Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Controllo log x favore: hotbar, worm..... Opzioni
blu_mare
Inviato: Thursday, April 08, 2010 1:46:56 AM

Rank: Member

Iscritto dal : 9/20/2005
Posts: 17
Ciao Ragazzi è un po che non vi scrivo, perchè andava tutto bene, ora ho un problema, circa un mese fa ho cambiato operatore telefonico e di conseguenza da emule adunanza sono passata a emule, istallando il programma, Norton security mi segnalava la presenza di un " adware Hotbar" eliminato dallo stesso.
Con Hijacthis ho fin da subito le voci che contenevano la parola HOTBAR, ora, facendo scansione, Norton me lo segnala ancora, ogni volta come problema non grave e poi eliminato, ma sta di fatto che c'era sempre.
Oggi ho scansionato in mod provvisoria con MALWAREBITES e mi ha torvato questi:ADWARE.SOFTOMATE e WORM.PILOYD...eliminati.
Successiva scansione con SUPER ANTI SAPIWARE che ha di nuovo rilevato ADWARE HOTBAR...eliminato...

Vi allego il log... date un occhiata ed eventualmente un consiglio... grazie di tutto come sempre siete i numiri 1... ciaoooo Gio!!!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1.30.22, on 08/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\HJTInstal\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\SpybotSD\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Programmi\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmi\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programmi\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\SpybotSD\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\SpybotSD\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.it/s/v/e/38.09/f-6tcHDGwoY/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217345997906
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217346165703
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://girasole333.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.portalchat.helloweb.eu/msnchat45.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Utilità di pianificazione di LiveUpdate automatico (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Programmi\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 9867 bytes
Sponsor
Inviato: Thursday, April 08, 2010 1:46:56 AM

 
giullare
Inviato: Thursday, April 08, 2010 7:06:45 AM
Rank: AiutAmico

Iscritto dal : 4/3/2010
Posts: 127
il log non presenta problemi,ma io farei una scansione un po piu' approfondita,
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: dopo aver scaricato COMBOFIX chiudi la connessione disabilita il tuo antivirus e
chiudi TUTTI i programmi aperti,(Firewall compreso) e


Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix)
tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse)
e attendere pazientemente la fine delle operazioni.

Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
blu_mare
Inviato: Thursday, April 08, 2010 3:18:34 PM

Rank: Member

Iscritto dal : 9/20/2005
Posts: 17
Ecco il log che ha creato la scansione con combo fix:

ComboFix 10-04-06.05 - gio 08/04/2010 14.38.51.2.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1014.747 [GMT 2:00]
Eseguito da: c:\documents and settings\gio\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\gio\Impostazioni locali\Dati applicazioni\kswae.dat
c:\documents and settings\gio\Impostazioni locali\Dati applicazioni\kswae_nav.dat
c:\documents and settings\gio\Impostazioni locali\Dati applicazioni\kswae_navps.dat
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Creati Da 2010-03-08 al 2010-04-08 )))))))))))))))))))))))))))))))))))
.

2010-04-07 22:30 . 2010-04-07 22:31 52224 ----a-w- c:\documents and settings\gio\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-07 19:21 . 2010-03-16 18:41 1324720 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100407.002\NAVEX15.SYS
2010-04-07 19:21 . 2010-03-16 18:41 84912 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100407.002\NAVENG.SYS
2010-04-07 19:21 . 2010-03-16 18:41 371248 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100407.002\EECTRL.SYS
2010-04-07 19:21 . 2010-03-16 18:41 2747440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100407.002\CCERASER.DLL
2010-04-07 19:21 . 2010-03-16 18:41 259440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100407.002\ECMSVR32.DLL
2010-04-07 19:21 . 2010-03-16 18:41 177520 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100407.002\NAVENG32.DLL
2010-04-07 19:21 . 2010-03-16 18:41 1647984 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100407.002\NAVEX32A.DLL
2010-04-07 19:21 . 2010-03-16 18:41 102448 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100407.002\ERASER.SYS
2010-04-07 14:59 . 2010-04-07 14:59 5918776 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-07 14:58 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-07 14:58 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-07 14:47 . 2010-04-07 14:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-07 14:16 . 2010-04-07 14:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Norman
2010-04-07 14:16 . 2010-04-07 14:16 -------- d-----w- c:\programmi\Norman
2010-04-06 15:24 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\Scxpx86.dll
2010-04-06 15:24 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSvix86.sys
2010-04-06 15:24 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSXpx86.sys
2010-04-06 15:24 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSxpx86.dll
2010-04-06 15:24 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSviA64.sys
2010-03-30 17:31 . 2010-03-30 17:31 503808 ----a-w- c:\documents and settings\gio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7c5e8d70-n\msvcp71.dll
2010-03-30 17:31 . 2010-03-30 17:31 61440 ----a-w- c:\documents and settings\gio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-48adf395-n\decora-sse.dll
2010-03-30 17:31 . 2010-03-30 17:31 499712 ----a-w- c:\documents and settings\gio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7c5e8d70-n\jmc.dll
2010-03-30 17:31 . 2010-03-30 17:31 348160 ----a-w- c:\documents and settings\gio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7c5e8d70-n\msvcr71.dll
2010-03-30 17:31 . 2010-03-30 17:31 12800 ----a-w- c:\documents and settings\gio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-48adf395-n\decora-d3d.dll
2010-03-26 13:42 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\Scxpx86.dll
2010-03-26 13:42 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSxpx86.dll
2010-03-26 13:42 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSvix86.sys
2010-03-26 13:42 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSXpx86.sys
2010-03-26 13:42 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSviA64.sys
2010-03-24 20:38 . 2010-03-24 20:38 536112 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys
2010-03-24 20:38 . 2010-03-24 20:38 201616 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHRules.dll
2010-03-24 20:38 . 2010-03-24 20:38 1407888 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHEngine.dll
2010-03-24 20:38 . 2010-03-24 20:38 678960 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx64.sys
2010-03-24 20:38 . 2010-03-24 20:38 611216 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\bbRGen.dll
2010-03-23 00:51 . 2010-03-23 00:52 -------- d-----w- c:\programmi\Foto Sketcher
2010-03-23 00:36 . 2010-03-23 01:38 -------- d-----w- c:\programmi\P2s
2010-03-10 18:37 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-07 23:30 . 2008-07-30 00:37 -------- d-----w- c:\programmi\HJTInstal
2010-04-07 22:31 . 2009-07-12 23:13 117760 ----a-w- c:\documents and settings\gio\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-07 14:58 . 2009-07-12 22:34 -------- d-----w- c:\programmi\Malwarebytes
2010-03-30 17:31 . 2008-07-29 21:50 -------- d-----w- c:\programmi\File comuni\Java
2010-03-30 17:28 . 2008-07-29 21:50 -------- d-----w- c:\programmi\Java
2010-03-30 17:28 . 2004-10-25 19:40 84354 ----a-w- c:\windows\system32\perfc010.dat
2010-03-30 17:28 . 2004-10-25 19:40 489648 ----a-w- c:\windows\system32\perfh010.dat
2010-03-26 00:45 . 2008-07-30 00:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-03-26 00:42 . 2008-07-30 00:58 -------- d-----w- c:\programmi\ccleaner
2010-03-25 23:29 . 2010-01-07 03:44 786800 ----a-r- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
2010-03-23 01:55 . 2008-07-30 13:44 -------- d-----w- c:\documents and settings\gio\Dati applicazioni\Corel
2010-03-23 01:54 . 2008-07-30 13:32 88 --sh--r- c:\windows\system32\BFDB3A66EF.sys
2010-03-23 01:54 . 2008-07-30 13:32 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-03-23 00:13 . 2009-07-18 22:29 -------- d-----w- c:\documents and settings\gio\Dati applicazioni\vlc
2010-03-09 02:28 . 2008-11-27 20:50 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-07 19:50 . 2010-01-17 15:13 819 ----a-w- c:\documents and settings\gio\Dati applicazioni\settings.dat
2010-03-06 21:46 . 2010-03-06 21:29 -------- d-----w- c:\programmi\Emule
2010-02-25 23:32 . 2008-07-29 21:50 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-25 23:31 . 2008-07-30 14:57 -------- d-----w- c:\documents and settings\gio\Dati applicazioni\U3
2010-02-25 06:16 . 2004-10-25 19:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 09:16 . 2009-10-03 09:02 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 13:11 . 2010-02-23 13:10 -------- d-----w- c:\programmi\registrybooster
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-01-21 20:28 . 2010-01-21 20:28 454838 ----a-r- c:\documents and settings\gio\Dati applicazioni\Microsoft\Installer\{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}\_AA3EAD0EB9C7C0B428AF0C.exe
2010-01-21 20:28 . 2010-01-21 20:28 454838 ----a-r- c:\documents and settings\gio\Dati applicazioni\Microsoft\Installer\{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}\_0D5C3650016DE5753C8488.exe
2009-09-14 14:30 . 2009-09-14 14:30 200620 ----a-w- c:\programmi\LazyFarmer_V2.zip
2009-05-20 23:27 . 2009-05-20 23:26 16742799 ----a-w- c:\programmi\vlc-0.9.9-win32.exe
.

------- Sigcheck -------

[7] 2008-04-14 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2004-09-07 . F9672BB64F213209EB4A8F79BB650B78 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

c:\windows\System32\xmlprov.dll ... è mancante !!
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-12-08 975360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 98394]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 688218]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"DetectorApp"="c:\programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader\Reader_sl.exe" [2008-10-15 39792]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2006-11-11 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\programmi\SuperAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Emule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27/02/2006 16.00.50 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20/02/2006 17.01.06 29056]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1106000.020\symds.sys [07/04/2010 0.25.58 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1106000.020\symefa.sys [07/04/2010 0.25.58 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [24/03/2010 22.38.08 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1106000.020\cchpx86.sys [07/04/2010 0.25.57 501888]
R1 kioport;kioport Library Driver;c:\windows\system32\drivers\kioport.sys [11/11/2006 16.18.15 3968]
R1 SASDIFSV;SASDIFSV;c:\programmi\SuperAntiSpyware\sasdifsv.sys [23/06/2009 11.01.40 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SuperAntiSpyware\SASKUTIL.SYS [23/06/2009 11.01.40 72944]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1106000.020\ironx86.sys [07/04/2010 0.25.57 116784]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [03/08/2008 21.59.02 8192]
R2 NIS;Norton Internet Security;c:\programmi\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe [07/04/2010 0.25.39 126392]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
R3 CIR;Hid Device;c:\windows\system32\drivers\CIR.sys [30/09/2005 12.37.14 5120]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [24/02/2010 15.46.39 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSXpx86.sys [06/04/2010 17.24.06 329592]
R3 kbd;Keyboard;c:\windows\system32\drivers\kbd.sys [30/09/2005 12.36.40 21504]
S3 bsusbser;PHD USB Device for Legacy Serial Communication;c:\windows\system32\drivers\bsusbser.sys [15/04/2009 22.18.20 94848]
S3 SASENUM;SASENUM;c:\programmi\SuperAntiSpyware\SASENUM.SYS [23/06/2009 11.01.42 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-08 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary_unlimited\Glary Utilities\initialize.exe [2008-08-28 09:08]

2010-04-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2010-04-07 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-04-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-04-08 c:\windows\Tasks\User_Feed_Synchronization-{282A4A53-C5DD-4A46-92CE-A4191E30B7FB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: &Clean Traces - c:\programmi\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\programmi\DAP\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\programmi\DAP\dapextie2.htm
Trusted Zone: unicreditbanca.it
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\gio\Dati applicazioni\Mozilla\Firefox\Profiles\2aiophvb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.virgilio.it/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\programmi\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\programmi\Adobe\Reader\browser\nppdf32.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Pcasa\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-08 14:59
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\programmi\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NIS\" /m \"c:\programmi\Norton Internet Security\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1124)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2200)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\programmi\Nokia\Nokia PC Suite 6\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\windows\system32\o2flash.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PSIService.exe
c:\programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
c:\programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-08 15:04:11 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-08 13:04

Pre-Run: 83.253.792.768 byte disponibili
Post-Run: 82.076.643.328 byte disponibili

- - End Of File - - D25A2F457853EB9AF7A8CDB57963D93A
giullare
Inviato: Thursday, April 08, 2010 3:53:44 PM
Rank: AiutAmico

Iscritto dal : 4/3/2010
Posts: 127
abbiamo fatto bene a farla,sembra che ti abbia eliminato qualche infezione.
Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta
a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie),
registro compreso.spegni e riaccendi.
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp.
(non eliminare la cartella)
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows,
aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci
conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su
Remove selected
queste sono le ultime cose da fare di solito,ma visto che quella voce si rigenerava non vorrei che ci fosse qualcosa li in mezzo che creava il problema.

poi rifaresti una scansione con mbam per vedere se ti rileva ancora problemi?
blu_mare
Inviato: Thursday, April 08, 2010 3:56:18 PM

Rank: Member

Iscritto dal : 9/20/2005
Posts: 17
ok, grazie... mi metto al lavoro ;)
blu_mare
Inviato: Thursday, April 08, 2010 4:57:15 PM

Rank: Member

Iscritto dal : 9/20/2005
Posts: 17
Ecco fatto tutto, questo è il nuovo log di combo fix:


ComboFix 10-04-06.05 - gio 08/04/2010 16.29.35.3.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1014.747 [GMT 2:00]
Eseguito da: c:\documents and settings\gio\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Creati Da 2010-03-08 al 2010-04-08 )))))))))))))))))))))))))))))))))))
.

2010-04-08 13:10 . 2010-03-16 18:41 1324720 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100407.039\NAVEX15.SYS
2010-04-08 13:10 . 2010-03-16 18:41 84912 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100407.039\NAVENG.SYS
2010-04-08 13:10 . 2010-03-16 18:41 177520 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100407.039\NAVENG32.DLL
2010-04-08 13:10 . 2010-03-16 18:41 1647984 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100407.039\NAVEX32A.DLL
2010-04-08 13:10 . 2010-03-16 18:41 371248 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100407.039\EECTRL.SYS
2010-04-08 13:10 . 2010-03-16 18:41 2747440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100407.039\CCERASER.DLL
2010-04-08 13:10 . 2010-03-16 18:41 259440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100407.039\ECMSVR32.DLL
2010-04-08 13:10 . 2010-03-16 18:41 102448 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100407.039\ERASER.SYS
2010-04-07 22:30 . 2010-04-07 22:31 52224 ----a-w- c:\documents and settings\gio\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-07 14:59 . 2010-04-07 14:59 5918776 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-07 14:58 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-07 14:58 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-07 14:47 . 2010-04-07 14:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-07 14:16 . 2010-04-07 14:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Norman
2010-04-07 14:16 . 2010-04-07 14:16 -------- d-----w- c:\programmi\Norman
2010-04-06 15:24 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\Scxpx86.dll
2010-04-06 15:24 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSvix86.sys
2010-04-06 15:24 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSXpx86.sys
2010-04-06 15:24 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSxpx86.dll
2010-04-06 15:24 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSviA64.sys
2010-03-30 17:31 . 2010-03-30 17:31 503808 ----a-w- c:\documents and settings\gio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7c5e8d70-n\msvcp71.dll
2010-03-30 17:31 . 2010-03-30 17:31 61440 ----a-w- c:\documents and settings\gio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-48adf395-n\decora-sse.dll
2010-03-30 17:31 . 2010-03-30 17:31 499712 ----a-w- c:\documents and settings\gio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7c5e8d70-n\jmc.dll
2010-03-30 17:31 . 2010-03-30 17:31 348160 ----a-w- c:\documents and settings\gio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7c5e8d70-n\msvcr71.dll
2010-03-30 17:31 . 2010-03-30 17:31 12800 ----a-w- c:\documents and settings\gio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-48adf395-n\decora-d3d.dll
2010-03-26 13:42 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\Scxpx86.dll
2010-03-26 13:42 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSxpx86.dll
2010-03-26 13:42 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSvix86.sys
2010-03-26 13:42 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSXpx86.sys
2010-03-26 13:42 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSviA64.sys
2010-03-24 20:38 . 2010-03-24 20:38 536112 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys
2010-03-24 20:38 . 2010-03-24 20:38 201616 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHRules.dll
2010-03-24 20:38 . 2010-03-24 20:38 1407888 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHEngine.dll
2010-03-24 20:38 . 2010-03-24 20:38 678960 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx64.sys
2010-03-24 20:38 . 2010-03-24 20:38 611216 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\bbRGen.dll
2010-03-23 00:51 . 2010-03-23 00:52 -------- d-----w- c:\programmi\Foto Sketcher
2010-03-23 00:36 . 2010-03-23 01:38 -------- d-----w- c:\programmi\P2s
2010-03-10 18:37 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-08 14:09 . 2008-07-30 00:37 -------- d-----w- c:\programmi\HJTInstal
2010-04-08 14:02 . 2008-07-30 00:58 -------- d-----w- c:\programmi\ccleaner
2010-04-07 22:31 . 2009-07-12 23:13 117760 ----a-w- c:\documents and settings\gio\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-07 14:58 . 2009-07-12 22:34 -------- d-----w- c:\programmi\Malwarebytes
2010-03-30 17:31 . 2008-07-29 21:50 -------- d-----w- c:\programmi\File comuni\Java
2010-03-30 17:28 . 2008-07-29 21:50 -------- d-----w- c:\programmi\Java
2010-03-30 17:28 . 2004-10-25 19:40 84354 ----a-w- c:\windows\system32\perfc010.dat
2010-03-30 17:28 . 2004-10-25 19:40 489648 ----a-w- c:\windows\system32\perfh010.dat
2010-03-26 00:45 . 2008-07-30 00:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-03-25 23:29 . 2010-01-07 03:44 786800 ----a-r- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
2010-03-23 01:55 . 2008-07-30 13:44 -------- d-----w- c:\documents and settings\gio\Dati applicazioni\Corel
2010-03-23 01:54 . 2008-07-30 13:32 88 --sh--r- c:\windows\system32\BFDB3A66EF.sys
2010-03-23 01:54 . 2008-07-30 13:32 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-03-23 00:13 . 2009-07-18 22:29 -------- d-----w- c:\documents and settings\gio\Dati applicazioni\vlc
2010-03-09 02:28 . 2008-11-27 20:50 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-07 19:50 . 2010-01-17 15:13 819 ----a-w- c:\documents and settings\gio\Dati applicazioni\settings.dat
2010-03-06 21:46 . 2010-03-06 21:29 -------- d-----w- c:\programmi\Emule
2010-02-25 23:32 . 2008-07-29 21:50 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-25 23:31 . 2008-07-30 14:57 -------- d-----w- c:\documents and settings\gio\Dati applicazioni\U3
2010-02-25 06:16 . 2004-10-25 19:39 916480 ------w- c:\windows\system32\wininet.dll
2010-02-24 09:16 . 2009-10-03 09:02 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 13:11 . 2010-02-23 13:10 -------- d-----w- c:\programmi\registrybooster
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-01-21 20:28 . 2010-01-21 20:28 454838 ----a-r- c:\documents and settings\gio\Dati applicazioni\Microsoft\Installer\{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}\_AA3EAD0EB9C7C0B428AF0C.exe
2010-01-21 20:28 . 2010-01-21 20:28 454838 ----a-r- c:\documents and settings\gio\Dati applicazioni\Microsoft\Installer\{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}\_0D5C3650016DE5753C8488.exe
2009-09-14 14:30 . 2009-09-14 14:30 200620 ----a-w- c:\programmi\LazyFarmer_V2.zip
2009-05-20 23:27 . 2009-05-20 23:26 16742799 ----a-w- c:\programmi\vlc-0.9.9-win32.exe
.

------- Sigcheck -------

[7] 2008-04-14 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2004-09-07 . F9672BB64F213209EB4A8F79BB650B78 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

c:\windows\System32\xmlprov.dll ... è mancante !!
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-12-08 975360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 98394]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 688218]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"DetectorApp"="c:\programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader\Reader_sl.exe" [2008-10-15 39792]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2006-11-11 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\programmi\SuperAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Emule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27/02/2006 16.00.50 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20/02/2006 17.01.06 29056]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1106000.020\symds.sys [07/04/2010 0.25.58 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1106000.020\symefa.sys [07/04/2010 0.25.58 172592]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
R3 CIR;Hid Device;c:\windows\system32\drivers\CIR.sys [30/09/2005 12.37.14 5120]
R3 kbd;Keyboard;c:\windows\system32\drivers\kbd.sys [30/09/2005 12.36.40 21504]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [24/03/2010 22.38.08 536112]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1106000.020\cchpx86.sys [07/04/2010 0.25.57 501888]
S1 kioport;kioport Library Driver;c:\windows\system32\drivers\kioport.sys [11/11/2006 16.18.15 3968]
S1 SASDIFSV;SASDIFSV;c:\programmi\SuperAntiSpyware\sasdifsv.sys [23/06/2009 11.01.40 9968]
S1 SASKUTIL;SASKUTIL;c:\programmi\SuperAntiSpyware\SASKUTIL.SYS [23/06/2009 11.01.40 72944]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1106000.020\ironx86.sys [07/04/2010 0.25.57 116784]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [03/08/2008 21.59.02 8192]
S2 NIS;Norton Internet Security;c:\programmi\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe [07/04/2010 0.25.39 126392]
S3 bsusbser;PHD USB Device for Legacy Serial Communication;c:\windows\system32\drivers\bsusbser.sys [15/04/2009 22.18.20 94848]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [24/02/2010 15.46.39 102448]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSXpx86.sys [06/04/2010 17.24.06 329592]
S3 SASENUM;SASENUM;c:\programmi\SuperAntiSpyware\SASENUM.SYS [23/06/2009 11.01.42 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-08 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary_unlimited\Glary Utilities\initialize.exe [2008-08-28 09:08]

2010-04-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2010-04-07 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-04-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-04-08 c:\windows\Tasks\User_Feed_Synchronization-{282A4A53-C5DD-4A46-92CE-A4191E30B7FB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: &Clean Traces - c:\programmi\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\programmi\DAP\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\programmi\DAP\dapextie2.htm
Trusted Zone: unicreditbanca.it
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\gio\Dati applicazioni\Mozilla\Firefox\Profiles\2aiophvb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.virgilio.it/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\programmi\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\programmi\Adobe\Reader\browser\nppdf32.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Pcasa\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-08 16:39
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\programmi\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NIS\" /m \"c:\programmi\Norton Internet Security\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(292)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1540)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
.
Ora fine scansione: 2010-04-08 16:44:50
ComboFix-quarantined-files.txt 2010-04-08 14:44
ComboFix2.txt 2010-04-08 13:04

Pre-Run: 83.161.145.344 byte disponibili
Post-Run: 83.120.783.360 byte disponibili

- - End Of File - - 73042B352F705BE9C5D01AE7EB577F44
blu_mare
Inviato: Thursday, April 08, 2010 5:02:29 PM

Rank: Member

Iscritto dal : 9/20/2005
Posts: 17
oppsss...scusa non avevo capito cosa intendevi con "mbam,"l'ho cercato con google,hahhahaha...
adesso faccio scansione e poi ti so dire... grazie per adesso... ciaooo!
blu_mare
Inviato: Thursday, April 08, 2010 7:54:18 PM

Rank: Member

Iscritto dal : 9/20/2005
Posts: 17
evvaiiiiiiiiiii... credo che siamo riusciti ad ammazzare la bestiaccia, scansione con mbam assolutamente negativa...grazieeeeeee Applause
giullare
Inviato: Thursday, April 08, 2010 8:06:28 PM
Rank: AiutAmico

Iscritto dal : 4/3/2010
Posts: 127
aspetta un attimo,c è un altra operazione da fare:
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.(è per una corretta disinstallazione di combofix)
disattiva il ripristino configurazione di sistema
start,pannello di controllo,sistema,configurazione di sistema,metti la spunta a
"disattiva ripristino configurazione di sistema su tutte le unita'",applica,ok.
spegni e riaccendi il pc e fai l operazione inversa per riattivarlo.
se hai problemi fallo sapere e vedrai che qualcuno ti aiutera'.
blu_mare
Inviato: Thursday, April 08, 2010 9:20:59 PM

Rank: Member

Iscritto dal : 9/20/2005
Posts: 17
ok, va beneeeee ;)
blu_mare
Inviato: Thursday, April 08, 2010 10:10:56 PM

Rank: Member

Iscritto dal : 9/20/2005
Posts: 17
Ok fatto, e normale che dopo il riavvio sia sparita dal desktop l'icona di OTC ?
paolopa
Inviato: Thursday, April 08, 2010 11:16:54 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
si,si disinstalla da solo.
blu_mare
Inviato: Thursday, April 08, 2010 11:56:32 PM

Rank: Member

Iscritto dal : 9/20/2005
Posts: 17
Ok non mi resta che ringraziarvi, il pc va bene, e tutto sembra risolto... grazieeeApplause
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.