diversi problemini - Problemi Informatici - Aiutamici Forum

Aiutamici Forum

Benvenuto Ospite

Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » Computer & Internet » Problemi Informatici » diversi problemini

2 pages: [1] 2

diversi problemini

Opzioni

Topic Precedente · Topic Sucessivo

fmancini

Inviato: Saturday, December 11, 2010 5:45:39 PM

Rank: AiutAmico

Iscritto dal : 12/16/2006
Posts: 105

ciao a tutti,ritorno con i soliti pasticcetti da me combinati:
1)ho fatto scomparire le icone dei giochi Solitario e Spider non so come,ma al loro posto ci sono 2 collegamenti(icona quadrata con 2 righe da 3 quadratini colorati) che cliccando mi rimanda al desktop dove c'è l'icona giochi!Dalla guida in linea però alla voce giochi posso però aprirli.Come ritorno ai collegamenti precedenti?
2)Quando vado in start-cerca mi compare la finestra con la scritta"Windows search non è in esecuzione,per avviarlo scegliere Programmi,clic su Windows search..."e mi ricompare la stessa finestra con la stessa scritta..
Mi pare anche di avere anche qualche problema con l'indicizzazione..forse è da reimpostare..come faccio?
3)Pannello di controllo:Installazione applicazioni-Installazione componenti di Windows-clicco e appare un messaggio"Impossibile aprire il file di informazioni iis.inf.Rivolgersi all'amministratore del sistema.Codice errore specifico0x2 alla riga 0.
4)Avira antivir,eseguo lo scan Luke filewalker e nel risultato risultano 3 oggetti nascosti(Rootkits).Cosa faccio?

Sponsor

Inviato: Saturday, December 11, 2010 5:45:39 PM

cbbusto

Inviato: Saturday, December 11, 2010 6:36:56 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964

I Rootkits sono infezioni e vanno eliminati, ti consiglio di postare un log di HJT, lo trovi QUI nella sezione sicurezza e virus e attendi le risposte.

fmancini

Inviato: Saturday, December 11, 2010 7:24:20 PM

Rank: AiutAmico

Iscritto dal : 12/16/2006
Posts: 105

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19.22.56, on 11/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Common Files\Motive\McciCMService.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe
C:\Programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\windows\Explorer.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\fxssvc.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Avira\AntiVir Desktop\avmailc.exe
C:\windows\system32\RUNDLL32.EXE
C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\Restore Desktop\RestoreDesktop.exe
C:\windows\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\System32\vssvc.exe
C:\windows\System32\dmadmin.exe
C:\windows\system32\imapi.exe
C:\windows\system32\cisvc.exe
C:\windows\system32\cidaemon.exe
C:\windows\System32\svchost.exe
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmi\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foozir.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Discover USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Programmi\Search_USA\tbSea1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Discover USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Programmi\Search_USA\tbSea1.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Discover USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Programmi\Search_USA\tbSea1.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [RestoreDesktop] C:\Programmi\Restore Desktop\RestoreDesktop.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate1c98a061b8f7796) (gupdate1c98a061b8f7796) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Programmi\Common Files\Motive\McciCMService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 8696 bytes
Grazie per la tempestività..siete dei fenomeni!!

maopapof

Inviato: Saturday, December 11, 2010 7:53:01 PM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,189

riprova a fare una scansione antivirus in modalità provvisoria ... ciao :O)

himaco

Inviato: Saturday, December 11, 2010 9:37:54 PM

Rank: AiutAmico

Iscritto dal : 12/7/2010
Posts: 269

Ciao.
Con Hijackthis, di Rootkit non se ne vedono proprio Sick

Sick

Scarica Combofix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Nota:
● il programma devi scaricarlo preferibilmente con Internet Explorer

Posiziona Combofix sul Desktop ed esegui queste operazioni preliminari:
● disconnettiti da Internet
● sconnetti, fisicamente, il modem/router dal Computer

E' assolutamente necessario, se attivo:
● disattivare l'Antivirus in uso, dall'icona presente sulla traybar (accanto all'orologio di Windows)
● disattivare il Firewall eventualmente installato, dall'icona presente sulla traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un account con privilegi di Amministratore e segui le istruzioni che verranno rilasciate per eseguire la scansione
● verrà richiesta la installazione della Console di ripristino di emergenza: non la installare
● senza eseguire nessuna altra operazione, lascia che il tool completi la scansione e la fase di creazione del log

Note - durante la scansione:
● verranno creati alcuni file sul Desktop e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall, se attivo, potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer, qualora già non ci fosse

Quando Combofix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente (in caso contrario, riavvialo tu)
● ricollega, fisicamente, il modem/router al Computer
● connettiti a Internet
● vai in Disco Locale C:, cerca il log dal nome combofix.txt ed allegalo

Per allegare il log utilizza questo servizio di upload: http://wikisend.com
e, pubblica il Forumlink che verrà rilasciato dopo il caricamento del file.

fmancini

Inviato: Monday, December 13, 2010 1:20:07 PM

Rank: AiutAmico

Iscritto dal : 12/16/2006
Posts: 105

unisco i nuovi log:

Avira AntiVir Premium
Data del file di report: lunedì 13 dicembre 2010 12:00

Ricerca di 3140431 virus e programmi indesiderati.

Il programma funziona come versione completa e illimitata.
I servizi online sono disponibili.

Concesso in licenza a : Franco Mancini
Numero di serie : 2206520441-PEPWE-0000001
Piattaforma : Windows XP
Versione di Windows : (Service Pack 3) [5.1.2600]
Modalità di avvio : Booting eseguito regolarmente
Nome utente : SYSTEM
Nome computer : PC-FRANCO

Informazioni sulla versione:
BUILD.DAT : 10.0.0.68 35930 Bytes 01/09/2010 14:56:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 02/11/2010 15:59:43
AVSCAN.DLL : 10.0.3.0 54120 Bytes 02/11/2010 15:59:42
LUKE.DLL : 10.0.2.3 104296 Bytes 02/11/2010 16:00:49
LUKERES.DLL : 10.0.0.0 13160 Bytes 02/11/2010 16:00:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 18:27:07
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 18:27:09
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 18:27:13
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 18:27:15
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 12:11:44
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 07:15:16
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 16:31:56
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 19:42:58
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13/09/2010 14:03:31
VBASE009.VDF : 7.10.13.80 2265600 Bytes 02/11/2010 15:29:43
VBASE010.VDF : 7.10.13.81 2048 Bytes 02/11/2010 15:29:43
VBASE011.VDF : 7.10.13.82 2048 Bytes 02/11/2010 15:29:43
VBASE012.VDF : 7.10.13.83 2048 Bytes 02/11/2010 15:29:43
VBASE013.VDF : 7.10.13.116 147968 Bytes 04/11/2010 10:03:47
VBASE014.VDF : 7.10.13.147 146944 Bytes 07/11/2010 18:21:14
VBASE015.VDF : 7.10.13.180 123904 Bytes 09/11/2010 17:49:46
VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 08:40:39
VBASE017.VDF : 7.10.13.243 147456 Bytes 15/11/2010 15:49:17
VBASE018.VDF : 7.10.14.15 142848 Bytes 17/11/2010 13:47:54
VBASE019.VDF : 7.10.14.41 134144 Bytes 19/11/2010 12:57:09
VBASE020.VDF : 7.10.14.63 128000 Bytes 22/11/2010 15:40:10
VBASE021.VDF : 7.10.14.87 143872 Bytes 24/11/2010 18:24:30
VBASE022.VDF : 7.10.14.116 140800 Bytes 26/11/2010 17:08:48
VBASE023.VDF : 7.10.14.147 150528 Bytes 30/11/2010 19:36:01
VBASE024.VDF : 7.10.14.175 126464 Bytes 03/12/2010 12:23:49
VBASE025.VDF : 7.10.14.203 120320 Bytes 07/12/2010 13:14:28
VBASE026.VDF : 7.10.14.230 137216 Bytes 09/12/2010 11:36:19
VBASE027.VDF : 7.10.14.231 2048 Bytes 09/12/2010 11:36:19
VBASE028.VDF : 7.10.14.232 2048 Bytes 09/12/2010 11:36:19
VBASE029.VDF : 7.10.14.233 2048 Bytes 09/12/2010 11:36:19
VBASE030.VDF : 7.10.14.234 2048 Bytes 09/12/2010 11:36:19
VBASE031.VDF : 7.10.15.0 100352 Bytes 12/12/2010 22:20:55
Motore : 8.2.4.122
AEVDF.DLL : 8.1.2.1 106868 Bytes 11/08/2010 19:43:18
AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 02/12/2010 17:56:04
AESCN.DLL : 8.1.7.2 127349 Bytes 22/11/2010 15:40:19
AESBX.DLL : 8.1.3.2 254324 Bytes 22/11/2010 15:40:22
AERDL.DLL : 8.1.9.2 635252 Bytes 21/09/2010 16:25:09
AEPACK.DLL : 8.2.4.1 512375 Bytes 02/12/2010 17:56:03
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 22/11/2010 15:40:19
AEHEUR.DLL : 8.1.2.54 3113335 Bytes 07/12/2010 17:11:46
AEHELP.DLL : 8.1.16.0 246136 Bytes 02/12/2010 17:55:59
AEGEN.DLL : 8.1.5.0 397685 Bytes 02/12/2010 17:55:58
AEEMU.DLL : 8.1.3.0 393589 Bytes 22/11/2010 15:40:14
AECORE.DLL : 8.1.19.0 196984 Bytes 02/12/2010 17:55:56
AEBB.DLL : 8.1.1.0 53618 Bytes 23/04/2010 14:56:30
AVWINLL.DLL : 10.0.0.0 19304 Bytes 02/11/2010 15:58:54
AVPREF.DLL : 10.0.0.0 44904 Bytes 02/11/2010 15:59:41
AVREP.DLL : 10.0.0.8 62209 Bytes 02/11/2010 15:59:41
AVREG.DLL : 10.0.3.2 53096 Bytes 02/11/2010 15:59:41
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 02/11/2010 15:59:43
AVARKT.DLL : 10.0.0.14 227176 Bytes 02/11/2010 15:59:15
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 02/11/2010 15:59:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 02/11/2010 16:01:42
AVSMTP.DLL : 10.0.0.17 63848 Bytes 02/11/2010 15:59:47
NETNT.DLL : 10.0.0.0 11624 Bytes 02/11/2010 16:00:55
RCIMAGE.DLL : 10.0.0.32 2631528 Bytes 02/11/2010 15:58:58
RCTEXT.DLL : 10.0.58.0 98664 Bytes 02/11/2010 15:58:58

Impostazioni di configurazione per la scansione attuale:
Nome del job................................: Hard Disk locali
File di configurazione......................: C:\Programmi\Avira\AntiVir Desktop\alldiscs.avp
Report......................................: basso
Azione primaria.............................: interattivo
Azione secondaria...........................: ignora
Scansione dei record master di avvio........: Attivo
Scansiona record di avvio...................: Attivo
Record di avvio.............................: C:, D:,
Scansione dei programmi attivi..............: Attivo
Scansiona la registrazione..................: Attivo
Cerca Rootkits..............................: Attivo
Controllo di integrità dei file di sistema..: Non attivo
Modalità di scansione file..................: Tutti i file
Scansione degli archivi.....................: Attivo
Limita la profondità di ricorsione..........: 20
Archivio estensioni Smart...................: Attivo
Macro euristico.............................: Attivo
File euristico..............................: medio
Categorie irregolari delle minacce..........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Avvio della scansione: lunedì 13 dicembre 2010 12:00

È stata avviata la scansione per accertare la presenza di oggetti nascosti.

Fine della scansione: lunedì 13 dicembre 2010 13:12
Tempo impiegato: 1:11:41 Ora(e)

La scansione è stata annullata!

0 Directory scansionate
0 I file sono stati scansionati
0 Rilevati virus e/o programmi indesiderati
0 I file sono stati classificati come sospetti
0 I file sono stati eliminati
0 I virus o i programmi indesiderati sono stati riparati
0 File spostati in quarantena
0 File rinominati
0 Impossibile scansionare i file
0 File non infetti
0 Archivi scansionati
0 Avvisi
0 Note

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Versione database: 5304

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13/12/2010 12.08.19
mbam-log-2010-12-13 (12-08-19).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 240172
Tempo trascorso: 1 ore, 20 minuti, 34 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)
ComboFix 10-12-12.03 - Franco 13/12/2010 10.27.26.8.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.959.547 [GMT 1:00]
Eseguito da: c:\documents and settings\Franco\Desktop\Antivirus.Spyw.Pulizia.Defr\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
AV: AntiVir Desktop *Disabled/Updated* {0013F2B4-5CE9-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD0EC-FFA4-00EB-0D24-347CA8A3377C}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Franco\Dati applicazioni\.#
c:\documents and settings\Franco\Dati applicazioni\.#\MBX@100@383FE0.###
c:\documents and settings\Franco\Dati applicazioni\.#\MBX@100@384010.###
c:\documents and settings\Franco\Dati applicazioni\.#\MBX@4A8@383FE0.###
c:\documents and settings\Franco\Dati applicazioni\.#\MBX@4A8@384010.###
c:\windows\system32\arp.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-11-13 al 2010-12-13 )))))))))))))))))))))))))))))))))))
.

2010-12-12 23:05 . 2010-12-12 23:05 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-11 21:21 . 2010-12-11 21:40 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-12-11 21:16 . 2010-12-11 21:16 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-12-11 21:16 . 2010-12-11 21:16 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-12-11 21:16 . 2010-12-11 21:16 2 --shatr- c:\windows\winstart.bat
2010-12-11 21:16 . 2010-11-11 11:44 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-12-11 21:16 . 2010-12-12 23:05 -------- d-----w- c:\programmi\UnHackMe
2010-12-11 20:37 . 2010-12-11 20:37 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\ServiceTest
2010-12-11 18:43 . 2010-12-11 19:00 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Adobe
2010-12-11 11:11 . 2010-12-11 11:12 -------- d-----w- c:\programmi\Support Tools
2010-12-11 11:10 . 2010-12-11 11:10 -------- d-----w- c:\programmi\Application Compatibility Toolkit
2010-12-01 10:58 . 2010-12-01 10:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Driver Whiz
2010-11-30 15:11 . 2010-12-05 17:20 -------- d-----w- c:\programmi\softendo.com
2010-11-30 14:56 . 2007-04-04 17:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-11-30 14:54 . 2010-12-04 22:14 -------- d-----w- c:\windows\Logs
2010-11-27 10:15 . 2010-11-27 10:15 -------- d-----w- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Deployment
2010-11-26 18:35 . 2010-11-26 18:35 -------- d-----w- c:\documents and settings\All Users\Uniblue
2010-11-22 15:37 . 2010-11-22 15:37 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2010-11-21 19:33 . 2010-11-21 19:33 -------- d-----w- c:\programmi\File comuni\SWF Studio
2010-11-17 13:50 . 2010-11-17 13:50 -------- d-----w- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\PackageAware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 19:50 . 2010-06-04 08:11 43672 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2010-11-29 16:42 . 2008-10-19 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 16:42 . 2008-10-19 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-02 16:02 . 2010-02-27 18:39 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-02 16:02 . 2010-02-27 18:39 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-02 16:02 . 2010-02-22 17:02 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-18 10:23 . 2004-08-19 13:39 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-19 13:39 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-31 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-31 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
.

Code:

<pre>
c:\programmi\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\programmi\Logitech\Desktop Messenger\8876480\Program\backweb-8876480 .exe
c:\programmi\SUPERAntiSpyware\superantispyware .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\hphmon05 .exe
c:\windows\system32\nerocheck .exe
c:\windows\system32\spool\drivers\w32x86\3\hpztsb09 .exe
</pre>

------- Sigcheck -------

[7] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
[7] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
[7] 2004-08-19 . 0F9AAB130D89786A59F8F93A9E23C658 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

c:\windows\System32\sfcfiles.dll ... è mancante !!
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "c:\programmi\Search_USA\tbSea1.dll" [2010-11-03 2735200]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
2010-11-03 08:17 2735200 ----a-w- c:\programmi\Search_USA\tbSea1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "c:\programmi\Search_USA\tbSea1.dll" [2010-11-03 2735200]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{48405D3D-2674-4CD8-B1EF-9A719443BD3F}"= "c:\programmi\Search_USA\tbSea1.dll" [2010-11-03 2735200]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
"RestoreDesktop"="c:\programmi\Restore Desktop\RestoreDesktop.exe" [2003-03-11 45056]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-08 39408]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]
"SmartRAM"="c:\programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-01-22 200280]
"LDM"="c:\programmi\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"nwiz"="nwiz.exe" [N/A]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Logitech Utility"="LOGI_MWX.EXE" [2003-11-07 19968]
"SmartDefrag"="c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2010-07-09 2712920]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPopUpsOnBoot"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25736:TCP"= 25736:TCP:eMule_TCP
"25745:UDP"= 25745:UDP:eMule_UDP
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows
"4662:TCP"= 4662:TCP:127.0.0.1
"4672:UDP"= 4672:UDP:127.0.0.1

R0 RVSystem;RVSystem;c:\windows\system32\drivers\rvsystem.sys [18/04/2010 20.47.10 45648]
R1 rvsmon;rvsmon;c:\windows\system32\drivers\rvsmon.sys [18/04/2010 20.47.20 264128]
R1 rvsmonn;rvsmonn;c:\windows\system32\drivers\rvsmonn1.sys [18/04/2010 20.47.23 28640]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programmi\Avira\AntiVir Desktop\avmailc.exe [27/02/2010 19.39.41 339624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [27/02/2010 19.39.45 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [27/02/2010 19.39.43 403624]
R2 rvsmonf;rvsmonf;c:\windows\system32\drivers\rvsmonf.sys [18/04/2010 20.47.22 1035080]
R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [21/01/2010 10.42.06 13568]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/05/2010 13.17.20 11520]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys --> c:\windows\system32\DRIVERS\StarPortLite.sys [?]
S2 gupdate1c98a061b8f7796;Google Update Service (gupdate1c98a061b8f7796);c:\programmi\Google\Update\GoogleUpdate.exe [08/02/2009 16.58.37 133104]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [13/07/2008 10.51.57 8192]
S2 WDDMService;WD SmartWare Drive Manager;"c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe" --> c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [?]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;"c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe" --> c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [?]
S2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 17.19.58 13592]
S3 MA8630C;MA8630C;c:\windows\system32\drivers\MA8630C.sys [07/10/2008 21.38.45 23248]
S3 MA8630M;MA8630M;c:\windows\system32\drivers\MA8630M.sys [07/10/2008 21.38.46 25428]
S3 MA8630U;MA8630U;c:\windows\system32\drivers\MA8630U.sys [07/10/2008 21.38.47 51154]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [19/08/2004 14.39.46 14336]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [19/08/2004 14.39.46 14336]
S4 ASKService;ASKService;c:\programmi\AskBarDis\bar\bin\AskService.exe [11/06/2009 14.17.58 464264]
S4 ASKUpgrade;ASKUpgrade;c:\programmi\AskBarDis\bar\bin\ASKUpgrade.exe [11/06/2009 14.18.09 234888]
S4 RVSMONBL;Returnil Virtual System Core Service;c:\windows\system32\Returnil\RVS3\rvsmon.exe [06/04/2010 16.13.18 1254800]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/03/2008 10.11.27 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-12-08 c:\windows\Tasks\CanoScan Toolbox 5.job
- c:\progra~1\Canon\CANOSC~1.0\CSTBox.exe [2009-10-16 16:54]

2010-12-13 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2010-02-07 08:01]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-08 15:58]

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-08 15:58]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1637723038-725345543-1003Core.job
- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-11-27 10:15]

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1637723038-725345543-1003UA.job
- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-11-27 10:15]

2010-12-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2010-12-11 c:\windows\Tasks\Pulitura disco.job
- c:\windows\system32\cleanmgr.exe [2004-08-19 02:14]

2010-12-11 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-11-26 17:08]

2010-12-13 c:\windows\Tasks\User_Feed_Synchronization-{20C35481-1888-41F0-BC08-CF817514C6BB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

2010-12-11 c:\windows\Tasks\WebReg 20091021182202.job
- c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe [2002-10-16 13:39]

2010-11-25 c:\windows\Tasks\Windows Update.job
- c:\windows\system32\wupdmgr.exe [2001-08-31 12:00]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/ig?source=gama&hl=it
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.foozir.com/
mSearch Bar = hxxp://www.google.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Any DVD Converter Professional_is1 - c:\programmi\AnvSoft\Any DVD Converter Professional\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-13 10:34
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8b,4e,a9,aa,a0,bb,b4,43,bb,86,30,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8b,4e,a9,aa,a0,bb,b4,43,bb,86,30,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(756)
c:\programmi\Avira\AntiVir Desktop\avsda.dll
.
Ora fine scansione: 2010-12-13 10:36:55
ComboFix-quarantined-files.txt 2010-12-13 09:36
ComboFix2.txt 2010-09-06 17:51
ComboFix3.txt 2010-06-24 22:29
ComboFix4.txt 2010-06-23 15:03
ComboFix5.txt 2010-12-13 09:18

Pre-Run: 21.244.739.584 byte disponibili
Post-Run: 21.400.080.384 byte disponibili

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - AA9A3772A436ABA7E8CB7B8BE1AC26D6
Spero che possiate come sempre darmi i buoni consigli per agire...grazie mille
Franco

fmancini

Inviato: Monday, December 13, 2010 1:26:59 PM

Rank: AiutAmico

Iscritto dal : 12/16/2006
Posts: 105

allego i log:Avira-combofix-mbam

Avira AntiVir Premium
Data del file di report: lunedì 13 dicembre 2010 12:00

Ricerca di 3140431 virus e programmi indesiderati.

Il programma funziona come versione completa e illimitata.
I servizi online sono disponibili.

Concesso in licenza a : Franco Mancini
Numero di serie : 2206520441-PEPWE-0000001
Piattaforma : Windows XP
Versione di Windows : (Service Pack 3) [5.1.2600]
Modalità di avvio : Booting eseguito regolarmente
Nome utente : SYSTEM
Nome computer : PC-FRANCO

Informazioni sulla versione:
BUILD.DAT : 10.0.0.68 35930 Bytes 01/09/2010 14:56:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 02/11/2010 15:59:43
AVSCAN.DLL : 10.0.3.0 54120 Bytes 02/11/2010 15:59:42
LUKE.DLL : 10.0.2.3 104296 Bytes 02/11/2010 16:00:49
LUKERES.DLL : 10.0.0.0 13160 Bytes 02/11/2010 16:00:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 18:27:07
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 18:27:09
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 18:27:13
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 18:27:15
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 12:11:44
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 07:15:16
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 16:31:56
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 19:42:58
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13/09/2010 14:03:31
VBASE009.VDF : 7.10.13.80 2265600 Bytes 02/11/2010 15:29:43
VBASE010.VDF : 7.10.13.81 2048 Bytes 02/11/2010 15:29:43
VBASE011.VDF : 7.10.13.82 2048 Bytes 02/11/2010 15:29:43
VBASE012.VDF : 7.10.13.83 2048 Bytes 02/11/2010 15:29:43
VBASE013.VDF : 7.10.13.116 147968 Bytes 04/11/2010 10:03:47
VBASE014.VDF : 7.10.13.147 146944 Bytes 07/11/2010 18:21:14
VBASE015.VDF : 7.10.13.180 123904 Bytes 09/11/2010 17:49:46
VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 08:40:39
VBASE017.VDF : 7.10.13.243 147456 Bytes 15/11/2010 15:49:17
VBASE018.VDF : 7.10.14.15 142848 Bytes 17/11/2010 13:47:54
VBASE019.VDF : 7.10.14.41 134144 Bytes 19/11/2010 12:57:09
VBASE020.VDF : 7.10.14.63 128000 Bytes 22/11/2010 15:40:10
VBASE021.VDF : 7.10.14.87 143872 Bytes 24/11/2010 18:24:30
VBASE022.VDF : 7.10.14.116 140800 Bytes 26/11/2010 17:08:48
VBASE023.VDF : 7.10.14.147 150528 Bytes 30/11/2010 19:36:01
VBASE024.VDF : 7.10.14.175 126464 Bytes 03/12/2010 12:23:49
VBASE025.VDF : 7.10.14.203 120320 Bytes 07/12/2010 13:14:28
VBASE026.VDF : 7.10.14.230 137216 Bytes 09/12/2010 11:36:19
VBASE027.VDF : 7.10.14.231 2048 Bytes 09/12/2010 11:36:19
VBASE028.VDF : 7.10.14.232 2048 Bytes 09/12/2010 11:36:19
VBASE029.VDF : 7.10.14.233 2048 Bytes 09/12/2010 11:36:19
VBASE030.VDF : 7.10.14.234 2048 Bytes 09/12/2010 11:36:19
VBASE031.VDF : 7.10.15.0 100352 Bytes 12/12/2010 22:20:55
Motore : 8.2.4.122
AEVDF.DLL : 8.1.2.1 106868 Bytes 11/08/2010 19:43:18
AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 02/12/2010 17:56:04
AESCN.DLL : 8.1.7.2 127349 Bytes 22/11/2010 15:40:19
AESBX.DLL : 8.1.3.2 254324 Bytes 22/11/2010 15:40:22
AERDL.DLL : 8.1.9.2 635252 Bytes 21/09/2010 16:25:09
AEPACK.DLL : 8.2.4.1 512375 Bytes 02/12/2010 17:56:03
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 22/11/2010 15:40:19
AEHEUR.DLL : 8.1.2.54 3113335 Bytes 07/12/2010 17:11:46
AEHELP.DLL : 8.1.16.0 246136 Bytes 02/12/2010 17:55:59
AEGEN.DLL : 8.1.5.0 397685 Bytes 02/12/2010 17:55:58
AEEMU.DLL : 8.1.3.0 393589 Bytes 22/11/2010 15:40:14
AECORE.DLL : 8.1.19.0 196984 Bytes 02/12/2010 17:55:56
AEBB.DLL : 8.1.1.0 53618 Bytes 23/04/2010 14:56:30
AVWINLL.DLL : 10.0.0.0 19304 Bytes 02/11/2010 15:58:54
AVPREF.DLL : 10.0.0.0 44904 Bytes 02/11/2010 15:59:41
AVREP.DLL : 10.0.0.8 62209 Bytes 02/11/2010 15:59:41
AVREG.DLL : 10.0.3.2 53096 Bytes 02/11/2010 15:59:41
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 02/11/2010 15:59:43
AVARKT.DLL : 10.0.0.14 227176 Bytes 02/11/2010 15:59:15
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 02/11/2010 15:59:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 02/11/2010 16:01:42
AVSMTP.DLL : 10.0.0.17 63848 Bytes 02/11/2010 15:59:47
NETNT.DLL : 10.0.0.0 11624 Bytes 02/11/2010 16:00:55
RCIMAGE.DLL : 10.0.0.32 2631528 Bytes 02/11/2010 15:58:58
RCTEXT.DLL : 10.0.58.0 98664 Bytes 02/11/2010 15:58:58

Impostazioni di configurazione per la scansione attuale:
Nome del job................................: Hard Disk locali
File di configurazione......................: C:\Programmi\Avira\AntiVir Desktop\alldiscs.avp
Report......................................: basso
Azione primaria.............................: interattivo
Azione secondaria...........................: ignora
Scansione dei record master di avvio........: Attivo
Scansiona record di avvio...................: Attivo
Record di avvio.............................: C:, D:,
Scansione dei programmi attivi..............: Attivo
Scansiona la registrazione..................: Attivo
Cerca Rootkits..............................: Attivo
Controllo di integrità dei file di sistema..: Non attivo
Modalità di scansione file..................: Tutti i file
Scansione degli archivi.....................: Attivo
Limita la profondità di ricorsione..........: 20
Archivio estensioni Smart...................: Attivo
Macro euristico.............................: Attivo
File euristico..............................: medio
Categorie irregolari delle minacce..........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Avvio della scansione: lunedì 13 dicembre 2010 12:00

È stata avviata la scansione per accertare la presenza di oggetti nascosti.

Fine della scansione: lunedì 13 dicembre 2010 13:12
Tempo impiegato: 1:11:41 Ora(e)

La scansione è stata annullata!

0 Directory scansionate
0 I file sono stati scansionati
0 Rilevati virus e/o programmi indesiderati
0 I file sono stati classificati come sospetti
0 I file sono stati eliminati
0 I virus o i programmi indesiderati sono stati riparati
0 File spostati in quarantena
0 File rinominati
0 Impossibile scansionare i file
0 File non infetti
0 Archivi scansionati
0 Avvisi
0 Note

ComboFix 10-12-12.03 - Franco 13/12/2010 10.27.26.8.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.959.547 [GMT 1:00]
Eseguito da: c:\documents and settings\Franco\Desktop\Antivirus.Spyw.Pulizia.Defr\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
AV: AntiVir Desktop *Disabled/Updated* {0013F2B4-5CE9-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD0EC-FFA4-00EB-0D24-347CA8A3377C}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Franco\Dati applicazioni\.#
c:\documents and settings\Franco\Dati applicazioni\.#\MBX@100@383FE0.###
c:\documents and settings\Franco\Dati applicazioni\.#\MBX@100@384010.###
c:\documents and settings\Franco\Dati applicazioni\.#\MBX@4A8@383FE0.###
c:\documents and settings\Franco\Dati applicazioni\.#\MBX@4A8@384010.###
c:\windows\system32\arp.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-11-13 al 2010-12-13 )))))))))))))))))))))))))))))))))))
.

2010-12-12 23:05 . 2010-12-12 23:05 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-11 21:21 . 2010-12-11 21:40 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-12-11 21:16 . 2010-12-11 21:16 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-12-11 21:16 . 2010-12-11 21:16 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-12-11 21:16 . 2010-12-11 21:16 2 --shatr- c:\windows\winstart.bat
2010-12-11 21:16 . 2010-11-11 11:44 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-12-11 21:16 . 2010-12-12 23:05 -------- d-----w- c:\programmi\UnHackMe
2010-12-11 20:37 . 2010-12-11 20:37 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\ServiceTest
2010-12-11 18:43 . 2010-12-11 19:00 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Adobe
2010-12-11 11:11 . 2010-12-11 11:12 -------- d-----w- c:\programmi\Support Tools
2010-12-11 11:10 . 2010-12-11 11:10 -------- d-----w- c:\programmi\Application Compatibility Toolkit
2010-12-01 10:58 . 2010-12-01 10:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Driver Whiz
2010-11-30 15:11 . 2010-12-05 17:20 -------- d-----w- c:\programmi\softendo.com
2010-11-30 14:56 . 2007-04-04 17:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-11-30 14:54 . 2010-12-04 22:14 -------- d-----w- c:\windows\Logs
2010-11-27 10:15 . 2010-11-27 10:15 -------- d-----w- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Deployment
2010-11-26 18:35 . 2010-11-26 18:35 -------- d-----w- c:\documents and settings\All Users\Uniblue
2010-11-22 15:37 . 2010-11-22 15:37 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2010-11-21 19:33 . 2010-11-21 19:33 -------- d-----w- c:\programmi\File comuni\SWF Studio
2010-11-17 13:50 . 2010-11-17 13:50 -------- d-----w- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\PackageAware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 19:50 . 2010-06-04 08:11 43672 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2010-11-29 16:42 . 2008-10-19 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 16:42 . 2008-10-19 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-02 16:02 . 2010-02-27 18:39 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-02 16:02 . 2010-02-27 18:39 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-02 16:02 . 2010-02-22 17:02 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-18 10:23 . 2004-08-19 13:39 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-19 13:39 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-31 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-31 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
.

Code:

<pre>
c:\programmi\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\programmi\Logitech\Desktop Messenger\8876480\Program\backweb-8876480 .exe
c:\programmi\SUPERAntiSpyware\superantispyware .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\hphmon05 .exe
c:\windows\system32\nerocheck .exe
c:\windows\system32\spool\drivers\w32x86\3\hpztsb09 .exe
</pre>

------- Sigcheck -------

[7] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
[7] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
[7] 2004-08-19 . 0F9AAB130D89786A59F8F93A9E23C658 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

c:\windows\System32\sfcfiles.dll ... è mancante !!
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "c:\programmi\Search_USA\tbSea1.dll" [2010-11-03 2735200]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
2010-11-03 08:17 2735200 ----a-w- c:\programmi\Search_USA\tbSea1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "c:\programmi\Search_USA\tbSea1.dll" [2010-11-03 2735200]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{48405D3D-2674-4CD8-B1EF-9A719443BD3F}"= "c:\programmi\Search_USA\tbSea1.dll" [2010-11-03 2735200]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
"RestoreDesktop"="c:\programmi\Restore Desktop\RestoreDesktop.exe" [2003-03-11 45056]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-08 39408]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]
"SmartRAM"="c:\programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-01-22 200280]
"LDM"="c:\programmi\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"nwiz"="nwiz.exe" [N/A]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Logitech Utility"="LOGI_MWX.EXE" [2003-11-07 19968]
"SmartDefrag"="c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2010-07-09 2712920]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPopUpsOnBoot"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25736:TCP"= 25736:TCP:eMule_TCP
"25745:UDP"= 25745:UDP:eMule_UDP
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows
"4662:TCP"= 4662:TCP:127.0.0.1
"4672:UDP"= 4672:UDP:127.0.0.1

R0 RVSystem;RVSystem;c:\windows\system32\drivers\rvsystem.sys [18/04/2010 20.47.10 45648]
R1 rvsmon;rvsmon;c:\windows\system32\drivers\rvsmon.sys [18/04/2010 20.47.20 264128]
R1 rvsmonn;rvsmonn;c:\windows\system32\drivers\rvsmonn1.sys [18/04/2010 20.47.23 28640]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programmi\Avira\AntiVir Desktop\avmailc.exe [27/02/2010 19.39.41 339624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [27/02/2010 19.39.45 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [27/02/2010 19.39.43 403624]
R2 rvsmonf;rvsmonf;c:\windows\system32\drivers\rvsmonf.sys [18/04/2010 20.47.22 1035080]
R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [21/01/2010 10.42.06 13568]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/05/2010 13.17.20 11520]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys --> c:\windows\system32\DRIVERS\StarPortLite.sys [?]
S2 gupdate1c98a061b8f7796;Google Update Service (gupdate1c98a061b8f7796);c:\programmi\Google\Update\GoogleUpdate.exe [08/02/2009 16.58.37 133104]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [13/07/2008 10.51.57 8192]
S2 WDDMService;WD SmartWare Drive Manager;"c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe" --> c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [?]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;"c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe" --> c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [?]
S2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 17.19.58 13592]
S3 MA8630C;MA8630C;c:\windows\system32\drivers\MA8630C.sys [07/10/2008 21.38.45 23248]
S3 MA8630M;MA8630M;c:\windows\system32\drivers\MA8630M.sys [07/10/2008 21.38.46 25428]
S3 MA8630U;MA8630U;c:\windows\system32\drivers\MA8630U.sys [07/10/2008 21.38.47 51154]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [19/08/2004 14.39.46 14336]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [19/08/2004 14.39.46 14336]
S4 ASKService;ASKService;c:\programmi\AskBarDis\bar\bin\AskService.exe [11/06/2009 14.17.58 464264]
S4 ASKUpgrade;ASKUpgrade;c:\programmi\AskBarDis\bar\bin\ASKUpgrade.exe [11/06/2009 14.18.09 234888]
S4 RVSMONBL;Returnil Virtual System Core Service;c:\windows\system32\Returnil\RVS3\rvsmon.exe [06/04/2010 16.13.18 1254800]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/03/2008 10.11.27 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-12-08 c:\windows\Tasks\CanoScan Toolbox 5.job
- c:\progra~1\Canon\CANOSC~1.0\CSTBox.exe [2009-10-16 16:54]

2010-12-13 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2010-02-07 08:01]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-08 15:58]

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-08 15:58]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1637723038-725345543-1003Core.job
- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-11-27 10:15]

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1637723038-725345543-1003UA.job
- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-11-27 10:15]

2010-12-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2010-12-11 c:\windows\Tasks\Pulitura disco.job
- c:\windows\system32\cleanmgr.exe [2004-08-19 02:14]

2010-12-11 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-11-26 17:08]

2010-12-13 c:\windows\Tasks\User_Feed_Synchronization-{20C35481-1888-41F0-BC08-CF817514C6BB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

2010-12-11 c:\windows\Tasks\WebReg 20091021182202.job
- c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe [2002-10-16 13:39]

2010-11-25 c:\windows\Tasks\Windows Update.job
- c:\windows\system32\wupdmgr.exe [2001-08-31 12:00]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/ig?source=gama&hl=it
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.foozir.com/
mSearch Bar = hxxp://www.google.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Any DVD Converter Professional_is1 - c:\programmi\AnvSoft\Any DVD Converter Professional\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-13 10:34
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8b,4e,a9,aa,a0,bb,b4,43,bb,86,30,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8b,4e,a9,aa,a0,bb,b4,43,bb,86,30,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(756)
c:\programmi\Avira\AntiVir Desktop\avsda.dll
.
Ora fine scansione: 2010-12-13 10:36:55
ComboFix-quarantined-files.txt 2010-12-13 09:36
ComboFix2.txt 2010-09-06 17:51
ComboFix3.txt 2010-06-24 22:29
ComboFix4.txt 2010-06-23 15:03
ComboFix5.txt 2010-12-13 09:18

Pre-Run: 21.244.739.584 byte disponibili
Post-Run: 21.400.080.384 byte disponibili

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - AA9A3772A436ABA7E8CB7B8BE1AC26D6
ComboFix 10-12-12.03 - Franco 13/12/2010 10.27.26.8.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.959.547 [GMT 1:00]
Eseguito da: c:\documents and settings\Franco\Desktop\Antivirus.Spyw.Pulizia.Defr\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
AV: AntiVir Desktop *Disabled/Updated* {0013F2B4-5CE9-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD0EC-FFA4-00EB-0D24-347CA8A3377C}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Franco\Dati applicazioni\.#
c:\documents and settings\Franco\Dati applicazioni\.#\MBX@100@383FE0.###
c:\documents and settings\Franco\Dati applicazioni\.#\MBX@100@384010.###
c:\documents and settings\Franco\Dati applicazioni\.#\MBX@4A8@383FE0.###
c:\documents and settings\Franco\Dati applicazioni\.#\MBX@4A8@384010.###
c:\windows\system32\arp.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-11-13 al 2010-12-13 )))))))))))))))))))))))))))))))))))
.

2010-12-12 23:05 . 2010-12-12 23:05 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-11 21:21 . 2010-12-11 21:40 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-12-11 21:16 . 2010-12-11 21:16 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-12-11 21:16 . 2010-12-11 21:16 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-12-11 21:16 . 2010-12-11 21:16 2 --shatr- c:\windows\winstart.bat
2010-12-11 21:16 . 2010-11-11 11:44 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-12-11 21:16 . 2010-12-12 23:05 -------- d-----w- c:\programmi\UnHackMe
2010-12-11 20:37 . 2010-12-11 20:37 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\ServiceTest
2010-12-11 18:43 . 2010-12-11 19:00 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Adobe
2010-12-11 11:11 . 2010-12-11 11:12 -------- d-----w- c:\programmi\Support Tools
2010-12-11 11:10 . 2010-12-11 11:10 -------- d-----w- c:\programmi\Application Compatibility Toolkit
2010-12-01 10:58 . 2010-12-01 10:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Driver Whiz
2010-11-30 15:11 . 2010-12-05 17:20 -------- d-----w- c:\programmi\softendo.com
2010-11-30 14:56 . 2007-04-04 17:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-11-30 14:54 . 2010-12-04 22:14 -------- d-----w- c:\windows\Logs
2010-11-27 10:15 . 2010-11-27 10:15 -------- d-----w- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Deployment
2010-11-26 18:35 . 2010-11-26 18:35 -------- d-----w- c:\documents and settings\All Users\Uniblue
2010-11-22 15:37 . 2010-11-22 15:37 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2010-11-21 19:33 . 2010-11-21 19:33 -------- d-----w- c:\programmi\File comuni\SWF Studio
2010-11-17 13:50 . 2010-11-17 13:50 -------- d-----w- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\PackageAware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 19:50 . 2010-06-04 08:11 43672 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2010-11-29 16:42 . 2008-10-19 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 16:42 . 2008-10-19 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-02 16:02 . 2010-02-27 18:39 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-02 16:02 . 2010-02-27 18:39 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-02 16:02 . 2010-02-22 17:02 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-18 10:23 . 2004-08-19 13:39 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-19 13:39 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-31 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-31 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
.

Code:

<pre>
c:\programmi\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\programmi\Logitech\Desktop Messenger\8876480\Program\backweb-8876480 .exe
c:\programmi\SUPERAntiSpyware\superantispyware .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\hphmon05 .exe
c:\windows\system32\nerocheck .exe
c:\windows\system32\spool\drivers\w32x86\3\hpztsb09 .exe
</pre>

------- Sigcheck -------

[7] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
[7] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
[7] 2004-08-19 . 0F9AAB130D89786A59F8F93A9E23C658 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

c:\windows\System32\sfcfiles.dll ... è mancante !!
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "c:\programmi\Search_USA\tbSea1.dll" [2010-11-03 2735200]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
2010-11-03 08:17 2735200 ----a-w- c:\programmi\Search_USA\tbSea1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "c:\programmi\Search_USA\tbSea1.dll" [2010-11-03 2735200]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{48405D3D-2674-4CD8-B1EF-9A719443BD3F}"= "c:\programmi\Search_USA\tbSea1.dll" [2010-11-03 2735200]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
"RestoreDesktop"="c:\programmi\Restore Desktop\RestoreDesktop.exe" [2003-03-11 45056]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-08 39408]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]
"SmartRAM"="c:\programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-01-22 200280]
"LDM"="c:\programmi\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"nwiz"="nwiz.exe" [N/A]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Logitech Utility"="LOGI_MWX.EXE" [2003-11-07 19968]
"SmartDefrag"="c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2010-07-09 2712920]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPopUpsOnBoot"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25736:TCP"= 25736:TCP:eMule_TCP
"25745:UDP"= 25745:UDP:eMule_UDP
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows
"4662:TCP"= 4662:TCP:127.0.0.1
"4672:UDP"= 4672:UDP:127.0.0.1

R0 RVSystem;RVSystem;c:\windows\system32\drivers\rvsystem.sys [18/04/2010 20.47.10 45648]
R1 rvsmon;rvsmon;c:\windows\system32\drivers\rvsmon.sys [18/04/2010 20.47.20 264128]
R1 rvsmonn;rvsmonn;c:\windows\system32\drivers\rvsmonn1.sys [18/04/2010 20.47.23 28640]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programmi\Avira\AntiVir Desktop\avmailc.exe [27/02/2010 19.39.41 339624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [27/02/2010 19.39.45 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [27/02/2010 19.39.43 403624]
R2 rvsmonf;rvsmonf;c:\windows\system32\drivers\rvsmonf.sys [18/04/2010 20.47.22 1035080]
R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [21/01/2010 10.42.06 13568]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/05/2010 13.17.20 11520]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys --> c:\windows\system32\DRIVERS\StarPortLite.sys [?]
S2 gupdate1c98a061b8f7796;Google Update Service (gupdate1c98a061b8f7796);c:\programmi\Google\Update\GoogleUpdate.exe [08/02/2009 16.58.37 133104]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [13/07/2008 10.51.57 8192]
S2 WDDMService;WD SmartWare Drive Manager;"c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe" --> c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [?]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;"c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe" --> c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [?]
S2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 17.19.58 13592]
S3 MA8630C;MA8630C;c:\windows\system32\drivers\MA8630C.sys [07/10/2008 21.38.45 23248]
S3 MA8630M;MA8630M;c:\windows\system32\drivers\MA8630M.sys [07/10/2008 21.38.46 25428]
S3 MA8630U;MA8630U;c:\windows\system32\drivers\MA8630U.sys [07/10/2008 21.38.47 51154]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [19/08/2004 14.39.46 14336]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [19/08/2004 14.39.46 14336]
S4 ASKService;ASKService;c:\programmi\AskBarDis\bar\bin\AskService.exe [11/06/2009 14.17.58 464264]
S4 ASKUpgrade;ASKUpgrade;c:\programmi\AskBarDis\bar\bin\ASKUpgrade.exe [11/06/2009 14.18.09 234888]
S4 RVSMONBL;Returnil Virtual System Core Service;c:\windows\system32\Returnil\RVS3\rvsmon.exe [06/04/2010 16.13.18 1254800]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/03/2008 10.11.27 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-12-08 c:\windows\Tasks\CanoScan Toolbox 5.job
- c:\progra~1\Canon\CANOSC~1.0\CSTBox.exe [2009-10-16 16:54]

2010-12-13 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2010-02-07 08:01]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-08 15:58]

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-08 15:58]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1637723038-725345543-1003Core.job
- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-11-27 10:15]

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1637723038-725345543-1003UA.job
- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-11-27 10:15]

2010-12-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2010-12-11 c:\windows\Tasks\Pulitura disco.job
- c:\windows\system32\cleanmgr.exe [2004-08-19 02:14]

2010-12-11 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-11-26 17:08]

2010-12-13 c:\windows\Tasks\User_Feed_Synchronization-{20C35481-1888-41F0-BC08-CF817514C6BB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

2010-12-11 c:\windows\Tasks\WebReg 20091021182202.job
- c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe [2002-10-16 13:39]

2010-11-25 c:\windows\Tasks\Windows Update.job
- c:\windows\system32\wupdmgr.exe [2001-08-31 12:00]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/ig?source=gama&hl=it
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.foozir.com/
mSearch Bar = hxxp://www.google.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Any DVD Converter Professional_is1 - c:\programmi\AnvSoft\Any DVD Converter Professional\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-13 10:34
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8b,4e,a9,aa,a0,bb,b4,43,bb,86,30,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8b,4e,a9,aa,a0,bb,b4,43,bb,86,30,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(756)
c:\programmi\Avira\AntiVir Desktop\avsda.dll
.
Ora fine scansione: 2010-12-13 10:36:55
ComboFix-quarantined-files.txt 2010-12-13 09:36
ComboFix2.txt 2010-09-06 17:51
ComboFix3.txt 2010-06-24 22:29
ComboFix4.txt 2010-06-23 15:03
ComboFix5.txt 2010-12-13 09:18

Pre-Run: 21.244.739.584 byte disponibili
Post-Run: 21.400.080.384 byte disponibili

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - AA9A3772A436ABA7E8CB7B8BE1AC26D6
ComboFix 10-12-12.03 - Franco 13/12/2010 10.27.26.8.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.959.547 [GMT 1:00]
Eseguito da: c:\documents and settings\Franco\Desktop\Antivirus.Spyw.Pulizia.Defr\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
AV: AntiVir Desktop *Disabled/Updated* {0013F2B4-5CE9-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD0EC-FFA4-00EB-0D24-347CA8A3377C}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Franco\Dati applicazioni\.#
c:\documents and settings\Franco\Dati applicazioni\.#\MBX@100@383FE0.###
c:\documents and settings\Franco\Dati applicazioni\.#\MBX@100@384010.###
c:\documents and settings\Franco\Dati applicazioni\.#\MBX@4A8@383FE0.###
c:\documents and settings\Franco\Dati applicazioni\.#\MBX@4A8@384010.###
c:\windows\system32\arp.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-11-13 al 2010-12-13 )))))))))))))))))))))))))))))))))))
.

2010-12-12 23:05 . 2010-12-12 23:05 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-11 21:21 . 2010-12-11 21:40 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-12-11 21:16 . 2010-12-11 21:16 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-12-11 21:16 . 2010-12-11 21:16 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-12-11 21:16 . 2010-12-11 21:16 2 --shatr- c:\windows\winstart.bat
2010-12-11 21:16 . 2010-11-11 11:44 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-12-11 21:16 . 2010-12-12 23:05 -------- d-----w- c:\programmi\UnHackMe
2010-12-11 20:37 . 2010-12-11 20:37 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\ServiceTest
2010-12-11 18:43 . 2010-12-11 19:00 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Adobe
2010-12-11 11:11 . 2010-12-11 11:12 -------- d-----w- c:\programmi\Support Tools
2010-12-11 11:10 . 2010-12-11 11:10 -------- d-----w- c:\programmi\Application Compatibility Toolkit
2010-12-01 10:58 . 2010-12-01 10:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Driver Whiz
2010-11-30 15:11 . 2010-12-05 17:20 -------- d-----w- c:\programmi\softendo.com
2010-11-30 14:56 . 2007-04-04 17:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-11-30 14:54 . 2010-12-04 22:14 -------- d-----w- c:\windows\Logs
2010-11-27 10:15 . 2010-11-27 10:15 -------- d-----w- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Deployment
2010-11-26 18:35 . 2010-11-26 18:35 -------- d-----w- c:\documents and settings\All Users\Uniblue
2010-11-22 15:37 . 2010-11-22 15:37 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2010-11-21 19:33 . 2010-11-21 19:33 -------- d-----w- c:\programmi\File comuni\SWF Studio
2010-11-17 13:50 . 2010-11-17 13:50 -------- d-----w- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\PackageAware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 19:50 . 2010-06-04 08:11 43672 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2010-11-29 16:42 . 2008-10-19 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 16:42 . 2008-10-19 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-02 16:02 . 2010-02-27 18:39 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-02 16:02 . 2010-02-27 18:39 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-02 16:02 . 2010-02-22 17:02 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-18 10:23 . 2004-08-19 13:39 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-19 13:39 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-31 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-31 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
.

Code:

<pre>
c:\programmi\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\programmi\Logitech\Desktop Messenger\8876480\Program\backweb-8876480 .exe
c:\programmi\SUPERAntiSpyware\superantispyware .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\hphmon05 .exe
c:\windows\system32\nerocheck .exe
c:\windows\system32\spool\drivers\w32x86\3\hpztsb09 .exe
</pre>

------- Sigcheck -------

[7] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
[7] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
[7] 2004-08-19 . 0F9AAB130D89786A59F8F93A9E23C658 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

c:\windows\System32\sfcfiles.dll ... è mancante !!
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "c:\programmi\Search_USA\tbSea1.dll" [2010-11-03 2735200]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
2010-11-03 08:17 2735200 ----a-w- c:\programmi\Search_USA\tbSea1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "c:\programmi\Search_USA\tbSea1.dll" [2010-11-03 2735200]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{48405D3D-2674-4CD8-B1EF-9A719443BD3F}"= "c:\programmi\Search_USA\tbSea1.dll" [2010-11-03 2735200]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
"RestoreDesktop"="c:\programmi\Restore Desktop\RestoreDesktop.exe" [2003-03-11 45056]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-08 39408]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]
"SmartRAM"="c:\programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-01-22 200280]
"LDM"="c:\programmi\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"nwiz"="nwiz.exe" [N/A]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Logitech Utility"="LOGI_MWX.EXE" [2003-11-07 19968]
"SmartDefrag"="c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2010-07-09 2712920]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPopUpsOnBoot"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25736:TCP"= 25736:TCP:eMule_TCP
"25745:UDP"= 25745:UDP:eMule_UDP
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows
"4662:TCP"= 4662:TCP:127.0.0.1
"4672:UDP"= 4672:UDP:127.0.0.1

R0 RVSystem;RVSystem;c:\windows\system32\drivers\rvsystem.sys [18/04/2010 20.47.10 45648]
R1 rvsmon;rvsmon;c:\windows\system32\drivers\rvsmon.sys [18/04/2010 20.47.20 264128]
R1 rvsmonn;rvsmonn;c:\windows\system32\drivers\rvsmonn1.sys [18/04/2010 20.47.23 28640]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programmi\Avira\AntiVir Desktop\avmailc.exe [27/02/2010 19.39.41 339624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [27/02/2010 19.39.45 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [27/02/2010 19.39.43 403624]
R2 rvsmonf;rvsmonf;c:\windows\system32\drivers\rvsmonf.sys [18/04/2010 20.47.22 1035080]
R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [21/01/2010 10.42.06 13568]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/05/2010 13.17.20 11520]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys --> c:\windows\system32\DRIVERS\StarPortLite.sys [?]
S2 gupdate1c98a061b8f7796;Google Update Service (gupdate1c98a061b8f7796);c:\programmi\Google\Update\GoogleUpdate.exe [08/02/2009 16.58.37 133104]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [13/07/2008 10.51.57 8192]
S2 WDDMService;WD SmartWare Drive Manager;"c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe" --> c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [?]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;"c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe" --> c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [?]
S2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 17.19.58 13592]
S3 MA8630C;MA8630C;c:\windows\system32\drivers\MA8630C.sys [07/10/2008 21.38.45 23248]
S3 MA8630M;MA8630M;c:\windows\system32\drivers\MA8630M.sys [07/10/2008 21.38.46 25428]
S3 MA8630U;MA8630U;c:\windows\system32\drivers\MA8630U.sys [07/10/2008 21.38.47 51154]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [19/08/2004 14.39.46 14336]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [19/08/2004 14.39.46 14336]
S4 ASKService;ASKService;c:\programmi\AskBarDis\bar\bin\AskService.exe [11/06/2009 14.17.58 464264]
S4 ASKUpgrade;ASKUpgrade;c:\programmi\AskBarDis\bar\bin\ASKUpgrade.exe [11/06/2009 14.18.09 234888]
S4 RVSMONBL;Returnil Virtual System Core Service;c:\windows\system32\Returnil\RVS3\rvsmon.exe [06/04/2010 16.13.18 1254800]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/03/2008 10.11.27 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-12-08 c:\windows\Tasks\CanoScan Toolbox 5.job
- c:\progra~1\Canon\CANOSC~1.0\CSTBox.exe [2009-10-16 16:54]

2010-12-13 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2010-02-07 08:01]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-08 15:58]

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-08 15:58]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1637723038-725345543-1003Core.job
- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-11-27 10:15]

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1637723038-725345543-1003UA.job
- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-11-27 10:15]

2010-12-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2010-12-11 c:\windows\Tasks\Pulitura disco.job
- c:\windows\system32\cleanmgr.exe [2004-08-19 02:14]

2010-12-11 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-11-26 17:08]

2010-12-13 c:\windows\Tasks\User_Feed_Synchronization-{20C35481-1888-41F0-BC08-CF817514C6BB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

2010-12-11 c:\windows\Tasks\WebReg 20091021182202.job
- c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe [2002-10-16 13:39]

2010-11-25 c:\windows\Tasks\Windows Update.job
- c:\windows\system32\wupdmgr.exe [2001-08-31 12:00]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/ig?source=gama&hl=it
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.foozir.com/
mSearch Bar = hxxp://www.google.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Any DVD Converter Professional_is1 - c:\programmi\AnvSoft\Any DVD Converter Professional\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-13 10:34
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8b,4e,a9,aa,a0,bb,b4,43,bb,86,30,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8b,4e,a9,aa,a0,bb,b4,43,bb,86,30,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(756)
c:\programmi\Avira\AntiVir Desktop\avsda.dll
.
Ora fine scansione: 2010-12-13 10:36:55
ComboFix-quarantined-files.txt 2010-12-13 09:36
ComboFix2.txt 2010-09-06 17:51
ComboFix3.txt 2010-06-24 22:29
ComboFix4.txt 2010-06-23 15:03
ComboFix5.txt 2010-12-13 09:18

Pre-Run: 21.244.739.584 byte disponibili
Post-Run: 21.400.080.384 byte disponibili

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - AA9A3772A436ABA7E8CB7B8BE1AC26D6
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Versione database: 5304

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13/12/2010 12.08.19
mbam-log-2010-12-13 (12-08-19).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 240172
Tempo trascorso: 1 ore, 20 minuti, 34 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)

fmancini

Inviato: Monday, December 13, 2010 2:17:24 PM

Rank: AiutAmico

Iscritto dal : 12/16/2006
Posts: 105

scusate ma ho mandato troppo materiale.....!!!!!
grazie e in ogni caso i migliori auguri di buone feste a tutti voi e famiglie..ne abbiamo bisogno!
Franco

himaco

Inviato: Monday, December 13, 2010 2:38:34 PM

Rank: AiutAmico

Iscritto dal : 12/7/2010
Posts: 269

Ciao Franco. Buone feste anche a te, in primis.
Poi, passiamo ai fatti:
Disinstalla UnHackMe

Start - Esegui e digita:
notepad.exe
● clicca su Ok
● copia ed incolla le righe qui sotto, senza saltarne nessuna:

Code:

RegLock::

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

● le incolli all'interno dell'editor di testo Notepad
● clicca in alto su File
● nel menù che vedi scegli Salva con nome
● controlla che in alto, dove c'è scritto Salva in, sia selezionato Desktop
● in Nome file se trovi selezionato .txt lo cancelli, e scrivi CFScript.txt
● clicca Salva
● adesso, sul Desktop, trovi il file di testo
● con il tasto sinistro del mouse, lo trascini sopra l'icona di Combofix, lo rilasci, e parte la scansione di Combofix
● non toccare più ne' mouse ne' tastiera, finché non è finita
● se il sistema non si riavvia da solo, riavvialo tu
● a questo punta allega il log di Combofix

fmancini

Inviato: Monday, December 13, 2010 3:31:09 PM

Rank: AiutAmico

Iscritto dal : 12/16/2006
Posts: 105

grazie ed ecco il log di combifix
ComboFix 10-12-12.03 - Franco 13/12/2010 15.11.42.9.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.959.476 [GMT 1:00]
Eseguito da: c:\documents and settings\Franco\Desktop\Antivirus.Spyw.Pulizia.Defr\ComboFix.exe
Opzioni usate :: c:\documents and settings\Franco\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {0013F2B4-5CE9-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD0EC-FFA4-00EB-0D24-347CA8A3377C}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-11-13 al 2010-12-13 )))))))))))))))))))))))))))))))))))
.

2010-12-12 23:05 . 2010-12-12 23:05 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-11 21:16 . 2010-12-11 21:16 2 --shatr- c:\windows\winstart.bat
2010-12-11 21:16 . 2010-12-13 14:05 -------- d-----w- c:\programmi\UnHackMe
2010-12-11 20:37 . 2010-12-11 20:37 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\ServiceTest
2010-12-11 18:43 . 2010-12-11 19:00 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Adobe
2010-12-11 11:11 . 2010-12-11 11:12 -------- d-----w- c:\programmi\Support Tools
2010-12-11 11:10 . 2010-12-11 11:10 -------- d-----w- c:\programmi\Application Compatibility Toolkit
2010-12-01 10:58 . 2010-12-01 10:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Driver Whiz
2010-11-30 15:11 . 2010-12-05 17:20 -------- d-----w- c:\programmi\softendo.com
2010-11-30 14:56 . 2007-04-04 17:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-11-30 14:54 . 2010-12-04 22:14 -------- d-----w- c:\windows\Logs
2010-11-27 10:15 . 2010-11-27 10:15 -------- d-----w- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Deployment
2010-11-26 18:35 . 2010-11-26 18:35 -------- d-----w- c:\documents and settings\All Users\Uniblue
2010-11-22 15:37 . 2010-11-22 15:37 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2010-11-21 19:33 . 2010-11-21 19:33 -------- d-----w- c:\programmi\File comuni\SWF Studio
2010-11-17 13:50 . 2010-11-17 13:50 -------- d-----w- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\PackageAware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 19:50 . 2010-06-04 08:11 43672 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2010-11-29 16:42 . 2008-10-19 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 16:42 . 2008-10-19 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-02 16:02 . 2010-02-27 18:39 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-02 16:02 . 2010-02-27 18:39 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-02 16:02 . 2010-02-22 17:02 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-18 10:23 . 2004-08-19 13:39 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-19 13:39 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-31 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-31 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
.

Code:

<pre>
c:\programmi\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\programmi\Logitech\Desktop Messenger\8876480\Program\backweb-8876480 .exe
c:\programmi\SUPERAntiSpyware\superantispyware .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\hphmon05 .exe
c:\windows\system32\nerocheck .exe
c:\windows\system32\spool\drivers\w32x86\3\hpztsb09 .exe
</pre>

------- Sigcheck -------

[7] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
[7] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
[7] 2004-08-19 . 0F9AAB130D89786A59F8F93A9E23C658 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

c:\windows\System32\sfcfiles.dll ... è mancante !!
.
((((((((((((((((((((((((((((( SnapShot@2010-12-13_09.34.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-13 09:44 . 2010-12-13 09:44 16384 c:\windows\Temp\Perflib_Perfdata_7c0.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "c:\programmi\Search_USA\tbSea1.dll" [2010-11-03 2735200]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
2010-11-03 08:17 2735200 ----a-w- c:\programmi\Search_USA\tbSea1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "c:\programmi\Search_USA\tbSea1.dll" [2010-11-03 2735200]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{48405D3D-2674-4CD8-B1EF-9A719443BD3F}"= "c:\programmi\Search_USA\tbSea1.dll" [2010-11-03 2735200]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
"RestoreDesktop"="c:\programmi\Restore Desktop\RestoreDesktop.exe" [2003-03-11 45056]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-08 39408]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]
"SmartRAM"="c:\programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-01-22 200280]
"LDM"="c:\programmi\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"nwiz"="nwiz.exe" [N/A]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Logitech Utility"="LOGI_MWX.EXE" [2003-11-07 19968]
"SmartDefrag"="c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2010-07-09 2712920]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPopUpsOnBoot"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25736:TCP"= 25736:TCP:eMule_TCP
"25745:UDP"= 25745:UDP:eMule_UDP
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows
"4662:TCP"= 4662:TCP:127.0.0.1
"4672:UDP"= 4672:UDP:127.0.0.1

R0 RVSystem;RVSystem;c:\windows\system32\drivers\rvsystem.sys [18/04/2010 20.47.10 45648]
R1 rvsmon;rvsmon;c:\windows\system32\drivers\rvsmon.sys [18/04/2010 20.47.20 264128]
R1 rvsmonn;rvsmonn;c:\windows\system32\drivers\rvsmonn1.sys [18/04/2010 20.47.23 28640]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programmi\Avira\AntiVir Desktop\avmailc.exe [27/02/2010 19.39.41 339624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [27/02/2010 19.39.45 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [27/02/2010 19.39.43 403624]
R2 rvsmonf;rvsmonf;c:\windows\system32\drivers\rvsmonf.sys [18/04/2010 20.47.22 1035080]
R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [21/01/2010 10.42.06 13568]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/05/2010 13.17.20 11520]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys --> c:\windows\system32\DRIVERS\StarPortLite.sys [?]
S2 gupdate1c98a061b8f7796;Google Update Service (gupdate1c98a061b8f7796);c:\programmi\Google\Update\GoogleUpdate.exe [08/02/2009 16.58.37 133104]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [13/07/2008 10.51.57 8192]
S2 WDDMService;WD SmartWare Drive Manager;"c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe" --> c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [?]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;"c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe" --> c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [?]
S2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 17.19.58 13592]
S3 MA8630C;MA8630C;c:\windows\system32\drivers\MA8630C.sys [07/10/2008 21.38.45 23248]
S3 MA8630M;MA8630M;c:\windows\system32\drivers\MA8630M.sys [07/10/2008 21.38.46 25428]
S3 MA8630U;MA8630U;c:\windows\system32\drivers\MA8630U.sys [07/10/2008 21.38.47 51154]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [19/08/2004 14.39.46 14336]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [19/08/2004 14.39.46 14336]
S4 ASKService;ASKService;c:\programmi\AskBarDis\bar\bin\AskService.exe [11/06/2009 14.17.58 464264]
S4 ASKUpgrade;ASKUpgrade;c:\programmi\AskBarDis\bar\bin\ASKUpgrade.exe [11/06/2009 14.18.09 234888]
S4 RVSMONBL;Returnil Virtual System Core Service;c:\windows\system32\Returnil\RVS3\rvsmon.exe [06/04/2010 16.13.18 1254800]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/03/2008 10.11.27 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-12-08 c:\windows\Tasks\CanoScan Toolbox 5.job
- c:\progra~1\Canon\CANOSC~1.0\CSTBox.exe [2009-10-16 16:54]

2010-12-13 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2010-02-07 08:01]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-08 15:58]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-08 15:58]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1637723038-725345543-1003Core.job
- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-11-27 10:15]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1637723038-725345543-1003UA.job
- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-11-27 10:15]

2010-12-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2010-12-13 c:\windows\Tasks\Pulitura disco.job
- c:\windows\system32\cleanmgr.exe [2004-08-19 02:14]

2010-12-13 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-11-26 17:08]

2010-12-13 c:\windows\Tasks\User_Feed_Synchronization-{20C35481-1888-41F0-BC08-CF817514C6BB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

2010-12-11 c:\windows\Tasks\WebReg 20091021182202.job
- c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe [2002-10-16 13:39]

2010-11-25 c:\windows\Tasks\Windows Update.job
- c:\windows\system32\wupdmgr.exe [2001-08-31 12:00]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/ig?source=gama&hl=it
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.foozir.com/
mSearch Bar = hxxp://www.google.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-13 15:21
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(756)
c:\programmi\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(2280)
c:\windows\system32\WININET.dll
c:\programmi\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-12-13 15:24:43
ComboFix-quarantined-files.txt 2010-12-13 14:24
ComboFix2.txt 2010-12-13 09:36
ComboFix3.txt 2010-09-06 17:51
ComboFix4.txt 2010-06-24 22:29
ComboFix5.txt 2010-12-13 14:09

Pre-Run: 21.417.414.656 byte disponibili
Post-Run: 21.398.523.904 byte disponibili

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 4C8875F4B428E5B8A1CB88DDBADF7CCA

r16

Inviato: Monday, December 13, 2010 6:57:02 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,017

himaco ha scritto:

Ciao.
Con Hijackthis, di Rootkit non se ne vedono proprio Sick

Sick

Già.

Think

Anche qualcun'altro.... Whistle

Whistle

E se si elimina, senza sapere "cosa" si elimina, si diventa più pericolosi, di un esercito di Rootkit.
Per non parlare del resto..... Sick

Sick

@fmancini :
Esegui questo script con Combofix:

Apri un file di testo con il Block Note sul Desktop.
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:

KillAll::
FCopy::
c: \ Windows \ ServicePackFiles \ i386 \ sfcfiles.dll | C: \ Windows \ System32 \ sfcfiles.dll
File::
c:\windows\winstart.bat
Renv::
c:\programmi\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\programmi\Logitech\Desktop Messenger\8876480\Program\backweb-8876480 .exe
c:\programmi\SUPERAntiSpyware\superantispyware .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\hphmon05 .exe
c:\windows\system32\nerocheck .exe
c:\windows\system32\spool\drivers\w32x86\3\hpztsb09 .exe
Folder::
c:\documents and settings\All Users\Uniblue
c:\programmi\softendo.com
c:\windows\Tasks
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"=-
[-HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"=-
[-HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{48405D3D-2674-4CD8-B1EF-9A719443BD3F}"=-
[-HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
Driver::
Lbd

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix

himaco

Inviato: Monday, December 13, 2010 8:03:09 PM

Rank: AiutAmico

Iscritto dal : 12/7/2010
Posts: 269

Aspettavo proprio te, r1, per lo script Renv::; sai, non tutte le ciambelle nascono col buco, e non tutti sono bravi come te.

fmancini

Inviato: Tuesday, December 14, 2010 12:36:34 AM

Rank: AiutAmico

Iscritto dal : 12/16/2006
Posts: 105

ComboFix 10-12-13.02 - Franco 14/12/2010 0.14.56.10.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.959.453 [GMT 1:00]
Eseguito da: c:\documents and settings\Franco\Desktop\Antivirus.Spyw.Pulizia.Defr\ComboFix.exe
Opzioni usate :: c:\documents and settings\Franco\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {0013F2B4-5CE9-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD0EC-FFA4-00EB-0D24-347CA8A3377C}
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\winstart.bat"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Uniblue
c:\programmi\softendo.com
c:\windows\winstart.bat

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LBD
-------\Service_Lbd

((((((((((((((((((((((((( Files Creati Da 2010-11-13 al 2010-12-13 )))))))))))))))))))))))))))))))))))
.

2010-12-12 23:05 . 2010-12-12 23:05 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-11 21:16 . 2010-12-13 14:05 -------- d-----w- c:\programmi\UnHackMe
2010-12-11 20:37 . 2010-12-11 20:37 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\ServiceTest
2010-12-11 18:43 . 2010-12-11 19:00 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Adobe
2010-12-11 11:11 . 2010-12-11 11:12 -------- d-----w- c:\programmi\Support Tools
2010-12-11 11:10 . 2010-12-11 11:10 -------- d-----w- c:\programmi\Application Compatibility Toolkit
2010-12-01 10:58 . 2010-12-01 10:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Driver Whiz
2010-11-30 14:56 . 2007-04-04 17:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-11-30 14:54 . 2010-12-04 22:14 -------- d-----w- c:\windows\Logs
2010-11-27 10:15 . 2010-11-27 10:15 -------- d-----w- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Deployment
2010-11-22 15:37 . 2010-11-22 15:37 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2010-11-21 19:33 . 2010-11-21 19:33 -------- d-----w- c:\programmi\File comuni\SWF Studio
2010-11-17 13:50 . 2010-11-17 13:50 -------- d-----w- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\PackageAware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 19:50 . 2010-06-04 08:11 43672 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2010-11-29 16:42 . 2008-10-19 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 16:42 . 2008-10-19 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-02 16:02 . 2010-02-27 18:39 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-02 16:02 . 2010-02-27 18:39 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-02 16:02 . 2010-02-22 17:02 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-18 10:23 . 2004-08-19 13:39 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-19 13:39 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-31 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-31 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
.

------- Sigcheck -------

[7] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
[7] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
[7] 2004-08-19 . 0F9AAB130D89786A59F8F93A9E23C658 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

c:\windows\System32\sfcfiles.dll ... è mancante !!
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
"RestoreDesktop"="c:\programmi\Restore Desktop\RestoreDesktop.exe" [2003-03-11 45056]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]
"SmartRAM"="c:\programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-01-22 200280]
"LDM"="c:\programmi\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-10-07 16384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Logitech Utility"="LOGI_MWX.EXE" [2003-11-07 19968]
"SmartDefrag"="c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2010-07-09 2712920]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPopUpsOnBoot"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25736:TCP"= 25736:TCP:eMule_TCP
"25745:UDP"= 25745:UDP:eMule_UDP
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows
"4662:TCP"= 4662:TCP:127.0.0.1
"4672:UDP"= 4672:UDP:127.0.0.1

R0 RVSystem;RVSystem;c:\windows\system32\drivers\rvsystem.sys [18/04/2010 20.47.10 45648]
R1 rvsmon;rvsmon;c:\windows\system32\drivers\rvsmon.sys [18/04/2010 20.47.20 264128]
R1 rvsmonn;rvsmonn;c:\windows\system32\drivers\rvsmonn1.sys [18/04/2010 20.47.23 28640]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programmi\Avira\AntiVir Desktop\avmailc.exe [27/02/2010 19.39.41 339624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [27/02/2010 19.39.45 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [27/02/2010 19.39.43 403624]
R2 rvsmonf;rvsmonf;c:\windows\system32\drivers\rvsmonf.sys [18/04/2010 20.47.22 1035080]
R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [21/01/2010 10.42.06 13568]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/05/2010 13.17.20 11520]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys --> c:\windows\system32\DRIVERS\StarPortLite.sys [?]
S2 gupdate1c98a061b8f7796;Google Update Service (gupdate1c98a061b8f7796);c:\programmi\Google\Update\GoogleUpdate.exe [08/02/2009 16.58.37 133104]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [13/07/2008 10.51.57 8192]
S2 WDDMService;WD SmartWare Drive Manager;"c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe" --> c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [?]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;"c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe" --> c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [?]
S2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 17.19.58 13592]
S3 MA8630C;MA8630C;c:\windows\system32\drivers\MA8630C.sys [07/10/2008 21.38.45 23248]
S3 MA8630M;MA8630M;c:\windows\system32\drivers\MA8630M.sys [07/10/2008 21.38.46 25428]
S3 MA8630U;MA8630U;c:\windows\system32\drivers\MA8630U.sys [07/10/2008 21.38.47 51154]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [19/08/2004 14.39.46 14336]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [19/08/2004 14.39.46 14336]
S4 ASKService;ASKService;c:\programmi\AskBarDis\bar\bin\AskService.exe [11/06/2009 14.17.58 464264]
S4 ASKUpgrade;ASKUpgrade;c:\programmi\AskBarDis\bar\bin\ASKUpgrade.exe [11/06/2009 14.18.09 234888]
S4 RVSMONBL;Returnil Virtual System Core Service;c:\windows\system32\Returnil\RVS3\rvsmon.exe [06/04/2010 16.13.18 1254800]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/03/2008 10.11.27 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-12-08 c:\windows\Tasks\CanoScan Toolbox 5.job
- c:\progra~1\Canon\CANOSC~1.0\CSTBox.exe [2009-10-16 16:54]

2010-12-13 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2010-02-07 08:01]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-08 15:58]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-08 15:58]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1637723038-725345543-1003Core.job
- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-11-27 10:15]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1637723038-725345543-1003UA.job
- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-11-27 10:15]

2010-12-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2010-12-13 c:\windows\Tasks\Pulitura disco.job
- c:\windows\system32\cleanmgr.exe [2004-08-19 02:14]

2010-12-13 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-11-26 17:08]

2010-12-13 c:\windows\Tasks\User_Feed_Synchronization-{20C35481-1888-41F0-BC08-CF817514C6BB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

2010-12-13 c:\windows\Tasks\WebReg 20091021182202.job
- c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe [2002-10-16 13:39]

2010-11-25 c:\windows\Tasks\Windows Update.job
- c:\windows\system32\wupdmgr.exe [2001-08-31 12:00]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/ig?source=gama&hl=it
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.foozir.com/
mSearch Bar = hxxp://www.google.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-nwiz - nwiz.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-14 00:26
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(756)
c:\programmi\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(1864)
c:\windows\system32\WININET.dll
c:\programmi\RocketDock\RocketDock.dll
c:\programmi\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Common Files\Motive\McciCMService.exe
c:\programmi\Avira\AntiVir Desktop\avshadow.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Photodex\ProShowGold\ScsiAccess.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\fxssvc.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\LOGI_MWX.EXE
c:\docume~1\Franco\IMPOST~1\Temp\bwgo000291b7.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-12-14 00:32:23 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-12-13 23:32
ComboFix2.txt 2010-12-13 14:24
ComboFix3.txt 2010-12-13 09:36
ComboFix4.txt 2010-09-06 17:51
ComboFix5.txt 2010-12-13 23:07

Pre-Run: 20.938.592.256 byte disponibili
Post-Run: 21.238.046.720 byte disponibili

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 2F02EF922D8865587E0B8B8AACC91304
ecco...buonanotte..a domani!

r16

Inviato: Tuesday, December 14, 2010 6:45:20 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,017

Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:

KillAll::
File::
c:\docume~1\Franco\IMPOST~1\Temp\bwgo000291b7.exe

Folder::
c:\programmi\UnHackMe

FCopy::
c:\windows\ERDNT\cache\sfcfiles.dll|c:\windows\System32\sfcfiles.dll

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix

fmancini

Inviato: Tuesday, December 14, 2010 11:44:25 PM

Rank: AiutAmico

Iscritto dal : 12/16/2006
Posts: 105

nuovo log di combofix:io eseguo in piena fiducia le istruzioni,però potresti dirmi lo scopo e il metodo che sto seguendo?grazie tante amico!
ComboFix 10-12-14.01 - Franco 14/12/2010 22.21.54.11.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.959.444 [GMT 1:00]
Eseguito da: c:\documents and settings\Franco\Desktop\Antivirus.Spyw.Pulizia.Defr\ComboFix.exe
Opzioni usate :: c:\documents and settings\Franco\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {0013F2B4-5CE9-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD0EC-FFA4-00EB-0D24-347CA8A3377C}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\docume~1\Franco\IMPOST~1\Temp\bwgo000291b7.exe"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Franco\IMPOST~1\Temp\bwgo000291b7.exe
c:\programmi\UnHackMe
c:\programmi\UnHackMe\appdata.exe
c:\programmi\UnHackMe\appdata.ini
c:\programmi\UnHackMe\database.rdb
c:\programmi\UnHackMe\insdata.exe
c:\programmi\UnHackMe\readmea.txt
c:\programmi\UnHackMe\reanimator.ini
c:\programmi\UnHackMe\unhackme.ini
c:\programmi\UnHackMe\unhackme.log

.
--------------- FCopy ---------------

c:\windows\ERDNT\cache\sfcfiles.dll --> c:\windows\System32\sfcfiles.dll
.
((((((((((((((((((((((((( Files Creati Da 2010-11-14 al 2010-12-14 )))))))))))))))))))))))))))))))))))
.

2010-12-14 21:29 . 2010-12-14 21:29 -------- d-----w- c:\programmi\microsoft frontpage
2010-12-14 21:21 . 2008-04-14 02:13 1571840 ----a-w- c:\windows\system32\sfcfiles.dll
2010-12-12 23:05 . 2010-12-12 23:05 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-11 20:37 . 2010-12-11 20:37 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\ServiceTest
2010-12-11 18:43 . 2010-12-11 19:00 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Adobe
2010-12-11 11:11 . 2010-12-11 11:12 -------- d-----w- c:\programmi\Support Tools
2010-12-11 11:10 . 2010-12-11 11:10 -------- d-----w- c:\programmi\Application Compatibility Toolkit
2010-12-01 10:58 . 2010-12-01 10:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Driver Whiz
2010-11-30 14:56 . 2007-04-04 17:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-11-30 14:54 . 2010-12-04 22:14 -------- d-----w- c:\windows\Logs
2010-11-27 10:15 . 2010-11-27 10:15 -------- d-----w- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Deployment
2010-11-22 15:37 . 2010-11-22 15:37 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2010-11-21 19:33 . 2010-11-21 19:33 -------- d-----w- c:\programmi\File comuni\SWF Studio
2010-11-17 13:50 . 2010-11-17 13:50 -------- d-----w- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\PackageAware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 19:50 . 2010-06-04 08:11 43672 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2010-11-29 16:42 . 2008-10-19 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 16:42 . 2008-10-19 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-02 16:02 . 2010-02-27 18:39 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-02 16:02 . 2010-02-27 18:39 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-02 16:02 . 2010-02-22 17:02 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-18 10:23 . 2004-08-19 13:39 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-19 13:39 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-31 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-31 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
"RestoreDesktop"="c:\programmi\Restore Desktop\RestoreDesktop.exe" [2003-03-11 45056]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]
"SmartRAM"="c:\programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-01-22 200280]
"LDM"="c:\programmi\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-10-07 16384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Logitech Utility"="LOGI_MWX.EXE" [2003-11-07 19968]
"SmartDefrag"="c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2010-07-09 2712920]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPopUpsOnBoot"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25736:TCP"= 25736:TCP:eMule_TCP
"25745:UDP"= 25745:UDP:eMule_UDP
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows
"4662:TCP"= 4662:TCP:127.0.0.1
"4672:UDP"= 4672:UDP:127.0.0.1

R0 RVSystem;RVSystem;c:\windows\system32\drivers\rvsystem.sys [18/04/2010 20.47.10 45648]
R1 rvsmon;rvsmon;c:\windows\system32\drivers\rvsmon.sys [18/04/2010 20.47.20 264128]
R1 rvsmonn;rvsmonn;c:\windows\system32\drivers\rvsmonn1.sys [18/04/2010 20.47.23 28640]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programmi\Avira\AntiVir Desktop\avmailc.exe [27/02/2010 19.39.41 339624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [27/02/2010 19.39.45 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [27/02/2010 19.39.43 403624]
R2 rvsmonf;rvsmonf;c:\windows\system32\drivers\rvsmonf.sys [18/04/2010 20.47.22 1035080]
R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [21/01/2010 10.42.06 13568]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/05/2010 13.17.20 11520]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys --> c:\windows\system32\DRIVERS\StarPortLite.sys [?]
S2 gupdate1c98a061b8f7796;Google Update Service (gupdate1c98a061b8f7796);c:\programmi\Google\Update\GoogleUpdate.exe [08/02/2009 16.58.37 133104]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [13/07/2008 10.51.57 8192]
S2 WDDMService;WD SmartWare Drive Manager;"c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe" --> c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [?]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;"c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe" --> c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [?]
S2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 17.19.58 13592]
S3 MA8630C;MA8630C;c:\windows\system32\drivers\MA8630C.sys [07/10/2008 21.38.45 23248]
S3 MA8630M;MA8630M;c:\windows\system32\drivers\MA8630M.sys [07/10/2008 21.38.46 25428]
S3 MA8630U;MA8630U;c:\windows\system32\drivers\MA8630U.sys [07/10/2008 21.38.47 51154]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [19/08/2004 14.39.46 14336]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [19/08/2004 14.39.46 14336]
S4 ASKService;ASKService;c:\programmi\AskBarDis\bar\bin\AskService.exe [11/06/2009 14.17.58 464264]
S4 ASKUpgrade;ASKUpgrade;c:\programmi\AskBarDis\bar\bin\ASKUpgrade.exe [11/06/2009 14.18.09 234888]
S4 RVSMONBL;Returnil Virtual System Core Service;c:\windows\system32\Returnil\RVS3\rvsmon.exe [06/04/2010 16.13.18 1254800]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/03/2008 10.11.27 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-12-08 c:\windows\Tasks\CanoScan Toolbox 5.job
- c:\progra~1\Canon\CANOSC~1.0\CSTBox.exe [2009-10-16 16:54]

2010-12-14 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2010-02-07 08:01]

2010-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-08 15:58]

2010-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-08 15:58]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1637723038-725345543-1003Core.job
- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-11-27 10:15]

2010-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1637723038-725345543-1003UA.job
- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-11-27 10:15]

2010-12-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2010-12-14 c:\windows\Tasks\Pulitura disco.job
- c:\windows\system32\cleanmgr.exe [2004-08-19 02:14]

2010-12-14 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-11-26 17:08]

2010-12-14 c:\windows\Tasks\User_Feed_Synchronization-{20C35481-1888-41F0-BC08-CF817514C6BB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

2010-12-14 c:\windows\Tasks\WebReg 20091021182202.job
- c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe [2002-10-16 13:39]

2010-11-25 c:\windows\Tasks\Windows Update.job
- c:\windows\system32\wupdmgr.exe [2001-08-31 12:00]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/ig?source=gama&hl=it
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.foozir.com/
mSearch Bar = hxxp://www.google.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-14 22:56
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(756)
c:\programmi\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(3708)
c:\windows\system32\WININET.dll
c:\programmi\RocketDock\RocketDock.dll
c:\programmi\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Common Files\Motive\McciCMService.exe
c:\programmi\Avira\AntiVir Desktop\avshadow.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Photodex\ProShowGold\ScsiAccess.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\fxssvc.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\LOGI_MWX.EXE
c:\docume~1\Franco\IMPOST~1\Temp\bwgo0019d334.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-12-14 23:01:26 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-12-14 22:01
ComboFix2.txt 2010-12-13 23:32
ComboFix3.txt 2010-12-13 14:24
ComboFix4.txt 2010-12-13 09:36
ComboFix5.txt 2010-12-14 21:10

Pre-Run: 20.872.884.224 byte disponibili
Post-Run: 21.283.979.264 byte disponibili

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 1453CA4491F99B13A30B27BEFFFC290A

r16

Inviato: Thursday, December 16, 2010 5:58:50 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,017

Riscontri problemi?

fmancini

Inviato: Friday, December 17, 2010 10:26:49 PM

Rank: AiutAmico

Iscritto dal : 12/16/2006
Posts: 105

Purtroppo ho risolto solo il problema del Windows Seach scaricandolo da Windows Internet.Restan i problemi di:

1)ho fatto scomparire le icone dei giochi Solitario e Spider non so come,ma al loro posto ci sono 2 collegamenti(icona quadrata con 2 righe da 3 quadratini colorati) che cliccando mi rimanda al desktop dove c'è l'icona giochi!Dalla guida in linea però alla voce giochi posso però aprirli.Come ritorno ai collegamenti precedenti?
2)Pannello di controllo:Installazione applicazioni-Installazione componenti di Windows-clicco e appare un messaggio"Impossibile aprire il file di informazioni iis.inf.Rivolgersi all'amministratore del sistema.Codice errore specifico0x2 alla riga 0.
allego nuovamente i nuovi log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23.45.07, on 16/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Common Files\Motive\McciCMService.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\fxssvc.exe
C:\windows\Explorer.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programmi\Avira\AntiVir Desktop\avmailc.exe
C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\windows\system32\RUNDLL32.EXE
C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\windows\LOGI_MWX.EXE
C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\Restore Desktop\RestoreDesktop.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
C:\Programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\windows\system32\ctfmon.exe
C:\DOCUME~1\Franco\IMPOST~1\Temp\bwgo0001bfe0.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Glary Utilities\memdefrag.exe
C:\Documents and Settings\Franco\Desktop\Antivirus.Spyw.Pulizia.Defr\RootkitRevealer.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foozir.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [RestoreDesktop] C:\Programmi\Restore Desktop\RestoreDesktop.exe
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate1c98a061b8f7796) (gupdate1c98a061b8f7796) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Programmi\Common Files\Motive\McciCMService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - Western Digital Technologies - (no file)
O23 - Service: ZPDCWNI - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Franco\IMPOST~1\Temp\ZPDCWNI.exe

--
End of file - 8216 bytes

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Versione database: 5304

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16/12/2010 23.37.11
mbam-log-2010-12-16 (23-37-11).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 237157
Tempo trascorso: 1 ore, 5 minuti, 18 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)

fmancini

Inviato: Friday, December 17, 2010 11:00:06 PM

Rank: AiutAmico

Iscritto dal : 12/16/2006
Posts: 105

aggiungo il log di Combofix

ComboFix 10-12-16.05 - Franco 17/12/2010 22.46.12.12.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.959.507 [GMT 1:00]
Eseguito da: c:\documents and settings\Franco\Desktop\Antivirus.Spyw.Pulizia.Defr\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
AV: AntiVir Desktop *Disabled/Updated* {0013F2B4-5CE9-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD0EC-FFA4-00EB-0D24-347CA8A3377C}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-11-17 al 2010-12-17 )))))))))))))))))))))))))))))))))))
.

2010-12-17 07:48 . 2010-12-17 07:48 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2010-12-16 21:54 . 2010-12-16 21:54 -------- d-----w- c:\programmi\File comuni\SWF Studio
2010-12-15 16:53 . 2010-12-15 16:54 -------- d-----w- c:\documents and settings\Franco\Dati applicazioni\vlc
2010-12-14 21:29 . 2010-12-14 21:29 -------- d-----w- c:\programmi\microsoft frontpage
2010-12-14 21:21 . 2008-04-14 02:13 1571840 ----a-w- c:\windows\system32\sfcfiles.dll
2010-12-12 23:05 . 2010-12-12 23:05 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-11 20:37 . 2010-12-11 20:37 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\ServiceTest
2010-12-11 18:43 . 2010-12-11 19:00 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Adobe
2010-12-11 11:11 . 2010-12-11 11:12 -------- d-----w- c:\programmi\Support Tools
2010-12-11 11:10 . 2010-12-11 11:10 -------- d-----w- c:\programmi\Application Compatibility Toolkit
2010-12-01 10:58 . 2010-12-01 10:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Driver Whiz
2010-11-30 14:56 . 2007-04-04 17:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-11-30 14:54 . 2010-12-04 22:14 -------- d-----w- c:\windows\Logs
2010-11-27 10:15 . 2010-11-27 10:15 -------- d-----w- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Deployment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 19:50 . 2010-06-04 08:11 43672 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2010-11-29 16:42 . 2008-10-19 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 16:42 . 2008-10-19 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2007-05-18 09:15 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:21 . 2004-08-19 13:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:21 . 2004-08-19 13:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2004-08-19 13:39 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:26 . 2004-08-19 13:26 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 16:02 . 2010-02-27 18:39 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-02 16:02 . 2010-02-27 18:39 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-02 16:02 . 2010-02-22 17:02 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-02 15:17 . 2001-08-31 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-19 13:37 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 14:05 . 2004-08-19 13:31 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
"RestoreDesktop"="c:\programmi\Restore Desktop\RestoreDesktop.exe" [2003-03-11 45056]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Windows Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPopUpsOnBoot"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25736:TCP"= 25736:TCP:eMule_TCP
"25745:UDP"= 25745:UDP:eMule_UDP
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows
"4662:TCP"= 4662:TCP:127.0.0.1
"4672:UDP"= 4672:UDP:127.0.0.1

R0 RVSystem;RVSystem;c:\windows\system32\drivers\rvsystem.sys [18/04/2010 20.47.10 45648]
R1 rvsmon;rvsmon;c:\windows\system32\drivers\rvsmon.sys [18/04/2010 20.47.20 264128]
R1 rvsmonn;rvsmonn;c:\windows\system32\drivers\rvsmonn1.sys [18/04/2010 20.47.23 28640]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programmi\Avira\AntiVir Desktop\avmailc.exe [27/02/2010 19.39.41 339624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [27/02/2010 19.39.45 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [27/02/2010 19.39.43 403624]
R2 rvsmonf;rvsmonf;c:\windows\system32\drivers\rvsmonf.sys [18/04/2010 20.47.22 1035080]
R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [21/01/2010 10.42.06 13568]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/05/2010 13.17.20 11520]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys --> c:\windows\system32\DRIVERS\StarPortLite.sys [?]
S2 gupdate1c98a061b8f7796;Google Update Service (gupdate1c98a061b8f7796);c:\programmi\Google\Update\GoogleUpdate.exe [08/02/2009 16.58.37 133104]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [13/07/2008 10.51.57 8192]
S2 WDDMService;WD SmartWare Drive Manager; [x]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service; [x]
S2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 17.19.58 13592]
S3 MA8630C;MA8630C;c:\windows\system32\drivers\MA8630C.sys [07/10/2008 21.38.45 23248]
S3 MA8630M;MA8630M;c:\windows\system32\drivers\MA8630M.sys [07/10/2008 21.38.46 25428]
S3 MA8630U;MA8630U;c:\windows\system32\drivers\MA8630U.sys [07/10/2008 21.38.47 51154]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [19/08/2004 14.39.46 14336]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [19/08/2004 14.39.46 14336]
S3 ZPDCWNI;ZPDCWNI;c:\docume~1\Franco\IMPOST~1\Temp\ZPDCWNI.exe --> c:\docume~1\Franco\IMPOST~1\Temp\ZPDCWNI.exe [?]
S4 ASKService;ASKService;c:\programmi\AskBarDis\bar\bin\AskService.exe [11/06/2009 14.17.58 464264]
S4 ASKUpgrade;ASKUpgrade;c:\programmi\AskBarDis\bar\bin\ASKUpgrade.exe [11/06/2009 14.18.09 234888]
S4 RVSMONBL;Returnil Virtual System Core Service;c:\windows\system32\Returnil\RVS3\rvsmon.exe [06/04/2010 16.13.18 1254800]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/03/2008 10.11.27 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-12-15 c:\windows\Tasks\CanoScan Toolbox 5.job
- c:\progra~1\Canon\CANOSC~1.0\CSTBox.exe [2009-10-16 16:54]

2010-12-17 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2010-02-07 08:01]

2010-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-08 15:58]

2010-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-08 15:58]

2010-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1637723038-725345543-1003Core.job
- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-11-27 10:15]

2010-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1637723038-725345543-1003UA.job
- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-11-27 10:15]

2010-12-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2010-12-17 c:\windows\Tasks\Pulitura disco.job
- c:\windows\system32\cleanmgr.exe [2004-08-19 02:14]

2010-12-15 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-11-26 17:08]

2010-12-17 c:\windows\Tasks\User_Feed_Synchronization-{20C35481-1888-41F0-BC08-CF817514C6BB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

2010-12-17 c:\windows\Tasks\WebReg 20091021182202.job
- c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe [2002-10-16 13:39]

2010-12-16 c:\windows\Tasks\Windows Update.job
- c:\windows\system32\wupdmgr.exe [2001-08-31 12:00]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/ig?source=gama&hl=it
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.foozir.com/
mSearch Bar = hxxp://www.google.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-17 22:51
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(756)
c:\programmi\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(1688)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-12-17 22:54:21
ComboFix-quarantined-files.txt 2010-12-17 21:54
ComboFix2.txt 2010-12-13 23:32
ComboFix3.txt 2010-12-13 14:24
ComboFix4.txt 2010-12-13 09:36
ComboFix5.txt 2010-12-14 21:10

Pre-Run: 20.428.230.656 byte disponibili
Post-Run: 20.438.900.736 byte disponibili

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 64E57CC210A90DDEDA87B4E792644AAE

grazie ancora...non riesco ad allegare il log di Avira....lo copio ma non è attiva la voe Incolla!!!!

r16

Inviato: Saturday, December 18, 2010 4:20:27 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,017

Ciao.
I problemi che riscontri non sono imputabili ad un virus.
I vari log, adesso sono puliti.
A meno che, i virus che sono stati tolti, non abbiano nel frattempo danneggiato qualche file di sistema.
In questo caso, ti consiglio di salvare i tuoi dati più importanti, e fare una formattazione.

Utenti presenti in questo topic

2 pages: [1] 2

Aiutamici Forum » Computer & Internet » Problemi Informatici » diversi problemini

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS :

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded