Benvenuto Ospite

Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » LOG Malware...controllate?GRAZIE

LOG Malware...controllate?GRAZIE

Opzioni

Topic Precedente · Topic Sucessivo

ieu1987

Inviato: Tuesday, April 20, 2010 12:04:04 PM

Rank: AiutAmico

Iscritto dal : 7/11/2008
Posts: 68

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Versione database: 4011

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20/04/2010 11.58.19
mbam-log-2010-04-20 (11-58-19).txt

Tipo di scansione: Scansione veloce
Elementi esaminati: 112774
Tempo trascorso: 5 minuti, 34 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 1
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\disableconfig (Windows.Tool.Disabled) -> Delete on reboot.

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)

Sponsor

Inviato: Tuesday, April 20, 2010 12:04:04 PM

paolopa

Inviato: Tuesday, April 20, 2010 12:57:11 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777

magari un log di hijack aiutava...

ieu1987

Inviato: Wednesday, April 21, 2010 2:21:20 AM

Rank: AiutAmico

Iscritto dal : 7/11/2008
Posts: 68

ops...GRAZIE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2.20.22, on 21/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\msnmls.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Wireless Console 2\wcourier.exe
C:\Programmi\ASUS\ATK Media\DMEDIA.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmi\ASUS\Splendid\ACMON.exe
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\mioengine.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 2508 bytes

paolopa

Inviato: Wednesday, April 21, 2010 6:23:28 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777

temo che qualcosa non sia andato per il giusto verso,è decisamente incompleto.

ieu1987

Inviato: Wednesday, April 21, 2010 9:01:19 PM

Rank: AiutAmico

Iscritto dal : 7/11/2008
Posts: 68

DOVREBE ESSERE QUESTO IN REALTA' (E FORSE ORA è TROPPO LUNGO -_-) :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.01.02, on 21/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\msnmls.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Wireless Console 2\wcourier.exe
C:\Programmi\ASUS\ATK Media\DMEDIA.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmi\ASUS\Splendid\ACMON.exe
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mioengine.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Soft-Search Toolbar - {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Programmi\Soft-Search\tbSof1.dll
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\msnmls.exe,
O1 - Hosts: 209.85.129.99 msnfix.changelog.fr
O1 - Hosts: 209.85.129.99 www.incodesolutions.com
O1 - Hosts: 209.85.129.99 virusinfo.prevx.com
O1 - Hosts: 209.85.129.99 download.bleepingcomputer.com
O1 - Hosts: 209.85.129.99 www.dazhizhu.cn
O1 - Hosts: 209.85.129.99 foro.noticias3d.com
O1 - Hosts: 209.85.129.99 www.spybotupdates.com
O1 - Hosts: 209.85.129.99 club.myce.com
O1 - Hosts: 209.85.129.99 www.nabble.com
O1 - Hosts: 209.85.129.99 lurker.clamav.net
O1 - Hosts: 209.85.129.99 lexikon.ikarus.at
O1 - Hosts: 209.85.129.99 research.sunbelt-software.com
O1 - Hosts: 209.85.129.99 www.virusdoctor.jp
O1 - Hosts: 209.85.129.99 www.elitepvpers.de
O1 - Hosts: 209.85.129.99 downloads.sophos.com
O1 - Hosts: 209.85.129.99 share.skype.com
O1 - Hosts: 209.85.129.99 www.superuser.co.kr
O1 - Hosts: 209.85.129.99 ntfaq.co.kr
O1 - Hosts: 209.85.129.99 v.dreamwiz.com
O1 - Hosts: 209.85.129.99 cit.kookmin.ac.kr
O1 - Hosts: 209.85.129.99 forums.whatthetech.com
O1 - Hosts: 209.85.129.99 forum.hijackthis.de
O1 - Hosts: 209.85.129.99 avg.vo.llnwd.net
O1 - Hosts: 209.85.129.99 ftp.drweb.com
O1 - Hosts: 209.85.129.99 www.zonealarm.com
O1 - Hosts: 209.85.129.99 smadaver.com
O1 - Hosts: 209.85.129.99 www.huaifai.go.th
O1 - Hosts: 209.85.129.99 www.mostz.com
O1 - Hosts: 209.85.129.99 www.krupunmai.com
O1 - Hosts: 209.85.129.99 www.cddchiangmai.net
O1 - Hosts: 209.85.129.99 forum.malekal.com
O1 - Hosts: 209.85.129.99 tech.pantip.com
O1 - Hosts: 209.85.129.99 sapcupgrades.com
O1 - Hosts: 209.85.129.99 www.elguruinformatico.com
O1 - Hosts: 209.85.129.99 forums.avg.com
O1 - Hosts: 209.85.129.99 zastita.com
O1 - Hosts: 209.85.129.99 www.247fixes.com
O1 - Hosts: 209.85.129.99 forum.sysinternals.com
O1 - Hosts: 209.85.129.99 forum.telecharger.01net.com
O1 - Hosts: 209.85.129.99 sophos.com
O1 - Hosts: 209.85.129.99 foros.softonic.com
O1 - Hosts: 209.85.129.99 avast-home.uptodown.com
O1 - Hosts: 209.85.129.99 dr-web-cureit.softonic.com
O1 - Hosts: 209.85.129.99 heavenward.ru
O1 - Hosts: 209.85.129.99 forum.smadav.net
O1 - Hosts: 209.85.129.99 www.f-secure.com
O1 - Hosts: 209.85.129.99 www.chkrootkit.org
O1 - Hosts: 209.85.129.99 diamondcs.com.au
O1 - Hosts: 209.85.129.99 www.rootkit.nl
O1 - Hosts: 209.85.129.99 www.sysinternals.com
O1 - Hosts: 209.85.129.99 z-oleg.com
O1 - Hosts: 209.85.129.99 espanol.dir.groups.yahoo.com
O1 - Hosts: 209.85.129.99 ftp01net.telechargement.fr
O1 - Hosts: 209.85.129.99 modelayu.com
O1 - Hosts: 209.85.129.99 www.castlecrops.com
O1 - Hosts: 209.85.129.99 www.misec.net
O1 - Hosts: 209.85.129.99 safecomputing.umn.edu
O1 - Hosts: 209.85.129.99 www.antirootkit.com
O1 - Hosts: 209.85.129.99 www.greatis.com
O1 - Hosts: 209.85.129.99 ar.answers.yahoo.com
O1 - Hosts: 209.85.129.99 www.elhacker.org
O1 - Hosts: 209.85.129.99 research.pandasecurity.com
O1 - Hosts: 209.85.129.99 www.tpu.ro
O1 - Hosts: 209.85.129.99 www.rootkit.com
O1 - Hosts: 209.85.129.99 www.pctools.com
O1 - Hosts: 209.85.129.99 www.pcsupportadvisor.com
O1 - Hosts: 209.85.129.99 www.resplendence.com
O1 - Hosts: 209.85.129.99 www.personal.psu.edu
O1 - Hosts: 209.85.129.99 foro.ethek.com
O1 - Hosts: 209.85.129.99 foro.elhacker.net
O1 - Hosts: 209.85.129.99 download.zonealarm.com
O1 - Hosts: 209.85.129.99 spywarehammer.com
O1 - Hosts: 209.85.129.99 vil.nail.com
O1 - Hosts: 209.85.129.99 search.mcafee.com
O1 - Hosts: 209.85.129.99 wwww.mcafee.com
O1 - Hosts: 209.85.129.99 download.nai.com
O1 - Hosts: 209.85.129.99 wwww.experts-exchange.com
O1 - Hosts: 209.85.129.99 www.bakunos.com
O1 - Hosts: 209.85.129.99 www.darkclockers.com
O1 - Hosts: 209.85.129.99 www2.gmer.net
O1 - Hosts: 209.85.129.99 ariefew.com
O1 - Hosts: 209.85.129.99 www.emsisoft.com
O1 - Hosts: 209.85.129.99 www.Merijn.org
O1 - Hosts: 209.85.129.99 www.spywareinfo.com
O1 - Hosts: 209.85.129.99 www.spybot.info
O1 - Hosts: 209.85.129.99 www.viruslist.com
O1 - Hosts: 209.85.129.99 www.hijackthis.de
O1 - Hosts: 209.85.129.99 ftp.f-secure.com
O1 - Hosts: 209.85.129.99 forum.kaspersky.com
O1 - Hosts: 209.85.129.99 es.trendmicro-europe.com
O1 - Hosts: 209.85.129.99 www.hvaonline.net
O1 - Hosts: 209.85.129.99 majorgeeks.com
O1 - Hosts: 209.85.129.99 www.avp.com
O1 - Hosts: 209.85.129.99 www.virustotal.com
O1 - Hosts: 209.85.129.99 www.sophos.com
O1 - Hosts: 209.85.129.99 linhadefensiva.uol.com.br
O1 - Hosts: 209.85.129.99 cmmings.cn
O1 - Hosts: 209.85.129.99 www.sergiwa.com
O1 - Hosts: 209.85.129.99 www.el-hacker.com
O1 - Hosts: 209.85.129.99 dl2.agnitum.com
O1 - Hosts: 209.85.129.99 forum.smadav.net
O2 - BHO: Soft-Search Toolbar - {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Programmi\Soft-Search\tbSof1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Soft-Search Toolbar - {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Programmi\Soft-Search\tbSof1.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmi\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Programmi\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Programmi\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Power_Gear] C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] C:\Programmi\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKLM\..\Run: [WhenUSave] C:\Programmi\Save\Save.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherCast] C:\Programmi\WeatherCast\Weather.exe /q
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [VoipStunt] "C:\Programmi\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: My Vodafone.it.lnk = C:\Documents and Settings\'ntunucciu\Dati applicazioni\mioObjects\[objects]\69GWEU9386MTAR08.mio
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 13909 bytes

r16

Inviato: Wednesday, April 21, 2010 9:08:32 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Scarica HostsXpert:
http://www.funkytoad.com/download/HostsXpert.zip
Scompattalo.
Doppio click su HostsXpert - clicca su Make it readable - successivamente clicca su Restore MS Hosts File -
Conferma.
Esci dal programma

Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema. (non veloce.)
Posta il log.

ieu1987

Inviato: Wednesday, April 21, 2010 10:53:15 PM

Rank: AiutAmico

Iscritto dal : 7/11/2008
Posts: 68

il primo link non me lo apre...forse è errato. Ho cercato anche su google ma non mi apre la pagina..cma dovrei avere un virus causato da messenger

r16

Inviato: Wednesday, April 21, 2010 11:11:05 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Ciao.
Non è il link errato, è il virus che te lo impedisce.

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\msnmls.exe,

TUTTE le 01

O4 - HKLM\..\Run: [WhenUSave] C:\Programmi\Save\Save.exe

Trova e cancella i file in rosso:
C:\WINDOWS\msnmls.exe

Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO

Riavvia il pc.

Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

ieu1987

Inviato: Thursday, April 22, 2010 12:02:55 AM

Rank: AiutAmico

Iscritto dal : 7/11/2008
Posts: 68

GRAZIE. HO FATTO TUTTO:

ComboFix 10-04-21.01 - 'ntunucciu 21/04/2010 23.54.29.1.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.516 [GMT 2:00]
Eseguito da: c:\documents and settings\'ntunucciu\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\a.txt
c:\windows\msnmls.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Creati Da 2010-03-21 al 2010-04-21 )))))))))))))))))))))))))))))))))))
.

2010-04-21 10:25 . 2010-04-21 10:25 242696 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtdix.sys
2010-04-21 10:24 . 2010-04-21 10:24 1689952 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2010-04-20 23:48 . 2010-04-20 23:48 -------- d-----w- c:\programmi\Trend Micro
2010-04-19 14:30 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-17 11:18 . 2001-08-30 21:08 99328 ----a-w- c:\windows\system32\srusd.dll
2010-04-17 11:18 . 2001-08-30 21:08 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2010-04-17 11:18 . 2001-08-30 20:28 6912 ----a-w- c:\windows\system32\drivers\serscan.sys
2010-04-17 11:18 . 2001-08-30 20:28 6912 ----a-w- c:\windows\system32\dllcache\serscan.sys
2010-04-17 11:18 . 2001-08-30 21:07 71680 ----a-w- c:\windows\system32\fnfilter.dll
2010-04-17 11:18 . 2001-08-30 21:07 71680 ----a-w- c:\windows\system32\dllcache\fnfilter.dll
2010-04-14 19:45 . 2010-04-14 19:45 503808 ----a-w- c:\documents and settings\Guest\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-564a0483-n\msvcp71.dll
2010-04-14 19:45 . 2010-04-14 19:45 499712 ----a-w- c:\documents and settings\Guest\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-564a0483-n\jmc.dll
2010-04-14 19:45 . 2010-04-14 19:45 348160 ----a-w- c:\documents and settings\Guest\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-564a0483-n\msvcr71.dll
2010-04-14 19:45 . 2010-04-14 19:45 61440 ----a-w- c:\documents and settings\Guest\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-183c2f21-n\decora-sse.dll
2010-04-14 19:45 . 2010-04-14 19:45 12800 ----a-w- c:\documents and settings\Guest\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-183c2f21-n\decora-d3d.dll
2010-04-14 18:18 . 2010-04-14 18:18 -------- d-----w- c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Conduit
2010-04-14 18:18 . 2010-04-14 18:18 -------- d-----w- c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search
2010-04-08 17:23 . 2008-04-13 17:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-04-08 17:23 . 2008-04-13 17:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2010-04-08 08:20 . 2010-04-08 08:20 4255072 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcorex.dll
2010-04-07 17:34 . 2010-04-07 17:34 -------- d-----w- c:\programmi\QuickTime
2010-04-07 17:34 . 2010-04-07 17:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2010-04-06 08:50 . 2010-04-06 08:50 -------- d-----w- c:\programmi\File comuni\Java
2010-04-06 08:49 . 2010-04-06 08:49 503808 ----a-w- c:\documents and settings\'ntunucciu\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4ebdf2e9-n\msvcp71.dll
2010-04-06 08:49 . 2010-04-06 08:49 499712 ----a-w- c:\documents and settings\'ntunucciu\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4ebdf2e9-n\jmc.dll
2010-04-06 08:49 . 2010-04-06 08:49 12800 ----a-w- c:\documents and settings\'ntunucciu\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3b3d7417-n\decora-d3d.dll
2010-04-06 08:49 . 2010-04-06 08:49 61440 ----a-w- c:\documents and settings\'ntunucciu\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3b3d7417-n\decora-sse.dll
2010-04-06 08:49 . 2010-04-06 08:49 348160 ----a-w- c:\documents and settings\'ntunucciu\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4ebdf2e9-n\msvcr71.dll
2010-04-05 22:22 . 2010-04-05 22:22 5918776 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-02 09:29 . 2010-04-02 09:29 4076824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgui.exe
2010-04-02 09:29 . 2010-04-02 09:29 2059544 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtray.exe
2010-04-02 09:29 . 2010-04-02 09:29 598296 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgsrmx.dll
2010-04-02 09:29 . 2010-04-02 09:29 341272 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgxch32.dll
2010-04-02 09:29 . 2010-04-02 09:29 313112 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avglogx.dll
2010-04-02 09:29 . 2010-04-02 09:29 1598744 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgssie.dll
2010-04-02 09:29 . 2010-04-02 09:29 1515224 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgwd.dll
2010-04-02 09:29 . 2010-04-02 09:29 1274136 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgfrw.exe
2010-04-02 09:29 . 2010-04-02 09:29 556824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgchjwx.dll
2010-04-02 09:29 . 2010-04-02 09:29 459544 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcclix.dll
2010-04-02 09:29 . 2010-04-02 09:29 301336 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgchclx.dll
2010-04-02 09:29 . 2010-04-02 09:29 1086744 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgchsvx.exe
2010-04-02 09:28 . 2010-04-02 09:28 1035032 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 10:25 . 2009-12-27 14:41 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-29 22:46 . 2009-12-28 17:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-12-28 17:01 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-23 08:55 . 2009-12-28 12:41 54768 ----a-w- c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-16 22:55 . 2010-03-16 22:55 1924976 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\install_flash_player.exe
2010-03-16 22:54 . 2010-03-16 22:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2010-03-13 09:07 . 2010-03-13 09:07 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-13 09:07 . 2009-12-27 14:41 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-13 09:07 . 2009-12-27 14:41 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-10 06:15 . 2004-09-16 13:31 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 19:00 . 2010-03-09 19:00 -------- d-----w- c:\documents and settings\'ntunucciu\Dati applicazioni\VoipStunt
2010-02-25 23:09 . 2004-09-16 13:31 80688 ----a-w- c:\windows\system32\perfc010.dat
2010-02-25 23:09 . 2004-09-16 13:31 482274 ----a-w- c:\windows\system32\perfh010.dat
2010-02-25 06:16 . 2004-09-16 13:31 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-09-16 13:31 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:05 . 2004-08-19 13:34 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2004-08-19 13:34 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 09:03 . 2010-03-11 16:10 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-09-16 13:30 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 19:15 . 2009-12-27 12:47 54768 ----a-w- c:\documents and settings\'ntunucciu\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-11 12:02 . 2004-09-16 13:31 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{09e55ba0-f9c6-4b81-82df-46853f6f7b3f}"= "c:\programmi\Soft-Search\tbSof1.dll" [2010-02-25 2349080]

[HKEY_CLASSES_ROOT\clsid\{09e55ba0-f9c6-4b81-82df-46853f6f7b3f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09e55ba0-f9c6-4b81-82df-46853f6f7b3f}]
2010-02-25 23:10 2349080 ----a-w- c:\programmi\Soft-Search\tbSof1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{09e55ba0-f9c6-4b81-82df-46853f6f7b3f}"= "c:\programmi\Soft-Search\tbSof1.dll" [2010-02-25 2349080]

[HKEY_CLASSES_ROOT\clsid\{09e55ba0-f9c6-4b81-82df-46853f6f7b3f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{09E55BA0-F9C6-4B81-82DF-46853F6F7B3F}"= "c:\programmi\Soft-Search\tbSof1.dll" [2010-02-25 2349080]

[HKEY_CLASSES_ROOT\clsid\{09e55ba0-f9c6-4b81-82df-46853f6f7b3f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-03 16206848]
"ASUS Live Update"="c:\programmi\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224]
"Wireless Console 2"="c:\programmi\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"ATKMEDIA"="c:\programmi\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 49152]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-10-20 761945]
"ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 61440]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Power_Gear"="c:\programmi\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"ACMON"="c:\programmi\ASUS\Splendid\ACMON.exe" [2006-02-21 17920]
"IntelZeroConfig"="c:\programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"EOUApp"="c:\programmi\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-03-17 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\'ntunucciu\Menu Avvio\Programmi\Esecuzione automatica\
My Vodafone.it.lnk - c:\documents and settings\'ntunucciu\Dati applicazioni\mioObjects\[objects]\69GWEU9386MTAR08.mio [2009-12-27 104184]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-13 09:07 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [27/12/2009 16.41.35 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [27/12/2009 16.41.46 242896]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [13/03/2010 11.07.19 308064]
S3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [27/12/2009 13.37.16 841110]
S3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [27/12/2009 13.37.23 8278]
.
Contenuto della cartella 'Scheduled Tasks'

2009-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\'ntunucciu\Dati applicazioni\Mozilla\Firefox\Profiles\j1xr1m37.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-WeatherCast - c:\programmi\WeatherCast\Weather.exe
HKCU-Run-VoipStunt - c:\programmi\VoipStunt.com\VoipStunt\VoipStunt.exe
AddRemove-WeatherCast - c:\programmi\WeatherCast\Uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-21 23:58
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2010-04-22 00:00:30
ComboFix-quarantined-files.txt 2010-04-21 22:00

Pre-Run: 16.396.517.376 byte disponibili
Post-Run: 16.655.187.968 byte disponibili

- - End Of File - - 1E402BFC10E5EC3A3FB1319B0E4FC4D7

r16

Inviato: Thursday, April 22, 2010 12:19:53 AM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Dovrebbe andare meglio adesso il pc.
Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe e poi clicca Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:

KillAll::
Folder::
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{09e55ba0-f9c6-4b81-82df-46853f6f7b3f}"=-
[-HKEY_CLASSES_ROOT\clsid\{09e55ba0-f9c6-4b81-82df-46853f6f7b3f}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09e55ba0-f9c6-4b81-82df-46853f6f7b3f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{09e55ba0-f9c6-4b81-82df-46853f6f7b3f}"=-
[-HKEY_CLASSES_ROOT\clsid\{09e55ba0-f9c6-4b81-82df-46853f6f7b3f}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{09E55BA0-F9C6-4B81-82DF-46853F6F7B3F}"=-
[-HKEY_CLASSES_ROOT\clsid\{09e55ba0-f9c6-4b81-82df-46853f6f7b3f}]

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix

Posta un log di HJT.

ieu1987

Inviato: Thursday, April 22, 2010 12:30:29 AM

Rank: AiutAmico

Iscritto dal : 7/11/2008
Posts: 68

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.30.52, on 22/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\sm56hlpr.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\ASUS\ATK Media\DMEDIA.EXE
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmi\ASUS\Splendid\ACMON.exe
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Soft-Search Toolbar - {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Programmi\Soft-Search\tbSof1.dll
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll
O2 - BHO: Soft-Search Toolbar - {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Programmi\Soft-Search\tbSof1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Soft-Search Toolbar - {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Programmi\Soft-Search\tbSof1.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmi\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Programmi\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Programmi\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Power_Gear] C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] C:\Programmi\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: My Vodafone.it.lnk = C:\Documents and Settings\'ntunucciu\Dati applicazioni\mioObjects\[objects]\69GWEU9386MTAR08.mio
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 8338 bytes

r16

Inviato: Thursday, April 22, 2010 12:32:16 AM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Scusa ho sbagliato io.
Fai lo script di Combofix, e posta il log che rilascia.
POI allega anche un nuovo log di HJT.
P.S:
Durante la bonifica NON collegare periferiche esterne. (chiavette USB, o HD esterni)

ieu1987

Inviato: Thursday, April 22, 2010 12:46:32 AM

Rank: AiutAmico

Iscritto dal : 7/11/2008
Posts: 68

ComboFix 10-04-21.01 - 'ntunucciu 22/04/2010 0.37.19.2.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.277 [GMT 2:00]
Eseguito da: c:\documents and settings\'ntunucciu\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\'ntunucciu\Desktop\CFScript.txt

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___a1_twimg_com_profile_images_199307186_EOL_Eentertainment_thumb_normal_jpg.jpg
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___a1_twimg_com_profile_images_334357688_onion_logo_03_L_normal_png.png
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___a3_twimg_com_profile_images_67263363_icon_cnnbrk_normal_png.png
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___a3_twimg_com_profile_images_784227851_BarackObama_twitter_photo_normal_jpg.jpg
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633674648687637500_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633674649190293750_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633674656274200000_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633674656376543750_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633674656432637500_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633674656508106250_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633674656602325000_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633674656709825000_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633674656776075000_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633674656834512500_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633674656905918750_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633674657190918750_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633674657262481250_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633674657327637500_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633674657395293750_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633674657581856250_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633674657650762500_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633674657721387500_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633674657821075000_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633674657885918750_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633674658010762500_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633776614270550000_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633776614512268750_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633776623349143750_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633776624984456250_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633795393080931250_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633795393206712500_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633795393354212500_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_633795402156087500_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_41_244_CT2442941_Images_634006387039680000_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_64_230_CT2304564_Images_Twitter_xml-4-Twitter-633795413884681250_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_chevron_menu_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_display_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_equalizer_dead_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_Equalizer_GIF.GIF
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_Error_GIF.GIF
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_Loading_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_maxi_dn_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_maxi_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_maxi_over_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_minimize_dn_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_minimize_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_minimize_over_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_pause_dn_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_pause_dn_mini_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_pause_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_pause_mini_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_pause_over_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_pause_over_mini_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_play_chevron_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_play_dn_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_play_dn_mini_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_play_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_play_mini_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_play_over_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_play_over_mini_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_slider_bg_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_slider_dn_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_slider_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_slider_over_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_stop_chevron_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_stop_dn_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_stop_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_stop_over_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_vol_dn_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_vol_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Midnight_vol_over_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_images_SearchEngines_site_search_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_night_gif.gif
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\EmailNotifier\AccountTypes.xml
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\EmailNotifier\aol.com.xml
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\EmailNotifier\comcast.net.xml
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\EmailNotifier\google.com.xml
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\EmailNotifier\hotmail.com.xml
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\EmailNotifier\yahoo.com.xml
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\LanguagePack\en\LanguagePack.xml
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\LocalSettings.txt
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\RadioPlayer\IP_Stations_Media_List.xml
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\RadioPlayer\Predefined_Media_List.xml
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\RadioPlayer\Skins\http___storage_conduit_com_BankImages_RadioSkins_Midnight_display_xml.xml
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\Rss\http___twitter_com_statuses_user_timeline_14075928_rss.xml
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\Rss\http___twitter_com_statuses_user_timeline_14075928_rss_structured.xml
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\Rss\http___twitter_com_statuses_user_timeline_2883841_rss.xml
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\Rss\http___twitter_com_statuses_user_timeline_2883841_rss_structured.xml
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\Rss\http___twitter_com_statuses_user_timeline_428333_rss.xml
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\Rss\http___twitter_com_statuses_user_timeline_428333_rss_structured.xml
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\Rss\http___twitter_com_statuses_user_timeline_813286_rss.xml
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\Rss\http___twitter_com_statuses_user_timeline_813286_rss_structured.xml
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\SearchInNewTab\SearchInNewTabContent.xml
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\ThirdPartyComponents.xml
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\Twitter\14075928.xml
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\Twitter\2883841.xml
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\Twitter\428333.xml
c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Soft-Search\Twitter\813286.xml

.
((((((((((((((((((((((((( Files Creati Da 2010-03-21 al 2010-04-21 )))))))))))))))))))))))))))))))))))
.

2010-04-21 10:25 . 2010-04-21 10:25 242696 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtdix.sys
2010-04-21 10:24 . 2010-04-21 10:24 1689952 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2010-04-20 23:48 . 2010-04-20 23:48 -------- d-----w- c:\programmi\Trend Micro
2010-04-19 14:30 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-17 11:18 . 2001-08-30 21:08 99328 ----a-w- c:\windows\system32\srusd.dll
2010-04-17 11:18 . 2001-08-30 21:08 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2010-04-17 11:18 . 2001-08-30 20:28 6912 ----a-w- c:\windows\system32\drivers\serscan.sys
2010-04-17 11:18 . 2001-08-30 20:28 6912 ----a-w- c:\windows\system32\dllcache\serscan.sys
2010-04-17 11:18 . 2001-08-30 21:07 71680 ----a-w- c:\windows\system32\fnfilter.dll
2010-04-17 11:18 . 2001-08-30 21:07 71680 ----a-w- c:\windows\system32\dllcache\fnfilter.dll
2010-04-14 19:45 . 2010-04-14 19:45 503808 ----a-w- c:\documents and settings\Guest\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-564a0483-n\msvcp71.dll
2010-04-14 19:45 . 2010-04-14 19:45 499712 ----a-w- c:\documents and settings\Guest\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-564a0483-n\jmc.dll
2010-04-14 19:45 . 2010-04-14 19:45 348160 ----a-w- c:\documents and settings\Guest\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-564a0483-n\msvcr71.dll
2010-04-14 19:45 . 2010-04-14 19:45 61440 ----a-w- c:\documents and settings\Guest\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-183c2f21-n\decora-sse.dll
2010-04-14 19:45 . 2010-04-14 19:45 12800 ----a-w- c:\documents and settings\Guest\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-183c2f21-n\decora-d3d.dll
2010-04-14 18:18 . 2010-04-14 18:18 -------- d-----w- c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\Conduit
2010-04-08 17:23 . 2008-04-13 17:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-04-08 17:23 . 2008-04-13 17:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2010-04-08 08:20 . 2010-04-08 08:20 4255072 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcorex.dll
2010-04-07 17:34 . 2010-04-07 17:34 -------- d-----w- c:\programmi\QuickTime
2010-04-07 17:34 . 2010-04-07 17:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2010-04-06 08:50 . 2010-04-06 08:50 -------- d-----w- c:\programmi\File comuni\Java
2010-04-06 08:49 . 2010-04-06 08:49 503808 ----a-w- c:\documents and settings\'ntunucciu\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4ebdf2e9-n\msvcp71.dll
2010-04-06 08:49 . 2010-04-06 08:49 499712 ----a-w- c:\documents and settings\'ntunucciu\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4ebdf2e9-n\jmc.dll
2010-04-06 08:49 . 2010-04-06 08:49 12800 ----a-w- c:\documents and settings\'ntunucciu\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3b3d7417-n\decora-d3d.dll
2010-04-06 08:49 . 2010-04-06 08:49 61440 ----a-w- c:\documents and settings\'ntunucciu\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3b3d7417-n\decora-sse.dll
2010-04-06 08:49 . 2010-04-06 08:49 348160 ----a-w- c:\documents and settings\'ntunucciu\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4ebdf2e9-n\msvcr71.dll
2010-04-05 22:22 . 2010-04-05 22:22 5918776 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-02 09:29 . 2010-04-02 09:29 4076824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgui.exe
2010-04-02 09:29 . 2010-04-02 09:29 2059544 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtray.exe
2010-04-02 09:29 . 2010-04-02 09:29 598296 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgsrmx.dll
2010-04-02 09:29 . 2010-04-02 09:29 341272 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgxch32.dll
2010-04-02 09:29 . 2010-04-02 09:29 313112 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avglogx.dll
2010-04-02 09:29 . 2010-04-02 09:29 1598744 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgssie.dll
2010-04-02 09:29 . 2010-04-02 09:29 1515224 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgwd.dll
2010-04-02 09:29 . 2010-04-02 09:29 1274136 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgfrw.exe
2010-04-02 09:29 . 2010-04-02 09:29 556824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgchjwx.dll
2010-04-02 09:29 . 2010-04-02 09:29 459544 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcclix.dll
2010-04-02 09:29 . 2010-04-02 09:29 301336 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgchclx.dll
2010-04-02 09:29 . 2010-04-02 09:29 1086744 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgchsvx.exe
2010-04-02 09:28 . 2010-04-02 09:28 1035032 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 10:25 . 2009-12-27 14:41 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-29 22:46 . 2009-12-28 17:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-12-28 17:01 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-23 08:55 . 2009-12-28 12:41 54768 ----a-w- c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-16 22:55 . 2010-03-16 22:55 1924976 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\install_flash_player.exe
2010-03-16 22:54 . 2010-03-16 22:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2010-03-13 09:07 . 2010-03-13 09:07 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-13 09:07 . 2009-12-27 14:41 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-13 09:07 . 2009-12-27 14:41 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-10 06:15 . 2004-09-16 13:31 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 19:00 . 2010-03-09 19:00 -------- d-----w- c:\documents and settings\'ntunucciu\Dati applicazioni\VoipStunt
2010-02-25 23:09 . 2004-09-16 13:31 80688 ----a-w- c:\windows\system32\perfc010.dat
2010-02-25 23:09 . 2004-09-16 13:31 482274 ----a-w- c:\windows\system32\perfh010.dat
2010-02-25 06:16 . 2004-09-16 13:31 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-09-16 13:31 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:05 . 2004-08-19 13:34 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2004-08-19 13:34 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 09:03 . 2010-03-11 16:10 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-09-16 13:30 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 19:15 . 2009-12-27 12:47 54768 ----a-w- c:\documents and settings\'ntunucciu\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-11 12:02 . 2004-09-16 13:31 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-04-21_21.59.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\system32\drivers\GETPADD.sys
+ 2010-04-21 22:42 . 2010-04-21 22:42 16384 c:\windows\temp\Perflib_Perfdata_594.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-03 16206848]
"ASUS Live Update"="c:\programmi\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224]
"Wireless Console 2"="c:\programmi\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"ATKMEDIA"="c:\programmi\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 49152]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-10-20 761945]
"ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 61440]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Power_Gear"="c:\programmi\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"ACMON"="c:\programmi\ASUS\Splendid\ACMON.exe" [2006-02-21 17920]
"IntelZeroConfig"="c:\programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"EOUApp"="c:\programmi\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-03-17 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\'ntunucciu\Menu Avvio\Programmi\Esecuzione automatica\
My Vodafone.it.lnk - c:\documents and settings\'ntunucciu\Dati applicazioni\mioObjects\[objects]\69GWEU9386MTAR08.mio [2009-12-27 104184]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-13 09:07 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [27/12/2009 16.41.35 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [27/12/2009 16.41.46 242896]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [13/03/2010 11.07.19 308064]
S3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [27/12/2009 13.37.16 841110]
S3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [27/12/2009 13.37.23 8278]
.
Contenuto della cartella 'Scheduled Tasks'

2009-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\'ntunucciu\Dati applicazioni\Mozilla\Firefox\Profiles\j1xr1m37.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-22 00:42
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1396)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\programmi\AVG\AVG9\avgnsx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\ACEngSvr.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\windows\ATK0100\ATKOSD.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\mioengine.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-22 00:46:22 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-21 22:46
ComboFix2.txt 2010-04-21 22:00

Pre-Run: 16.630.022.144 byte disponibili
Post-Run: 16.598.564.864 byte disponibili

ieu1987

Inviato: Thursday, April 22, 2010 12:47:37 AM

Rank: AiutAmico

Iscritto dal : 7/11/2008
Posts: 68

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.48.17, on 22/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\ASUS\ASUS Live Update\ALU.exe
C:\Programmi\Wireless Console 2\wcourier.exe
C:\Programmi\ASUS\ATK Media\DMEDIA.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmi\ASUS\Splendid\ACMON.exe
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\mioengine.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmi\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Programmi\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Programmi\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Power_Gear] C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] C:\Programmi\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: My Vodafone.it.lnk = C:\Documents and Settings\'ntunucciu\Dati applicazioni\mioObjects\[objects]\69GWEU9386MTAR08.mio
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 8145 bytes

r16

Inviato: Thursday, April 22, 2010 12:23:54 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Per eliminare i vari Tooll scaricati:
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected

Fai una deframmentazione del HD.
Esegui anche uno Scandisk.
Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.

Quando hai fatto queste operazioni, bonifichiamo le periferiche esterne:
Bisogna disattivare momentaneamente il riconoscimento automatico delle periferiche USB;
serve il programma TweakUI scaricabile in questa pagina (lo trovi sulla destra verso metà pagina) e installalo:
http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx
Una volta installato, eseguilo e procedi con questi passaggi:

clicca sul simbolo + la sezione My Computer
clicca sul simbolo [+] la sottosezione Autoplay
Spostati in Types
Togli il segno di spunta a Enable Autoplay for removable drives
Clicca su Apply
Chiudi TweakUI

Da questo momento tutti gli apparati USB smetteranno di avviarsi automaticamente.
Inserisci le tue chiavette (o HD esterni)
Clicca su :
Risorse del computer.
Clicca con il tasto desto, sulla lettera a cui fà riferimento la periferica estena.
E scegli: Scansiona con....(il tuo antivirus) e poi, quando è finita la scansione, fai un'ulteriore scansione con Malwarebytes.
Quando sei sicuro che tutto è a posto, puoi riabilitare l'avvio automatico, rifacendo lo stesso percorso che ti ho indicato.

Utenti presenti in questo topic

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » LOG Malware...controllate?GRAZIE

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS :

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded