Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

mi dareste una controllata al log? pagine che si chiudono, icone che spariscono e tornano!!!!!! Opzioni
salella
Inviato: Friday, March 27, 2009 11:55:11 PM
Rank: Member

Iscritto dal : 12/11/2005
Posts: 18
Salve ragazzi, ho il pc che sbachetta Think pagine internet che si chiudono ....appare il desktop senza icone che tornano dopo un pò.... l'altro giorno si sono aperte a raffica infinite pagine chiuse con task manager...e altre piccole cosette Pray
ho fatto scansioni in modalità provvisoria con avast ...trovato nulla con spy bot e ad-aware... ma nulla di strano ...eppure il mio caro pc non è più lo stesso!!!Shame on you vi posto il log mi ci dareste un'occhiata!
grazie per la vostra disponibibilità

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.09.48, on 27/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
C:\Programmi\Logitech\QuickCam10\QuickCam10.exe
C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
C:\Programmi\USB Disk Tool\USNDISKT.EXE
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\WinAlarm\WinAlarm.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.racine.ra.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: XBTP06568 Class - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Programmi\AOL Security Toolbar\AOL_security_toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Programmi\AOL Security Toolbar\AOL_security_toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [USB Disk Tool] C:\Programmi\USB Disk Tool\USNDISKT.EXE
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [WinAlarm] C:\Programmi\WinAlarm\WinAlarm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [8S31B2X78H] C:\WINDOWS\wsyst32.exe
O4 - HKLM\..\Policies\Explorer\Run: [Service] C:\WINDOWS\lasys32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Porta Symantec Fax Starter Edition.lnk = C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AA0FB75C-C50E-47B6-B7E0-3B9C3FAA8AC4} - http://webcam.oliveto.info:990/Comm/IPCamControl.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-it.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11053 bytes
Sponsor
Inviato: Friday, March 27, 2009 11:55:11 PM

 
pidue
Inviato: Saturday, March 28, 2009 9:00:15 AM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Chiudi HijackThis in una cartella a lui dedicata (possibilmente non sul desktop), altrimenti perdi i backup;

Disattiva il Ripristino configurazione di Sistema come qui descritto

avvia in modalità provvisoria come qui descritto

rendi visibili le cartelle nascoste ------ > procedura:
da Risorse del computer:
Strumenti >> Opzioni cartella >> visualizzazione;
metti la spunta su:
Visualizza file e cartelle nascoste;
togli la spunta da:
Nascondi file protetti del sistema(consigliato)


Avvia hijackthis, con tutte le applicazioni chiuse, premi su Do a system scan only , spunta ed elimina (fix checked) le seguenti righe:



R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
O4 - HKLM\..\Policies\Explorer\Run: [8S31B2X78H] C:\WINDOWS\wsyst32.exe
O4 - HKLM\..\Policies\Explorer\Run: [Service] C:\WINDOWS\lasys32.exe


Trova e cancella il file in rosso:
_________________________________________________________________________________
C:\WINDOWS\whsyst32.exe
C:\WINDOWS\lasys32.exe
_________________________________________________________________________________

Start >> Esegui. Scrivi (o copia e incolla) la stringa %temp%, clicca su Ok, svuota la cartella temp del tuo profilo:
Vai su Strumenti >> Opzioni Internet, elimina la cronologia, i files temporanei internet, i cookies;
svuota il cestino;

riavvia il computer normalmente.
Fai un controllo antivirus a questo indirizzo
Alla fine:

rinascondi le cartelle di sistema;
riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.




salella
Inviato: Sunday, March 29, 2009 11:44:00 AM
Rank: Member

Iscritto dal : 12/11/2005
Posts: 18
ciao pidue, questi due file non li ho trovati da nessuna parte Anxious
C:\WINDOWS\whsyst32.exe
C:\WINDOWS\lasys32.exe
tutto il resto ok ,fatto scnsione, sotto il risultato!
grazie e buona domenica

******* **********************
ANALYSIS: 2009-03-29 11:31:27
PROTECTIONS: 1
MALWARE: 5
SUSPECTS: 0
;**************
PROTECTIONS
Description Version Active Updated
;====================================
avast! antivirus 4.8.1335 [VPS 090328-0] 4.8.1335 Yes Yes
;===================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================== ======================================
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search &
Destroy\Recovery\CoolWWWSearchSmartSearch.zip

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Capra\Cookies\capra@serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Capra\Cookies\capra@bs.serving-sys[2].txt

00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Capra\Cookies\capra@www3.addfreestats[1].txt

00549760 Adware/ActiveSearch Adware No 0 Yes No C:\Programmi\AOL Security Toolbar\TBHELPER.DLL
;=========================================================== ======================================================
SUSPECTS
Sent Location ˢ
====================================================================
VULNERABILITIES
Id Severity Description ˢ
;===============================
salella
Inviato: Sunday, March 29, 2009 5:14:28 PM
Rank: Member

Iscritto dal : 12/11/2005
Posts: 18
ragazzi, 10 minuti fà mi si sono aperte velocissimamente tante pagine internet che ho chiuso con difficoltà con task manager!!
riposto il lo appena fatto
Ma cosa si è messo dentro a questo pc! Brick wall Brick wall

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.06.06, on 29/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
C:\Programmi\Logitech\QuickCam10\QuickCam10.exe
C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
C:\Programmi\USB Disk Tool\USNDISKT.EXE
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\WinAlarm\WinAlarm.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Programmi\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.racine.ra.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: XBTP06568 Class - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Programmi\AOL Security Toolbar\AOL_security_toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Programmi\AOL Security Toolbar\AOL_security_toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [USB Disk Tool] C:\Programmi\USB Disk Tool\USNDISKT.EXE
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [WinAlarm] C:\Programmi\WinAlarm\WinAlarm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Porta Symantec Fax Starter Edition.lnk = C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AA0FB75C-C50E-47B6-B7E0-3B9C3FAA8AC4} - http://webcam.oliveto.info:990/Comm/IPCamControl.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-it.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10837 bytes
r16
Inviato: Sunday, March 29, 2009 5:36:27 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
salella ha scritto:


00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search &
Destroy\Recovery\CoolWWWSearchSmartSearch.zip


Guarda salella, a meno che la scasione on-line, non abbia preso un abbaglio, dice che hai il Beagle.
Se hai scaricato file da E-Mule, eliminali subito,e svuota il cestino.
Disistalla completamente Spybot, lo reistalli in un secondo momento, quando il problema sarà risolto.
Poi fai questa scansione con FindyKill:
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
Ecco anche una guida per l'uso. leggila bene.
http://www.steven.altervista.org/files/findykill.html
Troverai il log da salvare in C:\ FindyKill.txt
Postalo qui.
Poi serve una scansione con Malwarebytes:
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Posta il log.
salella
Inviato: Sunday, March 29, 2009 6:15:45 PM
Rank: Member

Iscritto dal : 12/11/2005
Posts: 18
ciao r16 intanto grazie per la risposta! ho tolto pybot e anche ad-aware... Io non so che cosa cancellare perchè non ho emule....ora spengo il pc per finire l'elimimazione poi faccio la scansione con findykill
grazie di nuovo
salella
Inviato: Sunday, March 29, 2009 6:39:13 PM
Rank: Member

Iscritto dal : 12/11/2005
Posts: 18
non capisco Think se ho sbagliato qualcosa oppure se findy kill è superveloce !Anxious ha scansionato in un attimo

############################## [ FindyKill V4.721 ]

# User : Capra (Administrators) # FISSO
# Update on 29/03/09 by Chiquitine29
# Start at: 18.32.31 | 29/03/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# Intel(R) Pentium(R) M processor 1400MHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1335 [VPS 090328-0] 4.8.1335 [ Enabled | Updated ]

# C:\ # Disco rigido locale # 23,41 Go (9,51 Go free) [ACER] # FAT32
# D:\ # Disco rigido locale # 9,76 Go (4,74 Go free) [ACERDATA] # FAT32
# E:\ # Disco CD-ROM

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
C:\Programmi\Logitech\QuickCam10\QuickCam10.exe
C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
C:\Programmi\USB Disk Tool\USNDISKT.EXE
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\WINDOWS\System32\alg.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\WinAlarm\WinAlarm.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

################## [ Fichiers / Dossiers infectieux C:\ ]


################## [ C:\WINDOWS & C:\WINDOWS\Prefetch ]


################## [ C:\WINDOWS\system32 ]


################## [ C:\WINDOWS\system32\drivers ]


################## [ C:\.. Application Data ... ]


################## [ C:\Users...\Temp Files... ]


################## [ Registre / Clés infectieuses ]



################## [ Recherche dans supports amovibles]

# Présence des fichiers :


################## [ Registre / Mountpoint2 ]

# -> Not found !

################## [ ! Fin du rapport # FindyKill V4.721 ! ]

r16
Inviato: Sunday, March 29, 2009 8:11:16 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Non ha trovato niente. (strano)
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO.
Esegui una scansione completa del sistema
Posta il log.

Poi fai questa scansione:

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
salella
Inviato: Sunday, March 29, 2009 10:05:29 PM
Rank: Member

Iscritto dal : 12/11/2005
Posts: 18
MalwareBytes non ha trovato,mi sembra, nulla Malwarebytes' Anti-Malware 1.35
Versione del database: 1916
Windows 5.1.2600 Service Pack 3

29/03/2009 22.02.51
mbam-log-2009-03-29 (22-02-51).txt

Tipo di scansione: Scansione completa (C:\|D:\|F:\|)
Elementi scansionati: 247994
Tempo trascorso: 1 hour(s), 12 minute(s), 30 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
r16
Inviato: Sunday, March 29, 2009 10:20:36 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao salella .
Si, il log di Malwarebytes, è pulito.
Tienilo installato Malwarebytes, che è un programma valido.
Ricorda solo di aggiornarlo prima di ogni scansione.
Incomincio a pensare che la scansione on-line, ha preso un abbaglio.Whistle
Aspetto la scansione con Combofix, per avere la conferma.
salella
Inviato: Sunday, March 29, 2009 10:39:08 PM
Rank: Member

Iscritto dal : 12/11/2005
Posts: 18
eccoloooooo Anxious dammi buone notizie Pray

ComboFix 09-03-29.02 - Capra 2009-03-29 22.23.03.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.495.193 [GMT 2:00]
Eseguito da: c:\documents and settings\Capra\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090329-0] *On-access scanning enabled* (Updated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mdm.exe

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_LOG


((((((((((((((((((((((((( Files Creati Da 2009-02-28 al 2009-03-29 )))))))))))))))))))))))))))))))))))
.

2009-03-29 20:44 . 2009-03-29 20:44 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-03-29 20:44 . 2009-03-29 20:44 <DIR> d-------- c:\documents and settings\Capra\Dati applicazioni\Malwarebytes
2009-03-29 20:44 . 2009-03-29 20:44 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-03-29 20:44 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-29 20:44 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-29 18:25 . 2009-03-29 18:25 <DIR> d-------- C:\FindyKill
2009-03-28 22:19 . 2009-03-28 22:19 <DIR> d-------- c:\programmi\Panda Security
2009-03-28 22:19 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-03-12 18:01 . 2009-03-27 14:52 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-12 18:01 . 2009-03-12 18:01 1,409 --a------ c:\windows\QTFont.for
2009-03-08 10:07 . 2009-03-08 10:07 <DIR> d--hs---- C:\FOUND.011
2009-03-05 21:21 . 2009-03-05 21:21 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 13:50 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-27 14:50 --------- d-----w c:\programmi\realvnc
2009-02-20 16:15 --------- d-----w c:\programmi\Trend Micro
2009-02-09 13:04 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 13:04 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 13:03 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-09 13:03 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-09 12:53 --------- d-----w c:\programmi\File comuni\PCSuite
2009-02-09 12:53 --------- d-----w c:\programmi\File comuni\Nokia
2009-02-09 12:50 --------- d-----w c:\programmi\PC Connectivity Solution
2009-02-09 12:46 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Installations
2009-02-09 09:53 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-02-05 20:48 --------- d-----w c:\documents and settings\Capra\Dati applicazioni\skypePM
2009-02-05 20:47 --------- d-----w c:\programmi\File comuni\Skype
2009-01-16 19:15 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2007-10-13 19:23 7,680 ----a-w c:\documents and settings\Capra\netcache.dat
1999-03-10 11:53 99,840 ----a-w c:\programmi\File comuni\IRAABOUT.DLL
1998-12-09 01:53 70,144 ----a-w c:\programmi\File comuni\IRAMDMTR.DLL
1998-12-09 01:53 48,640 ----a-w c:\programmi\File comuni\IRALPTTR.DLL
1998-12-09 01:53 31,744 ----a-w c:\programmi\File comuni\IRAWEBTR.DLL
1998-12-09 01:53 186,368 ----a-w c:\programmi\File comuni\IRAREG.DLL
1998-12-09 01:53 17,920 ----a-w c:\programmi\File comuni\IRASRIAL.DLL
2008-05-15 17:21 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008051520080516\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\programmi\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-10-30 67128]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-06-23 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-06-23 114688]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2005-12-15 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"LogitechCommunicationsManager"="c:\programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 284184]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 746520]
"LVCOMSX"="c:\programmi\File comuni\Logitech\LComMgr\LVComSX.exe" [2006-11-15 244512]
"USB Disk Tool"="c:\programmi\USB Disk Tool\USNDISKT.EXE" [2003-04-02 122880]
"LManager"="c:\progra~1\LAUNCH~1\CPLBCL53.EXE" [2003-06-27 155648]
"Apoint"="c:\programmi\Apoint2K\Apoint.exe" [2002-07-25 151552]
"WinAlarm"="c:\programmi\WinAlarm\WinAlarm.exe" [2007-12-26 353280]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-19 148888]
"SoundMan"="SOUNDMAN.EXE" [2003-06-20 c:\windows\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-23 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-30 67128]
Porta Symantec Fax Starter Edition.lnk - c:\programmi\Microsoft Office\Office\1040\OLFSNT40.EXE [1999-03-10 45568]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
Acrobat Assistant.lnk - c:\programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-02-04 82026]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ZDWLan Utility.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ZDWLan Utility.lnk
backup=c:\windows\pss\ZDWLan Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-12-03 12:47 1205760 c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-09-26 14:50 206184 c:\programmi\TomTom HOME 2\HOMERunner.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\System32\\rtcshare.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-28 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-01 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-01 20560]
S3 PCX500;Driver per schede LAN senza fili Cisco;c:\windows\system32\drivers\pcx500.sys [2004-01-02 169984]
S3 USBSNXSTOR;Mass Storage driver ;c:\windows\system32\drivers\USBSNX2K.SYS [2004-08-17 53083]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9329f7c0-b3ae-11dc-af28-00042379b4dd}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c492ef30-dcc9-11dc-af86-00042379b4dd}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-29 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 11:37]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-Ad-Watch - c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-SweetIM - c:\programmi\Macrogaming\SweetIM\SweetIM.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.racine.ra.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {AA0FB75C-C50E-47B6-B7E0-3B9C3FAA8AC4} - hxxp://webcam.oliveto.info:990/Comm/IPCamControl.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 22:30:43
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
c:\programmi\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\programmi\FILE COMUNI\EPSON\EBAPI\SAGENT2.EXE
c:\programmi\JAVA\JRE6\BIN\JQS.EXE
c:\programmi\ALWIL SOFTWARE\AVAST4\ASHDISP.EXE
c:\programmi\LAUNCH MANAGER\CPLBCL53.EXE
c:\programmi\Apoint2K\Apntex.exe
c:\windows\SYSTEM32\WBEM\WMIAPSRV.EXE
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-03-29 22:33:02 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-03-29 20:32:58

Pre-Run: 10.025.451.520 byte disponibili
Post-Run: 9,968,975,872 byte disponibili

167 --- E O F --- 2009-03-20 09:22:59
salella
Inviato: Sunday, March 29, 2009 10:47:16 PM
Rank: Member

Iscritto dal : 12/11/2005
Posts: 18
r16 ha scritto:
Ciao salella .
Si, il log di Malwarebytes, è pulito.
Tienilo installato Malwarebytes, che è un programma valido.

GRAZIE r16, tengo senz'altro questo al posto di ad-aware Anxious poi devo rinstallare di nuovo spybot o posso farne a meno!...a me non ha mai trovato nulla!!! un'altra domandina Brick wall con disk cleaner posso sspuntare anche la casella ..prefetch clean...oppure è meglio di no!
r16
Inviato: Sunday, March 29, 2009 10:47:32 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao salella .
Il log di Combofix non ha grossi problemi.
Postami un log di HJT.
salella
Inviato: Sunday, March 29, 2009 10:50:46 PM
Rank: Member

Iscritto dal : 12/11/2005
Posts: 18
agli ordini
salella
Inviato: Sunday, March 29, 2009 10:52:04 PM
Rank: Member

Iscritto dal : 12/11/2005
Posts: 18
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.51.31, on 29/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
C:\Programmi\Logitech\QuickCam10\QuickCam10.exe
C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\WinAlarm\WinAlarm.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.racine.ra.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: XBTP06568 Class - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Programmi\AOL Security Toolbar\AOL_security_toolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Programmi\AOL Security Toolbar\AOL_security_toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [USB Disk Tool] C:\Programmi\USB Disk Tool\USNDISKT.EXE
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [WinAlarm] C:\Programmi\WinAlarm\WinAlarm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Porta Symantec Fax Starter Edition.lnk = C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AA0FB75C-C50E-47B6-B7E0-3B9C3FAA8AC4} - http://webcam.oliveto.info:990/Comm/IPCamControl.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-it.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10104 bytes
r16
Inviato: Sunday, March 29, 2009 11:03:30 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121
Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Creative Detector] C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe /R
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AA0FB75C-C50E-47B6-B7E0-3B9C3FAA8AC4} - http://webcam.oliveto.info:990/Comm/IPCamControl.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-it.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Riavvia il pc.
POi
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.
Dimmi se riscontri ancora problemi.
salella
Inviato: Monday, March 30, 2009 12:25:03 AM
Rank: Member

Iscritto dal : 12/11/2005
Posts: 18
r16, ho fatto tutto quello che mi hai suggerito, speriamo che i problemi siano finiti quà! scusami se mi ripeto, al posto di ad-aware tengo Malwarebytes, ma spybot lo devo reinstallare oppure posso farne senza? GRAZIE, buona notte e buona settimana
r16
Inviato: Monday, March 30, 2009 12:12:46 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Disinstalla combofix in questo modo:
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di combofix (qoobox) compreso il log.

Disistalla anche FindyKill
Ti serve un antispyware, quindi io lo reistallerei:
http://www.aiutamici.com/software?ID=10831
Leggi bene la guida, e fai attenzione a non attivare il TEA TIMER.
Crea più problemi che benefici.
salella
Inviato: Monday, March 30, 2009 2:03:15 PM
Rank: Member

Iscritto dal : 12/11/2005
Posts: 18
disinstallato findykill,
ma per combofix, ho copiato e incollato il comando... Combofix /u...ma viene un'avviso che dice che non si trova il file (forse l'avevo già eliminato ieri sera) ho comunque trovato in C: la cartella qoobox e l'ho eliminata
ciao buona giornata e grazie di nuovo
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.