Olimpo Informatico

sissiliz · Mortale devoto Registrato: 18/03/08 13:35 Messaggi: 11

Ciao ragazzi, prima di tutto grazie a quanti si mettono a disposizione per aiutare noi poveri 'gnurant!
Allora, da un paio di giorni la mia linea ADSL sembra aver rallentato di parecchio (e questo è il sintomo piu evidente e continuo) ma ho notato anche altri piccoli segnali intermittenti (CPU a volte alta, computer lento anche se ho sempre i soliti programmi aperti , ecc). Ho fatto scansione con AVira e Lavasoft Ad Aware e pulito con CC Cleaner ma il problema persiste.
Potreste aiutarmi a vedere se c'è qualocsa che non va nel mio pc?
Vi ringrazio infinitamente è importante perchè sono una traduttrice e il pc è la mia vita!
Elisabetta

bdoriano · Inviato: 18 Mar 2008 13:53 Oggetto:

Ciao sissiliz, Ciao

Disabilita il ripristino di sistema.
Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
Scarica Norman Malware Cleaner e NOD32 Scanner.
Avvia il pc in modalità provvisoria.
Avvia NOD32 e fagli fare la scansione completa.
Avvia Norman Malware Cleaner e fagli fare la scansione completa.
Viene generato un log sul desktop chiamandolo NFix_2008-03-gg_hh-mm-ss.log, alla fine della scansione caricalo su FreeFileHosting come indicato qui e posta il link che ti viene assegnato.
Segui le istruzioni di questo topic per postare il log di combofix.
Segui le istruzioni di questo topic per postare il log di hijackthis.

PS: se vuoi, puoi presentarti qui

sissiliz · Mortale devoto Registrato: 18/03/08 13:35 Messaggi: 11

Grazie mille!
inizio il processo. Posterò quanto prima, probabilmente nel primo pomeriggio. Poi andrò anche a presentarmi!

Smile

Eli

sissiliz · Mortale devoto Registrato: 18/03/08 13:35 Messaggi: 11

Eccomi qui..
allora spero di fare tutto giusto. Ho seguito le vostre istruzioni. Pulito con CC Cleaner, fatto la scansione con NOD, tutto a posto.
Ecco il link al log di Norman
NFix_2008-03-18_18-38-23.log

Ecco il log di Combofix
ComboFix 08-03-17.1 - elisabetta 2008-03-18 20.03.10.1 - NTFSx86
Eseguito da: C:\Documents and Settings\elisabetta\Desktop\Software\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Documents and Settings\elisabetta\g2mdlhlpx.exe
C:\WINDOWS\autorun.inf
C:\WINDOWS\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Creati Da 2008-02-18 al 2008-03-18 )))))))))))))))))))))))))))))))))))
.

2008-03-18 19:57 . 2008-03-18 20:00 <DIR> d----c--- C:\hjt
2008-03-17 11:26 . 2008-03-17 11:26 <DIR> d----c--- C:\Programmi\Realtek AC97
2008-03-17 11:26 . 2006-07-31 11:19 315,392 --a--c--- C:\WINDOWS\alcupd.exe
2008-03-17 11:26 . 2006-07-31 11:27 217,088 --a--c--- C:\WINDOWS\Alcrmv.exe
2008-03-13 12:25 . 2007-07-30 19:19 271,224 --a--c--- C:\WINDOWS\system32\mucltui.dll
2008-03-13 12:25 . 2007-07-30 19:19 207,736 --a--c--- C:\WINDOWS\system32\muweb.dll
2008-03-13 12:25 . 2007-07-30 19:18 30,072 --a--c--- C:\WINDOWS\system32\mucltui.dll.mui
2008-03-13 00:50 . 2008-03-13 00:50 <DIR> d----c--- C:\Programmi\Microsoft CAPICOM 2.1.0.2
2008-03-12 09:57 . 2006-11-29 13:06 3,426,072 --a--c--- C:\WINDOWS\system32\d3dx9_32.dll
2008-03-12 09:49 . 2008-03-12 09:49 <DIR> d----c--- C:\Programmi\Microsoft SQL Server Compact Edition
2008-03-12 09:32 . 2008-03-12 09:40 <DIR> d----c--- C:\Documents and Settings\elisabetta\Dati applicazioni\Windows Live Writer
2008-03-12 09:16 . 2008-03-15 20:14 <DIR> d----c--- C:\Programmi\Windows Live
2008-03-12 09:16 . 2008-03-12 09:30 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-03-12 09:16 . 2008-03-12 09:16 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-03-02 22:54 . 2003-04-08 13:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-03-02 22:53 . 2003-04-08 13:00 180,770 --a--c--- C:\WINDOWS\system32\dllcache\c_20932.nls
2008-02-19 23:45 . 2007-03-06 16:30 140 -rahsc--- C:\WINDOWS\system\Autorun.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 16:08 --------- dc----w C:\Documents and Settings\elisabetta\Dati applicazioni\Skype
2008-03-18 15:36 --------- dc----w C:\Programmi\Mozilla Thunderbird
2008-03-18 11:47 --------- dc----w C:\Programmi\eMule
2008-03-18 00:06 367,308 -c--a-w C:\WINDOWS\system32\MetrePlus.dll
2008-03-16 12:28 --------- dc----w C:\Documents and Settings\elisabetta\Dati applicazioni\Online Backup
2008-02-12 08:52 --------- dc----w C:\Programmi\Google
2008-02-07 15:18 724,984 -c--a-w C:\Documents and Settings\elisabetta\gotomypc_437.exe
2008-02-04 11:16 --------- dc----w C:\Programmi\File comuni\Adobe
2008-02-01 10:17 586,752 -c--a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-24 15:36 4,127,488 -c--a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-08-20 08:41 722,176 -c--a-w C:\Documents and Settings\elisabetta\gotomypc_428.exe
2006-11-20 09:11 563,712 -c--a-w C:\Documents and Settings\elisabetta\gotomypc_370.exe
2007-12-02 14:31 16,384 -csha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 23:39 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-13 13:30 68856]
"WMPNSCFG"="C:\Programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:56 204288]
"WindowsLivePhone"="C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe" [2007-03-29 11:21 722320]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FFTI"="C:\Documents and Settings\elisabetta\Dati applicazioni\Mozilla\Firefox\Profiles\24b5o3nq.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-01 09:44 1838592]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"U.S. Robotics Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]
"avgnt"="C:\Programmi\Avira\Avira Premium Security Suite\avgnt.exe" [2007-10-11 12:10 249896]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"@BackupScheduler"="C:\Program Files\Online Backup\OnlineBackup.exe" [2007-12-14 10:17 611768]
"LifeChat"="C:\Programmi\Microsoft LifeChat\LifeChat.exe" [2007-01-26 14:31 259440]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2003-04-08 13:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2003-04-08 13:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2003-04-08 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2003-04-08 13:00 455168]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 23:39 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]
"Picasa Media Detector"="C:\Programmi\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
SystemControl.lnk - C:\Programmi\SystemControl\SystemControl\SystemControl.exe [2006-02-06 17:47:53 2958848]
ZDWLan Utility.lnk - C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2007-06-28 21:11:23 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
C:\Programmi\Citrix\GoToMyPC\G2WinLogon.dll 2007-06-20 10:09 10536 C:\Programmi\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Google\\Google Talk\\googletalk.exe"=
"C:\\Programmi\\Softitler\\Eddie\\Eddie.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:eMule : TCP in ingresso
"4672:UDP"= 4672:UDP:eMule : UDP in ingresso

R1 avfwot;avfwot;C:\WINDOWS\system32\DRIVERS\avfwot.sys [2007-12-13 11:21]
R1 BS_I2cIo;BS_I2cIo;C:\WINDOWS\system32\drivers\BS_I2cIo.sys [2004-02-23 14:56]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;"C:\Programmi\Avira\Avira Premium Security Suite\avfwsvc.exe" [2007-11-28 15:32]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;"C:\Programmi\Avira\Avira Premium Security Suite\avmailc.exe" [2007-10-11 12:10]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;"C:\Programmi\Avira\Avira Premium Security Suite\AVWEBGRD.EXE" [2007-12-13 11:21]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"C:\Programmi\Avira\Avira Premium Security Suite\avesvc.exe" [2007-10-11 12:10]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-02-23 15:33]
R2 ZyDAS1211BBG;ZyDAS1211BBG;"C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\srvany.exe" [2003-04-18 17:06]
R3 avfwim;AvFw Packet Filter Miniport;C:\WINDOWS\system32\DRIVERS\avfwim.sys [2007-08-30 12:12]
R3 ITECIR;ITE CIR Driver;C:\WINDOWS\system32\DRIVERS\ITECIR.sys [2004-04-22 15:03]
R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-03 23:45]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 17:44]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 10:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bab92885-da08-11dc-9238-0014c102f569}]
\Shell\Auto\command - I:\sys.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sys.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5a1a940-eeb7-11db-ac11-0014c102f569}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 20:06:52
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-03-18 20.07.59
ComboFix-quarantined-files.txt 2008-03-18 19:07:43
.
2008-03-15 19:14:37 --- E O F ---

sissiliz · Mortale devoto Registrato: 18/03/08 13:35 Messaggi: 11

Ed il log di HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.14.47, on 18/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\Avira Premium Security Suite\avguard.exe
C:\Programmi\Avira\Avira Premium Security Suite\avesvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\srvany.exe
C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZyDummyZD11B-BG.exe
C:\Programmi\Avira\Avira Premium Security Suite\avmailc.exe
C:\Programmi\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Online Backup\OnlineBackup.exe
C:\Programmi\Microsoft LifeChat\LifeChat.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\WINDOWS\System32\svchost.exe
C:\hjt\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 74.52.26.10 test-discorsi-online.it
O1 - Hosts: 74.52.26.10 test-discours-en-ligne.fr
O1 - Hosts: 74.52.26.10 test-discursos-online.com
O1 - Hosts: 74.52.26.10 test-discursos-online.com.pt
O1 - Hosts: 74.52.26.10 test-reden-online.de
O1 - Hosts: 74.52.26.10 test-speech-writers.com
O1 - Hosts: 74.52.26.10 test-thepoemstore.com
O1 - Hosts: 74.52.26.10 test-toespraken-online.nl
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_SCD.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [U.S. Robotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [@BackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe
O4 - HKLM\..\Run: [LifeChat] "C:\Programmi\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WindowsLivePhone] "C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe" /AutoRun
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\elisabetta\Dati applicazioni\Mozilla\Firefox\Profiles\24b5o3nq.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\elisabetta\Dati applicazioni\Mozilla\Firefox\Profiles/24b5o3nq.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SystemControl.lnk = ?
O4 - Global Startup: ZDWLan Utility.lnk = C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\Programmi\Internet Cleaner\ICleaner.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\Programmi\Internet Cleaner\ICleaner.exe (file missing) (HKCU)
O15 - Trusted Zone: http://snl.bydeluxe.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {3D8C5C3D-35A0-43F7-8813-36902A92766D} (SoftLinkUpdate Class) - https://sol.softitler.com/downloads/SoftLink.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ajomasci.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ajomasci.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {A86A4C7C-6911-42D3-B898-52A199AB41CB} (SoftSecure Class) - https://sol.softitler.com/downloads/SoftLink.exe
O16 - DPF: {A86FEA6F-95C0-4190-A622-C5C02739CBE3} (WebTransfer Control) - http://snl.bydeluxe.com/SOLASP/(qrl2ttjr4xlkylips2c4kk55)/FileUD/WebTranU.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A382D92-05BC-40B5-B3BB-0771B5F32182}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C9ECF0C-9238-43F6-ACB4-A77E8A273FD6}: NameServer = 151.99.125.1,151.99.0.100
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Programmi\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Programmi\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Programmi\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Programmi\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Programmi\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: MSCSPTISRV - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - Unknown owner - C:\Programmi\SiSoftware\SiSoftware Sandra Lite XI.SP3\Win32\RpcDataSrv.exe (file missing)
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - Unknown owner - C:\Programmi\SiSoftware\SiSoftware Sandra Lite XI.SP3\RpcSandraSrv.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: ZyDAS1211BBG - Unknown owner - C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\srvany.exe

--
End of file - 12483 bytes

bdoriano · Inviato: 18 Mar 2008 23:18 Oggetto:

Crea un file di testo con le seguenti istruzioni:

sissiliz · Mortale devoto Registrato: 18/03/08 13:35 Messaggi: 11

Caro Bdoriano
grazie dell'aiuto
HO fatto come mi hai chiesto e di seguito posto i log aggiornati. Le voci che mi citi qui sotto sono tutte concernenti il mio lavoro, quindi nulla di cui preoccuparsi.
Posto questi log e vado a fare le altre scansioni che mi hai suggerito.
Ah, per la chiavetta infetta.. al momento alle mie porte USB ho collegate le cuffie, la chiavetta per internet wirelss, il mouse, la tastiera e la webcam, fine.

sissiliz · Mortale devoto Registrato: 18/03/08 13:35 Messaggi: 11

Log di HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.56.01, on 18/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\Avira Premium Security Suite\avguard.exe
C:\Programmi\Avira\Avira Premium Security Suite\avesvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\srvany.exe
C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZyDummyZD11B-BG.exe
C:\Programmi\Avira\Avira Premium Security Suite\avmailc.exe
C:\Programmi\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Online Backup\OnlineBackup.exe
C:\Programmi\Microsoft LifeChat\LifeChat.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\hjt\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 74.52.26.10 test-discorsi-online.it
O1 - Hosts: 74.52.26.10 test-discours-en-ligne.fr
O1 - Hosts: 74.52.26.10 test-discursos-online.com
O1 - Hosts: 74.52.26.10 test-discursos-online.com.pt
O1 - Hosts: 74.52.26.10 test-reden-online.de
O1 - Hosts: 74.52.26.10 test-speech-writers.com
O1 - Hosts: 74.52.26.10 test-thepoemstore.com
O1 - Hosts: 74.52.26.10 test-toespraken-online.nl
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [U.S. Robotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [@BackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe
O4 - HKLM\..\Run: [LifeChat] "C:\Programmi\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WindowsLivePhone] "C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe" /AutoRun
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\elisabetta\Dati applicazioni\Mozilla\Firefox\Profiles\24b5o3nq.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\elisabetta\Dati applicazioni\Mozilla\Firefox\Profiles/24b5o3nq.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SystemControl.lnk = ?
O4 - Global Startup: ZDWLan Utility.lnk = C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\Programmi\Internet Cleaner\ICleaner.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\Programmi\Internet Cleaner\ICleaner.exe (file missing) (HKCU)
O15 - Trusted Zone: http://snl.bydeluxe.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {3D8C5C3D-35A0-43F7-8813-36902A92766D} (SoftLinkUpdate Class) - https://sol.softitler.com/downloads/SoftLink.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ajomasci.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ajomasci.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {A86A4C7C-6911-42D3-B898-52A199AB41CB} (SoftSecure Class) - https://sol.softitler.com/downloads/SoftLink.exe
O16 - DPF: {A86FEA6F-95C0-4190-A622-C5C02739CBE3} (WebTransfer Control) - http://snl.bydeluxe.com/SOLASP/(qrl2ttjr4xlkylips2c4kk55)/FileUD/WebTranU.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A382D92-05BC-40B5-B3BB-0771B5F32182}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C9ECF0C-9238-43F6-ACB4-A77E8A273FD6}: NameServer = 151.99.125.1,151.99.0.100
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Programmi\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Programmi\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Programmi\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Programmi\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Programmi\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: MSCSPTISRV - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - Unknown owner - C:\Programmi\SiSoftware\SiSoftware Sandra Lite XI.SP3\Win32\RpcDataSrv.exe (file missing)
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - Unknown owner - C:\Programmi\SiSoftware\SiSoftware Sandra Lite XI.SP3\RpcSandraSrv.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: ZyDAS1211BBG - Unknown owner - C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\srvany.exe

--
End of file - 12145 bytes

sissiliz · Mortale devoto Registrato: 18/03/08 13:35 Messaggi: 11

Log di Combo Fix

ComboFix 08-03-17.1 - elisabetta 2008-03-18 22.46.39.1 - NTFSx86
Eseguito da: C:\Documents and Settings\elisabetta\Desktop\Software\ComboFix.exe
Command switches used :: C:\Documents and Settings\elisabetta\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\elisabetta\gotomypc_370.exe
C:\Documents and Settings\elisabetta\gotomypc_428.exe
C:\Documents and Settings\elisabetta\gotomypc_437.exe
C:\WINDOWS\system\Autorun.inf
C:\WINDOWS\system32\MetrePlus.dll
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\elisabetta\gotomypc_370.exe
C:\Documents and Settings\elisabetta\gotomypc_428.exe
C:\Documents and Settings\elisabetta\gotomypc_437.exe
C:\WINDOWS\system\Autorun.inf
C:\WINDOWS\system32\MetrePlus.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-02-18 al 2008-03-18 )))))))))))))))))))))))))))))))))))
.

2008-03-18 19:57 . 2008-03-18 20:14 <DIR> d----c--- C:\hjt
2008-03-17 11:26 . 2008-03-17 11:26 <DIR> d----c--- C:\Programmi\Realtek AC97
2008-03-17 11:26 . 2006-07-31 11:19 315,392 --a--c--- C:\WINDOWS\alcupd.exe
2008-03-17 11:26 . 2006-07-31 11:27 217,088 --a--c--- C:\WINDOWS\Alcrmv.exe
2008-03-13 12:25 . 2007-07-30 19:19 271,224 --a--c--- C:\WINDOWS\system32\mucltui.dll
2008-03-13 12:25 . 2007-07-30 19:19 207,736 --a--c--- C:\WINDOWS\system32\muweb.dll
2008-03-13 12:25 . 2007-07-30 19:18 30,072 --a--c--- C:\WINDOWS\system32\mucltui.dll.mui
2008-03-13 00:50 . 2008-03-13 00:50 <DIR> d----c--- C:\Programmi\Microsoft CAPICOM 2.1.0.2
2008-03-12 09:57 . 2006-11-29 13:06 3,426,072 --a--c--- C:\WINDOWS\system32\d3dx9_32.dll
2008-03-12 09:49 . 2008-03-12 09:49 <DIR> d----c--- C:\Programmi\Microsoft SQL Server Compact Edition
2008-03-12 09:32 . 2008-03-12 09:40 <DIR> d----c--- C:\Documents and Settings\elisabetta\Dati applicazioni\Windows Live Writer
2008-03-12 09:16 . 2008-03-15 20:14 <DIR> d----c--- C:\Programmi\Windows Live
2008-03-12 09:16 . 2008-03-12 09:30 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-03-12 09:16 . 2008-03-12 09:16 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-03-02 22:54 . 2003-04-08 13:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-03-02 22:53 . 2003-04-08 13:00 180,770 --a--c--- C:\WINDOWS\system32\dllcache\c_20932.nls

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 21:06 --------- dc----w C:\Programmi\eMule
2008-03-18 16:08 --------- dc----w C:\Documents and Settings\elisabetta\Dati applicazioni\Skype
2008-03-18 15:36 --------- dc----w C:\Programmi\Mozilla Thunderbird
2008-03-16 12:28 --------- dc----w C:\Documents and Settings\elisabetta\Dati applicazioni\Online Backup
2008-02-12 08:52 --------- dc----w C:\Programmi\Google
2008-02-04 11:16 --------- dc----w C:\Programmi\File comuni\Adobe
2008-02-01 10:17 586,752 -c--a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-24 15:36 4,127,488 -c--a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-12-02 14:31 16,384 -csha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 23:39 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-13 13:30 68856]
"WMPNSCFG"="C:\Programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:56 204288]
"WindowsLivePhone"="C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe" [2007-03-29 11:21 722320]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FFTI"="C:\Documents and Settings\elisabetta\Dati applicazioni\Mozilla\Firefox\Profiles\24b5o3nq.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-01 09:44 1838592]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"U.S. Robotics Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]
"avgnt"="C:\Programmi\Avira\Avira Premium Security Suite\avgnt.exe" [2007-10-11 12:10 249896]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"@BackupScheduler"="C:\Program Files\Online Backup\OnlineBackup.exe" [2007-12-14 10:17 611768]
"LifeChat"="C:\Programmi\Microsoft LifeChat\LifeChat.exe" [2007-01-26 14:31 259440]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2003-04-08 13:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2003-04-08 13:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2003-04-08 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2003-04-08 13:00 455168]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 23:39 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]
"Picasa Media Detector"="C:\Programmi\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
SystemControl.lnk - C:\Programmi\SystemControl\SystemControl\SystemControl.exe [2006-02-06 17:47:53 2958848]
ZDWLan Utility.lnk - C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2007-06-28 21:11:23 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
C:\Programmi\Citrix\GoToMyPC\G2WinLogon.dll 2007-06-20 10:09 10536 C:\Programmi\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Google\\Google Talk\\googletalk.exe"=
"C:\\Programmi\\Softitler\\Eddie\\Eddie.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:eMule : TCP in ingresso
"4672:UDP"= 4672:UDP:eMule : UDP in ingresso

R1 avfwot;avfwot;C:\WINDOWS\system32\DRIVERS\avfwot.sys [2007-12-13 11:21]
R1 BS_I2cIo;BS_I2cIo;C:\WINDOWS\system32\drivers\BS_I2cIo.sys [2004-02-23 14:56]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;"C:\Programmi\Avira\Avira Premium Security Suite\avfwsvc.exe" [2007-11-28 15:32]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;"C:\Programmi\Avira\Avira Premium Security Suite\avmailc.exe" [2007-10-11 12:10]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;"C:\Programmi\Avira\Avira Premium Security Suite\AVWEBGRD.EXE" [2007-12-13 11:21]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"C:\Programmi\Avira\Avira Premium Security Suite\avesvc.exe" [2007-10-11 12:10]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-02-23 15:33]
R2 ZyDAS1211BBG;ZyDAS1211BBG;"C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\srvany.exe" [2003-04-18 17:06]
R3 avfwim;AvFw Packet Filter Miniport;C:\WINDOWS\system32\DRIVERS\avfwim.sys [2007-08-30 12:12]
R3 ITECIR;ITE CIR Driver;C:\WINDOWS\system32\DRIVERS\ITECIR.sys [2004-04-22 15:03]
R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-03 23:45]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 17:44]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 10:38]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 22:50:07
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-03-18 22.50.59
ComboFix-quarantined-files.txt 2008-03-18 21:50:50
ComboFix2.txt 2008-03-18 19:08:00
.
2008-03-15 19:14:37 --- E O F ---

sissiliz · Mortale devoto Registrato: 18/03/08 13:35 Messaggi: 11

Eccomi
ho eseguito la scansione con Kaspersky
purtroppo ho salvato il report come file di testo invece che come HTML, non avendo internet aperto non ricordavo, spero vada bene lo stesso!
l'URL è
http://www.freefilehosting.net/download/3djbg
Ha trovato qualche virus, mi aiutate ad eliminarlo?
Grazie!

chemicalbit · Inviato: 19 Mar 2008 12:52 Oggetto:

bdoriano · Inviato: 19 Mar 2008 15:35 Oggetto:

I virus vengono rilevati nella quarantena di Norton Antivirus. Ti basta svuotarla per eliminarli

C'è, invece, un virus in alcuni messaggi di posta in arrivo:

pop.tiscali-1.it\Inbox/[From "Luisa Oliviero" ][Date Mon, 12 Jun 2006 14:43:04 +0200]/UNNAMED/[From ][Date Mon, 3 Jul 2006 19:37:31 +0200]/UNNAMED/[From "ANTONINOBARILLARO" ][Date Mon, 28 Aug 2006 20:06:15 +0200]/UNNAMED/[From "" <3Dinterhair @interhair.it>][Date Tue, 29 Aug 2006 08:12:03 +0100]/html Suspicious: Email-Worm.Win32.Bagle.mail
pop.tiscali-1.it\Inbox/[From "Luisa Oliviero" ][Date Mon, 12 Jun 2006 14:43:04 +0200]/UNNAMED/[From akiregia @libero.it][Date Mon, 3 Jul 2006 19:37:31 +0200]/UNNAMED/[From "ANTONINOBARILLARO" ][Date Mon, 28 Aug 2006 20:06:15 +0200]/UNNAMED/[From "Ca' del Conte"][Date Tue,29 Aug 2006 08:40:07 +0200]/UNNAMED/[From "" <3Dinterhair @interhair.it>][Date Thu, 31 Aug 2006 12:13:07 +0100]/UNNAMED/html Suspicious: Email-Worm.Win32.Bagle.mail skipped
pop.tiscali-1.it\Inbox/[From "Luisa Oliviero" ][Date Mon, 12 Jun 2006 14:43:04 +0200]/UNNAMED/[From ][Date Mon, 3 Jul 2006 19:37:31 +0200]/UNNAMED/[From "ANTONINOBARILLARO" ][Date Mon, 28 Aug 2006 20:06:15 +0200]/UNNAMED/[From "Ca' del Conte"][Date Tue,29 Aug 2006 08:40:07 +0200]/UNNAMED/[From "" <3Dinterhair @interh ... /[From "Wwwwellingsrl" ][Date Thu, 31 Aug 2006 13:32:38 +010 ... /html Suspicious: Email-Worm.Win32.Bagle.mail
pop.tiscali-1.it\Inbox/[From "Luisa Oliviero" ][Date Mon, 12 Jun 2006 14:43:04 +0200]/UNNAMED/[From ][Date Mon, 3 Jul 2006 19:37:31 +0200]/UNNAMED/[From "ANTONINOBARILLARO" ][Date Mon, 28 Aug 2006 20:06:15 +0200]/UNNAMED/[From "Ca' del Conte"][Date Tue,29 Aug 2006 08:40:07 +0200]/UNNAMED/[From "" <3Dinterhair@interh ... /[From "Wwwwellingsrl" ][Date Thu, 31 Aug 2006 13:32:38 +0100]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail
pop.tiscali-1.it\Inbox/[From "Luisa Oliviero" ][Date Mon, 12 Jun 2006 14:43:04 +0200]/UNNAMED/[From akiregia @libero.it][Date Mon, 3 Jul 2006 19:37:31 +0200]/UNNAMED/[From "ANTONINOBARILLARO" ][Date Mon, 28 Aug 2006 20:06:15 +0200]/UNNAMED/[From "Ca' del Conte"][Date Tue,29 Aug 2006 08:40:07 +0200]/UNNAMED/[From "" <3Dinterhair @interhair.it>][Date Thu, 31 Aug 2006 12:13:07 +0100]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail
pop.tiscali-1.it\Inbox/[From "Luisa Oliviero" ][Date Mon, 12 Jun 2006 14:43:04 +0200]/UNNAMED/[From ][Date Mon, 3 Jul 2006 19:37:31 +0200]/UNNAMED/[From "ANTONINOBARILLARO" ][Date Mon, 28 Aug 2006 20:06:15 +0200]/UNNAMED/[From "Ca' del Conte"][Date Tue,29 Aug 2006 08:40:07 +0200]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail
pop.tiscali-1.it\Inbox/[From "Luisa Oliviero" ][Date Mon, 12 Jun 2006 14:43:04 +0200]/UNNAMED/[From ][Date Mon, 3 Jul 2006 19:37:31 +0200]/UNNAMED/[From "ANTONINOBARILLARO" ][Date Mon, 28 Aug 2006 20:06:15 +0200]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail
pop.tiscali-1.it\Inbox/[From "Luisa Oliviero" ][Date Mon, 12 Jun 2006 14:43:04 +0200]/UNNAMED/[From ][Date Mon, 3 Jul 2006 19:37:31 +0200]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail
pop.tiscali-1.it\Inbox/[From "Luisa Oliviero" ][Date Mon, 12 Jun 2006 14:43:04 +0200]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail

fai una ricerca con Thunderbird in base al nome del mittente ed eliminali.
Dopodiché dovresti essere a posto.
Riscontri altri problemi?

sissiliz · Mortale devoto Registrato: 18/03/08 13:35 Messaggi: 11

perfetto grazie mille, eliminerò i messaggi che mi hai segnalato.
Norton lo usavo l'anno scorso poi l'ho disinstallato ed ora uso AVIRA perciò non capisco come ancora ci siano virus in quarantena...Non lo vedo più nemmeno fra i programmi.. come mi consigli di trovarlo ed eliminarlo?
per quanto riguarda i problemi, la connessione è tornata veloce e la CPU normale, l'unico problema rimasto è che a volte quando apro IE (uso sia IE che Mozilla Firefox) mi dà un messaggio di errore e non lo apro. Devo aspettare parecchio tempo o devo riavviare per aprire il browser.

bdoriano · Inviato: 19 Mar 2008 16:01 Oggetto:

Per eliminare la quarantena di Norton, cerca la cartella C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\ e cancellala.

Per quanto riguarda il problema con IE, vediamo se possiamo fare ancora qualcosa:

scarica FixWareOut da uno di questi siti:
Sito 1
Sito 2
Sito 3
Salvalo sul desktop
Avvialo
Clicca Next
Clicca Install
Assicurati che ci sia il segno di spunta su "Run fixit"
Clicca Finish.
Segui le indicazioni.
Ti chiederà di riavviare il pc, fallo.
Ci metterà parecchio a riavviarsi. Sii paziente.
Alla fine dell'operazione, riavvia ancora il pc.
Rifai il log di hijackthis e postalo insieme al file C:\fixwareout\report.txt

sissiliz · Mortale devoto Registrato: 18/03/08 13:35 Messaggi: 11

OK
ho fatto ciò che hai detto. Ho eliminato la quarantina di Norton ma dei sospetti virus in Thunderbird nemmeno l'ombra, sembra che quelle emailnon ci siano proprio. Le ho cercate anche con Google Desktop e le trova ma non riesco a trovarle in Thunderbird. Qualche idea?

Ecco il log di Fixwareout

Username "elisabetta" - 19/03/2008 15.40.11 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Svuotata la cache del resolver DNS.

System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="\"C:\\Programmi\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"SunJavaUpdateSched"="\"C:\\Programmi\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"U.S. Robotics Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY"
"avgnt"="\"C:\\Programmi\\Avira\\Avira Premium Security Suite\\avgnt.exe\" /min"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"@BackupScheduler"="C:\\Program Files\\Online Backup\\OnlineBackup.exe"
"LifeChat"="\"C:\\Programmi\\Microsoft LifeChat\\LifeChat.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SoundMan"="SOUNDMAN.EXE"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Programmi\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"WMPNSCFG"="C:\\Programmi\\Windows Media Player\\WMPNSCFG.exe"
"WindowsLivePhone"="\"C:\\PROGRA~1\\WI1F86~1\\MESSEN~1\\DEVICE~1\\msgrdvmn.exe\" /AutoRun"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

e quello di HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.51.15, on 19/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\Avira Premium Security Suite\avguard.exe
C:\Programmi\Avira\Avira Premium Security Suite\avesvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\srvany.exe
C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZyDummyZD11B-BG.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\Avira Premium Security Suite\avmailc.exe
C:\Programmi\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Online Backup\OnlineBackup.exe
C:\Programmi\Microsoft LifeChat\LifeChat.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [U.S. Robotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [@BackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe
O4 - HKLM\..\Run: [LifeChat] "C:\Programmi\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WindowsLivePhone] "C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe" /AutoRun
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\elisabetta\Dati applicazioni\Mozilla\Firefox\Profiles\24b5o3nq.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\elisabetta\Dati applicazioni\Mozilla\Firefox\Profiles/24b5o3nq.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SystemControl.lnk = ?
O4 - Global Startup: ZDWLan Utility.lnk = C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\Programmi\Internet Cleaner\ICleaner.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\Programmi\Internet Cleaner\ICleaner.exe (file missing) (HKCU)
O15 - Trusted Zone: http://snl.bydeluxe.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {3D8C5C3D-35A0-43F7-8813-36902A92766D} (SoftLinkUpdate Class) - https://sol.softitler.com/downloads/SoftLink.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ajomasci.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ajomasci.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {A86A4C7C-6911-42D3-B898-52A199AB41CB} (SoftSecure Class) - https://sol.softitler.com/downloads/SoftLink.exe
O16 - DPF: {A86FEA6F-95C0-4190-A622-C5C02739CBE3} (WebTransfer Control) - http://snl.bydeluxe.com/SOLASP/(qrl2ttjr4xlkylips2c4kk55)/FileUD/WebTranU.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A382D92-05BC-40B5-B3BB-0771B5F32182}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C9ECF0C-9238-43F6-ACB4-A77E8A273FD6}: NameServer = 151.99.125.1,151.99.0.100
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Programmi\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Programmi\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Programmi\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Programmi\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Programmi\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: MSCSPTISRV - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - Unknown owner - C:\Programmi\SiSoftware\SiSoftware Sandra Lite XI.SP3\Win32\RpcDataSrv.exe (file missing)
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - Unknown owner - C:\Programmi\SiSoftware\SiSoftware Sandra Lite XI.SP3\RpcSandraSrv.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: ZyDAS1211BBG - Unknown owner - C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\srvany.exe

--
End of file - 12236 bytes