Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » apertura popup indesiderati...

apertura popup indesiderati... Opzioni
Topic Precedente · Topic Sucessivo
rox62
Inviato: Tuesday, July 28, 2009 1:50:58 PM
Rank: Member

Iscritto dal : 7/26/2002
Posts: 14
Ciao a tutti, ho un problema, che è quello delle finestre popup che si aprono continuamente mentre navigo creandomi fastidio e dei problemi, infatti mi si apre sempre la finestra windows grigia che mi segnala l'errore. Come posso fare per eliminare questo fastidio? Naturalmente il mio sistema operativo è windows xp... grazie anticipatamente dell'aiuto, ciao Roxy.
Torna in alto
 
Sponsor
Inviato: Tuesday, July 28, 2009 1:50:58 PM

 
Torna in alto
 
simo95
Inviato: Tuesday, July 28, 2009 1:52:32 PM

Rank: AiutAmico

Iscritto dal : 12/4/2008
Posts: 2,008
Posta un log di hijackthis, nella scheda ci sono tutte le istruzioni:

http://software.aiutamici.com/software?ID=11175
Torna in alto
 
rox62
Inviato: Tuesday, July 28, 2009 2:06:38 PM
Rank: Member

Iscritto dal : 7/26/2002
Posts: 14
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.04.22, on 28/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Apps\Powercinema\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE
C:\Programmi\Logitech\QuickCam\Quickcam.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Windows Live\Family Safety\fsui.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Lingoes\Translator2\Lingoes.exe
C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Programmi\Windows Live\Family Safety\fsssvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wallstreetitalia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Programmi\Media Access Startup\1.5.0.850\HPIEAddOn.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Programmi\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
O2 - BHO: PBITV2 - {4E7BD74F-2B8D-469E-A0E8-EB65B685FA7D} - C:\WINDOWS\system32\pbitv2.dll (file missing)
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Programmi\System Search Dispatcher\1.3.0.840\ssd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PBITV2 - {4E7BD74F-2B8D-469E-A0E8-EB65B685FA7D} - C:\WINDOWS\system32\pbitv2.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [fssui] "C:\Programmi\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Lingoes] C:\Programmi\Lingoes\Translator2\Lingoes.exe -minimize
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Nikon Monitor.lnk = C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_cracks.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-82acb860f7a2c88f.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1834B413-D2B0-4B7F-A626-6D4592FD13CE}: NameServer = 85.37.17.55 85.38.28.93
O17 - HKLM\System\CS1\Services\Tcpip\..\{1834B413-D2B0-4B7F-A626-6D4592FD13CE}: NameServer = 85.37.17.55 85.38.28.93
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c98b70ef469c70) (gupdate1c98b70ef469c70) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 11630 bytes
Torna in alto
 
simo95
Inviato: Tuesday, July 28, 2009 2:34:45 PM

Rank: AiutAmico

Iscritto dal : 12/4/2008
Posts: 2,008
Qualcosina c'è, comunque aspetta chi è più esperto di me.

Intanto segui bene queste istruzioni:

1.Installa Malwarebytes (sulla scheda ci sono tutte le istruzioni): http://software.aiutamici.com/software?ID=80346
2.Aggiornalo
3.Esegui la scansione COMPLETA del tuo sistema
4.Se rileva qualcosa NON ELIMINARE NULLA ma posta qui il log che rilascerà
Torna in alto
 
rox62
Inviato: Tuesday, July 28, 2009 2:42:14 PM
Rank: Member

Iscritto dal : 7/26/2002
Posts: 14
Grazie, appena mi è possibile ci provo, scusa per il doppio topic! :-(
Torna in alto
 
simo95
Inviato: Tuesday, July 28, 2009 2:45:08 PM

Rank: AiutAmico

Iscritto dal : 12/4/2008
Posts: 2,008
Tranquillo!
Torna in alto
 
rox62
Inviato: Tuesday, July 28, 2009 8:56:30 PM
Rank: Member

Iscritto dal : 7/26/2002
Posts: 14
Ho eseguito la scansione completa del mio sistema, con il programma suggeritomi da simo95, e posto di seguito il log che mi ha rilasciato.
Grazie anticipatamente
Torna in alto
 
r16
Inviato: Tuesday, July 28, 2009 11:58:16 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
rox62 ha scritto:
Ho eseguito la scansione completa del mio sistema, con il programma suggeritomi da simo95, e posto di seguito il log che mi ha rilasciato.

Dov'è ?Whistle
Torna in alto
 
rox62
Inviato: Wednesday, July 29, 2009 12:50:40 PM
Rank: Member

Iscritto dal : 7/26/2002
Posts: 14
opppss scusate!! Ecco il log....



Malwarebytes' Anti-Malware 1.39
Versione del database: 2522
Windows 5.1.2600 Service Pack 3

28/07/2009 20.52.15
mbam-log-2009-07-28 (20-52-10).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 292347
Tempo trascorso: 51 minute(s), 30 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 5
Chiavi di registro infette: 32
Valori di registro infetti: 3
Elementi dato del registro infetti: 0
Cartelle infette: 19
File infetti: 37

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
C:\Programmi\Media Access Startup\1.5.0.850\HPIEAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Programmi\System Search Dispatcher\1.3.0.840\ssd.dll (Adware.DoubleD) -> No action taken.
C:\Programmi\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Programmi\Media Access Startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Programmi\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> No action taken.

Chiavi di registro infette:
HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7c559105-9ecf-42b8-b3f7-832e75edd959} (Adware.ISTBar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Rogue.Installer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\Programmi\DoubleD (Adware.DoubleD) -> No action taken.
c:\programmi\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> No action taken.
C:\Programmi\Media Access Startup (Adware.DoubleD) -> No action taken.
c:\programmi\media access startup\1.5.0.850 (Adware.DoubleD) -> No action taken.
c:\programmi\media access startup\1.5.0.850\Data (Adware.DoubleD) -> No action taken.
c:\programmi\media access startup\1.5.0.850\FF (Adware.DoubleD) -> No action taken.
c:\programmi\media access startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> No action taken.
c:\programmi\media access startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> No action taken.
c:\programmi\media access startup\1.5.0.850\FF\components (Adware.DoubleD) -> No action taken.
C:\Programmi\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
c:\programmi\internet saving optimizer\3.4.0.4340 (Adware.DoubleD) -> No action taken.
c:\programmi\internet saving optimizer\3.4.0.4340\Data (Adware.DoubleD) -> No action taken.
c:\programmi\internet saving optimizer\3.4.0.4340\FF (Adware.DoubleD) -> No action taken.
c:\programmi\internet saving optimizer\3.4.0.4340\FF\chrome (Adware.DoubleD) -> No action taken.
c:\programmi\internet saving optimizer\3.4.0.4340\FF\chrome\content (Adware.DoubleD) -> No action taken.
c:\programmi\internet saving optimizer\3.4.0.4340\FF\components (Adware.DoubleD) -> No action taken.
C:\Programmi\System Search Dispatcher (Adware.DoubleD) -> No action taken.
c:\programmi\system search dispatcher\1.3.0.840 (Adware.DoubleD) -> No action taken.
c:\programmi\system search dispatcher\1.3.0.840\Data (Adware.DoubleD) -> No action taken.

File infetti:
C:\Programmi\Media Access Startup\1.5.0.850\HPIEAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Programmi\System Search Dispatcher\1.3.0.840\ssd.dll (Adware.DoubleD) -> No action taken.
C:\Programmi\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll (Adware.DoubleD) -> No action taken.
c:\programmi\media access startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> No action taken.
c:\programmi\media access startup\1.5.0.850\hppx.exe (Adware.DoubleD) -> No action taken.
c:\programmi\media access startup\1.5.0.850\MAHelper.exe (Adware.DoubleD) -> No action taken.
c:\programmi\media access startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> No action taken.
c:\programmi\media access startup\1.5.0.850\unins000.exe (Adware.DoubleD) -> No action taken.
c:\programmi\media access startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> No action taken.
c:\programmi\media access startup\1.5.0.850\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
c:\programmi\media access startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> No action taken.
c:\programmi\media access startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> No action taken.
c:\programmi\media access startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> No action taken.
c:\programmi\media access startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> No action taken.
c:\programmi\media access startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> No action taken.
c:\programmi\media access startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
c:\programmi\media access startup\1.5.0.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
c:\programmi\internet saving optimizer\3.4.0.4340\adwpx.exe (Adware.DoubleD) -> No action taken.
c:\programmi\internet saving optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> No action taken.
c:\programmi\internet saving optimizer\3.4.0.4340\unins000.dat (Adware.DoubleD) -> No action taken.
c:\programmi\internet saving optimizer\3.4.0.4340\unins000.exe (Adware.DoubleD) -> No action taken.
c:\programmi\internet saving optimizer\3.4.0.4340\Data\config.md (Adware.DoubleD) -> No action taken.
c:\programmi\internet saving optimizer\3.4.0.4340\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
c:\programmi\internet saving optimizer\3.4.0.4340\FF\install.rdf (Adware.DoubleD) -> No action taken.
c:\programmi\internet saving optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> No action taken.
c:\programmi\internet saving optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> No action taken.
c:\programmi\internet saving optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> No action taken.
c:\programmi\internet saving optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> No action taken.
c:\programmi\internet saving optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
c:\programmi\internet saving optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
c:\programmi\system search dispatcher\1.3.0.840\unins000.dat (Adware.DoubleD) -> No action taken.
c:\programmi\system search dispatcher\1.3.0.840\unins000.exe (Adware.DoubleD) -> No action taken.
c:\programmi\system search dispatcher\1.3.0.840\Data\eacore.mx (Adware.DoubleD) -> No action taken.
c:\programmi\system search dispatcher\1.3.0.840\Data\URLDynamic.mx (Adware.DoubleD) -> No action taken.
c:\programmi\system search dispatcher\1.3.0.840\Data\URLStatic.mx (Adware.DoubleD) -> No action taken.
c:\programmi\game.dll (Spyware.OnlineGames) -> No action taken.
C:\Programmi\Setup.exe (Rogue.Installer) -> No action taken.
Torna in alto
 
r16
Inviato: Wednesday, July 29, 2009 5:46:06 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Elimina Tutto quello che ha trovato Malwarebytes.

Per sicurezza rifai la scansione e posta il log.
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore

*********************************************************************************
Poi esegui questa scansione:
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di combofix (qoobox)

Alla fine, posta anche un log di HijackThis
Torna in alto
 
rox62
Inviato: Thursday, July 30, 2009 9:33:51 PM
Rank: Member

Iscritto dal : 7/26/2002
Posts: 14

Questo è il log rilasciato da combofix, dopo avere eseguito l'eliminazione dei file infetti con Malwarebytes, e dopo aver dato una ripulita con Ccleaner. Grazie nuovamente dell'aiuto, ciao Rosanna.





ComboFix 09-07-29.04 - matrix 30/07/2009 21.09.28.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1535.1090 [GMT 2:00]
Eseguito da: c:\documents and settings\matrix\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090729-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *enabled* {1AADEB1F-B11B-42FD-B43A-21E7A73362D8}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-889703245-3699494698-1188293332-1009
c:\windows\Installer\628d3.msp
c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL
c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\as2stubie.dll
c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\as2stubie.inf
c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\CabSA.inf
c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\desktop.ini
c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\erma.inf
c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\LegitCheckControl.inf
c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\libcomm.dll
c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\Microsoft XML Parser for Java.osd
c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\rufsi.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-06-28 al 2009-07-30 )))))))))))))))))))))))))))))))))))
.

2009-07-30 18:55 . 2009-07-30 18:55 -------- d-----w- c:\programmi\CCleaner
2009-07-30 18:54 . 2009-07-28 16:14 1033448 ----a-w- c:\programmi\ccsetup222_slim.exe
2009-07-30 17:52 . 2009-07-30 17:52 997402 ----a-w- c:\programmi\ccleaner.zip
2009-07-28 17:48 . 2009-07-28 17:48 -------- d-----w- c:\documents and settings\matrix\Dati applicazioni\Malwarebytes
2009-07-28 17:48 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-28 17:48 . 2009-07-28 17:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-07-28 17:48 . 2009-07-28 17:48 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-07-28 17:48 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-28 17:46 . 2009-07-14 05:35 3775176 ----a-w- c:\programmi\mbam-setup.exe
2009-07-28 17:45 . 2009-07-28 17:45 3751054 ----a-w- c:\programmi\Malwarebytes.zip
2009-07-28 12:03 . 2009-07-28 12:03 -------- d-----w- c:\programmi\Trend Micro
2009-07-28 11:59 . 2009-07-28 12:02 812344 ----a-w- c:\programmi\HJTInstall.exe
2009-07-22 11:31 . 2009-07-22 11:31 -------- d-----w- c:\documents and settings\matrix\Impostazioni locali\Dati applicazioni\Internet Saving Optimizer
2009-07-22 11:31 . 2009-07-22 11:31 -------- d-----w- c:\documents and settings\matrix\Impostazioni locali\Dati applicazioni\Media Access Startup
2009-07-22 11:30 . 2009-07-22 11:30 -------- d-----w- c:\documents and settings\matrix\Impostazioni locali\Dati applicazioni\DoubleD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 12:17 . 2009-04-09 12:16 -------- d-----w- c:\programmi\eMule
2009-07-29 21:54 . 2009-01-02 19:12 -------- d-----w- c:\documents and settings\matrix\Dati applicazioni\uTorrent
2009-07-25 19:20 . 2008-07-04 12:30 -------- d-----w- c:\documents and settings\matrix\Dati applicazioni\Skype
2009-07-25 18:59 . 2008-07-04 12:33 -------- d-----w- c:\documents and settings\matrix\Dati applicazioni\skypePM
2009-07-22 10:32 . 2008-08-06 12:30 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-07-13 19:12 . 2004-09-03 10:37 86088 ----a-w- c:\windows\system32\perfc010.dat
2009-07-13 19:12 . 2004-09-03 10:37 493834 ----a-w- c:\windows\system32\perfh010.dat
2009-07-03 16:55 . 2004-09-03 10:36 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-19 20:58 . 2009-06-19 20:58 -------- d-----w- c:\programmi\Virtual Earth 3D
2009-06-16 14:36 . 2004-09-03 10:36 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-09-03 10:36 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 20:37 . 2009-06-15 20:37 1915520 ----a-w- c:\documents and settings\matrix\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-06-08 20:54 . 2009-06-08 20:51 -------- d-----w- c:\programmi\PhotoScape
2009-06-08 20:20 . 2009-06-08 20:20 15063882 ----a-w- c:\programmi\PhotoScapeSetup_V3.3.exe
2009-06-03 19:09 . 2004-09-03 10:36 1296384 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:32 . 2004-09-03 10:36 347648 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 05:53 . 2009-05-07 05:53 1161086 ----a-w- c:\programmi\ronyasoft-cd-dvd-label-maker.zip
2009-04-26 12:13 . 2009-04-26 12:13 336574 ----a-w- c:\programmi\ShapeCollage-2.1-Setup.exe
2009-04-26 07:22 . 2009-04-26 07:22 14127840 ----a-w- c:\programmi\Golden_Path.exe
2009-04-26 07:17 . 2009-04-26 07:16 3207755 ----a-w- c:\programmi\cdbxp_setup_4.2.4.1322.exe
2009-04-25 11:39 . 2009-04-25 11:39 5938674 ----a-w- c:\programmi\ashampoo_burning.zip
2009-03-27 08:33 . 2009-03-27 08:33 7321032 ----a-w- c:\programmi\daemon4303-lite.exe
2009-02-10 14:22 . 2009-02-10 14:21 144137544 ----a-w- c:\programmi\wlsetup-all.exe
2009-02-10 11:09 . 2009-02-10 11:09 1159496 ----a-w- c:\programmi\wlsetup-custom.exe
2008-11-04 18:02 . 2008-10-05 05:53 7730856 ----a-w- c:\programmi\Google_Earth_CZXD.exe
2008-07-04 12:26 . 2008-07-04 12:26 22414120 ----a-w- c:\programmi\SkypeSetup.exe
2008-05-19 10:35 . 2008-05-19 10:35 3309160 ----a-w- c:\programmi\eMule0.49a-Installer1.exe
2008-05-03 12:19 . 2005-11-13 12:42 29696 --sha-w- c:\programmi\Thumbs.db
2008-04-18 20:25 . 2007-12-07 18:11 2402320 ----a-w- c:\programmi\WLinstaller.exe
2007-12-09 14:19 . 2009-07-28 17:46 2531 ----a-w- c:\programmi\LEGGIMI.htm
2007-12-07 18:11 . 2007-12-08 10:58 2402320 ----a-w- c:\programmi\Windows Live Installer.exe
2007-07-08 21:24 . 2007-07-08 21:24 686079 ----a-w- c:\programmi\setup_CodecInstaller.exe
2007-07-07 21:40 . 2007-07-07 21:40 15047272 ----a-w- c:\programmi\DVDsGUI075.exe
2007-07-07 21:35 . 2007-07-07 21:35 3369984 ----a-w- c:\programmi\PStory.msi
2007-07-02 21:47 . 2007-07-02 21:46 3736 ----a-w- c:\programmi\unins000.dat
2007-06-19 20:31 . 2007-06-19 20:31 17938288 ----a-w- c:\programmi\Install_Messenger.exe
2007-06-19 18:14 . 2007-06-19 18:14 3858985 ----a-w- c:\programmi\eMule0.48a-Installer.exe
2007-06-08 14:08 . 2007-07-02 21:47 70108412 ----a-w- c:\programmi\data.pak
2007-06-04 16:51 . 2007-07-02 21:47 146 ----a-w- c:\programmi\pack_000.mis
2006-12-20 07:43 . 2006-12-20 07:43 672732 ----a-w- c:\programmi\TutoreDattilo.exe
2006-09-16 19:35 . 2006-09-16 19:35 2744733 ----a-w- c:\programmi\zippo.exe
2005-11-13 12:41 . 2005-11-13 12:41 217404 ----a-w- c:\programmi\ImageResizerPowertoySetup.zip
2003-03-31 13:15 . 2007-07-02 21:47 159744 ----a-w- c:\programmi\OpenAL32.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Lingoes"="c:\programmi\Lingoes\Translator2\Lingoes.exe" [2008-12-30 2473984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2004-10-08 81920]
"Easy-PrintToolBox"="c:\programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-04-27 282624]
"fssui"="c:\programmi\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2004-09-10 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-09-15 2557952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Nikon Monitor.lnk - c:\programmi\File comuni\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\FDF.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01/04/2008 17.41.41 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/04/2008 17.41.41 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [10/02/2009 16.32.37 55152]
R2 fsssvc;Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19.08.58 533360]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [26/08/2008 13.32.02 8192]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [25/11/2005 17.43.48 31896]
S2 gupdate1c98b70ef469c70;Google Update Service (gupdate1c98b70ef469c70);c:\programmi\Google\Update\GoogleUpdate.exe [10/02/2009 13.15.48 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-10 11:15]

2009-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-10 11:15]

2004-12-14 c:\windows\Tasks\Promemoria registrazione 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-03 02:14]

2009-07-30 c:\windows\Tasks\User_Feed_Synchronization-{B0103417-22A8-47E1-8037-5FF08F930954}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-TomTomHOME.exe - c:\programmi\TomTom HOME 2\HOMERunner.exe


.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://search.msn.it/previewx.aspx?q={searchTerms}&FORM=CBPW&first=1&noredir=1
uStart Page = hxxp://www.wallstreetitalia.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 21:16
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,1b,14,0a,45,6e,
29,04,fa,e2,63,26,f1,3f,c8,ff,68,9e,df,bd,8e,3c,10,e5,72,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,64,96,a0,58,2d,
5f,89,96,6a,9c,d6,61,af,45,84,18,86,18,f7,40,df,aa,a0,e7,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,1b,ab,e5,dc,3e,
7e,39,ce,ff,7c,85,e0,43,d4,0e,fe,98,4f,05,2c,3b,9f,ec,0c,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,09,6e,2e,6f,65,
80,6b,3d,86,8c,21,01,be,91,eb,e7,bd,7e,ed,9a,c5,63,c2,bd,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,4d,09,1e,18,68,
43,8d,e6,f5,1d,4d,73,a8,13,5c,05,93,6c,ad,dc,8a,a8,ca,50,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,cd,04,80,34,2f,
fa,32,4a,df,20,58,62,78,6b,cf,c8,87,30,ac,40,e5,8b,50,59,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,d5,89,f8,ba,6f,
59,e9,6c,fb,a7,78,e6,12,2f,9a,ea,a0,ff,1e,48,2d,e4,a6,4c,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,76,2e,0d,3b,67,
c7,44,66,01,3a,48,fc,e8,04,4a,f1,94,b3,ec,e4,3e,e4,4a,4d,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,2f,ae,4b,c5,df,
f3,fd,d7,f6,0f,4e,58,98,5b,89,c9,74,30,c1,59,41,5f,8a,02,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,11,f3,9b,0c,43,
0a,2a,d7,3d,ce,ea,26,2d,45,aa,78,17,fa,15,3b,d9,30,6c,b1,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,ee,7e,f5,3c,b5,
d6,e9,e3,2a,b7,cc,b5,b9,7f,41,e7,4d,44,94,56,fe,9a,cf,c2,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,b4,12,1a,51,eb,
eb,a0,d4,6c,43,2d,1e,aa,22,2f,9c,d9,c9,3f,f7,10,56,6a,4f,6c,43,2d,1e,aa,22,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(7376)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\programmi\CyberLink\Shared Files\CLRCEngine.dll
c:\programmi\Lingoes\Translator2\opentext2.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\progra~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
c:\programmi\File comuni\LogiShrd\LQCVFX\COCIManager.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\File comuni\Symantec Shared\Security Center\symwsc.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2009-07-30 21.21.29 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-07-30 19:21
ComboFix2.txt 2008-05-05 21:33

Pre-Run: 35.754.778.624 byte disponibili
Post-Run: 35.723.849.728 byte disponibili

271 --- E O F --- 2009-07-29 08:59
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » apertura popup indesiderati...


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.