Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Non riesco a terminare la scansione con Norton e Malwarebytes, mi potreste guardare il log?Risolto Opzioni
ma13irob
Inviato: Monday, March 22, 2010 12:13:02 PM

Rank: AiutAmico

Iscritto dal : 3/14/2009
Posts: 531
Buongiorno a tutti, dopo quasi un anno di onorato ed ininterrotto funzionamento del mio pc fisso, l'idillio si è rotto.
Ieri pomeriggio mi sono allontanata per fare delle foto, mia figlia mi ha chiesto di poterlo usare, è entrata in un famoso sito di gioco dove si creano delle specie di boutiques on line. Dopo poco ho spento il pc. Stamattina l'ho riacceso e:
-la stampante hp segnalava errore cartuccia inserita male (ho tolto la cartuccia, l'ho pulita) ma dopo questo la stampante mi segnalava fisso errore sportello aperto +errore stampante;
-ho cercato di stampare con la seconda stampante, Epson, ma non la riconosceva;
- ho cercato di fare una scansione con Norton (aggiornato) ma dopo un'ora e 45 che girava l'ho interrotta (in genere ci mette 20/30 minuti);
-dopo ho cercato di fare una scansione con Malware ma dopo 1 ora e 38 non si fermava (in genere ci mette massimo 40 minuti).
Il mio sistema operativo é Windows xp, Il computer è: AMD ATHLON 64 x2 dual,Core processor 5000 + 2,64 Ghz 2,93 Gb ram . Per navigare uso Mozilla, aggiornato la settimana scorsa alla versione più recente.
Questo è il mio log con hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:19, on 22/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21183)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Macrium\Reflect\ReflectService.exe
C:\Programmi\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Programmi\Microsoft LifeChat\LifeChat.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mozilla.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programmi\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [LifeChat] "C:\Programmi\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Programmi\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Programmi\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON SX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\WINDOWS\TEMP\E_S25.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON SX100 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\WINDOWS\TEMP\E_S11A.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: ERUNT AutoBackup.lnk = C:\Programmi\ERUNT\AUTOBACK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ricerca - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Menu Avvio\Programmi\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{082F311A-8668-4A99-8D83-B3945B518269}: NameServer = 85.37.17.47,85.38.28.82
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD4C93C0-4D99-420D-A8C2-E3707F7C0FB8}: NameServer = 212.216.112.112,212.216.172.162
O17 - HKLM\System\CS1\Services\Tcpip\..\{082F311A-8668-4A99-8D83-B3945B518269}: NameServer = 85.37.17.47,85.38.28.82
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Programmi\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate1c9b6ec79f76204) (gupdate1c9b6ec79f76204) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Programmi\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programmi\Macrium\Reflect\ReflectService.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Programmi\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 12221 bytes

Qualcuno ha idea di cosa possa essere? Per aprire sia i documenti che internet ci mette parecchi minuti, in genere è velocissimo. Grazie in anticipo a chi avrà suggerimenti.
Sponsor
Inviato: Monday, March 22, 2010 12:13:02 PM

 
paolopa
Inviato: Monday, March 22, 2010 12:17:33 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: dopo aver scaricato COMBOFIX chiudi la connessione disabilita il tuo antivirus e
chiudi TUTTI i programmi aperti,(Firewall compreso) e

Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix)
tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse)
e attendere pazientemente la fine delle operazioni.

Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui. vediamo cosa trova combo,se ti va.
se ti fa delle storie per scaricarlo rinominalo con un nome di fantasia:colombofix o quello che vuoi.
ma13irob
Inviato: Monday, March 22, 2010 12:22:09 PM

Rank: AiutAmico

Iscritto dal : 3/14/2009
Posts: 531
ok, vado
ma13irob
Inviato: Monday, March 22, 2010 12:35:21 PM

Rank: AiutAmico

Iscritto dal : 3/14/2009
Posts: 531
Sto scrivendo con il portatile, ma è normale che il firewall mi blocchi un'applicazione che si chiama PEV.CFXXE e non parte Combofix? O dovevo disabilitare anche Outpost?
paolopa
Inviato: Monday, March 22, 2010 12:38:39 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
certo,te l avevo scritto ed evidenziato
shapiro
Inviato: Monday, March 22, 2010 12:39:11 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
PEV.CFXXE e' un trojan

http://www.prevx.com/filenames/2534574636446686797-X1/PEV.EXE.html

scarica rkill

@paolopa

hai un P.M.

ma13irob
Inviato: Monday, March 22, 2010 12:42:35 PM

Rank: AiutAmico

Iscritto dal : 3/14/2009
Posts: 531
hai ragione paolopa, mi ero dimenticata di avere Outpost, non traffico mai in queste cose,d'oh!
paolopa
Inviato: Monday, March 22, 2010 12:44:04 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
ciao shapiro,mi riferivo al fatto che doveva disattivare il firewall,per fare funzionare combo.
non ho trovato nessun pm....
shapiro
Inviato: Monday, March 22, 2010 12:45:45 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
riprova paolopa

il P.M. e' li'
paolopa
Inviato: Monday, March 22, 2010 12:50:13 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
ho letto,grazie mille shapiro.
ma13irob
Inviato: Monday, March 22, 2010 12:53:43 PM

Rank: AiutAmico

Iscritto dal : 3/14/2009
Posts: 531
shapiro: lo scarico poi chiudo sempre antivirus, outpost, ecc..?
shapiro
Inviato: Monday, March 22, 2010 12:56:49 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
rettifico

PEV.EXE sembra un falso positivo e dovrebbe appartenere a combofix

@ma13irob


avvia rkill e continua quello che ti ha indicato paolopa
ma13irob
Inviato: Monday, March 22, 2010 12:57:56 PM

Rank: AiutAmico

Iscritto dal : 3/14/2009
Posts: 531
ok, appena riesco a terminare vi dico
ma13irob
Inviato: Monday, March 22, 2010 1:02:27 PM

Rank: AiutAmico

Iscritto dal : 3/14/2009
Posts: 531
Con rkill è uscito questo:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Administrator on 22/03/2010 at 12.42.08.


Processes terminated by Rkill or while it was running:


C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Administrator\Desktop\rkill.com


Rkill completed on 22/03/2010 at 12.42.11.
paolopa
Inviato: Monday, March 22, 2010 1:08:59 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
esegui combofix,leggiti quello che ho messo in rilievo nel primo post.
ma13irob
Inviato: Monday, March 22, 2010 1:28:01 PM

Rank: AiutAmico

Iscritto dal : 3/14/2009
Posts: 531
Anxious questa volta dovrei aver fatto bene, ma se ho ben capito, mi segnalava il collegamento desktop di Norton, allora ho disattivato manualmente tutte le sue funzioni. Combo ora è partito subito, qui c'è il log:

ComboFix 10-03-21.04 - Administrator 22/03/2010 12.55.54.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3007.2400 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\winlogon.bak
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-02-22 al 2010-03-22 )))))))))))))))))))))))))))))))))))
.

2010-03-22 11:39 . 2010-02-01 18:20 165240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-03-22 06:29 . 2010-02-03 09:00 84912 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100321.020\NAVENG.SYS
2010-03-22 06:29 . 2010-02-03 09:00 1324720 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100321.020\NAVEX15.SYS
2010-03-22 06:29 . 2009-12-09 09:00 2747440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100321.020\CCERASER.DLL
2010-03-22 06:29 . 2009-09-22 08:00 259440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100321.020\ECMSVR32.DLL
2010-03-22 06:29 . 2009-09-12 09:49 371248 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100321.020\EECTRL.SYS
2010-03-22 06:29 . 2009-09-12 09:49 177520 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100321.020\NAVENG32.DLL
2010-03-22 06:29 . 2009-09-12 09:49 1647984 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100321.020\NAVEX32A.DLL
2010-03-22 06:29 . 2009-09-12 09:49 102448 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100321.020\ERASER.SYS
2010-03-15 10:27 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-15 07:48 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\Scxpx86.dll
2010-03-15 07:48 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSvix86.sys
2010-03-15 07:48 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSXpx86.sys
2010-03-15 07:48 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSxpx86.dll
2010-03-15 07:48 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSviA64.sys
2010-03-13 11:40 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-13 11:40 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-03-13 11:39 . 2010-03-13 11:39 -------- d-----w- c:\programmi\iPod
2010-03-13 11:39 . 2010-03-13 11:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-13 11:39 . 2010-03-13 11:40 -------- d-----w- c:\programmi\iTunes
2010-03-13 11:38 . 2010-03-13 11:38 -------- d-----w- c:\programmi\Bonjour
2010-03-13 11:38 . 2010-03-13 11:38 -------- d-----w- c:\programmi\QuickTime
2010-03-13 11:37 . 2010-03-13 11:37 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Apple
2010-03-13 11:37 . 2010-03-13 11:37 -------- d-----w- c:\programmi\Apple Software Update
2010-03-13 11:36 . 2010-03-13 11:39 -------- d-----w- c:\programmi\File comuni\Apple
2010-03-13 11:36 . 2010-03-13 11:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2010-03-11 06:29 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 19:22 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\Scxpx86.dll
2010-03-10 19:22 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSvix86.sys
2010-03-10 19:22 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSXpx86.sys
2010-03-10 19:22 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSxpx86.dll
2010-03-10 19:22 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSviA64.sys
2010-03-06 18:05 . 2010-03-19 18:06 443912 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Real\Update\setup3.10\setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-22 11:44 . 2008-01-31 19:54 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Skype
2010-03-22 11:30 . 2008-01-31 19:59 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\skypePM
2010-03-21 19:27 . 2008-09-24 19:40 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\gtk-2.0
2010-03-13 11:42 . 2008-01-20 09:43 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Apple Computer
2010-03-13 11:39 . 2007-11-25 16:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2010-03-11 09:48 . 2007-11-25 16:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-02-25 10:00 . 2010-01-01 17:30 -------- d-----w- c:\programmi\IKEA HomePlanner
2010-02-16 07:32 . 2010-02-16 07:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Macrium
2010-02-16 07:30 . 2010-02-16 07:30 43646 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{AE3F60A0-11F7-4DE7-AD9D-3831096E14B5}\_E66204B17C935A3FF02727.exe
2010-02-16 07:30 . 2010-02-16 07:30 43646 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{AE3F60A0-11F7-4DE7-AD9D-3831096E14B5}\_D707CE1C009F1381803C2C.exe
2010-02-16 07:30 . 2010-02-16 07:30 43646 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{AE3F60A0-11F7-4DE7-AD9D-3831096E14B5}\_783F41B03DEFB198D13F8F.exe
2010-02-16 07:30 . 2010-02-16 07:30 43646 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{AE3F60A0-11F7-4DE7-AD9D-3831096E14B5}\_21F3885A18D238E15AAE81.exe
2010-02-16 07:30 . 2010-02-16 07:30 29926 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{AE3F60A0-11F7-4DE7-AD9D-3831096E14B5}\_2ED31C7E60F2138CD4C3A1.exe
2010-02-16 07:30 . 2010-02-16 07:30 109534 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{AE3F60A0-11F7-4DE7-AD9D-3831096E14B5}\_6FEFF9B68218417F98F549.exe
2010-02-16 07:29 . 2010-02-16 07:29 -------- d-----w- c:\programmi\Macrium
2010-02-15 17:41 . 2010-02-15 17:41 72488 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-14 19:23 . 2009-08-24 15:47 -------- d-----w- c:\programmi\Inkscape
2010-02-14 08:58 . 2007-12-13 17:12 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Image Zone Express
2010-01-28 15:12 . 2010-01-28 15:12 15328 ----a-w- c:\windows\system32\drivers\pssnap.sys
2010-01-28 15:12 . 2010-01-28 15:12 32736 ----a-w- c:\windows\system32\drivers\psmounter.sys
2010-01-11 12:11 . 2009-10-06 08:22 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 15:07 . 2009-08-16 08:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-08-16 08:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 09:47 . 2007-10-12 20:24 841216 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:46 . 2009-08-01 15:06 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:46 . 2007-10-09 12:23 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2007-10-12 20:28 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-28 09:25 . 2009-12-28 09:25 152576 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-28 09:25 . 2009-12-28 09:25 79488 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
.

------- Sigcheck -------

[-] 2008-11-04 . 90F406811EE1EEE294792D00E21CA16C . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\winlogon.exe
[7] 2008-04-13 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2007-11-25 . FD46B348FCA32A1987B9A32B6BA81D2E . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\programmi\CCleaner\ccleaner.exe" [2007-09-28 722160]
"Packard Bell Software Suite"="c:\programmi\Packard Bell\Packard Bell Software Suite\Launcher.exe" [2008-01-09 1914168]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-01 68856]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-04-16 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-13 8466432]
"nwiz"="nwiz.exe" [2007-07-13 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-13 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
"Acronis Scheduler2 Service"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"VirtualCloneDrive"="c:\programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"LifeChat"="c:\programmi\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-10-04 198160]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2010-02-15 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
ERUNT AutoBackup.lnk - c:\programmi\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [28/01/2010 16.12.32 15328]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1008000.029\SymEFA.sys [03/02/2010 10.30.44 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1008000.029\BHDrvx86.sys [03/02/2010 10.30.44 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1008000.029\cchpx86.sys [03/02/2010 10.30.31 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSXpx86.sys [15/03/2010 8.48.20 329592]
R2 Norton AntiVirus;Norton AntiVirus;c:\programmi\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [03/02/2010 10.30.35 117640]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [28/01/2010 16.12.12 220128]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12.31.14 92008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/09/2009 9.47.00 102448]
S2 gupdate1c9b6ec79f76204;Servizio di Google Update (gupdate1c9b6ec79f76204);c:\programmi\Google\Update\GoogleUpdate.exe [06/04/2009 20.18.32 133104]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [01/08/2009 17.43.08 451072]
S3 OxUSBTIMOUT;OxUSBTIMOUT;c:\windows\system32\drivers\OxUSBTIMOUT.sys [07/06/2007 7.48.34 34152]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24/02/2005 11.29.14 162176]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [28/01/2010 16.12.22 32736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-03-22 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-25 09:15]

2010-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-06 19:18]

2010-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-06 19:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.mozilla.org/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Ricerca - c:\programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Administrator\Menu Avvio\Programmi\IMVU\Run IMVU.lnk
TCP: {082F311A-8668-4A99-8D83-B3945B518269} = 85.37.17.47,85.38.28.82
TCP: {BD4C93C0-4D99-420D-A8C2-E3707F7C0FB8} = 212.216.112.112,212.216.172.162
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\g1y7pfbm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://it.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-22 12:59
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\programmi\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\programmi\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1614895754-746137067-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,97,4b,a4,eb,90,e0,49,8b,05,e6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,97,4b,a4,eb,90,e0,49,8b,05,e6,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(1176)
c:\windows\system32\relog_ap.dll
.
Ora fine scansione: 2010-03-22 13:01:25
ComboFix-quarantined-files.txt 2010-03-22 12:01

Pre-Run: 33.819.676.672 byte disponibili
Post-Run: 33.799.327.744 byte disponibili

- - End Of File - - D68552B241BEFE944DB4DC6AA45FB341
paolopa
Inviato: Monday, March 22, 2010 1:33:25 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
bravissima,ora vedi se riusciamo a fare la scansione con mbam(malwarebytes).tienilo installato combo,puo' darsi che sia necessario eseguire uno script per eliminare manualmente qualcosa.comunque ti ha gia levato un po di "rumenta".
ricordati di AGGIORNARE mbam e di fare una scansione COMPLETA.avevi avira installato in passato?
ma13irob
Inviato: Monday, March 22, 2010 1:36:39 PM

Rank: AiutAmico

Iscritto dal : 3/14/2009
Posts: 531
ok, provo la scansione con malwarebytes. Si in passato avevo Avira, l'estate scorsa.
paolopa
Inviato: Monday, March 22, 2010 1:40:23 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
non è stato disinstallato correttamente temo,compare anche nel log di hijack.poi ti posto(se non ci pensa r16 a farti eseguire uno script che forse è meglio)il tool per la rimozione di avira.
posta il log di mbam quando ha finito.
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.