Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

controllo pls del filelog Opzioni
florata57
Inviato: Friday, April 09, 2010 7:14:27 PM
Rank: AiutAmico

Iscritto dal : 2/9/2004
Posts: 73
Prima di tutto Grazie per l'aiuto

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.43.21, on 09/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Cobian Backup 8\cbService.exe
C:\Documents and Settings\Utente\Dati applicazioni\SystemProc\lsass.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\Olivetti\ANY_WAY\olDvcStatus.exe
C:\Programmi\Cobian Backup 8\cbInterface.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\LaCie\Genie Backup Assistant\GBMAgent.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Programmi\Logitech\Logitech WebCam Software\LWS.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\SPYWAR~2\SpywareTerminatorUpdate.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe
C:\Programmi\Logitech\Logitech Vid\vid.exe
c:\progra~1\fileco~1\instal~1\update~1\isuspm.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\File comuni\InstallShield\UpdateService\agent.exe
C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\twain_32\A4CIS600\WATCH.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Java\jre6\bin\jucheck.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60446
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://it.search.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\ctbr.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [OlStatusMon] "C:\Programmi\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [Cobian Backup 8 interface] "C:\Programmi\Cobian Backup 8\cbInterface.exe" -service
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GBMLite8AgentLaCie] C:\Programmi\LaCie\Genie Backup Assistant\GBMAgent.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Programmi\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GBMLite8AgentLaCie] C:\Programmi\LaCie\Genie Backup Assistant\GBMAgent.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Logitech Vid] "C:\Programmi\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\Utente\Dati applicazioni\SystemProc\lsass.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Utilità controllo supporti di Picture Motion Browser.lnk = C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS600\WATCH.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Utilità controllo supporti di Picture Motion Browser.lnk = C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'Default user')
O4 - .DEFAULT Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS600\WATCH.exe (User 'Default user')
O4 - Startup: Utilità controllo supporti di Picture Motion Browser.lnk = C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS600\WATCH.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A81CD129-8E43-4312-BEE6-B9031E3C4A30}: NameServer = 212.216.112.222,212.216.172.162
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\ctbr.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 8 servizio (CobBMService) - Luis Cobian - C:\Programmi\Cobian Backup 8\cbService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: olMntrService - Olivetti - C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 16039 bytes

*******************************
avast mi segnala una serie di virus o malware faccio una scansione con malwarebytes e mi dice che non c'è nulla ma non è così

Grazie Flo
Sponsor
Inviato: Friday, April 09, 2010 7:14:27 PM

 
paolopa
Inviato: Friday, April 09, 2010 7:50:32 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
avvia hijack e clicca su "do a system scan only",poi con tutte le applicazioni chiuse e disconnesso da internet seleziona queste righe:
C:\Documents and Settings\Utente\Dati applicazioni\SystemProc\lsass.exe
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\Utente\Dati applicazioni\SystemProc\lsass.exe
e clicca fix checked,poi visto che hai gia usato malwarebytes senza risultati
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: dopo aver scaricato COMBOFIX chiudi la connessione disabilita il tuo antivirus e
chiudi TUTTI i programmi aperti,(Firewall compreso) e


Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix)
tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse)
e attendere pazientemente la fine delle operazioni.

Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
florata57
Inviato: Saturday, April 10, 2010 6:59:56 PM
Rank: AiutAmico

Iscritto dal : 2/9/2004
Posts: 73
Grazie faccio tutte le prove e vi faccio sapere
Flo
florata57
Inviato: Sunday, April 11, 2010 6:51:27 PM
Rank: AiutAmico

Iscritto dal : 2/9/2004
Posts: 73
Ecco il file log di Combix
Grazie per il controllo

ComboFix 10-04-10.02 - Utente 11/04/2010 18.31.19.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.415 [GMT 2:00]
Eseguito da: c:\documents and settings\Utente\Documenti\Download\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100411-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Dati applicazioni\020000003c84f05b705C.manifest
c:\documents and settings\Administrator\Dati applicazioni\020000003c84f05b705O.manifest
c:\documents and settings\Administrator\Dati applicazioni\020000003c84f05b705P.manifest
c:\documents and settings\Administrator\Dati applicazioni\020000003c84f05b705S.manifest
c:\documents and settings\Utente\Dati applicazioni\020000003c84f05b705C.manifest
c:\documents and settings\Utente\Dati applicazioni\020000003c84f05b705O.manifest
c:\documents and settings\Utente\Dati applicazioni\020000003c84f05b705P.manifest
c:\documents and settings\Utente\Dati applicazioni\020000003c84f05b705S.manifest
c:\documents and settings\Utente\Dati applicazioni\020000003c84f05b871C.manifest
c:\documents and settings\Utente\Dati applicazioni\020000003c84f05b871O.manifest
c:\documents and settings\Utente\Dati applicazioni\020000003c84f05b871P.manifest
c:\documents and settings\Utente\Dati applicazioni\020000003c84f05b871S.manifest
c:\documents and settings\Utente\Dati applicazioni\SystemProc
c:\programmi\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
c:\programmi\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\programmi\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
c:\programmi\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\windows\system32\1107835820
c:\windows\system32\SysWoW32
c:\windows\system32\SysWoW32\@u710936209v0
c:\windows\system32\SysWoW32\@u710936209v1
c:\windows\system32\SysWoW32\@u710936209v2
c:\windows\system32\SysWoW32\@u710936209v3
c:\windows\system32\SysWoW32\@u710936209v5
c:\windows\system32\SysWoW32\_u710936209v0
c:\windows\system32\SysWoW32\_u710936209v1
c:\windows\system32\SysWoW32\_u710936209v2
c:\windows\system32\SysWoW32\_u710936209v3
c:\windows\system32\SysWoW32\_u710936209v5
c:\windows\system32\SysWoW32\mu710936209v4
c:\windows\system32\SysWoW32\mu710936209v4.kwd
c:\windows\system32\SysWoW32\mu710936209v5
c:\windows\system32\SysWoW32\mu710936209v5.kwd
c:\windows\system32\SysWoW32\mu710936209v6
c:\windows\system32\SysWoW32\mu710936209v6.kwd
c:\windows\system32\SysWoW32\mu710936209v7
c:\windows\system32\SysWoW32\mu710936209v7.kwd
c:\windows\system32\SysWoW32\wu710936209v0
c:\windows\system32\SysWoW32\wu710936209v0.kwd
c:\windows\system32\SysWoW32\wu710936209v1
c:\windows\system32\SysWoW32\wu710936209v1.kwd
c:\windows\system32\SysWoW32\wu710936209v2
c:\windows\system32\SysWoW32\wu710936209v2.kwd
c:\windows\system32\SysWoW32\wu710936209v3
c:\windows\system32\SysWoW32\wu710936209v3.kwd
c:\windows\system32\unrar.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Creati Da 2010-03-11 al 2010-04-11 )))))))))))))))))))))))))))))))))))
.

2010-03-26 17:29 . 2010-03-26 17:29 21276144 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Real\Update\setup3.10\rp\RealPlayerSPGold_it.exe
2010-03-26 17:29 . 2010-03-26 17:29 8405312 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-26 17:28 . 2010-03-26 17:28 149000 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-26 17:28 . 2010-03-26 17:28 10309448 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-26 17:28 . 2010-03-26 17:28 79368 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Real\Update\setup3.10\RUP\vista.exe
2010-03-26 17:28 . 2010-03-26 17:28 52288 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-26 17:28 . 2010-03-26 17:28 64000 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-26 17:28 . 2010-03-26 17:28 50688 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-26 17:28 . 2010-03-26 17:28 49152 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-26 17:28 . 2010-03-26 17:28 118784 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-19 16:57 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-17 16:55 . 2010-03-17 16:55 443912 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Real\Update\setup3.10\setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 16:46 . 2010-01-17 19:44 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Skype
2010-04-11 16:43 . 2010-01-31 09:57 -------- d-----w- c:\programmi\DNA
2010-04-11 16:43 . 2010-01-31 09:57 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\DNA
2010-04-11 16:43 . 2007-11-11 18:10 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-04-11 16:25 . 2010-02-15 06:53 -------- d-----w- c:\programmi\Crawler
2010-04-11 16:15 . 2009-08-12 14:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2010-04-11 15:02 . 2009-08-12 14:07 -------- d-----w- c:\programmi\Spyware Terminator
2010-04-11 15:00 . 2009-08-12 14:07 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Spyware Terminator
2010-04-11 14:08 . 2008-04-27 13:55 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\skypePM
2010-04-09 17:18 . 2007-11-11 20:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-04-07 19:13 . 2009-07-17 15:33 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\FrostWire
2010-04-07 18:55 . 2007-04-09 08:28 76984 ----a-w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-07 11:07 . 2006-03-02 12:00 93140 ----a-w- c:\windows\system32\perfc010.dat
2010-04-07 11:07 . 2006-03-02 12:00 506842 ----a-w- c:\windows\system32\perfh010.dat
2010-03-22 17:28 . 2010-03-01 20:18 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-17 17:04 . 2007-11-15 20:42 -------- d-----w- c:\programmi\Mozilla Thunderbird
2010-03-11 12:30 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:30 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:30 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-03-01 18:32 . 2010-03-01 18:32 86400 ----a-w- c:\windows\~GLC0000.TMP
2010-02-28 11:40 . 2010-02-28 11:40 0 ----a-w- c:\documents and settings\Utente\Dati applicazioni\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-02-14 14:19 . 2010-02-14 14:19 2131336 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\0qss05dk.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-02-12 08:28 . 2007-08-12 14:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2010-02-12 06:55 . 2010-02-12 06:55 -------- d-----w- c:\programmi\Ask Search Assistant
2010-02-12 06:55 . 2007-08-12 11:18 -------- d-----w- c:\programmi\Messenger Plus! Live
2010-01-31 10:00 . 2010-01-31 09:57 76350411 ----a-w- c:\documents and settings\Utente\AD1988AB_Audio_V6585_XpVistaWin7.zip
2010-01-17 19:46 . 2010-01-17 19:46 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-17 17:32 . 2010-01-17 14:29 230432 ----a-w- C:\PA207.DAT
2007-11-04 15:58 . 2007-04-09 15:55 450114 ----a-w- c:\programmi\RegSeeker.zip
2007-04-09 20:18 . 2007-04-09 20:18 2558732 ----a-w- c:\programmi\MV790_MV800_Series_CUG_IT.pdf
2006-01-11 11:30 . 2006-01-11 11:30 19968 ----a-w- c:\programmi\Gif98.oca
1998-04-14 06:41 . 1998-04-14 06:41 18700 ----a-w- c:\programmi\B_los.gif
1998-03-16 21:49 . 1998-03-16 21:49 1971 ----a-w- c:\programmi\Alert.gif
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 68856]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 1079296]
"SpywareTerminatorUpdate"="c:\programmi\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-08-12 3055616]
"GBMLite8AgentLaCie"="c:\programmi\LaCie\Genie Backup Assistant\GBMAgent.exe" [2008-09-18 189056]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"Logitech Vid"="c:\programmi\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"BitTorrent DNA"="c:\programmi\DNA\btdna.exe" [2010-01-31 323392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"OlStatusMon"="c:\programmi\Olivetti\ANY_WAY\olDvcStatus.exe" [2005-08-05 90112]
"Cobian Backup 8 interface"="c:\programmi\Cobian Backup 8\cbInterface.exe" [2007-03-20 2424320]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2007-04-30 185896]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2008-12-11 2652056]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SpywareTerminator"="c:\progra~1\SPYWAR~2\SpywareTerminatorShield.exe" [2009-08-12 2171904]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2010-01-05 149280]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-11-10 417792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"GBMLite8AgentLaCie"="c:\programmi\LaCie\Genie Backup Assistant\GBMAgent.exe" [2008-09-18 189056]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-03-02 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2006-03-02 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-02 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2007-10-09 1036288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\
Utilit… controllo supporti di Picture Motion Browser.lnk - c:\programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-7-5 376832]
Watch.lnk - c:\windows\twain_32\A4CIS600\WATCH.exe [2007-4-15 372736]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-5-11 738968]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\FrostWire\\FrostWire.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15/12/2009 13.48.34 114768]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [13/12/2009 15.32.53 159600]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [12/08/2009 16.07.19 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/12/2009 13.48.34 20560]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [22/11/2008 9.29.38 8192]
R2 olMntrService;olMntrService;c:\programmi\Olivetti\ANY_WAY\olMntrService.exe [05/08/2005 13.21.26 69632]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [13/12/2009 15.33.00 73840]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [13/12/2009 15.32.03 95640]
R3 SFC4;SFC4;c:\windows\system32\drivers\SFC4.SYS [30/12/2007 10.12.34 41472]
S3 Dual Mode;Dual Mode Video Capture;c:\windows\system32\drivers\CoachVc.sys [15/04/2007 18.13.14 44928]
S3 PAC207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [17/01/2010 16.00.56 618112]
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://it.search.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {A81CD129-8E43-4312-BEE6-B9031E3C4A30} = 212.216.112.222,212.216.172.162
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\programmi\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\0qss05dk.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60446&qkw=
FF - component: c:\programmi\Crawler\firefox\components\xcomm.dll
FF - component: c:\programmi\Crawler\firefox\components\xshared.dll
FF - component: c:\programmi\Crawler\firefox\components\xsupport.dll
FF - component: c:\programmi\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-uTorrent - c:\programmi\uTorrent\uTorrent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 18:42
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(8084)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\programmi\Nokia\Nokia PC Suite 6\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\PC Tools Firewall Plus\FWService.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\IVT Corporation\BlueSoleil\BTNtService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Cobian Backup 8\cbService.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\Spyware Terminator\sp_rsser.exe
c:\programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
c:\programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
c:\programmi\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-11 18:48:32 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-11 16:48
ComboFix2.txt 2009-12-22 20:36

Pre-Run: 2.433.953.792 byte disponibili
Post-Run: 3.890.991.104 byte disponibili

- - End Of File - - 64EF9B31C61AFC919FA9C9034B38E017


paolopa
Inviato: Sunday, April 11, 2010 7:45:22 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
ti avevo detto di salvarlo sul desktop....combo ti ha eliminato qualche infezione(puoi vederle nel log sotto "altre eliminazioni"),quello che mi suona strano è che malwarebytes non avesse rivelato nulla...vorrei,se ti va di farlo,che disinstallassi quello che hai(di malwarebytes),e seguissi queste istruzioni:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
se trova infezioni posta il log che ti rilascera'.
dopo posta un log aggiornato di hijack.
florata57
Inviato: Monday, April 12, 2010 8:10:50 PM
Rank: AiutAmico

Iscritto dal : 2/9/2004
Posts: 73
Si, è vero che mi avevi detto di salvarlo sul deskstop ma non capisco perchè non ci sono riuscita, cmq farò quanto suggerito, nel frattempo però non funziona + il microfono e la cuffia.
grazie Flo
paolopa
Inviato: Monday, April 12, 2010 8:18:23 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
per cuffia e microfono non saprei dirti,mi spiace...se ti va posta il log di malwarebytes.
florata57
Inviato: Monday, April 12, 2010 9:14:19 PM
Rank: AiutAmico

Iscritto dal : 2/9/2004
Posts: 73
ecco il file di Malwarebyte ha individuato 3 file infetti che ho cancellato:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Versione database: 3982

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/04/2010 21.01.21
mbam-log-2010-04-12 (21-01-21).txt

Tipo di scansione: Scansione completa (C:\|F:\|)
Elementi esaminati: 171242
Tempo trascorso: 32 minuti, 35 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 2
File infetti: 1

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.

File infetti:
C:\Qoobox\Quarantine\C\Documents and Settings\Utente\Dati applicazioni\Desktopicon\eBayShortcuts.exe.vir (Adware.ADON) -> Quarantined and deleted successfully.
*******

e a seguire quello di hijackth

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.12.44, on 12/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Cobian Backup 8\cbService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Olivetti\ANY_WAY\olDvcStatus.exe
C:\Programmi\Cobian Backup 8\cbInterface.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\LaCie\Genie Backup Assistant\GBMAgent.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Programmi\Logitech\Logitech WebCam Software\LWS.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe
C:\Programmi\Logitech\Logitech Vid\vid.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\twain_32\A4CIS600\WATCH.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://it.search.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\ctbr.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [OlStatusMon] "C:\Programmi\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [Cobian Backup 8 interface] "C:\Programmi\Cobian Backup 8\cbInterface.exe" -service
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GBMLite8AgentLaCie] C:\Programmi\LaCie\Genie Backup Assistant\GBMAgent.exe
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Programmi\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [GBMLite8AgentLaCie] C:\Programmi\LaCie\Genie Backup Assistant\GBMAgent.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Logitech Vid] "C:\Programmi\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Utilità controllo supporti di Picture Motion Browser.lnk = C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS600\WATCH.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Utilità controllo supporti di Picture Motion Browser.lnk = C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'Default user')
O4 - .DEFAULT Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS600\WATCH.exe (User 'Default user')
O4 - Startup: Utilità controllo supporti di Picture Motion Browser.lnk = C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS600\WATCH.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A81CD129-8E43-4312-BEE6-B9031E3C4A30}: NameServer = 212.216.112.222,212.216.172.162
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\ctbr.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 8 servizio (CobBMService) - Luis Cobian - C:\Programmi\Cobian Backup 8\cbService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: olMntrService - Olivetti - C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14861 bytes

dopo l'operazione con Malware.... ha ripreso a funzionare
Ciao e Grazie
Flo
paolopa
Inviato: Tuesday, April 13, 2010 6:45:51 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
bene flo,abbiamo fatto pulizia sembra...hai una valanga di programmi che ti partono all avvio che andrebbe sfoltita(i programmi funzionerebbero lo stesso,solo che non partirebbero all avvio del sistema),e personalmente disinstallerei le toolbar dal pannello di controllo,oltre ad installare la versione 5 di avast(ha funzione anche di antispyware e ti consentirebbe di disinstallare spywaretwrminator),ma tutto questo non ha a vedere con infezioni.fai questo :
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.(serve per eliminare correttamente combofix e si autoelimina)

Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta
a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie),
registro compreso.
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp.
(non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows,
aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci
conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su
Remove selected

disattiva il ripristino configurazione di sistema
start,pannello di controllo,sistema,configurazione di sistema,metti la spunta a
"disattiva ripristino configurazione di sistema su tutte le unita'",applica,ok.
spegni e riaccendi il pc e fai l operazione inversa per riattivarlo.
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.