fai la scansione completa,è piu' accurata.

panchoz,amico mio,ci credi che piu' cerco di capirci qualcosa sui virus,piu' mi rendo conto che non ci capisco na mazza.

Eccomi..cari amici..

con la scansione completa Malwarebite non ha trovato nulla....mah...


Cmq ho provato a rifare il controllo con Hijack, adesso sarà tutto a posto??

((((VOLEVO RINGRAZIARVI PER LA PAZIENZA E I CONSIGLI PREZIOSISSIMI!!!!!))))



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.23.10, on 23/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
C:\Programmi\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\SupportAppXL\onda_mon.exe
C:\Programmi\PDF Complete\pdfsvc.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmi\PDF Complete\pdfsty.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\Programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programmi\Eraser\eraser.exe
C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Rainlendar2\Rainlendar2.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Programmi\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Hewlett-Packard\Shared\HpqToaster.exe
C:\Programmi\Alice MOBILE\Alice MOBILE.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=74&bd=smb&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=74&bd=smb&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programmi\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programmi\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programmi\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Programmi\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Programmi\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programmi\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Eraser] C:\Programmi\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [ISUSPM] "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Programmi\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &AOL Toolbar Cerca - c:\programmi\aol\aol toolbar 5.0\resources\it-it\local\search.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Impostazioni di Google Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programmi\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Programmi\File comuni\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Controllo/blocco dispositivi HP ProtectTools (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: Google Update Service (gupdate1c9e9b29550ac74) (gupdate1c9e9b29550ac74) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: ONDA Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\onda_mon.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Programmi\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Programmi\File comuni\SureThing Shared\stllssvr.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Unknown owner - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Programmi\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 11001 bytes

Ciao.
Adesso riscontri problemi?

Panchoz, vista la mia "grande esperienza" metteri la firma per avere sempre i tuoi consigli!

Lascia perdere, saresti rovinata!

..ma quale discoteca...tra un pò i salti li faccio sul pc!!

Allora R16, ho fatto come hai detto, quando combofix ha finito, ho ripristinato antivirus e firewall e ho notato un comportamento strano dell'antivirus: non rispondeva ad alcuni comandi....cmq, ho riavviato e sembra vada bene.

Adesso cliccando sulla finestra di alice per connettermi, in auto si è aperto IE...quando normalmente firefox è predefinito......???

Spero di non trovare altre sorpresine...

Ti posto il log di combo...illuminami tu xchè nn ci capisco granchè....anche domani..sarai già in letargo...grazie, notte




ComboFix 10-01-23.02 - Administrator 24/01/2010 0.22.39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2039.1585 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Antivirus BitDefender *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Firewall BitDefender *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\cxeco.dat
c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\cxeco_nav.dat
c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\cxeco_navps.dat
c:\recycler\S-1-5-21-3832789501-1064168463-2762471961-500
c:\recycler\S-1-5-21-796845957-630328440-682003330-500
c:\windows\system32\AutoRun.inf
c:\windows\system32\oem26.inf
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Creati Da 2009-12-23 al 2010-01-23 )))))))))))))))))))))))))))))))))))
.

2010-01-23 18:15 . 2010-01-23 18:15 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-01-23 18:15 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-23 18:15 . 2010-01-23 18:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-01-23 18:15 . 2010-01-23 18:15 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-23 18:15 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-23 09:53 . 2010-01-23 10:36 -------- d-----w- C:\temp
2010-01-22 21:50 . 2010-01-22 21:56 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\U3
2010-01-21 21:49 . 2010-01-21 21:49 10134 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2010-01-16 23:36 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-01-04 22:58 . 2010-01-23 18:35 -------- d-----w- c:\documents and settings\Administrator\.rainlendar2
2010-01-04 22:58 . 2010-01-04 22:58 -------- d-----w- c:\programmi\Rainlendar2
2010-01-04 19:16 . 2010-01-04 19:16 211384 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-01-04 18:50 . 2010-01-04 18:50 -------- d-----w- c:\programmi\Evernote
2009-12-29 14:41 . 2009-12-29 14:41 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Talkback
2009-12-29 14:41 . 2010-01-04 22:52 -------- d-----w- c:\programmi\Mozilla Sunbird
2009-12-26 15:38 . 2010-01-08 13:38 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\SWiSH Max3 ITA
2009-12-26 14:57 . 2009-12-26 14:57 -------- d-----w- c:\programmi\LameACM
2009-12-26 14:55 . 2010-01-15 17:10 -------- d-----w- c:\programmi\SWiSH Max3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 23:05 . 2009-04-04 20:26 -------- d-----w- c:\programmi\Alice MOBILE
2010-01-23 14:15 . 2009-06-12 12:26 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-01-23 14:15 . 2009-06-12 12:26 -------- d-----w- c:\programmi\SpywareBlaster
2010-01-23 14:13 . 2009-11-22 11:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-01-23 01:32 . 2008-07-03 08:32 81984 ----a-w- c:\windows\system32\bdod.bin
2010-01-21 22:29 . 2008-07-01 21:46 -------- d-----w- c:\programmi\Intel
2010-01-21 22:29 . 2008-07-01 21:46 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-07 11:06 . 2009-11-19 14:02 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Spyware Terminator
2010-01-05 22:47 . 2009-04-06 22:56 -------- d-----w- c:\programmi\Paint.NET
2010-01-05 14:43 . 2009-11-19 14:02 -------- d-----w- c:\programmi\Spyware Terminator
2010-01-05 14:42 . 2004-08-30 10:50 88548 ----a-w- c:\windows\system32\perfc010.dat
2010-01-05 14:42 . 2004-08-30 10:50 503720 ----a-w- c:\windows\system32\perfh010.dat
2010-01-05 09:53 . 2004-08-19 08:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:53 . 2004-08-19 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:53 . 2004-08-19 08:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-21 21:03 . 2009-12-21 21:03 15086 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{D21B65C4-F7ED-4805-8781-BB835AC85D14}\_AF6EF1E1D61E94F138937B.exe
2009-12-21 21:03 . 2009-12-21 21:03 15086 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{D21B65C4-F7ED-4805-8781-BB835AC85D14}\_AC451EB93647F071F44C3B.exe
2009-12-21 21:03 . 2009-12-21 21:03 -------- d-----w- c:\programmi\Thoosje
2009-12-11 21:42 . 2009-05-13 13:40 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\XnView
2009-12-08 14:44 . 2009-08-31 22:02 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\HpUpdate
2009-12-07 21:04 . 2008-07-01 21:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Sonic
2009-12-07 21:04 . 2009-12-07 21:04 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Roxio
2009-11-21 15:54 . 2004-08-19 08:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 14:16 . 2009-11-19 14:16 132 ----a-w- C:\httpdwl.dat
2009-11-19 10:48 . 2009-12-01 15:57 872960 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\9lzzhhpp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 10:48 . 2009-12-01 15:57 43008 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\9lzzhhpp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 10:48 . 2009-12-01 15:57 340480 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\9lzzhhpp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 10:48 . 2009-12-01 15:57 346624 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\9lzzhhpp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-08 22:53 . 2009-11-08 22:53 152576 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-08 22:53 . 2009-11-08 22:52 79488 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-03-05 16:08 . 2009-10-19 21:09 49664 ----a-w- c:\programmi\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"="c:\programmi\Eraser\eraser.exe" [2007-12-22 916240]
"ISUSPM"="c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Rainlendar2"="c:\programmi\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 166424]
"PDF Complete"="c:\programmi\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="c:\programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"hpWirelessAssistant"="c:\programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Cpqset"="c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe" [2007-09-20 61440]
"WatchDog"="c:\programmi\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"BDAgent"="c:\programmi\BitDefender\BitDefender 2009\bdagent.exe" [2009-10-19 782336]
"BitDefender Antiphishing Helper"="c:\programmi\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-2 113664]
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
DVD Check.lnk - c:\programmi\InterVideo\DVD Check\DVDCheck.exe [2008-7-1 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 08:04 49152 ----a-r- c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:14 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-04-19 12:26 484904 ----a-w- c:\programmi\File comuni\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
2008-04-14 02:13 177152 ----a-w- c:\windows\system32\mqrt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
2006-06-27 14:21 1449984 ----a-w- c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-09-24 12:27 137752 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
2006-10-09 10:23 697976 ----a-w- c:\windows\SMINST\Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2009-07-10 10:41 2173440 ----a-w- c:\programmi\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2009-06-12 12:09 3055616 ----a-w- c:\programmi\Spyware Terminator\SpywareTerminatorUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-06-07 17:47 827392 ------w- c:\programmi\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [12/06/2009 13.09.53 142592]
R2 BDVEDISK;BDVEDISK;c:\programmi\BitDefender\BitDefender 2009\BDVEDISK.sys [06/10/2008 17.16.16 82696]
R2 pdfcDispatcher;PDF Document Manager;c:\programmi\PDF Complete\pdfsvc.exe [02/02/2008 2.18.17 540448]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [18/09/2008 11.09.12 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [12/02/2009 15.52.40 104456]
R3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [04/04/2009 21.27.20 104960]
R3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [04/04/2009 21.27.20 110080]
R3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [04/04/2009 21.27.20 104960]
R3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [04/04/2009 21.27.20 104960]
R3 ONDAusbvoice;ONDA VoUSB Port;c:\windows\system32\drivers\ONDAusbvoice.sys [04/04/2009 21.27.20 105216]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13/07/2009 23.11.40 721904]
S2 gupdate1c9e9b29550ac74;Google Update Service (gupdate1c9e9b29550ac74);c:\programmi\Google\Update\GoogleUpdate.exe [10/06/2009 11.02.36 133104]
S2 ONDA Autorun CDROM Monitor;ONDA Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\onda_mon.exe [04/04/2009 21.25.34 86016]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\programmi\File comuni\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [20/01/2009 18.16.20 172032]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [02/02/2008 2.39.26 30008]
S3 FLCDLOCK;Controllo/blocco dispositivi HP ProtectTools;c:\windows\system32\flcdlock.exe [08/06/2007 9.06.42 172131]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\A2.tmp --> c:\windows\system32\A2.tmp [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 12:23 452136 ----a-w- c:\programmi\File comuni\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-10 10:02]

2010-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-10 10:02]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=74&bd=smb&pf=laptop
IE: &AOL Toolbar Cerca - c:\programmi\aol\aol toolbar 5.0\resources\it-it\local\search.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\9lzzhhpp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\9lzzhhpp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\programmi\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\programmi\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-24 00:27
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe? ??????????H??????????????|?M?|?????M?|??@

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\programmi\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\A2.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1016)
c:\windows\system32\DeviceNP.dll
.
Ora fine scansione: 2010-01-24 00:29:07
ComboFix-quarantined-files.txt 2010-01-23 23:29

Pre-Run: 119.984.594.944 byte disponibili
Post-Run: 119.959.437.312 byte disponibili

- - End Of File - - 40D3F64D0EB33E8298BD7ADB07B23888

BuonGiorno!...Ciao Panchoz...riprendiamo l'Odissea...(domenica permettendo) spero almeno che tutto questo possa aiutare tanti altri con probl. simili!.


Ieri prima di andare a nanna, ho provato a lanciare un'altra scansione completa con Malwarebites, avevo la sensazione che Combofix avesse smosso qualcosa.....

...avevo ragione!!!....., ha trovato un "MalwareTrace" nella stessa posizione del trojanGeneric indicato nel 1° post: C:\System Volume Information\_restore{46616.....


Adesso però cosa devo fare???

Devo adottare la stessa procedura applicata al trojone e quindi (chiudere Malwarebites) disattivare il ripristino di conf.

o posso cliccare su "rimuovi elementi selezionati" su Malwarebites???

Aspetta R16.

Ciao

Se avevi fatto "pulizia" nel "restore" del Rispristino..

bisogna capire come ci sia arrivato, o vi si sia riformato... o' fetentone