Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Le applicazioni mi danno errore ogni volta che le chiudo! Opzioni
bigadr
Inviato: Saturday, January 22, 2011 2:14:06 PM
Rank: Member

Iscritto dal : 1/22/2011
Posts: 21
Salve a tutti, da qualche giorno ho dei problemi col pc; le applicazioni( che sia firefox, vlc, blocco note, winrar, eccetera ), ogni volta che le chiudo, mi danno errore( mi appare la classica finestrella "si e' verificato un errore...l'applicazione verra' chiusa" ). Ho fatto la scansione con avg, utilizzato cleaner, ewido e spybot ma non mi hanno risolto il problema( hanno individuato qualcosa che ho corretto, niente piu' ). Ho scaricato anche Hijack, e riporto qui il testo che mi e' comparso dopo la scansione:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14.03.50, on 22/01/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Programmi\PDF Complete\pdfsty.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
E:\WINDOWS\system32\RUNDLL32.EXE
F:\Programmi scaricati\unlocker1.8.1\Unlocker\UnlockerAssistant.exe
E:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
F:\Programmi scaricati\MsgPlus.exe
E:\Programmi\Application Updater\ApplicationUpdater.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\Programmi scaricati\iTunesHelper.exe
E:\Programmi\Cyberlink\Shared files\brs.exe
E:\Programmi\Bonjour\mDNSResponder.exe
E:\Programmi\File comuni\Spigot\Search Settings\SearchSettings.exe
F:\Programmi scaricati\security suite\ewidoctrl.exe
E:\Programmi\DivX\DivX Update\DivXUpdate.exe
E:\Programmi\DivX\DivX Plus Web Player\DDmService.exe
E:\Programmi\File comuni\Java\Java Update\jusched.exe
E:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
E:\Programmi\Java\jre6\bin\jqs.exe
F:\Programmi scaricati\DAEMON Tools Lite\DTLite.exe
E:\Programmi\PDF Complete\pdfsvc.exe
F:\Programmi scaricati\Spybot - Search & Destroy\TeaTimer.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\Programmi\CyberLink\Shared files\RichVideo.exe
E:\PROGRA~1\AVG\AVG8\avgnsx.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\system32\svchost.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\Programmi\AVG\AVG8\avgcsrvx.exe
E:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
E:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
E:\Programmi\iPod\bin\iPodService.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Programmi\Mozilla Firefox\firefox.exe
E:\Programmi\Mozilla Firefox\plugin-container.exe
F:\Programmi scaricati\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - E:\Programmi\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - E:\Programmi\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - E:\Programmi\BS_Player\tbBS_1.dll
R3 - URLSearchHook: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - E:\Programmi\PHPNukeIT\tbPHPN.dll
R3 - URLSearchHook: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - E:\Programmi\Softonic-IT\tbSoft.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - E:\Programmi\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - E:\Programmi\Winamp Toolbar\winamptb.dll
O2 - BHO: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - E:\Programmi\PHPNukeIT\tbPHPN.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - E:\Programmi\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programmi scaricati\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - E:\Programmi\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - E:\Programmi\Softonic-IT\tbSoft.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - E:\Programmi\BS_Player\tbBS_1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - E:\Programmi\Winamp Toolbar\winamptb.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Programmi\MSN Toolbar\01.01.2607.0\it\msntb.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - E:\Programmi\BS_Player\tbBS_1.dll
O3 - Toolbar: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - E:\Programmi\PHPNukeIT\tbPHPN.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Programmi\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - E:\Programmi\Softonic-IT\tbSoft.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Programmi\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - E:\Programmi\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll
O4 - HKLM\..\Run: [PDF Complete] "E:\Programmi\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] E:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] E:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UnlockerAssistant] F:\Programmi scaricati\unlocker1.8.1\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Programmi scaricati\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Programmi scaricati\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDRegion] E:\Programmi\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [SearchSettings] "E:\Programmi\File comuni\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DivXUpdate] "E:\Programmi\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "E:\Programmi\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Programmi scaricati\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Kbnew] E:\Documents and Settings\Adriano\Dati applicazioni\Crtlink\msd3d.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Programmi scaricati\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = E:\Programmi\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: &Winamp Search - E:\Documents and Settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Programmi scaricati\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Programmi scaricati\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - E:\Programmi\Application Updater\ApplicationUpdater.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - E:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - F:\Programmi scaricati\security suite\ewidoctrl.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - E:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - E:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - E:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - E:\Programmi\PDF Complete\pdfsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Programmi\CyberLink\Shared files\RichVideo.exe

--
End of file - 11132 bytes





Sponsor
Inviato: Saturday, January 22, 2011 2:14:06 PM

 
r16
Inviato: Saturday, January 22, 2011 2:18:43 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.

Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Disistalla AVG:
Per disinstallare AVG usa questa utility
AVG Remover (32 bit)
http://download.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe

Installa questo antivirus:
http://www.aiutamici.com/software?ID=10908
Fai una scansione completa.
Posta il log.
bigadr
Inviato: Saturday, January 22, 2011 2:25:08 PM
Rank: Member

Iscritto dal : 1/22/2011
Posts: 21
Innanzitutto grazie.

Allora, prima avevo disattivato il ripristino configurazione di sistema, poi dopo aver visto che non ho risolto niente l'ho rimesso. Adesso faccio come mi hai detto; pero' un chiarimento. La scansione completa, dopo che ho installato quel nuovo antivirus, la faccio in modalita' provvisoria giusto?
r16
Inviato: Saturday, January 22, 2011 2:30:57 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
La scansione completa, dopo che ho installato quel nuovo antivirus, la faccio in modalita' provvisoria giusto?

Sbagliato.
La fai in modalità normale.
Potrebbe essere un pò lunga, perchè hai il pc, con diverse infezioni.
bigadr
Inviato: Saturday, January 22, 2011 2:47:37 PM
Rank: Member

Iscritto dal : 1/22/2011
Posts: 21
Ho tolto avg e scaricato avira, pero' subito dopo l'installazione mi apre delle finestre di errore( quelle di cui parlavo ). Ho provato anche ad estrarre i file da avira, ma ogni applicazione dell'antivirus che tento di aprire, me la chiude immediatamente.

edit:Sono riuscito ad aprire fact ma mi chiede la chiave di attivazione.
r16
Inviato: Saturday, January 22, 2011 2:52:33 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Tagliamo la testa al toro:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Elimina gli eventuali file infetti trovati.
Posta il log.
bigadr
Inviato: Saturday, January 22, 2011 4:08:53 PM
Rank: Member

Iscritto dal : 1/22/2011
Posts: 21
Allora, ho fatto la scansione con MalwareBytes e mi ha trovato un bel po' di file infetti. Li ho eliminati, ho riavviato il pc( anche se al primo riavvio mi si e' bloccato il pc con un'immagine fissa nera )ed ecco il log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Versione database: 5570

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

22/01/2011 15.57.53
mbam-log-2011-01-22 (15-57-53).txt

Tipo di scansione: Scansione completa (C:\|E:\|F:\|)
Elementi esaminati: 204344
Tempo trascorso: 54 minuti, 27 secondi

Processi infetti in memoria: 2
Moduli di memoria infetti: 0
Chiavi di registro infette: 7
Valori di registro infetti: 12
Voci infette nei dati di registro: 0
Cartelle infette: 13
File infetti: 82

Processi infetti in memoria:
e:\programmi\application updater\applicationupdater.exe (PUP.Dealio) -> 1892 -> Unloaded process successfully.
e:\programmi\file comuni\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> 1624 -> Unloaded process successfully.

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Dealio (PUP.Dealio) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\E:\PROGRAMMI\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\E:\PROGRAMMI\FILE COMUNI\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\E:\PROGRAMMI\MOZILLA FIREFOX\EXTENSIONS\DEALIO@MYBROWSERBAR.COM (PUP.Dealio) -> Value: DEALIO@MYBROWSERBAR.COM -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings (PUP.Dealio) -> Value: SearchSettings -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\E:\PROGRAMMI\FILE COMUNI\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE (PUP.Dealio) -> Value: SEARCHSETTINGS.EXE -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\E:\PROGRAMMI\DEALIO TOOLBAR\FF\INSTALL.RDF (PUP.Dealio) -> Value: INSTALL.RDF -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\E:\PROGRAMMI\DEALIO TOOLBAR\FF\CHROME.MANIFEST (PUP.Dealio) -> Value: CHROME.MANIFEST -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\E:\PROGRAMMI\DEALIO TOOLBAR\FF\CHROME\LOCALE\EN-US\WIDGITOOLBARPLUGIN.PROPERTIES (PUP.Dealio) -> Value: WIDGITOOLBARPLUGIN.PROPERTIES -> Quarantined and deleted successfully.

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
e:\programmi\dealio toolbar (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\Res (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\content (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\locale (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\locale\EN-US (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\skin (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\IE (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\IE\4.1 (PUP.Dealio) -> Quarantined and deleted successfully.
e:\documents and settings\Adriano\dati applicazioni\Dealio (PUP.Dealio) -> Quarantined and deleted successfully.
e:\documents and settings\Adriano\dati applicazioni\Dealio\temp (PUP.Dealio) -> Quarantined and deleted successfully.
e:\documents and settings\Adriano\dati applicazioni\Dealio\res (PUP.Dealio) -> Quarantined and deleted successfully.

File infetti:
e:\programmi\application updater\applicationupdater.exe (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\IE\4.1\dealiotoolbarie.dll (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\file comuni\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\widgihelper.exe (PUP.Dealio) -> Quarantined and deleted successfully.
f:\programmi scaricati\msgplus3-setup.exe (Adware.Agent) -> Quarantined and deleted successfully.
f:\programmi scaricati\DIETA\SHLWAPI.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\programmi scaricati\DIETA\POWRPROF.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\programmi\mozilla firefox\extensions\dealio@mybrowserbar.com (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\file comuni\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\Res\icon_settings.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\Res\search-button.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\Res\search-button-hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\Res\search-chevron.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\Res\search-chevron-hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\Res\amazon.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\Res\apple.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\Res\barnes.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\Res\bestbuy.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\Res\dealio_logo.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\Res\dealio_logo_hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\Res\ebay.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\Res\macys.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\Res\newegg.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\Res\overstock.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\Res\search_amazon.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\Res\search_dealio.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\Res\search_ebay.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\Res\search_yahoo.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\Res\target.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\Res\walmart.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\Res\widgets.xml (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\install.rdf (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome.manifest (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\content\chevron.js (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\content\chevron.xul (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\content\login.js (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\content\login.xul (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\content\parser.js (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\content\rsstickerwidget.js (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\content\searchbox.js (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\content\searchbox.xul (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\content\utils.js (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\content\widgichevron.js (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\content\widgicomm.js (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\content\widgihandling.js (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\content\widgilisteners.js (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\content\widgitoolbarplugin.js (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\content\widgitoolbarplugin.xul (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\content\widgiui.js (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\locale\EN-US\searchbox.dtd (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\locale\EN-US\yahoo-search.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\skin\chevron.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\skin\icon_settings.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\skin\search-button.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\skin\search-button-hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\skin\search-chevron.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\skin\search-chevron-hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\skin\searchbox.css (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\skin\splitter.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\skin\widgitoolbarplugin.css (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\skin\amazon.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\skin\apple.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\skin\barnes.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\skin\bestbuy.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\skin\dealio_logo.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\skin\dealio_logo_hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\skin\ebay.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\skin\macys.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\skin\newegg.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\skin\overstock.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\skin\search_amazon.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\skin\search_dealio.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\skin\search_ebay.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\skin\search_yahoo.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\skin\target.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\FF\chrome\skin\walmart.gif (PUP.Dealio) -> Quarantined and deleted successfully.
e:\programmi\dealio toolbar\IE\4.1\config.ini (PUP.Dealio) -> Quarantined and deleted successfully.
e:\documents and settings\Adriano\dati applicazioni\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml (PUP.Dealio) -> Quarantined and deleted successfully.
e:\documents and settings\Adriano\dati applicazioni\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[channel_id]&ccv=[code_ver]&isn=[isn].xml (PUP.Dealio) -> Quarantined and deleted successfully.
e:\documents and settings\Adriano\dati applicazioni\Dealio\res\widgets.xml (PUP.Dealio) -> Quarantined and deleted successfully.
r16
Inviato: Saturday, January 22, 2011 4:57:31 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Bueno.

Disattiva il Tea Timer di SpyBot così:
Apri SpyBot in modalità avanzata (menù modalità - avanzata) poi vai in utilità - resident e togli la spunta a TeaTimer, e riavvia il pc.

Poi:
Serve quest'altra scansione:
Scarica Combofix (usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop. (è obligatorio)

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe
E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.
bigadr
Inviato: Saturday, January 22, 2011 6:19:03 PM
Rank: Member

Iscritto dal : 1/22/2011
Posts: 21
Allora:

Ho disattivato il tea timer di spybot, riavviato il pc.
Scaricato combofix con IE
Salvato sul desktop
L'antivirus( AVG me l'hai gia' fatto togliere prima, quindi era gia' disattivato )e il firewall li ho disattivati.
Poi ho chiuso la connessione
Qui il problema; ho cliccato sull'icona di combofix sul desktop( perche' era quella che intendevi con combofix.exe giusto? Anche perche' non c'era nient'altro; ho provato anche ad estrarre i file, ma di combofix.exe nada ), mi sono apparsi dei messaggi di errore e poi niente. Ho cliccato su "non inviare"( su tutti i vari messaggi di errore, una volta che sono finiti di comparire )e poi mi e' comparsa una finestra di errore di combofix che mi dice che non e' compatibile( anche se io ho XP quindi non capisco ). Non parte nessuna scansione.
r16
Inviato: Saturday, January 22, 2011 6:27:22 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Scarica TFC by OldTimer sul desktop
http://oldtimer.geekstogo.com/TFC.exe
chiudi tutti i programmi
avvia TFC, clicca su "start"
al termine della scansione ti chiederà il riavvio, dai ok.

Elimina Combofix così:
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.

Posta un nuovo log di HijackThis.
bigadr
Inviato: Saturday, January 22, 2011 6:36:35 PM
Rank: Member

Iscritto dal : 1/22/2011
Posts: 21
Ecco qua:




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18.36.14, on 22/01/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\userinit.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Programmi\PDF Complete\pdfsty.exe
E:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
E:\WINDOWS\system32\RUNDLL32.EXE
F:\Programmi scaricati\unlocker1.8.1\Unlocker\UnlockerAssistant.exe
F:\Programmi scaricati\MsgPlus.exe
F:\Programmi scaricati\iTunesHelper.exe
E:\Programmi\Cyberlink\Shared files\brs.exe
E:\Programmi\DivX\DivX Update\DivXUpdate.exe
E:\Programmi\DivX\DivX Plus Web Player\DDmService.exe
E:\Programmi\File comuni\Java\Java Update\jusched.exe
E:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
F:\Programmi scaricati\DAEMON Tools Lite\DTLite.exe
E:\Programmi\OpenOffice.org 3\program\soffice.exe
E:\Programmi\OpenOffice.org 3\program\soffice.bin
E:\WINDOWS\explorer.exe
E:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Programmi\Bonjour\mDNSResponder.exe
F:\Programmi scaricati\security suite\ewidoctrl.exe
E:\Programmi\Google\Update\GoogleUpdate.exe
E:\Programmi\Java\jre6\bin\jqs.exe
E:\Programmi\PDF Complete\pdfsvc.exe
E:\Programmi\CyberLink\Shared files\RichVideo.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
E:\Programmi\iPod\bin\iPodService.exe
E:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
E:\WINDOWS\system32\wscntfy.exe
F:\Programmi scaricati\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - E:\Programmi\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - E:\Programmi\BS_Player\tbBS_1.dll
R3 - URLSearchHook: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - E:\Programmi\PHPNukeIT\tbPHPN.dll
R3 - URLSearchHook: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - E:\Programmi\Softonic-IT\tbSoft.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - E:\Programmi\Winamp Toolbar\winamptb.dll
O2 - BHO: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - E:\Programmi\PHPNukeIT\tbPHPN.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - E:\Programmi\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - E:\Programmi\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - E:\Programmi\Softonic-IT\tbSoft.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - E:\Programmi\BS_Player\tbBS_1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - E:\Programmi\Winamp Toolbar\winamptb.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Programmi\MSN Toolbar\01.01.2607.0\it\msntb.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - E:\Programmi\BS_Player\tbBS_1.dll
O3 - Toolbar: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - E:\Programmi\PHPNukeIT\tbPHPN.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Programmi\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - E:\Programmi\Softonic-IT\tbSoft.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Programmi\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [PDF Complete] "E:\Programmi\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] E:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] E:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UnlockerAssistant] F:\Programmi scaricati\unlocker1.8.1\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Programmi scaricati\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Programmi scaricati\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDRegion] E:\Programmi\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DivXUpdate] "E:\Programmi\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "E:\Programmi\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Programmi scaricati\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Kbnew] E:\Documents and Settings\Adriano\Dati applicazioni\Crtlink\msd3d.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = E:\Programmi\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: &Winamp Search - E:\Documents and Settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - E:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - F:\Programmi scaricati\security suite\ewidoctrl.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - E:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - E:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - E:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - E:\Programmi\PDF Complete\pdfsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Programmi\CyberLink\Shared files\RichVideo.exe

--
End of file - 9740 bytes
r16
Inviato: Saturday, January 22, 2011 6:41:17 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Per forza Combofix, non trova la compatibiltà con IE.
Hai una versione stravecchia. (IE6)

Installa il service pack3 di Windows XP :

http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&DisplayLang=it

Installa Internet Explorer 8

http://www.microsoft.com/downloads/details.aspx?FamilyID=341c2ad5-8c3d-4347-8c03-08cdecd8852b&displaylang=it

Quando hai finito, posta un nuovo log di HijackThis
bigadr
Inviato: Saturday, January 22, 2011 6:45:06 PM
Rank: Member

Iscritto dal : 1/22/2011
Posts: 21
Ok
Ma lo riattivo il firewall( e' che sto senza antivirus vista l'operazione di prima ,non vorrei che mi entrassero altri cavoli mentre cerco di risolvere questo problema )?
Poi un chiarimento:una volta installato il service pack3 e IE8, devo reistallare combofix o semplicemente faccio un nuovo log di HijackThis?
r16
Inviato: Saturday, January 22, 2011 6:49:56 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
bigadr ha scritto:
Ok
Ma lo riattivo il firewall( e' che sto senza antivirus vista l'operazione di prima ,non vorrei che mi entrassero altri cavoli mentre cerco di risolvere questo problema )?
Poi un chiarimento:una volta installato il service pack3 e IE8, devo reistallare combofix o semplicemente faccio un nuovo log di HijackThis?

1)Lascia tutto disattivato. (firewall )
2) Le indicazioni che ti ho dato, sono che posti un nuovo log di HijackThis.
Poi in base al log, seguiranno ulteriori istruzioni.

N.B:
Evita di navigare in internet.
Collegati SOLO in questo forum.


bigadr
Inviato: Saturday, January 22, 2011 8:51:21 PM
Rank: Member

Iscritto dal : 1/22/2011
Posts: 21
Ho installato entrambi( anche se, durante l'installazione di IE8, l'opzione di individuazione malware non e' terminata, perche' sono comparse parecchie finestre d'errore ed ho cliccato su "non inviare"; pero' per il resto l'installazione e' stata completata con successo; se devo rifarla per questo motivo dimmelo ). Ecco il log di HijackThis:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20.46.44, on 22/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Programmi\PDF Complete\pdfsty.exe
E:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
E:\WINDOWS\system32\RUNDLL32.EXE
F:\Programmi scaricati\unlocker1.8.1\Unlocker\UnlockerAssistant.exe
F:\Programmi scaricati\MsgPlus.exe
F:\Programmi scaricati\iTunesHelper.exe
E:\Programmi\Cyberlink\Shared files\brs.exe
E:\Programmi\DivX\DivX Update\DivXUpdate.exe
E:\Programmi\DivX\DivX Plus Web Player\DDmService.exe
E:\Programmi\File comuni\Java\Java Update\jusched.exe
E:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
E:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Programmi\Bonjour\mDNSResponder.exe
F:\Programmi scaricati\security suite\ewidoctrl.exe
F:\Programmi scaricati\DAEMON Tools Lite\DTLite.exe
E:\Programmi\Java\jre6\bin\jqs.exe
E:\Programmi\PDF Complete\pdfsvc.exe
E:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe
E:\Programmi\CyberLink\Shared files\RichVideo.exe
E:\Programmi\OpenOffice.org 3\program\soffice.exe
E:\WINDOWS\system32\svchost.exe
E:\Programmi\OpenOffice.org 3\program\soffice.bin
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\system32\imapi.exe
E:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
E:\Programmi\iPod\bin\iPodService.exe
F:\Programmi scaricati\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - E:\Programmi\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - E:\Programmi\BS_Player\tbBS_1.dll
R3 - URLSearchHook: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - E:\Programmi\PHPNukeIT\tbPHPN.dll
R3 - URLSearchHook: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - E:\Programmi\Softonic-IT\tbSoft.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - E:\Programmi\Winamp Toolbar\winamptb.dll
O2 - BHO: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - E:\Programmi\PHPNukeIT\tbPHPN.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - E:\Programmi\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - E:\Programmi\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - E:\Programmi\Softonic-IT\tbSoft.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - E:\Programmi\BS_Player\tbBS_1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - E:\Programmi\Winamp Toolbar\winamptb.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Programmi\MSN Toolbar\01.01.2607.0\it\msntb.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - E:\Programmi\BS_Player\tbBS_1.dll
O3 - Toolbar: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - E:\Programmi\PHPNukeIT\tbPHPN.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Programmi\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - E:\Programmi\Softonic-IT\tbSoft.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Programmi\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [PDF Complete] "E:\Programmi\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] E:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] E:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UnlockerAssistant] F:\Programmi scaricati\unlocker1.8.1\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Programmi scaricati\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Programmi scaricati\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDRegion] E:\Programmi\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [DivXUpdate] "E:\Programmi\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "E:\Programmi\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Programmi scaricati\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Kbnew] E:\Documents and Settings\Adriano\Dati applicazioni\Crtlink\msd3d.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "E:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = E:\Programmi\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: &Winamp Search - E:\Documents and Settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - E:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - F:\Programmi scaricati\security suite\ewidoctrl.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - E:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - E:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - E:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - E:\Programmi\PDF Complete\pdfsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Programmi\CyberLink\Shared files\RichVideo.exe

--
End of file - 10467 bytes




EDIT:Ora che ci faccio caso sembra che il problema sembra risolto. Chiudo le applicazioni e non mi da alcuna finestra d'errore. Domani sapro' dirti se e' tutto regolare. Per il momento grazie mille!
r16
Inviato: Saturday, January 22, 2011 9:03:26 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su "fix checked":

Commenta:
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - E:\Programmi\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - E:\Programmi\BS_Player\tbBS_1.dll
R3 - URLSearchHook: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - E:\Programmi\PHPNukeIT\tbPHPN.dll
R3 - URLSearchHook: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - E:\Programmi\Softonic-IT\tbSoft.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - E:\Programmi\Winamp Toolbar\winamptb.dll
O2 - BHO: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - E:\Programmi\PHPNukeIT\tbPHPN.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - E:\Programmi\Softonic-IT\tbSoft.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - E:\Programmi\Winamp Toolbar\winamptb.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Programmi\MSN Toolbar\01.01.2607.0\it\msntb.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - E:\Programmi\BS_Player\tbBS_1.dll
O3 - Toolbar: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - E:\Programmi\PHPNukeIT\tbPHPN.d
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Programmi\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - E:\Programmi\Softonic-IT\tbSoft.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Programmi\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [UnlockerAssistant] F:\Programmi scaricati\unlocker1.8.1\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Programmi scaricati\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Programmi scaricati\iTunesHelper.exe"
O4 - HKCU\..\Run: [Kbnew] E:\Documents and Settings\Adriano\Dati applicazioni\Crtlink\msd3d.exe
O8 - Extra context menu item: &Winamp Search - E:\Documents and Settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)


Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Posta un nuovo log di hijackthis.
bigadr
Inviato: Sunday, January 23, 2011 12:46:43 AM
Rank: Member

Iscritto dal : 1/22/2011
Posts: 21
Il pc sembra ok, ma ho fatto ugualmente cio' che mi hai detto:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0.44.40, on 23/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Programmi\Bonjour\mDNSResponder.exe
F:\Programmi scaricati\security suite\ewidoctrl.exe
E:\Programmi\Java\jre6\bin\jqs.exe
E:\Programmi\PDF Complete\pdfsvc.exe
E:\Programmi\CyberLink\Shared files\RichVideo.exe
E:\WINDOWS\system32\svchost.exe
E:\Programmi\PDF Complete\pdfsty.exe
E:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Programmi\Cyberlink\Shared files\brs.exe
E:\Programmi\DivX\DivX Update\DivXUpdate.exe
E:\Programmi\File comuni\Java\Java Update\jusched.exe
E:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
F:\Programmi scaricati\DAEMON Tools Lite\DTLite.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\explorer.exe
E:\Programmi\OpenOffice.org 3\program\soffice.exe
E:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
E:\Programmi\OpenOffice.org 3\program\soffice.bin
E:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
E:\Programmi\iPod\bin\iPodService.exe
F:\Programmi scaricati\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - E:\Programmi\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - E:\Programmi\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - E:\Programmi\BS_Player\tbBS_1.dll
O4 - HKLM\..\Run: [PDF Complete] "E:\Programmi\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] E:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] E:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BDRegion] E:\Programmi\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [DivXUpdate] "E:\Programmi\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "E:\Programmi\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Programmi scaricati\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Kbnew] E:\Documents and Settings\Adriano\Dati applicazioni\Crtlink\msd3d.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = E:\Programmi\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - E:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - F:\Programmi scaricati\security suite\ewidoctrl.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - E:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - E:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - E:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - E:\Programmi\PDF Complete\pdfsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Programmi\CyberLink\Shared files\RichVideo.exe

--
End of file - 7430 bytes
r16
Inviato: Sunday, January 23, 2011 1:27:57 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Elimina anche questa voce:
O4 - HKCU\..\Run: [Kbnew] E:\Documents and Settings\Adriano\Dati applicazioni\Crtlink\msd3d.exe

Cerca ed elimina la cartella in rosso:
E:\Documents and Settings\Adriano\Dati applicazioni\Crtlink\msd3d.exe


Adesso prova a fare una scansione con Combofix.
Segui le stesse indicazioni, del post sopra.
bigadr
Inviato: Sunday, January 23, 2011 2:19:37 PM
Rank: Member

Iscritto dal : 1/22/2011
Posts: 21
Fatta scansione con Combofix. Per "segui le stesse indicazioni, del post sopra" che intendi? Comunque ecco il log della scansione:


ComboFix 11-01-22.03 - Adriano 23/01/2011 14.04.25.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.894.506 [GMT 1:00]
Eseguito da: e:\documents and settings\Adriano\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\documents and settings\Adriano\Dati applicazioni\.#
e:\documents and settings\Adriano\Dati applicazioni\BDL+D
e:\documents and settings\Adriano\Dati applicazioni\BDL+D\DLSite(DIGI)\W-D-00023\____.hld
e:\documents and settings\Adriano\Dati applicazioni\BDL+D\DLSite(DIGI)\W-D-00023\____.sys
e:\documents and settings\Adriano\Dati applicazioni\Local
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\(2).ddr
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\(3).ddr
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\(4).ddr
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\.ddr
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\0.ddi
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\1.ddi
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\2.ddi
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\3.ddi
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\4.ddi
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\settings.ddi
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(10).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(11).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(12).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(13).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(14).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(15).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(16).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(17).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(18).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(19).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(2).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(20).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(21).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(22).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(23).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(24).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(25).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(26).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(27).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(28).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(29).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(3).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(4).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(5).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(6).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(7).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(8).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(9).divx
e:\documents and settings\Adriano\Dati applicazioni\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
e:\documents and settings\Adriano\Impostazioni locali\Dati applicazioni\icwycnq.exe.vir

.
((((((((((((((((((((((((( Files Creati Da 2010-12-23 al 2011-01-23 )))))))))))))))))))))))))))))))))))
.

2011-01-23 13:00 . 2011-01-23 13:00 -------- d-----w- e:\documents and settings\Adriano\Dati applicazioni\Crtlink
2011-01-22 19:48 . 2011-01-22 19:48 -------- d-sh--w- e:\documents and settings\Adriano\IECompatCache
2011-01-22 19:47 . 2011-01-22 19:47 -------- d-sh--w- e:\documents and settings\Adriano\PrivacIE
2011-01-22 19:45 . 2011-01-22 19:45 -------- d-sh--w- e:\documents and settings\Adriano\IETldCache
2011-01-22 19:43 . 2011-01-22 19:43 -------- d-----w- e:\documents and settings\Adriano\Impostazioni locali\Dati applicazioni\PCHealth
2011-01-22 19:42 . 2011-01-22 19:42 -------- d--h--w- e:\windows\ie8
2011-01-22 19:26 . 2010-10-18 11:10 7680 ------w- e:\windows\system32\dllcache\iecompat.dll
2011-01-22 19:25 . 2010-11-06 00:21 602112 ------w- e:\windows\system32\dllcache\msfeeds.dll
2011-01-22 19:25 . 2010-11-06 00:21 55296 ------w- e:\windows\system32\dllcache\msfeedsbs.dll
2011-01-22 19:25 . 2010-11-06 00:21 12800 ------w- e:\windows\system32\dllcache\xpshims.dll
2011-01-22 19:25 . 2010-11-06 00:21 247808 ------w- e:\windows\system32\dllcache\ieproxy.dll
2011-01-22 19:25 . 2010-11-06 00:21 1991680 ------w- e:\windows\system32\dllcache\iertutil.dll
2011-01-22 19:25 . 2010-11-06 00:21 743424 ------w- e:\windows\system32\dllcache\iedvtool.dll
2011-01-22 19:25 . 2010-11-06 00:21 11080704 ------w- e:\windows\system32\dllcache\ieframe.dll
2011-01-22 19:23 . 2011-01-22 19:23 -------- d-----w- E:\1baab6882542c23641ba39eb
2011-01-22 18:58 . 2008-04-13 18:14 294912 ------w- e:\programmi\Windows Media Player\dlimport.exe
2011-01-22 18:57 . 2006-12-28 11:01 19569 ----a-w- e:\windows\002918_.tmp
2011-01-22 13:59 . 2011-01-22 13:59 -------- d-----w- e:\documents and settings\Adriano\Dati applicazioni\Malwarebytes
2011-01-22 13:58 . 2010-12-20 17:09 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2011-01-22 13:58 . 2011-01-22 13:58 -------- d-----w- e:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2011-01-22 13:58 . 2010-12-20 17:08 20952 ----a-w- e:\windows\system32\drivers\mbam.sys
2011-01-22 11:28 . 2011-01-22 11:28 -------- d-----w- e:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2011-01-19 21:49 . 2011-01-19 21:49 388096 ----a-r- e:\documents and settings\Adriano\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-19 15:41 . 2011-01-19 15:41 -------- d-----w- e:\programmi\MSXML 6.0
2011-01-19 14:37 . 2006-06-19 12:01 69632 ----a-w- e:\windows\system32\ztvcabinet.dll
2011-01-19 14:37 . 2006-05-25 14:52 162304 ----a-w- e:\windows\system32\ztvunrar36.dll
2011-01-19 14:37 . 2005-08-26 00:50 77312 ----a-w- e:\windows\system32\ztvunace26.dll
2011-01-19 14:37 . 2003-02-02 19:06 153088 ----a-w- e:\windows\system32\UNRAR3.dll
2011-01-19 14:37 . 2002-03-06 00:00 75264 ----a-w- e:\windows\system32\unacev2.dll
2011-01-19 14:37 . 2011-01-19 14:37 -------- d-----w- e:\documents and settings\All Users\Dati applicazioni\Simply Super Software
2011-01-19 14:37 . 2011-01-19 14:37 -------- d-----w- e:\documents and settings\Adriano\Dati applicazioni\Simply Super Software
2011-01-19 14:12 . 2011-01-19 14:12 -------- d-----w- e:\programmi\File comuni\Java
2011-01-19 14:12 . 2010-11-12 17:53 472808 ----a-w- e:\windows\system32\deployJava1.dll
2011-01-19 14:12 . 2010-11-12 17:53 472808 ----a-w- e:\programmi\Mozilla Firefox\plugins\npdeployJava1.dll
2011-01-18 07:46 . 2011-01-18 07:46 -------- d-----w- e:\programmi\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-19 14:45 . 2010-12-22 12:45 3215 ----a-w- e:\documents and settings\Adriano\Impostazioni locali\Dati applicazioni\icwycnq_navps.dat.vir
2011-01-19 14:45 . 2010-12-22 12:45 3257 ----a-w- e:\documents and settings\Adriano\Impostazioni locali\Dati applicazioni\icwycnq.dat.vir
2011-01-13 11:32 . 2010-12-22 12:45 240584 ----a-w- e:\documents and settings\Adriano\Impostazioni locali\Dati applicazioni\icwycnq_nav.dat.vir
2010-11-25 10:08 . 2010-11-25 10:08 49152 ----a-r- e:\documents and settings\Adriano\Dati applicazioni\Microsoft\Installer\{E51E4E3E-62B9-4A99-868D-B05B2DA3F4BF}\NewShortcut1_E51E4E3E62B94A99868DB05B2DA3F4BF.exe
2010-11-23 12:36 . 2010-11-23 12:36 40960 ----a-r- e:\documents and settings\Adriano\Dati applicazioni\Microsoft\Installer\{E389880B-EE4B-4C63-87D4-6B5086F49315}\NewShortcut1_E389880BEE4B4C6387D46B5086F49315.exe
2010-11-12 15:34 . 2010-02-16 14:25 73728 ----a-w- e:\windows\system32\javacpl.cpl
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- e:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- e:\windows\system32\DivXControlPanelApplet.cpl
2010-11-06 00:21 . 2004-08-30 19:00 916480 ----a-w- e:\windows\system32\wininet.dll
2010-11-06 00:21 . 2004-08-30 19:00 43520 ------w- e:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2004-08-30 19:00 1469440 ------w- e:\windows\system32\inetcpl.cpl
2010-11-03 12:26 . 2004-08-30 19:00 385024 ------w- e:\windows\system32\html.iec
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-03-22 22:43 2349080 ----a-w- e:\programmi\BS_Player\tbBS_1.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "e:\programmi\BS_Player\tbBS_1.dll" [2010-03-22 2349080]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"DAEMON Tools Lite"="f:\programmi scaricati\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Kbnew"="e:\documents and settings\Adriano\Dati applicazioni\Crtlink\msd3d.exe" [2011-01-23 280064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="e:\programmi\PDF Complete\pdfsty.exe" [2007-08-07 331288]
"NeroFilterCheck"="e:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"RemoteControl"="e:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="e:\programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"BDRegion"="e:\programmi\Cyberlink\Shared files\brs.exe" [2010-06-28 75048]
"DivXUpdate"="e:\programmi\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"DivX Download Manager"="e:\programmi\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"SunJavaUpdateSched"="e:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"Kbnew"="e:\documents and settings\Adriano\Dati applicazioni\Crtlink\msd3d.exe" [2011-01-23 280064]

e:\documents and settings\Adriano\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.2.lnk - e:\programmi\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Programmi\\uTorrent\\uTorrent.exe"=
"f:\\Programmi scaricati\\eMule AdunanzA\\eMule_AdnzA.exe"=
"e:\\Programmi\\Messenger\\msmsgs.exe"=
"f:\\Programmi scaricati\\VLC\\vlc.exe"=
"e:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"e:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"e:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Programmi scaricati\\Office12\\OUTLOOK.EXE"=
"e:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"f:\\Programmi scaricati\\iTunes.exe"=
"e:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"f:\\Programmi scaricati\\MediaManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8903:TCP"= 8903:TCP:ckrnarnx

R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [03/10/2010 13.39.23 691696]
R2 pdfcDispatcher;PDF Document Manager;e:\programmi\PDF Complete\pdfsvc.exe [27/10/2009 13.41.25 540184]
S0 ilcfrs;ilcfrs;e:\windows\system32\drivers\iactob.sys --> e:\windows\system32\drivers\iactob.sys [?]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/14 22:59];\??\f:\programmi scaricati\PowerDVD10\NavFilter\000.fcl --> f:\programmi scaricati\PowerDVD10\NavFilter\000.fcl [?]
S2 bufflcvu;Microsoft Image;e:\windows\system32\svchost.exe -k netsvcs [30/08/2004 20.00.00 14336]
S2 gupdate;Servizio di Google Update (gupdate);e:\programmi\Google\Update\GoogleUpdate.exe [07/09/2010 17.32.42 136176]
S3 jgameenp;jgameenp;\??\e:\docume~1\Adriano\IMPOST~1\Temp\jgameenp.sys --> e:\docume~1\Adriano\IMPOST~1\Temp\jgameenp.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
bufflcvu
.
Contenuto della cartella 'Scheduled Tasks'

2011-01-23 e:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- e:\programmi\Ask.com\UpdateTask.exe [2010-02-04 15:50]

2011-01-23 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\programmi\Google\Update\GoogleUpdate.exe [2010-09-07 16:32]

2011-01-23 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\programmi\Google\Update\GoogleUpdate.exe [2010-09-07 16:32]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - e:\documents and settings\Adriano\Dati applicazioni\Mozilla\Firefox\Profiles\tha2l4b1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530241&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.mydtzone.com/|http://www.google.it/
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - e:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - e:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Softonic-IT Toolbar: {e3393495-8103-46a0-8181-270273eddd60} - %profile%\extensions\{e3393495-8103-46a0-8181-270273eddd60}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Java Quick Starter: jqs@sun.com - e:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - e:\programmi\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - e:\programmi\DivX\DivX Plus Web Player\firefox\wpa
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF} - (no file)
WebBrowser-{E3393495-8103-46A0-8181-270273EDDD60} - (no file)
AddRemove-Deus Ex - f:\deusex\System\Setup.exe
AddRemove-Pornostar 3D - f:\video\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-23 14:13
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="e:\programmi\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\f:\programmi scaricati\PowerDVD10\NavFilter\000.fcl"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bufflcvu]
"ServiceDll"="e:\windows\system32\gjtfymok.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-117609710-1935655697-725345543-1003\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\2.5]
"Percents"=""
"Increment"=".000886"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3700)
e:\windows\system32\WININET.dll
e:\windows\system32\webcheck.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
e:\windows\system32\nvsvc32.exe
e:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
e:\programmi\Bonjour\mDNSResponder.exe
f:\programmi scaricati\security suite\ewidoctrl.exe
e:\programmi\Java\jre6\bin\jqs.exe
e:\programmi\CyberLink\Shared files\RichVideo.exe
e:\windows\system32\RUNDLL32.EXE
e:\programmi\File comuni\Ahead\Lib\NMIndexingService.exe
e:\programmi\OpenOffice.org 3\program\soffice.exe
e:\programmi\OpenOffice.org 3\program\soffice.bin
e:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Ora fine scansione: 2011-01-23 14:15:12 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-01-23 13:15

Pre-Run: 18.236.162.048 byte disponibili
Post-Run: 18.202.787.840 byte disponibili

- - End Of File - - 7FB321611638B668F5649DA2298DDB89
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.