Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

log malwarebytes Opzioni
angelo_blù
Inviato: Sunday, October 25, 2009 10:45:19 AM

Rank: AiutAmico

Iscritto dal : 9/24/2007
Posts: 96
un saluto a tutti gli amici, premetto che ho appena formattato(ieri)


Malwarebytes' Anti-Malware 1.41
Versione del database: 3029
Windows 5.1.2600 Service Pack 3

25/10/2009 10.34.11
mbam-log-2009-10-25 (10-34-01).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 135144
Tempo trascorso: 38 minute(s), 25 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 1
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Documents and Settings\Utente\Dati applicazioni\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> No action taken.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.36.50, on 25/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\WinAlarm\WinAlarm.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Utente\Documenti\x Pulizia x\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [WinAlarm] C:\Programmi\WinAlarm\WinAlarm.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: &Tastiera Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256112690609
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 7556 bytes
Sponsor
Inviato: Sunday, October 25, 2009 10:45:19 AM

 
antonpaco
Inviato: Sunday, October 25, 2009 3:55:48 PM
Rank: AiutAmico

Iscritto dal : 11/7/2006
Posts: 1,180
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing

queste voci non servono, puoi eliminarle, per la scansione col malwarebytes aspetta gli esperti che ti diranno cosa fare.
angelo_blù
Inviato: Sunday, October 25, 2009 4:18:12 PM

Rank: AiutAmico

Iscritto dal : 9/24/2007
Posts: 96
ciao, grazie aspetterò gli esperti
angelo_blù
Inviato: Sunday, October 25, 2009 10:02:16 PM

Rank: AiutAmico

Iscritto dal : 9/24/2007
Posts: 96
nessuno può aiutarmi? Brick wall
r16.... Pray
r16
Inviato: Sunday, October 25, 2009 10:04:52 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
angelo_blù ha scritto:
un saluto a tutti gli amici, premetto che ho appena formattato(ieri)


Sei stato rapido a infettare il pc...
Elimina quello che ha trovato Malwarebytes.

Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di Combofix e (qoobox)
angelo_blù
Inviato: Sunday, October 25, 2009 11:36:03 PM

Rank: AiutAmico

Iscritto dal : 9/24/2007
Posts: 96
grazie r16 x aver risposto
ho fatto del mio meglio ecco il log


ComboFix 09-10-25.01 - Utente 25/10/2009 23.04.08.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.512.255 [GMT 1:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Utente\Dati applicazioni\Desktopicon

.
((((((((((((((((((((((((( Files Creati Da 2009-09-25 al 2009-10-25 )))))))))))))))))))))))))))))))))))
.

2009-10-25 18:28 . 2009-10-25 18:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NVIDIA
2009-10-25 18:02 . 2009-10-25 18:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Zylom
2009-10-25 15:37 . 2009-10-25 15:37 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Identities
2009-10-25 08:42 . 2009-10-25 08:42 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Malwarebytes
2009-10-25 08:42 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 08:42 . 2009-10-25 08:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-10-25 08:41 . 2009-10-25 08:42 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-10-25 08:41 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-24 21:42 . 2009-10-24 21:52 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Babylon
2009-10-24 21:41 . 2009-10-24 21:41 -------- d-----w- c:\programmi\Babylon
2009-10-24 21:41 . 2009-10-24 21:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Babylon
2009-10-24 21:40 . 2009-10-24 21:53 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Babylon
2009-10-24 17:27 . 2009-10-24 17:27 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Canon
2009-10-24 17:24 . 2009-10-24 17:24 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Scansoft
2009-10-24 17:21 . 1997-10-14 03:19 11776 ----a-w- c:\windows\system32\pmsbfn32.dll
2009-10-24 17:21 . 2009-10-24 17:21 -------- d-----w- c:\programmi\File comuni\NewSoft
2009-10-24 17:20 . 2009-10-24 17:20 -------- d-----w- c:\programmi\File comuni\PDFView
2009-10-24 17:20 . 2009-10-24 17:20 -------- d-----w- c:\windows\system32\Color
2009-10-24 17:20 . 2009-10-24 17:20 -------- d-----w- c:\programmi\NewSoft
2009-10-24 17:19 . 2009-10-24 17:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\InstallShield
2009-10-24 17:19 . 2009-10-24 17:19 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\ScanSoft
2009-10-24 17:19 . 2009-10-24 17:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ScanSoft
2009-10-24 17:19 . 2009-10-24 17:19 -------- d-----w- c:\programmi\File comuni\ScanSoft Shared
2009-10-24 17:19 . 2009-10-24 17:19 -------- d-----w- c:\programmi\ScanSoft
2009-10-24 17:17 . 2009-10-24 17:17 -------- d-----w- c:\programmi\ArcSoft
2009-10-24 17:17 . 1995-08-01 02:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2009-10-24 17:16 . 2009-10-24 17:16 -------- d-----w- c:\programmi\File comuni\CANON
2009-10-24 17:15 . 2009-10-24 17:15 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2009-10-24 17:15 . 2009-10-24 17:15 -------- d--h--w- c:\programmi\CanonBJ
2009-10-24 17:14 . 2009-10-24 17:16 -------- d-----w- c:\programmi\Canon
2009-10-24 16:52 . 2008-04-13 09:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-24 16:52 . 2008-04-13 09:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-24 16:43 . 2009-10-24 16:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\UDL
2009-10-24 16:41 . 2008-04-13 09:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-24 16:41 . 2008-04-13 09:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-24 16:40 . 2009-10-24 17:00 -------- d-----w- c:\programmi\EPSON
2009-10-24 15:57 . 2009-10-24 15:57 -------- d-----w- c:\programmi\7-Zip
2009-10-24 15:48 . 2009-10-24 15:48 -------- d-----w- c:\programmi\Unlocker
2009-10-24 10:48 . 2009-10-24 10:48 -------- d-----w- c:\windows\Sun
2009-10-24 10:34 . 2009-10-24 10:34 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\aignes
2009-10-24 10:33 . 2009-10-24 10:33 -------- d-----w- c:\programmi\AM-DeadLink
2009-10-24 10:06 . 2009-10-24 10:06 -------- d-----r- c:\programmi\emule0.49c-Xtreme7.2
2009-10-24 10:01 . 2009-10-24 10:01 -------- d-----w- c:\programmi\RocketDock
2009-10-24 09:53 . 2009-10-24 09:53 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\WinAlarm
2009-10-24 09:50 . 2009-10-24 09:50 -------- d-----w- c:\programmi\WinAlarm
2009-10-24 09:43 . 2009-10-24 09:43 -------- d-----w- c:\programmi\Java
2009-10-24 08:30 . 2009-10-24 08:30 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\URSoft
2009-10-24 08:30 . 2009-10-24 08:32 -------- d-----w- c:\programmi\Your Uninstaller 2008
2009-10-24 07:32 . 2009-10-24 07:36 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-10-21 09:15 . 2009-10-21 09:15 2080536 ----a-w- c:\windows\system32\AutoPartNt.exe
2009-10-21 08:38 . 2009-10-21 08:38 971584 ----a-w- c:\windows\system32\drivers\tdrpm147.sys
2009-10-21 08:38 . 2009-10-21 08:38 540000 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-10-21 08:38 . 2009-10-21 08:38 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-10-21 08:37 . 2009-10-21 08:37 134272 ----a-w- c:\windows\system32\drivers\snman380.sys
2009-10-21 08:37 . 2009-10-21 08:37 -------- d-----w- c:\programmi\Acronis
2009-10-21 08:37 . 2009-10-21 08:37 -------- d-----w- c:\programmi\File comuni\Acronis
2009-10-21 08:28 . 2009-10-21 08:28 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PowerDVDCox
2009-10-21 08:28 . 2009-10-21 08:28 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PowerDVDCinema
2009-10-21 08:28 . 2009-10-21 08:28 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\CyberLink
2009-10-21 08:17 . 2009-10-24 07:22 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ApplicationHistory
2009-10-21 08:17 . 2009-10-21 08:17 135 ----a-w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\fusioncache.dat
2009-10-21 07:55 . 2009-10-21 07:56 -------- d-----w- c:\windows\system32\URTTemp
2009-10-21 07:52 . 2008-06-14 17:32 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-21 07:52 . 2008-06-14 17:32 272768 ------w- c:\windows\system32\drivers\bthport.sys
2009-10-21 07:50 . 2009-08-04 20:56 2192896 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-21 07:50 . 2009-08-04 17:26 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-21 07:50 . 2009-08-04 17:26 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-21 07:50 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-21 07:35 . 2009-10-21 08:25 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Adobe
2009-10-21 07:34 . 2009-10-21 07:35 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-21 06:02 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-10-21 06:02 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-10-20 17:46 . 2009-10-20 17:46 -------- d-----w- c:\programmi\Microsoft
2009-10-20 17:36 . 2009-10-21 08:28 64168 ----a-w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-20 17:31 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-10-20 17:31 . 2009-10-20 17:31 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-10-20 17:29 . 2009-10-20 17:30 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-10-20 17:29 . 2009-10-20 17:29 -------- d-----w- c:\windows\system32\LogFiles
2009-10-20 17:06 . 2007-07-27 08:41 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-10-20 17:06 . 2009-10-21 08:02 -------- d--h--w- c:\windows\$hf_mig$
2009-10-20 17:03 . 2009-08-29 07:26 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-20 17:03 . 2009-08-29 07:26 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-20 17:03 . 2009-08-29 07:26 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-10-20 17:03 . 2009-08-28 10:28 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-20 17:03 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-10-20 17:03 . 2009-08-29 07:26 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-20 17:03 . 2009-08-29 07:26 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-10-20 17:03 . 2009-08-29 07:26 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-10-20 16:56 . 2009-10-21 08:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CyberLink
2009-10-20 16:56 . 2009-10-20 16:56 -------- d-----w- c:\programmi\File comuni\CyberLink
2009-10-20 16:55 . 2009-10-20 16:56 -------- d-----w- c:\programmi\CyberLink
2009-10-20 16:55 . 2009-10-20 16:54 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-10-20 16:55 . 2009-10-20 16:54 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-20 16:33 . 2009-10-20 16:33 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-10-20 16:33 . 2009-10-20 16:49 -------- d-----w- c:\programmi\Google
2009-10-20 16:30 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-10-20 16:30 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-20 16:30 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-20 16:30 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-10-20 16:30 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-20 16:30 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-10-20 16:30 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\divx.dll
2009-10-20 16:30 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-20 16:30 . 2009-10-20 16:54 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-20 16:30 . 2009-10-20 16:32 -------- d-----w- c:\programmi\K-Lite Codec Pack
2009-10-20 16:24 . 2009-10-24 09:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-20 16:15 . 2007-04-09 11:23 28040 ----a-w- c:\windows\system32\mdimon.dll
2009-10-20 16:12 . 2009-10-20 16:12 -------- d-----w- c:\programmi\Microsoft.NET
2009-10-20 16:11 . 2009-10-20 16:21 -------- d-----w- c:\programmi\Microsoft Works
2009-10-20 16:11 . 2009-10-20 16:12 -------- d-----w- c:\windows\SHELLNEW
2009-10-20 16:09 . 2009-10-20 16:09 -------- d-----r- C:\MSOCache
2009-10-20 16:00 . 2009-10-20 16:00 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Ahead
2009-10-20 15:57 . 2009-10-20 15:57 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Nero
2009-10-20 15:53 . 2009-10-20 15:55 -------- d-----w- c:\programmi\File comuni\Nero
2009-10-20 15:53 . 2009-10-20 15:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2009-10-20 15:53 . 2009-10-20 15:53 -------- d-----w- c:\programmi\Nero
2009-10-20 15:40 . 2009-10-20 15:40 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-10-20 15:38 . 2009-10-20 15:51 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-20 15:38 . 2009-10-20 15:51 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-20 15:37 . 2009-10-25 22:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-10-20 15:37 . 2009-10-20 15:37 -------- d-----w- c:\programmi\Kaspersky Lab
2009-10-20 15:35 . 2009-10-20 15:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2009-10-20 15:35 . 2009-10-20 15:35 -------- d-----w- c:\programmi\CCleaner
2009-10-20 15:34 . 2009-10-20 15:35 -------- d-----w- c:\programmi\Windows Commander
2009-10-20 15:34 . 2002-08-28 03:10 545 ----a-w- c:\windows\UC.PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 17:44 . 2009-10-20 16:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-10-25 15:34 . 2009-10-20 16:38 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-10-25 08:13 . 2008-04-14 12:00 64156 ----a-w- c:\windows\system32\perfc010.dat
2009-10-25 08:13 . 2008-04-14 12:00 428288 ----a-w- c:\windows\system32\perfh010.dat
2009-10-24 17:20 . 2009-10-20 09:52 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-24 17:19 . 2009-10-20 09:51 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-10-20 16:45 . 2009-10-20 16:38 -------- d-----w- c:\programmi\SpywareBlaster
2009-10-20 09:51 . 2009-10-20 09:51 -------- d-----w- c:\programmi\sisagp
2009-10-20 09:14 . 2009-10-20 09:14 -------- d-----w- c:\programmi\microsoft frontpage
2009-10-20 09:13 . 2009-10-20 09:13 -------- d-----w- c:\programmi\Servizi in linea
2009-10-20 09:11 . 2009-10-20 09:11 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-11 14:17 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:26 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:26 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:26 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2008-04-14 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 17:24 . 2009-10-20 09:12 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2009-10-20 09:12 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2009-10-20 09:12 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2008-04-14 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2009-10-20 09:12 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2009-10-20 09:12 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 17:23 . 2009-10-20 09:12 209624 ----a-w- c:\windows\system32\wuweb.dll
2009-08-05 08:59 . 2008-04-14 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:26 . 2008-04-14 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:26 . 2008-04-13 18:55 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:34 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:34 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"TrueImageMonitor.exe"="c:\programmi\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-11-21 4371440]
"AcronisTimounterMonitor"="c:\programmi\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-11-21 961208]
"Acronis Scheduler2 Service"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2008-11-21 165144]
"WinAlarm"="c:\programmi\WinAlarm\WinAlarm.exe" [2007-12-26 353280]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avp"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-07-03 303376]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\emule0.49c-Xtreme7.2\\emule.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 19.41.32 33808]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [21/10/2009 9.37.55 134272]
R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\drivers\tdrpm147.sys [21/10/2009 9.38.13 971584]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/10/20 18:56];c:\programmi\CyberLink\PowerDVD9\000.fcl [28/02/2009 18.40.18 87536]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 16.46.52 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 19.59.44 19472]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://virgilio.it/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-25 23:12
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD9\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(828)
c:\windows\system32\WININET.dll
c:\programmi\RocketDock\RocketDock.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\combofix\CF2459.exe
c:\windows\system32\wscntfy.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Ora fine scansione: 2009-10-25 23.27.21 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-10-25 22:18

Pre-Run: 57.496.150.016 byte disponibili
Post-Run: 57.488.384.000 byte disponibili

- - End Of File - - BCEA438D765C480F420124FD97659002
r16
Inviato: Sunday, October 25, 2009 11:53:19 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ti sei ricordato di eliminare i file trovati da Malwarebytes?
Che problemi ha adesso il pc?
angelo_blù
Inviato: Monday, October 26, 2009 12:17:46 AM

Rank: AiutAmico

Iscritto dal : 9/24/2007
Posts: 96
si i file li ho eliminati prima di avviare combofix
r16 di problemi non ne avevo, a parte il pc che ruminava un pò troppo
non so come lo hanno formattato questa volta
ripreso il pc ho rimesso i vari prog (tutti presi da aiutamici) e l'ultimo è stato proprio Malwarebytes che per curiosità ho voluto provare
tutto qui
combofix ha fatto il suo lavoro?
come devo procedere adesso?
ciao e grazie
r16
Inviato: Monday, October 26, 2009 12:29:44 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Si, Combofix ha levato qualcosina.
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Fai queste operazioni di pulizia:
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su Remove selected

Fai uno ScanDisk approfondito, e una deframmentazione del HD.
Riattiva il ripristino configurazione di sistema
angelo_blù
Inviato: Monday, October 26, 2009 9:22:29 AM

Rank: AiutAmico

Iscritto dal : 9/24/2007
Posts: 96
fatto tutto

fatto scansione con malwarebytes: 0 rilevati

del log HijackThis che mi dici?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.03.46, on 26/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\WinAlarm\WinAlarm.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Documents and Settings\Utente\Documenti\x Pulizia x\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [WinAlarm] C:\Programmi\WinAlarm\WinAlarm.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [avp] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: &Tastiera Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256112690609
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 6859 bytes


posso disinstallare Combofix?
ciao

r16
Inviato: Monday, October 26, 2009 1:52:49 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
ciao.
Si, disistalla Combofix.
Il log di HJT non presenta anomalie.
Ti consiglio di aprire un nuovo topic, per configurare al meglio Kaspersky.
Enigmistica63, lo conosce molto bene.
Chiedi a lui.
angelo_blù
Inviato: Monday, October 26, 2009 4:40:16 PM

Rank: AiutAmico

Iscritto dal : 9/24/2007
Posts: 96
ciao r16 ti ringrazio x l'aiuto che mi hai dato

la cartella di combofix e qoobox in C/ non l'ho trovata usando il "cerca" non trova niente, va bene lo stesso?

che hai visto in kaspersky che non va?
r16
Inviato: Monday, October 26, 2009 4:59:33 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
la cartella di combofix e qoobox in C/ non l'ho trovata usando il "cerca" non trova niente, va bene lo stesso?

Si, và bene lo stesso.

Commenta:
che hai visto in kaspersky che non va?

E' un buon software.
Ma lo si deve configurare bene, perchè dia il meglio.
Enigmistica63 (dice lui) lo conosce meglio della moglie, per cui.....Whistle
angelo_blù
Inviato: Monday, October 26, 2009 8:25:09 PM

Rank: AiutAmico

Iscritto dal : 9/24/2007
Posts: 96
ok ti ringrazio infinitamente Boo hoo!
appena posso contatto l'amico Enigmistica63

ciaooo Applause
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.