Malwarebytes' Anti-Malware 1.36
Versione del database: 2061
Windows 5.1.2600 Service Pack 3

30/04/2009 19.06.12
mbam-log-2009-04-30 (19-06-12).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 114333
Tempo trascorso: 3 minute(s), 4 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)


ho provato a cancellarlo ma lo ritrova SEMPRE.
e possibile eliminarlo definitivamente ?
grazie

ComboFix 09-05-02.4 - gianpa 02/05/2009 16.07.38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1535.1163 [GMT 2:00]
Eseguito da: c:\documents and settings\gianpa\Documenti\Download\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090501-0] *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\gianpa\Impostazioni locali\Dati applicazioni\kaiaguc.dat
c:\documents and settings\gianpa\Impostazioni locali\Dati applicazioni\kaiaguc_nav.dat
c:\documents and settings\gianpa\Impostazioni locali\Dati applicazioni\kaiaguc_navps.dat
c:\documents and settings\gianpa\Impostazioni locali\Dati applicazioni\oaicogi.dat
c:\documents and settings\gianpa\Impostazioni locali\Dati applicazioni\oaicogi.exe
c:\documents and settings\gianpa\Impostazioni locali\Dati applicazioni\oaicogi_nav.dat
c:\documents and settings\gianpa\Impostazioni locali\Dati applicazioni\oaicogi_navps.dat

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3550P


((((((((((((((((((((((((( Files Creati Da 2009-04-02 al 2009-05-02 )))))))))))))))))))))))))))))))))))
.

2009-04-29 21:33 . 2009-04-29 21:33 -------- d-----w c:\documents and settings\Administrator.GIANPA-50238E3A\Dati applicazioni\.clamwin
2009-04-29 20:40 . 2009-04-29 20:50 -------- d-----w c:\programmi\WinClamAVShield
2009-04-22 23:09 . 2009-04-22 23:22 -------- d-----w c:\programmi\HSDPA USB Modem
2009-04-22 23:07 . 2009-04-22 23:07 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY\Impostazioni locali\Dati applicazioni\Google
2009-04-22 23:07 . 2009-04-22 23:07 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY\Impostazioni locali\Dati applicazioni\Google
2009-04-22 22:10 . 2009-04-22 23:09 -------- d-----w c:\programmi\HSDPA USB Modem(2)
2009-04-19 16:20 . 2009-04-19 16:20 -------- d-----w c:\programmi\Microsoft Silverlight
2009-04-18 14:43 . 2009-04-22 23:09 -------- d-----w c:\documents and settings\gianpa\Tracing
2009-04-18 14:38 . 2009-04-22 23:09 -------- d-----w c:\programmi\Windows Live
2009-04-18 14:06 . 2009-04-18 14:06 -------- d-----w c:\programmi\File comuni\Windows Live
2009-04-18 10:56 . 2009-04-18 10:56 -------- d-----w c:\documents and settings\Administrator.GIANPA-50238E3A\Dati applicazioni\Malwarebytes
2009-04-09 09:32 . 2009-05-02 13:57 -------- d-----w c:\programmi\Mozilla Firefox 3.1 Beta 3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 14:11 . 2009-04-09 14:57 874 ----a-w c:\windows\Tasks\GoogleUpdateTaskMachine.job
2009-05-02 14:10 . 2008-02-04 20:01 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-04-26 11:32 . 2008-02-05 13:48 31528 ----a-w c:\documents and settings\gianpa\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-22 23:15 . 2008-09-07 10:41 -------- d-----w c:\programmi\Digisoft AntiDialer
2009-04-22 23:12 . 2008-05-15 13:49 -------- d-----w c:\programmi\eMule
2009-04-22 23:08 . 2008-10-20 21:57 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-09 15:01 . 2008-05-25 10:28 -------- d-----w c:\programmi\Google
2009-04-09 10:09 . 2008-10-18 16:22 -------- d-----w c:\programmi\Crawler
2009-04-06 13:32 . 2008-10-20 21:57 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2008-10-20 21:57 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-04 13:10 . 2008-08-08 18:34 -------- d-----w c:\programmi\Java
2009-04-02 21:53 . 2004-08-30 20:00 47592 ----a-w c:\windows\system32\perfc010.dat
2009-04-02 21:53 . 2004-08-30 20:00 345010 ----a-w c:\windows\system32\perfh010.dat
2009-03-28 11:20 . 2009-03-28 11:19 -------- d-----w c:\programmi\ACD Systems
2009-03-21 23:16 . 2009-03-21 23:16 -------- d-----w c:\programmi\FLV Player
2009-03-17 19:12 . 2009-03-17 19:12 -------- d-----w c:\programmi\Finson Live Update
2009-03-17 14:55 . 2009-03-14 17:00 -------- d-----w c:\programmi\FairUse Wizard 2
2009-03-14 14:18 . 2009-03-14 14:18 -------- d-----w c:\programmi\Free Download Manager
2009-03-09 03:19 . 2009-02-18 10:50 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 20:29 . 2008-11-19 15:43 -------- d-----w c:\programmi\Vidomi
2009-02-07 20:51 . 2009-02-07 20:51 1024 ---h--r c:\windows\system32\NTIBUN4.dll
2009-02-07 20:49 . 2009-02-07 20:49 1024 ---h--r c:\windows\system32\NTICDMK7.dll
2009-02-07 20:48 . 2009-02-07 20:41 1024 ---h--r c:\windows\system32\NTIMPEG2.dll
2009-02-07 20:48 . 2009-02-07 20:41 1024 ---h--r c:\windows\system32\NTIMP3.dll
2009-02-07 20:48 . 2009-02-07 20:41 1024 ---h--r c:\windows\system32\NTIFCD3.dll
2009-02-07 20:47 . 2009-02-07 20:47 6144 ----a-w c:\windows\system32\drivers\NTIDrvr.sys
2009-02-05 20:44 . 2009-02-05 20:44 0 -c--a-w c:\windows\nsreg.dat
2005-07-15 12:04 . 2005-07-15 12:04 5632 --sha-w c:\programmi\Thumbs.db
2005-05-21 14:28 . 2005-05-21 14:28 266 --sh--w c:\programmi\desktop.ini
2005-05-21 14:28 . 2005-05-21 14:28 11267 -c-ha-w c:\programmi\folder.htt
2008-02-25 10:23 . 2008-02-25 10:23 8 -csha-r c:\windows\SYSTEM32\EF529A8CF9.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FAST Defrag"="c:\progra~1\FASTDE~1\FAST2.EXE" [2005-02-19 98816]
"Free Download Manager"="c:\programmi\Free Download Manager\fdm.exe" [2009-03-02 3399727]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClamWin"="c:\programmi\ClamWin\bin\ClamTray.exe" [2008-06-14 77824]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-10-18 1783808]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digisoft AntiDialer.lnk - c:\programmi\Digisoft AntiDialer\AntiDialer.exe [2003-8-19 730112]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 gupdate1c9b9238e3cfbc8;Google Update Service (gupdate1c9b9238e3cfbc8);c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-09 133104]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 MEMSWEEP2;MEMSWEEP2; [x]
R3 TMPassthruMP;TMPassthruMP; [x]
R4 uscsc108;uscsc108;c:\windows\system32\DRIVERS\uscsc108.sys [2003-03-09 102336]
S1 aswSP;avast! Self Protection; [x]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-10-18 141312]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 Communication Modem Device Manager II;Communication Modem Device Manager II;c:\windows\system32\RegService.exe [2008-10-10 135168]
S3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;c:\windows\system32\DRIVERS\cmusbser.sys [2008-09-01 103552]

.
Contenuto della cartella 'Scheduled Tasks'

2009-05-02 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-09 14:57]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-oaicogi - c:\documents and settings\gianpa\impostazioni locali\dati applicazioni\oaicogi.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/ig?hl=it
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: Image Converter 2 ??? - c:\programmi\Sony\Image Converter 2\menu.htm
IE: Scarica con Free Download Manager - file://c:\programmi\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\programmi\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\programmi\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://c:\programmi\Free Download Manager\dlall.htm
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\programmi\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\gianpa\Dati applicazioni\Mozilla\Firefox\Profiles\69oy3jw7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rls=ig
FF - component: c:\programmi\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\programmi\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.141.5\npGoogleOneClick7.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\programmi\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programmi\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.cache_size", 51200);
c:\programmi\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programmi\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true);
c:\programmi\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programmi\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programmi\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programmi\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programmi\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programmi\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programmi\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programmi\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programmi\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programmi\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programmi\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programmi\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programmi\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programmi\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programmi\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-02 16:12
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2980)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\Executive Software\Diskeeper\DkService.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Spyware Terminator\sp_rsser.exe
c:\windows\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-05-02 16.15.59 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-05-02 14:15

Pre-Run: 13.168.955.392 byte disponibili
Post-Run: 13.123.870.720 byte disponibili

185

Te lo sconsiglio di utilizzare Combofix, se non assistito da un esperto.
I danni che può provvocare, per una esecuzione errata, possono portare alla formattazione.
Poi vedi tu...
Esegui queste indicazioni :
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected
Il log è pulito.
Dovresti essere a posto.
Ciao.