Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllare, per piacere il sottostante log?

2 pages: [1] 2
Mi controllare, per piacere il sottostante log? Opzioni
Topic Precedente · Topic Sucessivo
pippof
Inviato: Friday, December 11, 2009 2:23:45 PM
Rank: Member

Iscritto dal : 11/14/2001
Posts: 27
Sposto la discussione dietro suggerimento

Code:

Logfile of HijackThis v1.99.1
Scan saved at 12.13.25, on 11/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\USB Safely Remove\USBSRService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Free\a2service.exe
C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\LogiTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\USB Safely Remove\USBSafelyRemove.exe
C:\Programmi\MemoRex\MemoRex.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\eMule0.49c\emule.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Programmi\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Programmi\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Documents and Settings\Giuseppe\Desktop\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66008
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66008
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MemoREX] "C:\Programmi\MemoRex\MemoRexStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [avp] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [filehippo.com] "C:\Programmi\filehippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [USB Safely Remove] C:\Programmi\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [DriverMax] "C:\Programmi\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Programmi\Innovative Solutions\Advanced Uninstaller PRO - Version 9\monitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [] C:\PROGRA~1\Mozilla Firefox\firefox.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2007&error=0&language=it&product=SymNRT&version=2008.0.1.19&build=Symantec&a=00000082.00000010.00000020&b=00000082.00000045.0000011b&c=00000082.00000049.000000bb
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Tastiera Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {60E33102-59F1-44DA-BA3D-494BB9A80514} (Iphona) - http://www.inps.it/Servizi/ParlaConNoi/VoipFiles/IPhona.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126789574906
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4724/mcfscan.cab
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - http://aiuto.alice.it/ata/static/installers/WebflowActiveXInstaller_4-1-4.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8064CBE-3CAA-4D22-8722-8DC42D0785CF}: NameServer = 85.37.17.39,85.38.28.71
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: acaptuser32.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: APC PBE Agent (APCPBEAgent) - APC - C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" -r (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - C:\Programmi\USB Safely Remove\USBSRService.exe


Desidero aggiungere che dopo l'esecuzione di ComboFix, mentre stavo utilizzandolo il pc s'è improvvisamente ed inspiegabilmente spento e riavviato ed è comparso un avviso che segnalava il ripristino a seguito di un grave errore!
Adesso ho l'impressione che si sia notevolmente rallentato rispetto a prima dellesecuzione di ComboFix!
Torna in alto
 
Sponsor
Inviato: Friday, December 11, 2009 2:23:45 PM

 
Torna in alto
 
r16
Inviato: Friday, December 11, 2009 2:42:28 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Disistalla la versione di HijackThis. (obsoleta)
Installa questa:
http://www.aiutamici.com/software?ID=11175

Poi, l'antivirus, funziona bene?
Mi risulta danneggiato.
Ti consiglio di disistallarlo e reistallarlo.
Disistalla pure anche Ad-Aware, (pesante, e scarso nel rilevare infezioni)
Al suo posto installa Malwarebytes:
http://www.aiutamici.com/software?ID=80346
Fai una scansione completa e posta il log.
Poi, se vuoi spiegare i problemi che ha il tuo pc, sono tutt'orecchie.
Torna in alto
 
pippof
Inviato: Friday, December 11, 2009 4:45:16 PM
Rank: Member

Iscritto dal : 11/14/2001
Posts: 27
r16 ha scritto:
Ciao.
Disistalla la versione di HijackThis. (obsoleta)
Installa questa:
http://www.aiutamici.com/software?ID=11175

Poi, l'antivirus, funziona bene?
Mi risulta danneggiato.
Ti consiglio di disistallarlo e reistallarlo.
Disistalla pure anche Ad-Aware, (pesante, e scarso nel rilevare infezioni)
Al suo posto installa Malwarebytes:
http://www.aiutamici.com/software?ID=80346
Fai una scansione completa e posta il log.
Poi, se vuoi spiegare i problemi che ha il tuo pc, sono tutt'orecchie.


Ho notato anch'io che HijackThis rileva l'antivirus inesistente! strano a me risulta tutto a posto! ho recentemente installato l'ultima versione di Kaspersky e mi funge regolarmente.
Per quanto riguarda Malwarebytes l'ho già installato, mentre per quanto concerne Ad-Aware dopo averlo disinstallato, all'avvio di Windows, appare una schermata blu che dice: Lsdelete Program Not Found - Skipping Autocheck, e a questo punto non so più cosa fare!
Torna in alto
 
r16
Inviato: Friday, December 11, 2009 5:11:14 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
Torna in alto
 
pippof
Inviato: Friday, December 11, 2009 5:42:26 PM
Rank: Member

Iscritto dal : 11/14/2001
Posts: 27
r16 ha scritto:
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.


Ho scaricato ComboFix.exe, ho seguito le tue istruzioni, ma all'atto di eseguirlo mi dà un msg di errore in inglese che dice che il file è corrotto e occorre riscaricalo!
Ma questo combofix a cosa serve??
Torna in alto
 
r16
Inviato: Friday, December 11, 2009 8:33:12 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Prova questa versione:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Per favore non quotare le mie risposte. (mi trovo meglio)
Torna in alto
 
pippof
Inviato: Friday, December 11, 2009 9:51:17 PM
Rank: Member

Iscritto dal : 11/14/2001
Posts: 27
Ecco il log prodotto da ComboFix:

Code:


ComboFix 09-12-11.01 - Giuseppe 11/12/2009  20.59.18.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.3071.2397 [GMT 1:00]
Eseguito da: c:\documents and settings\Giuseppe\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Menu Avvio\Windows Live Messenger .lnk
c:\documents and settings\Giuseppe\Dati applicazioni\Desktopicon
c:\documents and settings\Giuseppe\Dati applicazioni\Desktopicon\config.ini
c:\documents and settings\Giuseppe\Dati applicazioni\Desktopicon\eBay.ico
c:\documents and settings\Giuseppe\Dati applicazioni\Desktopicon\uninst.exe
c:\windows\patchw32.dll
c:\windows\pw32a.dll
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
c:\windows\system32\twain_32.dll

.
(((((((((((((((((((((((((   Files Creati Da 2009-11-11 al 2009-12-11  )))))))))))))))))))))))))))))))))))
.

2009-12-11 17:59 . 2009-12-11 17:59    --------    d-----w-    c:\windows\system32\wbem\Repository
2009-12-11 15:46 . 2009-12-11 15:46    --------    d-----w-    c:\programmi\Trend Micro
2009-12-10 14:12 . 2009-12-10 13:32    15880    ----a-w-    c:\windows\system32\lsdelete.exe
2009-12-10 13:32 . 2009-09-23 12:55    64288    ----a-w-    c:\windows\system32\drivers\Lbd.sys
2009-12-10 13:29 . 2009-12-11 18:09    --------    dc-h--w-    c:\documents and settings\All Users\Dati applicazioni\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-10 10:28 . 2009-12-10 13:29    --------    d-----w-    c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-12-09 20:20 . 2009-11-21 15:54    471552    -c----w-    c:\windows\system32\dllcache\aclayers.dll
2009-12-09 11:17 . 2009-12-09 11:17    --------    d-----w-    c:\programmi\Moo0
2009-12-08 12:57 . 2009-12-08 12:57    --------    d-----w-    c:\documents and settings\All Users\Dati applicazioni\ATI
2009-12-08 12:47 . 2009-09-29 20:15    593920    ------w-    c:\windows\system32\ati2sgag.exe
2009-11-25 01:58 . 2009-07-31 04:32    1172480    -c----w-    c:\windows\system32\dllcache\msxml3.dll
2009-11-22 03:27 . 2009-11-22 03:29    --------    d-----w-    c:\programmi\Spybot - Search & Destroy

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-11 20:17 . 2008-10-04 14:32    --------    d-----w-    c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-12-11 16:18 . 2006-03-16 07:44    --------    d-----w-    c:\documents and settings\Giuseppe\Dati applicazioni\Skype
2009-12-11 09:25 . 2009-11-04 02:21    --------    d-----w-    c:\documents and settings\Giuseppe\Dati applicazioni\vlc
2009-12-11 07:34 . 2007-11-11 06:35    --------    d-----w-    c:\documents and settings\Giuseppe\Dati applicazioni\foobar2000
2009-12-11 02:44 . 2007-11-01 12:30    --------    d-----w-    c:\programmi\TavoliVerdi
2009-12-10 14:41 . 2007-11-16 02:54    --------    d-----w-    c:\documents and settings\Giuseppe\Dati applicazioni\skypePM
2009-12-10 13:32 . 2009-12-10 13:32    862040    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-10 13:32 . 2009-12-10 13:32    206944    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-10 13:32 . 2009-12-10 13:32    15880    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-12-10 13:32 . 2009-12-10 13:32    537576    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-10 13:32 . 2009-12-10 13:32    390288    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-10 13:32 . 2009-12-10 13:32    370744    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-10 13:32 . 2009-12-10 13:32    194104    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-10 13:32 . 2009-12-10 13:32    163728    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-10 13:32 . 2009-12-10 13:32    5908024    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-10 13:32 . 2009-12-10 13:32    327000    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-10 13:31 . 2009-12-10 13:31    87496    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-10 13:31 . 2009-12-10 13:31    933120    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-10 13:31 . 2009-12-10 13:31    641632    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-10 13:31 . 2009-12-10 13:31    816272    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-10 13:31 . 2009-12-10 13:31    822904    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-10 13:31 . 2009-12-10 13:31    1638640    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-10 13:31 . 2009-12-10 13:31    788880    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-10 13:31 . 2009-12-10 13:31    1184912    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-10 11:11 . 2001-08-31 11:00    537958    ----a-w-    c:\windows\system32\perfh010.dat
2009-12-10 11:11 . 2001-08-31 11:00    105138    ----a-w-    c:\windows\system32\perfc010.dat
2009-12-08 12:53 . 2005-09-15 12:23    --------    d-----w-    c:\programmi\ATI Technologies
2009-12-06 14:09 . 2007-04-06 07:17    --------    d-----w-    c:\documents and settings\Giuseppe\Dati applicazioni\dvdcss
2009-12-05 07:20 . 2009-03-06 20:06    --------    d-----w-    c:\programmi\Malwarebytes' Anti-Malware
2009-12-05 07:19 . 2009-03-30 18:12    4844296    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-03 15:14 . 2009-03-06 20:06    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-03-06 20:06    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-12-03 13:03 . 2009-12-03 13:03    80400    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-03 13:03 . 2009-12-03 13:03    80400    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-11-30 08:46 . 2008-12-18 00:40    --------    d-----w-    c:\programmi\USB Safely Remove
2009-11-27 16:53 . 2006-02-23 06:19    --------    d-----w-    c:\programmi\Winamp
2009-11-27 11:53 . 2008-05-13 19:14    --------    d-----w-    c:\programmi\Microsoft Baseline Security Analyzer 2
2009-11-22 07:49 . 2008-11-17 07:41    --------    d-----w-    c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-11-22 01:53 . 2008-05-14 02:59    --------    d-----w-    c:\programmi\Microsoft Silverlight
2009-11-21 15:54 . 2004-08-19 14:39    471552    ----a-w-    c:\windows\AppPatch\aclayers.dll
2009-11-18 06:29 . 2008-05-29 10:36    --------    d-----w-    c:\programmi\AVI ReComp
2009-11-18 05:19 . 2006-07-31 08:22    --------    d-----w-    c:\programmi\a-squared Free
2009-11-17 02:08 . 2005-09-15 12:13    --------    d-----w-    c:\programmi\File comuni\Adobe
2009-11-16 17:25 . 2009-11-16 17:25    109072    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2009-11-16 17:23 . 2009-11-16 17:23    315408    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2009-11-04 11:24 . 2006-03-17 02:09    --------    d-----w-    c:\programmi\Unlocker
2009-11-04 00:51 . 2009-10-13 16:29    --------    d-----w-    c:\programmi\Java
2009-11-04 00:49 . 2009-11-04 00:49    152576    ----a-w-    c:\documents and settings\Giuseppe\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-01 11:22 . 2008-03-04 03:19    --------    d-----w-    c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2009-10-29 07:40 . 2004-08-19 14:39    916480    ----a-w-    c:\windows\system32\wininet.dll
2009-10-26 10:04 . 2009-04-01 02:54    --------    d-----w-    c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-10-23 14:17 . 2009-10-23 14:17    64072    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\Italian\setup.exe
2009-10-21 05:38 . 2004-08-19 14:39    75776    ----a-w-    c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-19 14:39    25088    ----a-w-    c:\windows\system32\httpapi.dll
2009-10-20 19:34 . 2009-10-20 19:34    219664    ----a-w-    c:\windows\system32\klogon.dll
2009-10-20 16:20 . 2004-08-03 22:00    265728    ----a-w-    c:\windows\system32\drivers\http.sys
2009-10-16 00:36 . 2007-12-08 00:40    --------    d-----w-    c:\documents and settings\All Users\Dati applicazioni\Innovative Solutions
2009-10-15 06:17 . 2009-10-15 06:17    --------    d-----w-    c:\programmi\Microsoft Office Outlook Connector
2009-10-15 06:16 . 2007-11-08 02:05    --------    d-----w-    c:\programmi\Windows Live
2009-10-14 20:18 . 2008-01-29 16:29    36880    ----a-w-    c:\windows\system32\drivers\klbg.sys
2009-10-14 13:43 . 2008-10-04 14:33    108059    ----a-w-    c:\windows\system32\drivers\klin.dat
2009-10-14 13:43 . 2008-10-04 14:33    95259    ----a-w-    c:\windows\system32\drivers\klick.dat
2009-10-13 18:51 . 2009-10-13 18:41    604140    --sha-w-    c:\windows\system32\drivers\ISwift3.dat
2009-10-13 18:48 . 2009-10-13 18:48    109072    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-10-13 18:48 . 2009-10-13 18:48    59920    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-10-13 18:48 . 2009-10-13 18:48    264720    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-10-13 18:36 . 2008-10-04 14:32    7504928    --sha-w-    c:\windows\system32\drivers\fidbox.dat
2009-10-13 18:36 . 2008-10-04 14:32    7320    --sha-w-    c:\windows\system32\drivers\fidbox2.idx
2009-10-13 18:36 . 2008-10-04 14:32    61808    --sha-w-    c:\windows\system32\drivers\fidbox.idx
2009-10-13 18:36 . 2008-10-04 14:32    1212448    --sha-w-    c:\windows\system32\drivers\fidbox2.dat
2009-10-13 18:31 . 2008-02-15 19:33    --------    d-----w-    c:\programmi\Kaspersky Lab
2009-10-13 16:36 . 2009-10-13 16:36    --------    d-----w-    c:\programmi\File comuni\Skype
2009-10-13 16:36 . 2006-03-16 07:44    --------    d-----r-    c:\programmi\Skype
2009-10-13 16:35 . 2006-03-16 07:44    --------    d-----w-    c:\documents and settings\All Users\Dati applicazioni\Skype
2009-10-13 16:29 . 2009-10-13 16:29    0    ----a-w-    c:\windows\system32\REN3A.tmp
2009-10-13 16:29 . 2009-10-13 16:29    0    ----a-w-    c:\windows\system32\REN39.tmp
2009-10-13 16:29 . 2009-10-13 16:29    0    ----a-w-    c:\windows\system32\REN38.tmp
2009-10-13 16:04 . 2008-12-10 20:25    --------    d-----w-    c:\documents and settings\All Users\Dati applicazioni\NOS
2009-10-13 15:46 . 2009-10-13 15:46    1925024    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\install_flash_player.exe
2009-10-13 15:27 . 2008-12-18 00:40    --------    d-----w-    c:\documents and settings\Giuseppe\Dati applicazioni\USBSafelyRemove
2009-10-13 15:10 . 2009-01-17 03:54    --------    d-----w-    c:\programmi\Windows Desktop Search
2009-10-13 10:33 . 2004-08-19 14:39    271360    ----a-w-    c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-19 14:39    150016    ----a-w-    c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-19 14:39    79872    ----a-w-    c:\windows\system32\raschap.dll
2009-10-11 03:17 . 2008-11-02 06:13    411368    ----a-w-    c:\windows\system32\deploytk.dll
2009-10-03 08:15 . 2009-12-10 13:29    2924848    -c--a-w-    c:\documents and settings\All Users\Dati applicazioni\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-02 18:39 . 2009-05-16 18:59    19472    ----a-w-    c:\windows\system32\drivers\klmouflt.sys
2009-09-30 04:18 . 2005-08-04 03:10    3565056    ----a-w-    c:\windows\system32\drivers\ati2mtag.sys
2009-09-30 02:20 . 2009-09-30 02:20    442368    ----a-w-    c:\windows\system32\ATIDEMGX.dll
2009-09-30 02:19 . 2005-08-04 03:10    325120    ----a-w-    c:\windows\system32\ati2dvag.dll
2009-09-30 02:10 . 2009-09-30 02:10    204800    ----a-w-    c:\windows\system32\atipdlxx.dll
2009-09-30 02:10 . 2009-09-30 02:10    155648    ----a-w-    c:\windows\system32\Oemdspif.dll
2009-09-30 02:10 . 2009-09-30 02:10    26112    ----a-w-    c:\windows\system32\Ati2mdxx.exe
2009-09-30 02:10 . 2009-09-30 02:10    43520    ----a-w-    c:\windows\system32\ati2edxx.dll
2009-09-30 02:10 . 2009-09-30 02:10    155648    ----a-w-    c:\windows\system32\ati2evxx.dll
2009-09-30 02:08 . 2009-09-30 02:08    602112    ----a-w-    c:\windows\system32\ati2evxx.exe
2009-09-30 02:08 . 2009-09-30 02:08    307200    ----a-w-    c:\windows\system32\atiiiexx.dll
2009-09-30 02:07 . 2009-09-30 02:07    53248    ----a-w-    c:\windows\system32\ATIDDC.DLL
2009-09-30 02:07 . 2009-09-30 02:07    11845632    ----a-w-    c:\windows\system32\atioglxx.dll
2009-09-30 02:00 . 2005-08-04 02:54    3818272    ----a-w-    c:\windows\system32\ati3duag.dll
2006-10-28 06:20 . 2006-10-28 05:57    56    --sh--r-    c:\windows\system32\31FA32EECD.sys
2005-10-11 03:47 . 2005-10-11 03:47    56    --sh--r-    c:\windows\system32\540F5200CC.sys
2008-10-24 02:27 . 2008-10-24 02:27    23    --sha-w-    c:\windows\system32\bacdccb7_d.dll
2008-02-12 20:10 . 2008-02-12 20:10    23    --sha-w-    c:\windows\system32\fdcddf_g.dll
2006-10-28 18:03 . 2006-10-28 05:58    5018    --sha-w-    c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-28 68856]
"USB Safely Remove"="c:\programmi\USB Safely Remove\USBSafelyRemove.exe" [2009-11-27 1269528]
"Advanced Uninstaller PRO Installation Monitor"="c:\programmi\Innovative Solutions\Advanced Uninstaller PRO - Version 9\monitor.exe" [2008-10-31 1153936]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="c:\progra~1\Mozilla Firefox\firefox.exe" [2009-11-06 908248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\programmi\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2002-08-29 155648]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2002-08-29 57344]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-01-19 221184]
"LogitechVideoRepair"="c:\programmi\Logitech\Video\ISStart.exe" [2005-01-19 458752]
"LogitechVideoTray"="c:\programmi\Logitech\Video\LogiTray.exe" [2005-01-19 217088]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14820864]
"MemoREX"="c:\programmi\MemoRex\MemoRexStart.exe" [2002-08-29 332288]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Adobe Acrobat Speed Launcher"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]
"avp"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk /r \??\f:\0autocheck autochk *\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Giuseppe^Menu Avvio^Programmi^Esecuzione automatica^desktop.ini]
path=c:\documents and settings\Giuseppe\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
backup=c:\windows\pss\desktop.iniStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\APC\\PowerChute Business Edition\\agent\\pbeagent.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Italian\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Italian\\setup.exe"=
"c:\\Programmi\\eMule0.49c\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 17.29.38 36880]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/12/2009 14.32.56 64288]
R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\drivers\tdrpm147.sys [06/12/2008 17.08.24 971584]
R2 a2free;a-squared Free Service;c:\programmi\a-squared Free\a2service.exe [12/06/2007 15.45.20 1858144]
R2 APCPBEAgent;APC PBE Agent;c:\progra~1\APC\POWERC~1\agent\pbeagent.exe [11/12/2008 12.51.59 34048]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\programmi\USB Safely Remove\USBSRService.exe [18/12/2008 1.40.10 261456]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 14.42.46 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 19.59.44 19472]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [24/03/2009 12.03.08 7808]
S4 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Aggiungi a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti destinazione link in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Crawler Search
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate this web page with Babylon
IE: Translate with Babylon
TCP: {F8064CBE-3CAA-4D22-8722-8DC42D0785CF} = 85.37.17.39,85.38.28.71
DPF: {60E33102-59F1-44DA-BA3D-494BB9A80514} - hxxp://www.inps.it/Servizi/ParlaConNoi/VoipFiles/IPhona.cab
DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - hxxp://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} - hxxp://aiuto.alice.it/ata/static/installers/WebflowActiveXInstaller_4-1-4.cab
FF - ProfilePath - c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\5g8uwzs9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.startup.homepage - hxxp://it.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\programmi\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npagent.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

ShellIconOverlayIdentifiers-{5A7647C4-5FB7-4DD6-BC8D-8B647CB7FBB7} - (no file)
HKCU-Run-updateMgr - c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-DriverMax_RESTART - (no file)
HKLM-Run-Anti-Trojan-Watch - (no file)
AddRemove-eBay Icon - c:\documents and settings\Giuseppe\Dati applicazioni\Desktopicon\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-11 21:20
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1547161642-1390067357-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AD5A1DE6-3F85-08CE-B7C9-C8C8EB0B0C8B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"naibieeggcmdikdkkmdiepiogncp"=hex:6a,61,65,68,6d,64,6e,6b,65,6c,63,6c,6c,65,
   61,6e,68,6e,6f,63,00,fa
"macpgcahekfbimeaflaeighjnd"=hex:69,61,64,68,6d,6d,64,66,6b,6f,69,64,61,69,6a,
   70,6c,68,00,00
"naebaoobaiobgcoldkjhiobhciff"=hex:62,61,6f,67,00,8f
"abebaphjkjgbnfkcnhpnnmolpjpdmdapai"=hex:61,61,00,00
"mafbmfkamolfmceimbichofgad"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="33B2004865E08CA8D0144217DFCB979398FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6678EDD5E5BE2F6E667A2D97226D213B555BA7FD869164D67941254F44A2643D69DBD4BAA3ED5250B64FACBE16B738B1BE3E72AF98D3CD88D8F31EA5C0E0286ABD90E3A866E4EB0F06F137D5AD1E0A6C683D3F0C30E731592ABD058ADC8D63C0CC839B9C53155B575FEFAAE923EEECA0B43A342D583655AD77792DE420F8BD24F0F74CD7F6376B3BACF1A437EF470A77599148221BAC5A9F8BE27042757D93CB973863C7C4690AD54436EE3469E07F2089FF85A49681E8885F6D6921FFDCE6E0AE24E123D7CD52CCC5D897C4448AB64B814B63827A1CA810036FD191FC04DE56E6CB91CF38ECEB91F498FBC8865293972584A4DC6617DA05F380BE8D0440AA00DC44FEF856B5467BDD03C1956C920B19272BE8DE985BA780F5A809791908F21FA4325E28EDF16478E66D9C9262F83136B0CB8B204D0D99EEDA0F680F28E3BED47E3E7115DA396F2E79F4B4BA2B39C26C273ECB93FE988AD4E3219C13A11BF91EFC6D85A724C2C8499B3065D2C5705B6D19BA7E4F55A49C1F8D9A63DE149A01BE9B04BDF8658831CE301128354812E96C718C438B9116D7D2705711996CDBA9D9C07290B04A719DCF9888E8665795A98C62438FCCEE02186884863BFB91C39AE64D8EC8487FCC0EE07ED2B73D86DA317E39E08BFAE805F06405AF4DE61131F699153A7BD658321FEA6F9AD19DE70736DA9084ED28488F829659437E7D675416CE74C7C69A3C535BBEB9BEF0CDA740B7D9685B9CB317913A20378CC92976BCAD91FB9A57DFCB44B57D9E1DEA46455FDAB1CE28B024AB3262817A66C58D47FB85A64B9ED35DFA4870CE982FAFEC7D034DF208D9A14177F00721667E277F4A1DD96D58BB611ED4E5E1409D55AFB8387E8867C16516314853F40E6250EF111255E3D891273D37E4E9C2F995927BDCA7D2B1300B32E137356DBD1646F628DF641B40206D5AC839C246022EE2D1DAE069E61F56CC0438D18629B6EDC7766D5A6922E1BC7037FEC85341B32D3180D79D0B6402B78B936809A819C5F93153497D7166E433FE81A9DAC47962D82805E8E7BF7D42E4DC1C2DCC7ECCFF0BFC37E6573B068B7D0FB42E9398AEA62AF74882207F67FFE889DB557A04378750DA20516952BE73E525350E8040D8725FC261B2DAC2E74233C39F169598732431A722142912E8A9A122CB0759C44304D0667346AD7F93923EF9F6D4F5B9F67B3F81D3D48ECCAC199CFE5E2AEC588FA35D5B48ADAA81C2B8B1C04338BC156592432AA594CDE74D208BE837B777515D13E6EA76843F0B9F96D2FBDE0635D599DF6404C8833D701D7B887AD2276568BF4CB448329AA39DCA9DB0C44A85EB2BB1D9111"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2884)
c:\windows\system32\WININET.dll
c:\programmi\Logitech\MouseWare\System\LgWndHk.dll
c:\programmi\Logitech\iTouch\iTchHk.dll
c:\programmi\File comuni\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\programmi\Logitech\MouseWare\system\em_exec.exe
c:\windows\RTHDCPL.EXE
c:\programmi\Logitech\Video\FxSvr2.exe
c:\programmi\MemoRex\MemoRex.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\SearchProtocolHost.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Ora fine scansione: 2009-12-11  21:36:17 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2009-12-11 20:35

Pre-Run: 40.193.130.496 byte disponibili
Post-Run: 39.953.018.880 byte disponibili

- - End Of File - - 56477ABF001986CBA61899DA66E1D295
Torna in alto
 
r16
Inviato: Friday, December 11, 2009 10:23:39 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe\ Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
File::
c:\windows\system32\lsdelete.exe
c:\windows\system32\drivers\Lbd.sys
c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\threatwork.exe
c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

Folder::
c:\documents and settings\All Users\Dati applicazioni\Lavasoft
c:\programmi\Symantec\LiveUpdate
c:\programmi\Symantec

Driver::
Lbd

RegNull:
[HKEY_USERS\S-1-5-21-1547161642-1390067357-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AD5A1DE6-3F85-08CE-B7C9-C8C8EB0B0C8B}*]



e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix

Poi apri HJT e controlla se c'è ancora questa voce:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
Torna in alto
 
pippof
Inviato: Sunday, December 13, 2009 5:09:22 AM
Rank: Member

Iscritto dal : 11/14/2001
Posts: 27
Ho provato a fare come hai detto ... ma il testo trascinato su ComboFix non ha sortito alcun effetto!

E a questo punto mi sono incasinato!

Ho però notato che la scritta Lsdelete Program Not Found - Skipping Autocheck che compariva all'avvio di Windows è scomparsa!

Ho quindi scansionato con HiJ - a tal proposito desideravo sapere perchè Hij rileva :
"Sembra che voi non abbiate un antivirus, o che non lo abbiate attivato. Solo un antivirus può proteggervi dai nuovi virus. Nessun firewall attivo è stato trovato nel tuo sistema oppure stai usando un firewall a noi sconosciuto. Se non usi un firewall dovresti scaricarne uno oppure puoi attivare quello incluso in windows xp. In caso tu abbia perplessità o voglia farci inserire il firewall che usi nel nostro database, contattaci sul forum: www.hijackthis.de/forum"

Vorrei precisare che il firewall di Xp è attivato mentre per il mancato rilevamento di Karspersky ho assodato dalla società produttrice che si tratta di un problema dell'analizzatore di Hijackthis:

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4.58.34, on 13/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\USB Safely Remove\USBSRService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Free\a2service.exe
C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\LogiTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\USB Safely Remove\USBSafelyRemove.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MemoRex\MemoRex.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Programmi\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Programmi\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\eMule0.49c\emule.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66008
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66008
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MemoREX] "C:\Programmi\MemoRex\MemoRexStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [avp] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [USB Safely Remove] C:\Programmi\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Programmi\Innovative Solutions\Advanced Uninstaller PRO - Version 9\monitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [] C:\PROGRA~1\Mozilla Firefox\firefox.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2007&error=0&language=it&product=SymNRT&version=2008.0.1.19&build=Symantec&a=00000082.00000010.00000020&b=00000082.00000045.0000011b&c=00000082.00000049.000000bb
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Tastiera Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {60E33102-59F1-44DA-BA3D-494BB9A80514} (Iphona) - http://www.inps.it/Servizi/ParlaConNoi/VoipFiles/IPhona.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126789574906
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4724/mcfscan.cab
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - http://aiuto.alice.it/ata/static/installers/WebflowActiveXInstaller_4-1-4.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8064CBE-3CAA-4D22-8722-8DC42D0785CF}: NameServer = 85.37.17.39,85.38.28.71
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: APC PBE Agent (APCPBEAgent) - APC - C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - C:\Programmi\USB Safely Remove\USBSRService.exe

--
End of file - 14758 bytes
Torna in alto
 
pippof
Inviato: Monday, December 14, 2009 9:10:45 AM
Rank: Member

Iscritto dal : 11/14/2001
Posts: 27
Ti sei dimenticato di me??
Torna in alto
 
r16
Inviato: Monday, December 14, 2009 2:04:47 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Sicuro di avere eseguito le indicazioni che ti ho dato, alla lettera?
Hai disabilitato l'antivirus, e gli altri software in "tempo reale"?
Hai salvato lo script con il nome CFScript.txt


Mi serve la scansione di Combofix.
Disistalla Combofix.
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /Uninstall
Attendi la fine dei lavori senza toccare tastiera, mouse o altro.

Installa questa versione:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Fai la scansione, e posta il log.
Torna in alto
 
pippof
Inviato: Monday, December 14, 2009 3:28:25 PM
Rank: Member

Iscritto dal : 11/14/2001
Posts: 27
Disinstallato combofix ...... al link che mi segnali trovo questa risposta:

ComboFix is not available for download until an issue with the program has been resolved. Please be patient while the developer fixes the program and makes it available once again. As more information becomes available, we will update this page.

DO NOT attempt to download ComboFix from sites other than BleepingComputer.com and Forospyware.com!

Other sites hosting ComboFix are not authorized mirrors and are hosting outdated copies of ComboFix that contain a bug that may render some machines unbootable. Using unauthorized mirrors of ComboFix puts your computer at risk of not booting again. Please wait for the official version to be fixed and released again.

We will also announce when ComboFix is available on our Twitter and Facebook pages.
Torna in alto
 
r16
Inviato: Monday, December 14, 2009 3:39:33 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Devi aspettare, in quanto il programma ha dei problemi.
Sconsigliano di scaricarlo da altri siti, in quanto scaricheresti versioni obsolete, e corri il rischio, che usandole, non si avvii più Windows.
Come funziona il pc?
Torna in alto
 
pippof
Inviato: Monday, December 14, 2009 3:42:07 PM
Rank: Member

Iscritto dal : 11/14/2001
Posts: 27
Il pc sembra non avere problemi!

Ho cmq notato che in c:/ c'è ancora la cartella Combofix e un documento di testo Combofix è normale?
Torna in alto
 
r16
Inviato: Monday, December 14, 2009 3:46:06 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
No, non dovrebbe esserci, dopo la disistallazione del programma.
Comunque eliminale a mano.
Elimina anche l'icona sul desktop.
Torna in alto
 
pippof
Inviato: Monday, December 14, 2009 3:48:00 PM
Rank: Member

Iscritto dal : 11/14/2001
Posts: 27
L'icona sul desktop è sparita don l'avviso di disinstallazione ..... procedo all'eliminazione manuale della cartella e del log di testo!
Torna in alto
 
r16
Inviato: Monday, December 14, 2009 4:00:48 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Comunque puoi fare queste pulizie:

Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {60E33102-59F1-44DA-BA3D-494BB9A80514} (Iphona) - http://www.inps.it/Servizi/ParlaConNoi/VoipFiles/IPhona.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32 /activex/hcImpl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4724/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe (file missing)

N.B:
Se la voce 023 non riesci a eliminarla, prova in Modalità provvisoria.
Fai una pulizia con CCleaner.(registro compreso).

Riavvia il pc.
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su Remove selected

Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.
Torna in alto
 
pippof
Inviato: Monday, December 14, 2009 6:12:17 PM
Rank: Member

Iscritto dal : 11/14/2001
Posts: 27
Fatto come detto!

Solo la voce 023 non viene via, neppure im modalità provvisoria.

Una sola domanda: alla fine della scansione vengono rilevati ADS che mi hai detto di eliminare indistintamente ...
tra questi però trovo molti che sono locati in c/:document and setting/mio nome/preferiti .... non vorrei che eliminando anche questi perdo i preferiti del browser??
Torna in alto
 
pippof
Inviato: Monday, December 14, 2009 8:14:58 PM
Rank: Member

Iscritto dal : 11/14/2001
Posts: 27
Sono rimasto fermo al punto precedente:

Ho fatto come hai detto.

Solo la voce 023 non viene via, neppure im modalità provvisoria.

Una sola domanda: alla fine della scansione vengono rilevati ADS che mi hai detto di eliminare
indistintamente ... tra questi però trovo molti che sono locati in
c/:document and setting/mio nome/preferiti ....
non vorrei che eliminando anche questi perdessi i preferiti del browser??
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllare, per piacere il sottostante log?


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.