009 14.40.19 104960]
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:08]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:08]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:08]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:08]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:08]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://google.com/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 12:37
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Ora fine scansione: 2010-01-17 12:40:09
ComboFix-quarantined-files.txt 2010-01-17 11:40
ComboFix2.txt 2010-01-17 11:25

Pre-Run: 18.100.166.656 byte disponibili
Post-Run: 18.068.353.024 byte disponibili

- - End Of File - - 7DAA3AC98A1FD7BE377F8E577DF9744B
Torna in alto
 
r16
Inviato: Sunday, January 17, 2010 2:06:55 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Allora, questo programma ti serve?
ITALIA_version
Torna in alto
 
danda
Inviato: Sunday, January 17, 2010 2:14:18 PM
Rank: Newbie

Iscritto dal : 1/15/2010
Posts: 8
[quote=r16]Allora, questo programma ti serve?
ITALIA_version[

No, quello non lo uso, posso eliminarlo selezionandolo?
Torna in alto
 
r16
Inviato: Sunday, January 17, 2010 2:31:41 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Faccio io.
Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe\ Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
File::
c:\programmi\ITALIA_version\tbITA1.dll
c:\windows\system32\lsdelete.exe
c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe

Folder::
c:\programmi\ITALIA_version
c:\programmi\Lavasoft

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{323d5e65-9ec7-481e-a888-5bbe30b80dfb}"=-
"{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"=-
[-HKEY_CLASSES_ROOT\clsid\{323d5e65-9ec7-481e-a888-5bbe30b80dfb}]
[-HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{323d5e65-9ec7-481e-a888-5bbe30b80dfb}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{323d5e65-9ec7-481e-a888-5bbe30b80dfb}"=-
"{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{323D5E65-9EC7-481E-A888-5BBE30B80DFB}"=-
"{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF}"=-
[-HKEY_CLASSES_ROOT\clsid\{323d5e65-9ec7-481e-a888-5bbe30b80dfb}]
[-HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]

Driver::
Lavasoft Ad-Aware Service
Lbd


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
Torna in alto
 
danda
Inviato: Sunday, January 17, 2010 3:22:06 PM
Rank: Newbie

Iscritto dal : 1/15/2010
Posts: 8
Log di Combo:
ComboFix 10-01-16.03 - entry 17/01/2010 15.07.17.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.224 [GMT 1:00]
Eseguito da: c:\documents and settings\entry\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\entry\Documenti\Claudia\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\programmi\ITALIA_version\tbITA1.dll"
"c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe"
"c:\windows\system32\lsdelete.exe"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\ITALIA_version
c:\programmi\ITALIA_version\INSTALL.LOG
c:\programmi\ITALIA_version\tbITA1.dll
c:\programmi\ITALIA_version\toolbar.cfg
c:\programmi\ITALIA_version\UNWISE.EXE
c:\programmi\ITALIA_version\UNWISE.INI
c:\programmi\Lavasoft
c:\programmi\Lavasoft\Ad-Aware\AAWAdmin.exe
c:\programmi\Lavasoft\Ad-Aware\aawapi.dll
c:\programmi\Lavasoft\Ad-Aware\AAWService.exe
c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe
c:\programmi\Lavasoft\Ad-Aware\AAWWSC.exe
c:\programmi\Lavasoft\Ad-Aware\Ad-Aware.exe
c:\programmi\Lavasoft\Ad-Aware\Ad-Aware_manual_DE.chm
c:\programmi\Lavasoft\Ad-Aware\Ad-Aware_manual_EN.chm
c:\programmi\Lavasoft\Ad-Aware\Ad-Aware_manual_FR.chm
c:\programmi\Lavasoft\Ad-Aware\Ad-Aware_manual_JA.chm
c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
c:\programmi\Lavasoft\Ad-Aware\Ad-AwareCommand.exe
c:\programmi\Lavasoft\Ad-Aware\aebb.dll
c:\programmi\Lavasoft\Ad-Aware\aecore.dll
c:\programmi\Lavasoft\Ad-Aware\aeemu.dll
c:\programmi\Lavasoft\Ad-Aware\aegen.dll
c:\programmi\Lavasoft\Ad-Aware\aehelp.dll
c:\programmi\Lavasoft\Ad-Aware\aeheur.dll
c:\programmi\Lavasoft\Ad-Aware\aeoffice.dll
c:\programmi\Lavasoft\Ad-Aware\aepack.dll
c:\programmi\Lavasoft\Ad-Aware\aerdl.dll
c:\programmi\Lavasoft\Ad-Aware\aescn.dll
c:\programmi\Lavasoft\Ad-Aware\aescript.dll
c:\programmi\Lavasoft\Ad-Aware\aeset.dat
c:\programmi\Lavasoft\Ad-Aware\aevdf.dll
c:\programmi\Lavasoft\Ad-Aware\AutoLaunch.exe
c:\programmi\Lavasoft\Ad-Aware\avpal.dll
c:\programmi\Lavasoft\Ad-Aware\CEAPI.dll
c:\programmi\Lavasoft\Ad-Aware\dbghelp.dll
c:\programmi\Lavasoft\Ad-Aware\Download Guard for Internet Explorer.exe
c:\programmi\Lavasoft\Ad-Aware\Drivers\32\AAWDriverTool.exe
c:\programmi\Lavasoft\Ad-Aware\Drivers\32\DIFxAPI.dll
c:\programmi\Lavasoft\Ad-Aware\Drivers\32\lbd.cat
c:\programmi\Lavasoft\Ad-Aware\Drivers\32\lbd.inf
c:\programmi\Lavasoft\Ad-Aware\Drivers\32\lbd.sys
c:\programmi\Lavasoft\Ad-Aware\Drivers\64\AAWDriverTool.exe
c:\programmi\Lavasoft\Ad-Aware\Drivers\64\DIFxAPI.dll
c:\programmi\Lavasoft\Ad-Aware\Drivers\64\lbd.cat
c:\programmi\Lavasoft\Ad-Aware\Drivers\64\lbd.inf
c:\programmi\Lavasoft\Ad-Aware\Drivers\64\lbd.sys
c:\programmi\Lavasoft\Ad-Aware\Drivers\AAWDriverTool.exe
c:\programmi\Lavasoft\Ad-Aware\Drivers\DIFxAPI.dll
c:\programmi\Lavasoft\Ad-Aware\Drivers\lbd.cat
c:\programmi\Lavasoft\Ad-Aware\Drivers\lbd.inf
c:\programmi\Lavasoft\Ad-Aware\Drivers\lbd.sys
c:\programmi\Lavasoft\Ad-Aware\Drivers\sbapifs.cat
c:\programmi\Lavasoft\Ad-Aware\Drivers\sbapifsl.cat
c:\programmi\Lavasoft\Ad-Aware\Drivers\sbapx64.cat
c:\programmi\Lavasoft\Ad-Aware\Extras\Threat Work\ThreatWork.exe
c:\programmi\Lavasoft\Ad-Aware\GenoType.ows
c:\programmi\Lavasoft\Ad-Aware\hbedv.key
c:\programmi\Lavasoft\Ad-Aware\Languages\resource_de-DE.xml
c:\programmi\Lavasoft\Ad-Aware\Languages\resource_en-US.xml
c:\programmi\Lavasoft\Ad-Aware\Languages\resource_es-ES.xml
c:\programmi\Lavasoft\Ad-Aware\Languages\resource_fr-FR.xml
c:\programmi\Lavasoft\Ad-Aware\Languages\resource_it-IT.xml
c:\programmi\Lavasoft\Ad-Aware\Languages\resource_ja-JP.xml
c:\programmi\Lavasoft\Ad-Aware\Languages\resource_nl-NL.xml
c:\programmi\Lavasoft\Ad-Aware\Languages\resource_pt-PT.xml
c:\programmi\Lavasoft\Ad-Aware\Languages\resource_sv-SE.xml
c:\programmi\Lavasoft\Ad-Aware\Languages\resource_zh-CN.xml
c:\programmi\Lavasoft\Ad-Aware\Languages\resource_zh-TW.xml
c:\programmi\Lavasoft\Ad-Aware\Languages\ResourceAdmin.xml
c:\programmi\Lavasoft\Ad-Aware\lavalicense.dll
c:\programmi\Lavasoft\Ad-Aware\lavamessage.dll
c:\programmi\Lavasoft\Ad-Aware\Lavasoft Homepage.url
c:\programmi\Lavasoft\Ad-Aware\libapr-1.dll
c:\programmi\Lavasoft\Ad-Aware\libaprutil-1.dll
c:\programmi\Lavasoft\Ad-Aware\libavll.dll
c:\programmi\Lavasoft\Ad-Aware\lsdelete.exe
c:\programmi\Lavasoft\Ad-Aware\msvcp71.dll
c:\programmi\Lavasoft\Ad-Aware\msvcr71.dll
c:\programmi\Lavasoft\Ad-Aware\Neutralize.dll
c:\programmi\Lavasoft\Ad-Aware\pcre.dll
c:\programmi\Lavasoft\Ad-Aware\PrivacyClean.dll
c:\programmi\Lavasoft\Ad-Aware\Rebrand.dat
c:\programmi\Lavasoft\Ad-Aware\Resources.dll
c:\programmi\Lavasoft\Ad-Aware\Resources\aa11.efp
c:\programmi\Lavasoft\Ad-Aware\Resources\aa14.efp
c:\programmi\Lavasoft\Ad-Aware\Resources\Carbon.eGL
c:\programmi\Lavasoft\Ad-Aware\Resources\Default.eGL
c:\programmi\Lavasoft\Ad-Aware\Resources\Gold.eGL
c:\programmi\Lavasoft\Ad-Aware\Resources\Orange.eGL
c:\programmi\Lavasoft\Ad-Aware\Resources\Sedona.eGL
c:\programmi\Lavasoft\Ad-Aware\Resources\wa11.efp
c:\programmi\Lavasoft\Ad-Aware\Resources\wa11b.efp
c:\programmi\Lavasoft\Ad-Aware\Resources\wa12.efp
c:\programmi\Lavasoft\Ad-Aware\Resources\wa12b.efp
c:\programmi\Lavasoft\Ad-Aware\Resources\wa14b.efp
c:\programmi\Lavasoft\Ad-Aware\Resources\wa14i.efp
c:\programmi\Lavasoft\Ad-Aware\Resources\wt12.efp
c:\programmi\Lavasoft\Ad-Aware\Resources\wt12b.efp
c:\programmi\Lavasoft\Ad-Aware\Resources\wt16b.efp
c:\programmi\Lavasoft\Ad-Aware\Resources\wt16bi.efp
c:\programmi\Lavasoft\Ad-Aware\Resources\wt20b.efp
c:\programmi\Lavasoft\Ad-Aware\Resources\wt20bi.efp
c:\programmi\Lavasoft\Ad-Aware\RPAPI.dll
c:\programmi\Lavasoft\Ad-Aware\savapi3.dll
c:\programmi\Lavasoft\Ad-Aware\savapi3client.dll
c:\programmi\Lavasoft\Ad-Aware\Savapibridge.dll
c:\programmi\Lavasoft\Ad-Aware\ShellExt.dll
c:\programmi\Lavasoft\Ad-Aware\threatwork.exe
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\AutoStart Manager.exe
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Settings.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Skins\grey\gbottompic.bmp
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Skins\grey\gbottompicp.bmp
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Skins\grey\gtoppic.bmp
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Skins\grey\gtoppicp.bmp
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Skins\grey\skin.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Skins\grey\Thumbs.db
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\SO.dll
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\de.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\en.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\english.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\es.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\fr.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\it.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\ja.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\nl.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\pr.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\russian.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\zh-cmn-Hans.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\zh-cmn-Hant.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\AutoStart Manager.exe
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\de.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\en.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\english.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\es.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\fr.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\gbottompic.bmp
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\gbottompicp.bmp
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\grey\gbottompic.bmp
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\grey\gbottompicp.bmp
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\grey\gtoppic.bmp
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\grey\gtoppicp.bmp
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\grey\skin.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\grey\Thumbs.db
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\gtoppic.bmp
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\gtoppicp.bmp
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\it.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\ja.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\nl.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\pr.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\russian.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\Settings.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\skin.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\Skins\grey\gbottompic.bmp
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\Skins\grey\gbottompicp.bmp
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\Skins\grey\gtoppic.bmp
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\Skins\grey\gtoppicp.bmp
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\Skins\grey\skin.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\Skins\grey\Thumbs.db
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\SO.dll
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\Thumbs.db
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\Translations\de.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\Translations\en.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\Translations\english.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\Translations\es.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\Translations\fr.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\Translations\it.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\Translations\ja.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\Translations\nl.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\Translations\pr.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\Translations\russian.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\Translations\zh-cmn-Hans.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\Translations\zh-cmn-Hant.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\zh-cmn-Hans.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\AutoStart\zh-cmn-Hant.xml
c:\programmi\Lavasoft\Ad-Aware\ToolBox\LT\Extras.LGFF
c:\programmi\Lavasoft\Ad-Aware\ToolBox\LT\HostFileEditor.exe
c:\programmi\Lavasoft\Ad-Aware\ToolBox\LT\Lang\DE.lslang
c:\programmi\Lavasoft\Ad-Aware\ToolBox\LT\Lang\EN.lslang
c:\programmi\Lavasoft\Ad-Aware\ToolBox\LT\Lang\ES.lslang
c:\programmi\Lavasoft\Ad-Aware\ToolBox\LT\Lang\FL.lslang
c:\programmi\Lavasoft\Ad-Aware\ToolBox\LT\Lang\FR.lslang
c:\programmi\Lavasoft\Ad-Aware\ToolBox\LT\Lang\IT.lslang
c:\programmi\Lavasoft\Ad-Aware\ToolBox\LT\Lang\NL.lslang
c:\programmi\Lavasoft\Ad-Aware\ToolBox\LT\Lang\PT.lslang
c:\programmi\Lavasoft\Ad-Aware\ToolBox\LT\ProcessWatch.dll
c:\programmi\Lavasoft\Ad-Aware\ToolBox\LT\ProcessWatch.exe
c:\programmi\Lavasoft\Ad-Aware\unacev2.dll
c:\programmi\Lavasoft\Ad-Aware\unrar.dll
c:\programmi\Lavasoft\Ad-Aware\UpdateManager.dll
c:\programmi\Lavasoft\Ad-Aware\WSCUpdate.dll
c:\windows\system32\lsdelete.exe

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LAVASOFT_AD-AWARE_SERVICE
-------\Legacy_LBD
-------\Service_Lavasoft Ad-Aware Service
-------\Service_Lbd


((((((((((((((((((((((((( Files Creati Da 2009-12-17 al 2010-01-17 )))))))))))))))))))))))))))))))))))
.

2010-01-15 21:42 . 2010-01-15 21:42 388096 ----a-r- c:\documents and settings\entry\Dati applicazioni\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-15 21:42 . 2010-01-15 21:42 -------- d-----w- c:\programmi\TrendMicro
2010-01-06 21:09 . 2010-01-06 21:09 862040 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-06 21:09 . 2010-01-06 21:09 206944 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-06 21:09 . 2010-01-06 21:09 390288 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-06 21:09 . 2010-01-06 21:09 537576 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-06 21:09 . 2010-01-06 21:09 370744 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-01-06 21:09 . 2010-01-06 21:09 194104 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-06 21:08 . 2010-01-15 21:11 6296864 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-06 21:08 . 2010-01-06 21:08 933120 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-06 21:08 . 2010-01-06 21:08 816272 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-06 21:08 . 2010-01-06 21:08 822904 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-01-06 21:08 . 2010-01-06 21:08 1643272 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-06 21:08 . 2010-01-06 21:08 788880 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-06 21:08 . 2010-01-06 21:08 1181328 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-06 21:06 . 2010-01-06 21:06 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-06 21:06 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 13:58 . 2008-12-04 19:54 -------- d-----w- c:\programmi\Alice MOBILE
2010-01-17 13:20 . 2004-02-27 13:38 -------- d-----w- c:\programmi\Ulead Systems
2010-01-17 11:02 . 2009-01-20 17:32 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-17 11:02 . 2009-07-13 18:49 5115823 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-16 19:30 . 2008-08-18 18:56 -------- d-----w- c:\programmi\eMule
2010-01-07 15:07 . 2009-01-20 17:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-01-20 17:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 21:06 . 2009-01-10 19:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Lavasoft
2010-01-06 20:22 . 2009-12-08 18:00 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-01-06 20:22 . 2009-12-08 18:00 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-01-04 16:52 . 2009-09-02 17:56 -------- d-----w- c:\programmi\LG PC Suite II
2009-12-10 11:53 . 2009-11-11 20:02 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-03 13:14 . 2009-01-18 11:08 -------- d-----w- c:\programmi\PHPNukeIT
2009-12-02 13:19 . 2009-08-26 14:03 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-23 17:02 . 2009-06-23 13:57 -------- d-----w- c:\programmi\PokerStars.IT
2009-11-17 21:59 . 2001-08-31 10:00 69916 ----a-w- c:\windows\system32\perfc010.dat
2009-11-17 21:59 . 2001-08-31 10:00 437604 ----a-w- c:\windows\system32\perfh010.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-10 39408]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"fssui"="c:\programmi\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-10 20480]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SMSTray"="c:\programmi\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-10 270336]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\xxx\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 1.0.1.lnk - c:\programmi\OpenOffice.org1.0.1\program\quickstart.exe [2002-7-4 61440]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [16/04/2009 14.39.12 81920]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [11/01/2009 0.07.32 54752]
R3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [16/04/2009 14.40.19 104960]
R3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [16/04/2009 14.40.19 110080]
R3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [16/04/2009 14.40.19 104960]
R3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [16/04/2009 14.40.19 104960]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22.48.42 704864]
.
Contenuto della cartella 'Scheduled Tasks'
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://google.com/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-ITALIA_version Toolbar - c:\progra~1\ITALIA~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 15:15
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-17 15:19:42 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-17 14:19
ComboFix2.txt 2010-01-17 11:40
ComboFix3.txt 2010-01-17 11:25

Pre-Run: 17.984.000.000 byte disponibili
Post-Run: 17.930.420.224 byte disponibili

- - End Of File - - BE882A4972E9A01BD0556DB7136671E2
Torna in alto
 
r16
Inviato: Sunday, January 17, 2010 8:14:42 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Posta un log di HijackThis
Torna in alto
 
danda
Inviato: Monday, January 18, 2010 1:13:49 PM
Rank: Newbie

Iscritto dal : 1/15/2010
Posts: 8
r16 ha scritto:
Ciao.
Posta un log di HijackThis


Sperando di essermi liberata del virus...


Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 13.13.51, on 18/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\FixCamera.exe
C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\tsnpstd3.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Alice MOBILE\Alice MOBILE.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [fssui] "C:\Programmi\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 7391 bytes
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Problema virus


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.