Olimpo Informatico

cardrag · Eroe Registrato: 07/04/08 16:38 Messaggi: 56 Residenza: marsiconuovo ( pz )

chiedo scusa a tutti se insisto ma siccome questo è uno dei forum più affidabili mi piacerebbe avere risposte da voi come è successo altre volte.
il problema è che nell'utilizzo cpu è presente questo iexplore.exe che non so a cosa serve e quando lo vado a cancellare subito dopo ricompare e mi porta l'utilizzo cpu a 100% rallentandomi il pc.
Quando non lo fa lui c'è questo famoso META BITS FUNK che non conosco che mi porta anch'esso la cpu a 100%.
Ho provato con diversi antispy e antivirus ma niente come devo fà
vi ringrazio e mi scuso per l'insistenza.
A proposito vi posto il log di hijackthis magari serve:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.44.55, on 10/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
F:\eMule\emule.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ilaria-d\Desktop\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [trust exit] C:\DOCUME~1\ilaria-d\DATIAP~1\CLOSEH~1\PureHelpSixth.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://antoniobubu.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C156A5D1-7857-489B-8DE6-D9F0A77623C0}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6542 bytes
Laughing

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Ciao cardrag Ciao

Non devi cancellare explorer.exe!

E' un file importante di sistema che ti permette di vedere quello che hai nel PC;

procedi cosi:
disattiva il ripristino di sistema e avvia il PC in modalità provvisoria;

Avvia Hijackthis, seleziona questa riga e clicca poi su fix Cheched:

cardrag · Eroe Registrato: 07/04/08 16:38 Messaggi: 56 Residenza: marsiconuovo ( pz )

ciao sante62 il problema non era explorere.exe ma iexplore.exe che attraverso una ricerca su internet ho letto si tratta di un virus, comunque ho scansionato con superantispyware e il problema è stato risolto, l'unico che mi rimane è questo META BITS FUNK che mi rallenta il computer, che dici di procedere lo stesso come mi hai consigliato?

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Prosegui con le altre scansioni...

PS: iexplore.exe è anche un file importante e non è di per sè un virus;
bisogna vedere ciò che lo ha infettato e se si trova nella posizione giusta;

questo lo si ottiene con le scansioni che vengono consigliate...

cardrag · Eroe Registrato: 07/04/08 16:38 Messaggi: 56 Residenza: marsiconuovo ( pz )

ok sante ho seguito le tue istruzioni ed ho fatto come dicevi.
ti posto combofix:

[color=brown]ComboFix 08-06-10.1 - ilaria-d 2008-06-10 23.16.46.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.467 [GMT 2:00]
Eseguito da: C:\Documents and Settings\ilaria-d\Desktop\ComboFix.exeternal.exe

[color=brown][color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((( Files Creati Da 2008-05-10 al 2008-06-10 )))))))))))))))))))))))))))))))))))
.

2008-06-10 22:59 . 2008-06-10 22:59 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-10 18:32 . 2008-06-10 18:32 <DIR> d----c--- C:\Programmi\Aethra
2008-06-10 18:32 . 2004-04-20 17:24 52,864 --a------ C:\WINDOWS\system32\drivers\CnxTrUsb.sys
2008-06-10 18:32 . 2004-04-20 17:24 25,984 --a------ C:\WINDOWS\system32\drivers\CnxTrLan.sys
2008-06-10 18:28 . 2008-06-10 18:28 <DIR> d----c--- C:\Programmi\Telecom Italia
2008-06-10 16:26 . 2008-06-10 16:26 <DIR> dr---c--- C:\Documents and Settings\LocalService\Documenti
2008-06-10 14:50 . 2008-06-10 14:50 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\Avg8
2008-06-10 10:35 . 2008-06-10 15:19 <DIR> d----c--- C:\Programmi\SUPERAntiSpyware
2008-06-10 10:35 . 2008-06-10 10:35 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-06-10 10:35 . 2008-06-10 10:35 <DIR> d----c--- C:\Documents and Settings\ilaria-d\Dati applicazioni\SUPERAntiSpyware.com
2008-06-10 10:35 . 2008-06-10 10:35 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-06-09 22:49 . 2008-06-09 22:49 268 --ah-c--- C:\sqmdata12.sqm
2008-06-09 22:49 . 2008-06-09 22:49 244 --ah-c--- C:\sqmnoopt12.sqm
2008-06-06 19:03 . 2008-06-10 12:57 10 --a------ C:\WINDOWS\popcinfo.dat
2008-06-06 17:23 . 2008-06-10 15:19 <DIR> d----c--- C:\Programmi\Zuma Deluxe
2008-06-06 16:00 . 2008-06-06 16:00 <DIR> d----c--- C:\Documents and Settings\ilaria-d\Dati applicazioni\GanymedeNet
2008-06-06 16:00 . 2008-06-06 16:00 4 --a------ C:\WINDOWS\system32\proc1395793746.bin
2008-06-06 15:40 . 2008-06-08 00:25 <DIR> d----c--- C:\Programmi\a-squared Anti-Malware
2008-06-04 23:35 . 2008-06-04 23:35 <DIR> d----c--- C:\Programmi\Close Hide
2008-06-04 23:35 . 2008-06-04 23:36 <DIR> d----c--- C:\Documents and Settings\ilaria-d\Dati applicazioni\Close Hide
2008-06-04 23:35 . 2008-06-04 23:35 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\Bait nurb roam real
2008-06-04 23:22 . 2008-06-04 23:22 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\SweetIM
2008-05-22 16:03 . 2008-05-24 10:51 230 --a--c--- C:\config.xml
2008-05-22 15:57 . 2008-05-22 15:57 <DIR> d----c--- C:\Programmi\Microsoft Research
2008-05-21 18:23 . 2008-05-21 18:23 <DIR> d----c--- C:\Documents and Settings\ilaria-d\Dati applicazioni\CDBurnerXP_Soft
2008-05-21 18:22 . 2008-05-21 18:22 <DIR> d----c--- C:\Programmi\CDBurnerXP
2008-05-19 14:34 . 2008-06-09 13:49 17,408 --a--c--- C:\psapi.dll
2008-05-19 12:06 . 2008-05-16 01:14 91,512 --a------ C:\WINDOWS\system32\AvBatEx.bav
2008-05-19 11:50 . 2008-05-19 11:50 37,473 --a------ C:\WINDOWS\system32\muzika.xm
2008-05-19 11:49 . 2008-05-19 12:06 138 --a------ C:\WINDOWS\TBPlugin.INI
2008-05-19 11:49 . 2008-05-19 12:06 95 --a------ C:\WINDOWS\avconfig.ini
2008-05-19 11:48 . 2008-05-19 11:48 <DIR> d----c--- C:\Programmi\Alwil Software
2008-05-18 00:53 . 2008-06-08 00:26 800,800 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-18 00:53 . 2008-06-08 00:26 10,460 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-17 19:15 . 2008-06-09 13:36 <DIR> d----c--- C:\VEXPLITE
2008-05-17 19:15 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-05-16 15:08 . 2008-05-16 15:08 250 --a------ C:\WINDOWS\gmer.ini
2008-05-11 01:06 . 2008-05-11 01:06 <DIR> d----c--- C:\Programmi\directx
2008-05-11 00:53 . 2008-05-11 00:53 <DIR> d----c--- C:\Programmi\Microids

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 16:30 --------- dc----w C:\Programmi\Alice ti aiuta
2008-06-10 16:30 --------- d-----w C:\Programmi\Motive
2008-06-10 16:28 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-10 16:01 --------- d-----w C:\Programmi\microsoft frontpage
2008-06-09 18:41 --------- dc----w C:\Programmi\Circle Developement
2008-06-09 13:29 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-06-09 12:48 --------- d-----w C:\Programmi\Lavasoft
2008-06-09 12:47 --------- dc----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-06-09 11:39 --------- dc----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-06-09 10:49 --------- dc----w C:\Programmi\Briscolachiamata
2008-06-04 21:34 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-05-19 08:29 --------- d-----w C:\Programmi\File comuni\Adobe
2008-05-18 08:01 --------- d-----w C:\Programmi\Sophos
2008-05-16 13:28 --------- dc----w C:\Programmi\QuickTime
2008-05-16 13:25 --------- dc----w C:\Programmi\iTunes
2008-05-16 12:54 --------- dc----w C:\Documents and Settings\ilaria-d\Dati applicazioni\uTorrent
2008-04-28 07:42 --------- dc----w C:\Programmi\iPod
2008-04-28 07:26 --------- dc----w C:\Programmi\Apple Software Update
2008-04-21 18:30 --------- dc----w C:\Programmi\RegCleaner
2008-04-18 17:56 --------- d-----w C:\Programmi\WinUHA
2008-04-18 17:56 --------- d-----w C:\Programmi\Visual Photo++
2008-04-18 17:56 --------- d-----w C:\Programmi\SewerRun
2008-04-18 17:56 --------- d-----w C:\Programmi\Scopa!
2008-04-18 17:56 --------- d-----w C:\Programmi\Replay Converter
2008-04-18 17:56 --------- d-----w C:\Programmi\PoleMic
2008-04-18 17:56 --------- d-----w C:\Programmi\Kyodai Mahjongg
2008-04-18 17:56 --------- d-----w C:\Programmi\Kyodai
2008-04-18 17:56 --------- d-----w C:\Programmi\Guitar Pro 5
2008-04-18 17:56 --------- d-----w C:\Programmi\E.M. Youtube Video Download Tool
2008-04-18 17:51 --------- dc----w C:\Programmi\DustBuster
2008-04-13 20:39 --------- d-----w C:\Programmi\Google
2008-04-13 09:00 --------- d-----w C:\Programmi\DkZ Studio
2008-04-13 08:56 --------- dc----w C:\Programmi\Catalogo BTicino 2000
2008-04-13 08:54 --------- dc----w C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
2008-03-29 11:02 118,784 ----a-w C:\WINDOWS\SeaMonkeyUninstall.exe
2008-03-29 11:02 118,784 ----a-w C:\WINDOWS\GREUninstall.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 17:05 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-07 11:39 2,293,712 -c--a-w C:\Programmi\FLV PlayerFCSetup.exe
2007-10-07 11:37 3,655,488 -c--a-w C:\Programmi\FLV PlayerRCATSetup.exe
2007-10-07 11:31 411,248 -c--a-w C:\Programmi\FLV PlayerRCSetup.exe
2008-01-23 16:18 80 --sh--r C:\WINDOWS\system32\A55C9356E1.dll
2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( snapshot_2008-06-07_13.40.15,62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-07 11:33:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 20:56:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 08:35:51 34,304 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
+ 2008-06-10 17:10:58 1,828 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{D9F7095C-A878-4E95-B1D0-F64353A0DF70}.bin
+ 2008-06-09 16:26:17 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2008-05-19 10:01:15 267,008 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-10 16:08:46 256,656 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-06-10 20:57:29 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_7b0.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-10-17 14:53 57384 --a------ C:\Programmi\Windows Live\Family Safety\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 15:49 7286784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"@"="" []
"GrpConv"="grpconv -o" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-06-10 18:30:29 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmi\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=C:\WINDOWS\pss\Alice ti aiuta.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-19 15:39 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-08-19 15:39 33280 C:\WINDOWS\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxCSI]
C:\Programmi\PrevxCSI\prevxcsi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a--c--- 2008-05-13 12:43 1510640 C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trust exit]
--a--c--- 2008-06-04 23:35 630784 C:\DOCUME~1\ilaria-d\DATIAP~1\CLOSEH~1\PureHelpSixth.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\PPStream\\PPStream.exe"=
"C:\\Programmi\\Kyodai\\kyodai.exe"=
"F:\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Programmi\\NetMeeting\\conf.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 NMSAccessU;NMSAccessU;C:\Programmi\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
S2 fsssvc;Windows Live OneCare Family Safety;"C:\Programmi\Windows Live\Family Safety\fsssvc.exe" [2007-10-17 14:53]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\34.tmp []

.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-31 21:29:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-06-10 21:16:22 C:\WINDOWS\Tasks\B1DCBB4B904B36EF.job"
- c:\docume~1\ilaria-d\datiap~1\closeh~1\META BITS FUNK.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 23:19:11
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\34.tmp"
.
Ora fine scansione: 2008-06-10 23.20.29
ComboFix-quarantined-files.txt 2008-06-10 21:20:10
ComboFix2.txt 2008-06-07 11:40:32
ComboFix3.txt 2008-05-17 15:10:51

13 Directory 124,776,005,632 byte disponibili
16 Directory 124,759,891,968 byte disponibili

209 --- E O F --- 2008-06-10 21:11:55
[/color][/color]

Ti posto il log di virit:

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
10/06/2008 - 23:32:38

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\MMSecurity.dll Infetto da Packer.Vundo.Gen
* * * RIMOSSO * * *

Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 57054.
Files Totali: 57054.
Chiavi Registro rimosse: 0.
Virus Rimossi: 1.

ED infine il log di hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6.21.15, on 11/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
c:\docume~1\ilaria-d\datiap~1\closeh~1\META BITS FUNK.exe
F:\eMule\emule.exe
C:\Programmi\Alwil Software\Avast4\setup\avast.setup
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ilaria-d\Desktop\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://antoniobubu.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C156A5D1-7857-489B-8DE6-D9F0A77623C0}: NameServer = 85.37.17.9 85.38.28.75
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 6800 bytes

Spero di aver fatto tutto bene.
A presto.

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Crea un file di testo con le seguenti istruzioni:

cardrag · Eroe Registrato: 07/04/08 16:38 Messaggi: 56 Residenza: marsiconuovo ( pz )

ti posto il log di combofix:

ComboFix 08-06-10.2 - ilaria-d 2008-06-11 10.39.15.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.603 [GMT 2:00]
Eseguito da: C:\Documents and Settings\ilaria-d\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ilaria-d\Desktop\CFScript.txt.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\docume~1\ilaria-d\datiap~1\closeh~1\META BITS FUNK.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ilaria-d\datiap~1\closeh~1\META BITS FUNK.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-05-11 al 2008-06-11 )))))))))))))))))))))))))))))))))))
.

2008-06-11 06:42 . 2008-06-11 06:42 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-10 18:32 . 2008-06-10 18:32 <DIR> d----c--- C:\Programmi\Aethra
2008-06-10 18:32 . 2004-04-20 17:24 52,864 --a------ C:\WINDOWS\system32\drivers\CnxTrUsb.sys
2008-06-10 18:32 . 2004-04-20 17:24 25,984 --a------ C:\WINDOWS\system32\drivers\CnxTrLan.sys
2008-06-10 18:28 . 2008-06-10 18:28 <DIR> d----c--- C:\Programmi\Telecom Italia
2008-06-10 16:26 . 2008-06-10 16:26 <DIR> dr---c--- C:\Documents and Settings\LocalService\Documenti
2008-06-10 14:50 . 2008-06-10 14:50 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\Avg8
2008-06-10 10:35 . 2008-06-10 15:19 <DIR> d----c--- C:\Programmi\SUPERAntiSpyware
2008-06-10 10:35 . 2008-06-10 10:35 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-06-10 10:35 . 2008-06-10 10:35 <DIR> d----c--- C:\Documents and Settings\ilaria-d\Dati applicazioni\SUPERAntiSpyware.com
2008-06-10 10:35 . 2008-06-10 10:35 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-06-09 22:49 . 2008-06-09 22:49 268 --ah-c--- C:\sqmdata12.sqm
2008-06-09 22:49 . 2008-06-09 22:49 244 --ah-c--- C:\sqmnoopt12.sqm
2008-06-06 19:03 . 2008-06-10 12:57 10 --a------ C:\WINDOWS\popcinfo.dat
2008-06-06 17:23 . 2008-06-10 15:19 <DIR> d----c--- C:\Programmi\Zuma Deluxe
2008-06-06 16:00 . 2008-06-06 16:00 <DIR> d----c--- C:\Documents and Settings\ilaria-d\Dati applicazioni\GanymedeNet
2008-06-06 16:00 . 2008-06-06 16:00 4 --a------ C:\WINDOWS\system32\proc1395793746.bin
2008-06-06 15:40 . 2008-06-08 00:25 <DIR> d----c--- C:\Programmi\a-squared Anti-Malware
2008-06-04 23:35 . 2008-06-04 23:35 <DIR> d----c--- C:\Programmi\Close Hide
2008-06-04 23:35 . 2008-06-11 10:39 <DIR> d----c--- C:\Documents and Settings\ilaria-d\Dati applicazioni\Close Hide
2008-06-04 23:35 . 2008-06-04 23:35 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\Bait nurb roam real
2008-06-04 23:22 . 2008-06-04 23:22 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\SweetIM
2008-05-22 16:03 . 2008-05-24 10:51 230 --a--c--- C:\config.xml
2008-05-22 15:57 . 2008-05-22 15:57 <DIR> d----c--- C:\Programmi\Microsoft Research
2008-05-21 18:23 . 2008-05-21 18:23 <DIR> d----c--- C:\Documents and Settings\ilaria-d\Dati applicazioni\CDBurnerXP_Soft
2008-05-21 18:22 . 2008-05-21 18:22 <DIR> d----c--- C:\Programmi\CDBurnerXP
2008-05-19 14:34 . 2008-06-09 13:49 17,408 --a--c--- C:\psapi.dll
2008-05-19 12:06 . 2008-05-16 01:14 91,512 --a------ C:\WINDOWS\system32\AvBatEx.bav
2008-05-19 11:50 . 2008-05-19 11:50 37,473 --a------ C:\WINDOWS\system32\muzika.xm
2008-05-19 11:49 . 2008-05-19 12:06 138 --a------ C:\WINDOWS\TBPlugin.INI
2008-05-19 11:49 . 2008-05-19 12:06 95 --a------ C:\WINDOWS\avconfig.ini
2008-05-19 11:48 . 2008-05-19 11:48 <DIR> d----c--- C:\Programmi\Alwil Software
2008-05-18 00:53 . 2008-06-08 00:26 800,800 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-18 00:53 . 2008-06-08 00:26 10,460 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-17 19:15 . 2008-06-11 06:40 <DIR> d----c--- C:\VEXPLITE
2008-05-17 19:15 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-05-16 15:08 . 2008-05-16 15:08 250 --a------ C:\WINDOWS\gmer.ini
2008-05-11 01:06 . 2008-05-11 01:06 <DIR> d----c--- C:\Programmi\directx
2008-05-11 00:53 . 2008-05-11 00:53 <DIR> d----c--- C:\Programmi\Microids

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 16:30 --------- dc----w C:\Programmi\Alice ti aiuta
2008-06-10 16:30 --------- d-----w C:\Programmi\Motive
2008-06-10 16:28 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-10 16:01 --------- d-----w C:\Programmi\microsoft frontpage
2008-06-09 18:41 --------- dc----w C:\Programmi\Circle Developement
2008-06-09 13:29 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-06-09 12:48 --------- d-----w C:\Programmi\Lavasoft
2008-06-09 12:47 --------- dc----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-06-09 11:39 --------- dc----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-06-09 10:49 --------- dc----w C:\Programmi\Briscolachiamata
2008-06-04 21:34 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-05-19 08:29 --------- d-----w C:\Programmi\File comuni\Adobe
2008-05-18 08:01 --------- d-----w C:\Programmi\Sophos
2008-05-16 13:28 --------- dc----w C:\Programmi\QuickTime
2008-05-16 13:25 --------- dc----w C:\Programmi\iTunes
2008-05-16 12:54 --------- dc----w C:\Documents and Settings\ilaria-d\Dati applicazioni\uTorrent
2008-04-28 07:42 --------- dc----w C:\Programmi\iPod
2008-04-28 07:26 --------- dc----w C:\Programmi\Apple Software Update
2008-04-21 18:30 --------- dc----w C:\Programmi\RegCleaner
2008-04-18 17:56 --------- d-----w C:\Programmi\WinUHA
2008-04-18 17:56 --------- d-----w C:\Programmi\Visual Photo++
2008-04-18 17:56 --------- d-----w C:\Programmi\SewerRun
2008-04-18 17:56 --------- d-----w C:\Programmi\Scopa!
2008-04-18 17:56 --------- d-----w C:\Programmi\Replay Converter
2008-04-18 17:56 --------- d-----w C:\Programmi\PoleMic
2008-04-18 17:56 --------- d-----w C:\Programmi\Kyodai Mahjongg
2008-04-18 17:56 --------- d-----w C:\Programmi\Kyodai
2008-04-18 17:56 --------- d-----w C:\Programmi\Guitar Pro 5
2008-04-18 17:56 --------- d-----w C:\Programmi\E.M. Youtube Video Download Tool
2008-04-18 17:51 --------- dc----w C:\Programmi\DustBuster
2008-04-13 20:39 --------- d-----w C:\Programmi\Google
2008-04-13 09:00 --------- d-----w C:\Programmi\DkZ Studio
2008-04-13 08:56 --------- dc----w C:\Programmi\Catalogo BTicino 2000
2008-04-13 08:54 --------- dc----w C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
2008-03-29 11:02 118,784 ----a-w C:\WINDOWS\SeaMonkeyUninstall.exe
2008-03-29 11:02 118,784 ----a-w C:\WINDOWS\GREUninstall.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 17:05 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-07 11:39 2,293,712 -c--a-w C:\Programmi\FLV PlayerFCSetup.exe
2007-10-07 11:37 3,655,488 -c--a-w C:\Programmi\FLV PlayerRCATSetup.exe
2007-10-07 11:31 411,248 -c--a-w C:\Programmi\FLV PlayerRCSetup.exe
2008-01-23 16:18 80 --sh--r C:\WINDOWS\system32\A55C9356E1.dll
2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( snapshot_2008-06-07_13.40.15,62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-07 11:33:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 21:31:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 08:35:51 34,304 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
+ 2008-06-09 16:26:17 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2008-05-19 10:01:15 267,008 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-10 16:08:46 256,656 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-06-10 21:31:49 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_770.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-10-17 14:53 57384 --a------ C:\Programmi\Windows Live\Family Safety\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 15:49 7286784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-06-10 18:30:29 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmi\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=C:\WINDOWS\pss\Alice ti aiuta.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-19 15:39 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-08-19 15:39 33280 C:\WINDOWS\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxCSI]
C:\Programmi\PrevxCSI\prevxcsi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a--c--- 2008-05-13 12:43 1510640 C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trust exit]
--a--c--- 2008-06-04 23:35 630784 C:\DOCUME~1\ilaria-d\DATIAP~1\CLOSEH~1\PureHelpSixth.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\PPStream\\PPStream.exe"=
"C:\\Programmi\\Kyodai\\kyodai.exe"=
"F:\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Programmi\\NetMeeting\\conf.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 NMSAccessU;NMSAccessU;C:\Programmi\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
S2 fsssvc;Windows Live OneCare Family Safety;"C:\Programmi\Windows Live\Family Safety\fsssvc.exe" [2007-10-17 14:53]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\34.tmp []

.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-31 21:29:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-06-11 08:23:46 C:\WINDOWS\Tasks\B1DCBB4B904B36EF.job"
- c:\docume~1\ilaria-d\datiap~1\closeh~1\META BITS FUNK.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 10:41:18
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\34.tmp"
.
Ora fine scansione: 2008-06-11 10.42.35
ComboFix-quarantined-files.txt 2008-06-11 08:42:20
ComboFix2.txt 2008-06-10 21:20:30
ComboFix3.txt 2008-06-07 11:40:32
ComboFix4.txt 2008-05-17 15:10:51

13 Directory 124,724,895,744 byte disponibili
16 Directory 124,705,431,552 byte disponibili

214 --- E O F --- 2008-06-11 07:19:58

il log di hikackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.45.52, on 11/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ilaria-d\Desktop\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://antoniobubu.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C156A5D1-7857-489B-8DE6-D9F0A77623C0}: NameServer = 85.37.17.9 85.38.28.75
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6534 bytes

ora scansiono con systemscan
e
poi ti faccio sapere

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Procedi nuovamente così:

cardrag · Eroe Registrato: 07/04/08 16:38 Messaggi: 56 Residenza: marsiconuovo ( pz )

report_1213175531481.txt

cardrag · Eroe Registrato: 07/04/08 16:38 Messaggi: 56 Residenza: marsiconuovo ( pz )

combofix

ComboFix 08-06-10.2 - ilaria-d 2008-06-11 11.17.28.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.492 [GMT 2:00]
Eseguito da: C:\Documents and Settings\ilaria-d\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ilaria-d\Desktop\CFScript.txt.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\DOCUME~1\ilaria-d\DATIAP~1\CLOSEH~1\PureHelpSixth.exe
C:\WINDOWS\system32\34.tmp
C:\WINDOWS\Tasks\B1DCBB4B904B36EF.job
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ilaria-d\DATIAP~1\CLOSEH~1\PureHelpSixth.exe
C:\WINDOWS\Tasks\B1DCBB4B904B36EF.job

.
((((((((((((((((((((((((( Files Creati Da 2008-05-11 al 2008-06-11 )))))))))))))))))))))))))))))))))))
.

2008-06-11 06:42 . 2008-06-11 06:42 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-10 18:32 . 2008-06-10 18:32 <DIR> d----c--- C:\Programmi\Aethra
2008-06-10 18:32 . 2004-04-20 17:24 52,864 --a------ C:\WINDOWS\system32\drivers\CnxTrUsb.sys
2008-06-10 18:32 . 2004-04-20 17:24 25,984 --a------ C:\WINDOWS\system32\drivers\CnxTrLan.sys
2008-06-10 18:28 . 2008-06-10 18:28 <DIR> d----c--- C:\Programmi\Telecom Italia
2008-06-10 16:26 . 2008-06-10 16:26 <DIR> dr---c--- C:\Documents and Settings\LocalService\Documenti
2008-06-10 14:50 . 2008-06-10 14:50 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\Avg8
2008-06-10 10:35 . 2008-06-10 15:19 <DIR> d----c--- C:\Programmi\SUPERAntiSpyware
2008-06-10 10:35 . 2008-06-10 10:35 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-06-10 10:35 . 2008-06-10 10:35 <DIR> d----c--- C:\Documents and Settings\ilaria-d\Dati applicazioni\SUPERAntiSpyware.com
2008-06-10 10:35 . 2008-06-10 10:35 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-06-09 22:49 . 2008-06-09 22:49 268 --ah-c--- C:\sqmdata12.sqm
2008-06-09 22:49 . 2008-06-09 22:49 244 --ah-c--- C:\sqmnoopt12.sqm
2008-06-06 19:03 . 2008-06-10 12:57 10 --a------ C:\WINDOWS\popcinfo.dat
2008-06-06 17:23 . 2008-06-10 15:19 <DIR> d----c--- C:\Programmi\Zuma Deluxe
2008-06-06 16:00 . 2008-06-06 16:00 <DIR> d----c--- C:\Documents and Settings\ilaria-d\Dati applicazioni\GanymedeNet
2008-06-06 16:00 . 2008-06-06 16:00 4 --a------ C:\WINDOWS\system32\proc1395793746.bin
2008-06-06 15:40 . 2008-06-08 00:25 <DIR> d----c--- C:\Programmi\a-squared Anti-Malware
2008-06-04 23:35 . 2008-06-04 23:35 <DIR> d----c--- C:\Programmi\Close Hide
2008-06-04 23:35 . 2008-06-11 11:17 <DIR> d----c--- C:\Documents and Settings\ilaria-d\Dati applicazioni\Close Hide
2008-06-04 23:35 . 2008-06-04 23:35 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\Bait nurb roam real
2008-06-04 23:22 . 2008-06-04 23:22 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\SweetIM
2008-05-22 16:03 . 2008-05-24 10:51 230 --a--c--- C:\config.xml
2008-05-22 15:57 . 2008-05-22 15:57 <DIR> d----c--- C:\Programmi\Microsoft Research
2008-05-21 18:23 . 2008-05-21 18:23 <DIR> d----c--- C:\Documents and Settings\ilaria-d\Dati applicazioni\CDBurnerXP_Soft
2008-05-21 18:22 . 2008-05-21 18:22 <DIR> d----c--- C:\Programmi\CDBurnerXP
2008-05-19 14:34 . 2008-06-09 13:49 17,408 --a--c--- C:\psapi.dll
2008-05-19 12:06 . 2008-05-16 01:14 91,512 --a------ C:\WINDOWS\system32\AvBatEx.bav
2008-05-19 11:50 . 2008-05-19 11:50 37,473 --a------ C:\WINDOWS\system32\muzika.xm
2008-05-19 11:49 . 2008-05-19 12:06 138 --a------ C:\WINDOWS\TBPlugin.INI
2008-05-19 11:49 . 2008-05-19 12:06 95 --a------ C:\WINDOWS\avconfig.ini
2008-05-19 11:48 . 2008-05-19 11:48 <DIR> d----c--- C:\Programmi\Alwil Software
2008-05-18 00:53 . 2008-06-08 00:26 800,800 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-18 00:53 . 2008-06-08 00:26 10,460 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-17 19:15 . 2008-06-11 06:40 <DIR> d----c--- C:\VEXPLITE
2008-05-17 19:15 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-05-16 15:08 . 2008-05-16 15:08 250 --a------ C:\WINDOWS\gmer.ini
2008-05-11 01:06 . 2008-05-11 01:06 <DIR> d----c--- C:\Programmi\directx
2008-05-11 00:53 . 2008-05-11 00:53 <DIR> d----c--- C:\Programmi\Microids

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 16:30 --------- dc----w C:\Programmi\Alice ti aiuta
2008-06-10 16:30 --------- d-----w C:\Programmi\Motive
2008-06-10 16:28 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-10 16:01 --------- d-----w C:\Programmi\microsoft frontpage
2008-06-09 18:41 --------- dc----w C:\Programmi\Circle Developement
2008-06-09 13:29 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-06-09 12:48 --------- d-----w C:\Programmi\Lavasoft
2008-06-09 12:47 --------- dc----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-06-09 11:39 --------- dc----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-06-09 10:49 --------- dc----w C:\Programmi\Briscolachiamata
2008-06-04 21:34 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-05-19 08:29 --------- d-----w C:\Programmi\File comuni\Adobe
2008-05-18 08:01 --------- d-----w C:\Programmi\Sophos
2008-05-16 13:28 --------- dc----w C:\Programmi\QuickTime
2008-05-16 13:25 --------- dc----w C:\Programmi\iTunes
2008-05-16 12:54 --------- dc----w C:\Documents and Settings\ilaria-d\Dati applicazioni\uTorrent
2008-04-28 07:42 --------- dc----w C:\Programmi\iPod
2008-04-28 07:26 --------- dc----w C:\Programmi\Apple Software Update
2008-04-21 18:30 --------- dc----w C:\Programmi\RegCleaner
2008-04-18 17:56 --------- d-----w C:\Programmi\WinUHA
2008-04-18 17:56 --------- d-----w C:\Programmi\Visual Photo++
2008-04-18 17:56 --------- d-----w C:\Programmi\SewerRun
2008-04-18 17:56 --------- d-----w C:\Programmi\Scopa!
2008-04-18 17:56 --------- d-----w C:\Programmi\Replay Converter
2008-04-18 17:56 --------- d-----w C:\Programmi\PoleMic
2008-04-18 17:56 --------- d-----w C:\Programmi\Kyodai Mahjongg
2008-04-18 17:56 --------- d-----w C:\Programmi\Kyodai
2008-04-18 17:56 --------- d-----w C:\Programmi\Guitar Pro 5
2008-04-18 17:56 --------- d-----w C:\Programmi\E.M. Youtube Video Download Tool
2008-04-18 17:51 --------- dc----w C:\Programmi\DustBuster
2008-04-13 20:39 --------- d-----w C:\Programmi\Google
2008-04-13 09:00 --------- d-----w C:\Programmi\DkZ Studio
2008-04-13 08:56 --------- dc----w C:\Programmi\Catalogo BTicino 2000
2008-04-13 08:54 --------- dc----w C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
2008-03-29 11:02 118,784 ----a-w C:\WINDOWS\SeaMonkeyUninstall.exe
2008-03-29 11:02 118,784 ----a-w C:\WINDOWS\GREUninstall.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 17:05 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-07 11:39 2,293,712 -c--a-w C:\Programmi\FLV PlayerFCSetup.exe
2007-10-07 11:37 3,655,488 -c--a-w C:\Programmi\FLV PlayerRCATSetup.exe
2007-10-07 11:31 411,248 -c--a-w C:\Programmi\FLV PlayerRCSetup.exe
2008-01-23 16:18 80 --sh--r C:\WINDOWS\system32\A55C9356E1.dll
2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( snapshot_2008-06-07_13.40.15,62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-07 11:33:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 21:31:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 08:35:51 34,304 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
+ 2008-06-09 16:26:17 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2008-05-19 10:01:15 267,008 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-10 16:08:46 256,656 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-06-10 21:31:49 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_770.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-10-17 14:53 57384 --a------ C:\Programmi\Windows Live\Family Safety\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 15:49 7286784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-06-10 18:30:29 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmi\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=C:\WINDOWS\pss\Alice ti aiuta.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-19 15:39 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-08-19 15:39 33280 C:\WINDOWS\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxCSI]
C:\Programmi\PrevxCSI\prevxcsi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a--c--- 2008-05-13 12:43 1510640 C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\PPStream\\PPStream.exe"=
"C:\\Programmi\\Kyodai\\kyodai.exe"=
"F:\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Programmi\\NetMeeting\\conf.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 NMSAccessU;NMSAccessU;C:\Programmi\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
S2 fsssvc;Windows Live OneCare Family Safety;"C:\Programmi\Windows Live\Family Safety\fsssvc.exe" [2007-10-17 14:53]

*Newly Created Service* - MBR
.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-31 21:29:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 11:18:50
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\34.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\34.tmp"
.
Ora fine scansione: 2008-06-11 11.20.01
ComboFix-quarantined-files.txt 2008-06-11 09:19:50
ComboFix2.txt 2008-06-11 08:42:36
ComboFix3.txt 2008-06-10 21:20:30
ComboFix4.txt 2008-06-07 11:40:32
ComboFix5.txt 2008-05-17 15:10:51

13 Directory 124,680,634,368 byte disponibili
15 Directory 124,662,489,088 byte disponibili

216 --- E O F --- 2008-06-11 07:19:58

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.24.53, on 11/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\ilaria-d\Desktop\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://antoniobubu.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C156A5D1-7857-489B-8DE6-D9F0A77623C0}: NameServer = 85.37.17.9 85.38.28.75
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6631 bytes

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Non ci siamo ancora...

Prova con Systemscan;

avvialo e clicca su Removal Script;

nel box inserisci questo:

cardrag · Eroe Registrato: 07/04/08 16:38 Messaggi: 56 Residenza: marsiconuovo ( pz )

avenger_1213183357925.txt

report_1213184613020.txt

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Il log di avenger pare non sia andato a buon fine;

Cortesemente fai un altro log di Combofix così che controlliamo che quelle stringhe non ci siano più?

Grazie...

cardrag · Eroe Registrato: 07/04/08 16:38 Messaggi: 56 Residenza: marsiconuovo ( pz )

ComboFix 08-06-10.2 - ilaria-d 2008-06-11 19.30.59.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.357 [GMT 2:00]
Eseguito da: C:\Documents and Settings\ilaria-d\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-05-11 al 2008-06-11 )))))))))))))))))))))))))))))))))))
.

2008-06-11 19:04 . 2008-06-11 19:04 24,400 --a--c--- C:\Documents and Settings\ilaria-d\glxtacic.exe
2008-06-11 16:26 . 2008-06-11 16:26 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-11 13:14 . 2008-06-11 13:14 <DIR> d----c--- C:\suspectfile
2008-06-10 18:32 . 2008-06-10 18:32 <DIR> d----c--- C:\Programmi\Aethra
2008-06-10 18:32 . 2004-04-20 17:24 52,864 --a------ C:\WINDOWS\system32\drivers\CnxTrUsb.sys
2008-06-10 18:32 . 2004-04-20 17:24 25,984 --a------ C:\WINDOWS\system32\drivers\CnxTrLan.sys
2008-06-10 18:28 . 2008-06-10 18:28 <DIR> d----c--- C:\Programmi\Telecom Italia
2008-06-10 16:26 . 2008-06-10 16:26 <DIR> dr---c--- C:\Documents and Settings\LocalService\Documenti
2008-06-10 14:50 . 2008-06-10 14:50 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\Avg8
2008-06-10 10:35 . 2008-06-10 15:19 <DIR> d----c--- C:\Programmi\SUPERAntiSpyware
2008-06-10 10:35 . 2008-06-10 10:35 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-06-10 10:35 . 2008-06-10 10:35 <DIR> d----c--- C:\Documents and Settings\ilaria-d\Dati applicazioni\SUPERAntiSpyware.com
2008-06-10 10:35 . 2008-06-10 10:35 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-06-09 22:49 . 2008-06-09 22:49 268 --ah-c--- C:\sqmdata12.sqm
2008-06-09 22:49 . 2008-06-09 22:49 244 --ah-c--- C:\sqmnoopt12.sqm
2008-06-06 19:03 . 2008-06-10 12:57 10 --a------ C:\WINDOWS\popcinfo.dat
2008-06-06 17:23 . 2008-06-10 15:19 <DIR> d----c--- C:\Programmi\Zuma Deluxe
2008-06-06 16:00 . 2008-06-06 16:00 <DIR> d----c--- C:\Documents and Settings\ilaria-d\Dati applicazioni\GanymedeNet
2008-06-06 16:00 . 2008-06-06 16:00 4 --a------ C:\WINDOWS\system32\proc1395793746.bin
2008-06-06 15:40 . 2008-06-08 00:25 <DIR> d----c--- C:\Programmi\a-squared Anti-Malware
2008-06-04 23:35 . 2008-06-04 23:35 <DIR> d----c--- C:\Programmi\Close Hide
2008-06-04 23:35 . 2008-06-11 11:17 <DIR> d----c--- C:\Documents and Settings\ilaria-d\Dati applicazioni\Close Hide
2008-06-04 23:35 . 2008-06-04 23:35 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\Bait nurb roam real
2008-06-04 23:22 . 2008-06-04 23:22 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\SweetIM
2008-05-22 16:03 . 2008-05-24 10:51 230 --a--c--- C:\config.xml
2008-05-22 15:57 . 2008-05-22 15:57 <DIR> d----c--- C:\Programmi\Microsoft Research
2008-05-21 18:23 . 2008-05-21 18:23 <DIR> d----c--- C:\Documents and Settings\ilaria-d\Dati applicazioni\CDBurnerXP_Soft
2008-05-21 18:22 . 2008-05-21 18:22 <DIR> d----c--- C:\Programmi\CDBurnerXP
2008-05-19 14:34 . 2008-06-09 13:49 17,408 --a--c--- C:\psapi.dll
2008-05-19 12:06 . 2008-05-16 01:14 91,512 --a------ C:\WINDOWS\system32\AvBatEx.bav
2008-05-19 11:50 . 2008-05-19 11:50 37,473 --a------ C:\WINDOWS\system32\muzika.xm
2008-05-19 11:49 . 2008-05-19 12:06 138 --a------ C:\WINDOWS\TBPlugin.INI
2008-05-19 11:49 . 2008-05-19 12:06 95 --a------ C:\WINDOWS\avconfig.ini
2008-05-19 11:48 . 2008-05-19 11:48 <DIR> d----c--- C:\Programmi\Alwil Software
2008-05-18 00:53 . 2008-06-08 00:26 800,800 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-18 00:53 . 2008-06-08 00:26 10,460 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-17 19:15 . 2008-06-11 13:17 <DIR> d----c--- C:\VEXPLITE
2008-05-17 19:15 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-05-16 15:08 . 2008-05-16 15:08 250 --a------ C:\WINDOWS\gmer.ini
2008-05-11 01:06 . 2008-05-11 01:06 <DIR> d----c--- C:\Programmi\directx
2008-05-11 00:53 . 2008-05-11 00:53 <DIR> d----c--- C:\Programmi\Microids

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 16:30 --------- dc----w C:\Programmi\Alice ti aiuta
2008-06-10 16:30 --------- d-----w C:\Programmi\Motive
2008-06-10 16:28 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-10 16:01 --------- d-----w C:\Programmi\microsoft frontpage
2008-06-09 18:41 --------- dc----w C:\Programmi\Circle Developement
2008-06-09 13:29 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-06-09 12:48 --------- d-----w C:\Programmi\Lavasoft
2008-06-09 12:47 --------- dc----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-06-09 11:39 --------- dc----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-06-09 10:49 --------- dc----w C:\Programmi\Briscolachiamata
2008-06-04 21:34 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-05-19 08:29 --------- d-----w C:\Programmi\File comuni\Adobe
2008-05-18 08:01 --------- d-----w C:\Programmi\Sophos
2008-05-16 13:28 --------- dc----w C:\Programmi\QuickTime
2008-05-16 13:25 --------- dc----w C:\Programmi\iTunes
2008-05-16 12:54 --------- dc----w C:\Documents and Settings\ilaria-d\Dati applicazioni\uTorrent
2008-04-28 07:42 --------- dc----w C:\Programmi\iPod
2008-04-28 07:26 --------- dc----w C:\Programmi\Apple Software Update
2008-04-21 18:30 --------- dc----w C:\Programmi\RegCleaner
2008-04-18 17:56 --------- d-----w C:\Programmi\WinUHA
2008-04-18 17:56 --------- d-----w C:\Programmi\Visual Photo++
2008-04-18 17:56 --------- d-----w C:\Programmi\SewerRun
2008-04-18 17:56 --------- d-----w C:\Programmi\Scopa!
2008-04-18 17:56 --------- d-----w C:\Programmi\Replay Converter
2008-04-18 17:56 --------- d-----w C:\Programmi\PoleMic
2008-04-18 17:56 --------- d-----w C:\Programmi\Kyodai Mahjongg
2008-04-18 17:56 --------- d-----w C:\Programmi\Kyodai
2008-04-18 17:56 --------- d-----w C:\Programmi\Guitar Pro 5
2008-04-18 17:56 --------- d-----w C:\Programmi\E.M. Youtube Video Download Tool
2008-04-18 17:51 --------- dc----w C:\Programmi\DustBuster
2008-04-13 20:39 --------- d-----w C:\Programmi\Google
2008-04-13 09:00 --------- d-----w C:\Programmi\DkZ Studio
2008-04-13 08:56 --------- dc----w C:\Programmi\Catalogo BTicino 2000
2008-04-13 08:54 --------- dc----w C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
2008-03-29 11:02 118,784 ----a-w C:\WINDOWS\SeaMonkeyUninstall.exe
2008-03-29 11:02 118,784 ----a-w C:\WINDOWS\GREUninstall.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 17:05 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-07 11:39 2,293,712 -c--a-w C:\Programmi\FLV PlayerFCSetup.exe
2007-10-07 11:37 3,655,488 -c--a-w C:\Programmi\FLV PlayerRCATSetup.exe
2007-10-07 11:31 411,248 -c--a-w C:\Programmi\FLV PlayerRCSetup.exe
2008-01-23 16:18 80 --sh--r C:\WINDOWS\system32\A55C9356E1.dll
2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( snapshot_2008-06-07_13.40.15,62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-11 12:47:32 20,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Visio.SaveAsWeb\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Visio.SaveAsWeb.dll
+ 2008-06-11 12:47:28 756,288 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Visio\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Visio.dll
+ 2008-06-11 12:47:50 72,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.VisOcx\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.VisOcx.dll
- 2008-06-07 11:33:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-11 11:18:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-15 09:00:52 593,920 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-06-11 12:04:44 593,920 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-04-15 09:00:53 12,288 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-11 12:04:44 12,288 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-04-15 09:00:54 86,016 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-06-11 12:04:44 86,016 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-04-15 09:00:49 135,168 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-11 12:04:43 135,168 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-04-15 09:00:54 11,264 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-06-11 12:04:44 11,264 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-04-15 09:00:54 27,136 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-06-11 12:04:44 27,136 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-04-15 09:00:55 4,096 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-11 12:04:44 4,096 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-04-15 09:00:56 794,624 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-06-11 12:04:44 794,624 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-04-15 09:00:51 249,856 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-06-11 12:04:43 249,856 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-04-15 09:00:50 61,440 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-06-11 12:04:43 61,440 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-04-15 09:00:57 23,040 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-06-11 12:04:44 23,040 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-04-15 09:00:49 286,720 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-06-11 12:04:43 286,720 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-04-15 09:00:48 409,600 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-06-11 12:04:43 409,600 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-06-11 12:37:56 12,288 ----a-r C:\WINDOWS\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-11 12:37:56 135,168 ----a-r C:\WINDOWS\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-11 12:37:56 11,264 ----a-r C:\WINDOWS\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-06-11 12:37:56 27,136 ----a-r C:\WINDOWS\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-06-11 12:37:57 4,096 ----a-r C:\WINDOWS\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-11 12:37:57 794,624 ----a-r C:\WINDOWS\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-06-11 12:37:56 249,856 ----a-r C:\WINDOWS\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-06-11 12:37:57 23,040 ----a-r C:\WINDOWS\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-06-11 12:37:56 286,720 ----a-r C:\WINDOWS\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-06-11 12:37:56 409,600 ----a-r C:\WINDOWS\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-06-11 10:09:32 593,920 ----a-r C:\WINDOWS\Installer\{90150410-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-06-11 10:09:32 12,288 ----a-r C:\WINDOWS\Installer\{90150410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-11 10:09:32 135,168 ----a-r C:\WINDOWS\Installer\{90150410-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-11 10:09:32 27,136 ----a-r C:\WINDOWS\Installer\{90150410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-06-11 10:09:32 4,096 ----a-r C:\WINDOWS\Installer\{90150410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-11 10:17:49 12,288 ----a-r C:\WINDOWS\Installer\{90160410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-11 10:17:49 135,168 ----a-r C:\WINDOWS\Installer\{90160410-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-11 10:17:49 11,264 ----a-r C:\WINDOWS\Installer\{90160410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-06-11 10:17:49 27,136 ----a-r C:\WINDOWS\Installer\{90160410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-06-11 10:17:49 4,096 ----a-r C:\WINDOWS\Installer\{90160410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-11 10:17:49 23,040 ----a-r C:\WINDOWS\Installer\{90160410-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-06-11 10:17:49 409,600 ----a-r C:\WINDOWS\Installer\{90160410-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-03-31 16:42:55 12,288 ----a-r C:\WINDOWS\Installer\{90170410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-11 10:27:59 12,288 ----a-r C:\WINDOWS\Installer\{90170410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-03-31 16:42:55 282,624 ----a-r C:\WINDOWS\Installer\{90170410-6000-11D3-8CFE-0150048383C9}\fpicon.exe
+ 2008-06-11 10:27:59 282,624 ----a-r C:\WINDOWS\Installer\{90170410-6000-11D3-8CFE-0150048383C9}\fpicon.exe
- 2008-03-31 16:42:55 135,168 ----a-r C:\WINDOWS\Installer\{90170410-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-11 10:28:00 135,168 ----a-r C:\WINDOWS\Installer\{90170410-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-03-31 16:42:55 27,136 ----a-r C:\WINDOWS\Installer\{90170410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-06-11 10:28:00 27,136 ----a-r C:\WINDOWS\Installer\{90170410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-03-31 16:42:55 4,096 ----a-r C:\WINDOWS\Installer\{90170410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-11 10:28:00 4,096 ----a-r C:\WINDOWS\Installer\{90170410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-11 11:55:52 12,288 ----a-r C:\WINDOWS\Installer\{90180410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-11 11:55:52 135,168 ----a-r C:\WINDOWS\Installer\{90180410-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-11 11:55:52 11,264 ----a-r C:\WINDOWS\Installer\{90180410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-06-11 11:55:52 27,136 ----a-r C:\WINDOWS\Installer\{90180410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-06-11 11:55:52 4,096 ----a-r C:\WINDOWS\Installer\{90180410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-11 11:55:52 249,856 ----a-r C:\WINDOWS\Installer\{90180410-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-06-11 11:55:52 23,040 ----a-r C:\WINDOWS\Installer\{90180410-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-06-11 12:32:31 12,288 ----a-r C:\WINDOWS\Installer\{90190410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-11 12:32:31 135,168 ----a-r C:\WINDOWS\Installer\{90190410-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-11 12:32:31 11,264 ----a-r C:\WINDOWS\Installer\{90190410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-06-11 12:32:31 27,136 ----a-r C:\WINDOWS\Installer\{90190410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-06-11 12:32:31 4,096 ----a-r C:\WINDOWS\Installer\{90190410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-11 12:32:31 61,440 ----a-r C:\WINDOWS\Installer\{90190410-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-06-11 11:12:55 12,288 ----a-r C:\WINDOWS\Installer\{901A0410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-11 11:12:55 135,168 ----a-r C:\WINDOWS\Installer\{901A0410-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-11 11:12:55 11,264 ----a-r C:\WINDOWS\Installer\{901A0410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-06-11 11:12:55 27,136 ----a-r C:\WINDOWS\Installer\{901A0410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-06-11 11:12:55 4,096 ----a-r C:\WINDOWS\Installer\{901A0410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-11 11:12:55 794,624 ----a-r C:\WINDOWS\Installer\{901A0410-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-06-11 12:53:51 12,288 ----a-r C:\WINDOWS\Installer\{901B0410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-11 12:53:50 135,168 ----a-r C:\WINDOWS\Installer\{901B0410-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-11 12:53:51 11,264 ----a-r C:\WINDOWS\Installer\{901B0410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-06-11 12:53:51 27,136 ----a-r C:\WINDOWS\Installer\{901B0410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-06-11 12:53:51 4,096 ----a-r C:\WINDOWS\Installer\{901B0410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-11 12:53:51 23,040 ----a-r C:\WINDOWS\Installer\{901B0410-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-06-11 12:53:50 286,720 ----a-r C:\WINDOWS\Installer\{901B0410-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-06-11 11:59:43 135,168 ----a-r C:\WINDOWS\Installer\{903B0410-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-11 11:59:43 4,096 ----a-r C:\WINDOWS\Installer\{903B0410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-11 11:59:43 147,456 ----a-r C:\WINDOWS\Installer\{903B0410-6000-11D3-8CFE-0150048383C9}\pj11icon.exe
+ 2008-06-11 10:33:14 12,288 ----a-r C:\WINDOWS\Installer\{90440410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-11 10:33:14 86,016 ----a-r C:\WINDOWS\Installer\{90440410-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-06-11 10:33:14 135,168 ----a-r C:\WINDOWS\Installer\{90440410-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-11 10:33:14 4,096 ----a-r C:\WINDOWS\Installer\{90440410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-11 12:49:33 12,288 ----a-r C:\WINDOWS\Installer\{90510410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-11 12:49:33 135,168 ----a-r C:\WINDOWS\Installer\{90510410-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-11 12:49:33 4,096 ----a-r C:\WINDOWS\Installer\{90510410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-11 12:49:33 176,128 ----a-r C:\WINDOWS\Installer\{90510410-6000-11D3-8CFE-0150048383C9}\visicon.exe
+ 2008-06-11 11:53:03 57,344 ----a-r C:\WINDOWS\Installer\{90A10410-6000-11D3-8CFE-0150048383C9}\joticon.exe
+ 2008-06-11 11:53:03 135,168 ----a-r C:\WINDOWS\Installer\{90A10410-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-11 11:53:03 4,096 ----a-r C:\WINDOWS\Installer\{90A10410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-11 12:43:19 12,288 ----a-r C:\WINDOWS\Installer\{90CA0410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-11 12:43:19 135,168 ----a-r C:\WINDOWS\Installer\{90CA0410-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-11 12:43:19 11,264 ----a-r C:\WINDOWS\Installer\{90CA0410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-06-11 12:43:19 27,136 ----a-r C:\WINDOWS\Installer\{90CA0410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-06-11 12:43:19 4,096 ----a-r C:\WINDOWS\Installer\{90CA0410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-11 12:43:19 794,624 ----a-r C:\WINDOWS\Installer\{90CA0410-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-06-11 12:43:19 249,856 ----a-r C:\WINDOWS\Installer\{90CA0410-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-06-11 12:43:19 61,440 ----a-r C:\WINDOWS\Installer\{90CA0410-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-06-11 12:43:19 23,040 ----a-r C:\WINDOWS\Installer\{90CA0410-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-06-11 12:43:19 286,720 ----a-r C:\WINDOWS\Installer\{90CA0410-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-06-11 12:43:19 409,600 ----a-r C:\WINDOWS\Installer\{90CA0410-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-06-11 11:50:13 12,288 ----a-r C:\WINDOWS\Installer\{90E00410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-11 11:50:13 135,168 ----a-r C:\WINDOWS\Installer\{90E00410-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-11 11:50:13 11,264 ----a-r C:\WINDOWS\Installer\{90E00410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-06-11 11:50:13 27,136 ----a-r C:\WINDOWS\Installer\{90E00410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-06-11 11:50:13 4,096 ----a-r C:\WINDOWS\Installer\{90E00410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-11 11:50:14 794,624 ----a-r C:\WINDOWS\Installer\{90E00410-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-06-10 08:35:51 34,304 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
+ 2008-06-09 16:26:17 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2008-05-19 10:01:15 267,008 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-11 11:18:14 257,456 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 1998-08-05 13:45:24 63,488 ----a-w C:\WINDOWS\system32\MSCC2IT.DLL
+ 2008-06-10 21:31:49 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_770.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-10-17 14:53 57384 --a------ C:\Programmi\Windows Live\Family Safety\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 15:49 7286784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-06-10 18:30:29 212992]
Avvio veloce di Microsoft Office OneNote 2003.lnk - C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 21:23:32 51776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmi\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=C:\WINDOWS\pss\Alice ti aiuta.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-19 15:39 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-08-19 15:39 33280 C:\WINDOWS\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxCSI]
C:\Programmi\PrevxCSI\prevxcsi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a--c--- 2008-05-13 12:43 1510640 C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\PPStream\\PPStream.exe"=
"C:\\Programmi\\Kyodai\\kyodai.exe"=
"F:\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Programmi\\NetMeeting\\conf.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 NMSAccessU;NMSAccessU;C:\Programmi\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
S2 fsssvc;Windows Live OneCare Family Safety;"C:\Programmi\Windows Live\Family Safety\fsssvc.exe" [2007-10-17 14:53]

.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-31 21:29:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 19:33:06
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-06-11 19.34.28
ComboFix-quarantined-files.txt 2008-06-11 17:34:11
ComboFix2.txt 2008-06-11 09:20:01
ComboFix3.txt 2008-06-11 08:42:36
ComboFix4.txt 2008-06-10 21:20:30
ComboFix5.txt 2008-06-07 11:40:32

15 Directory 123,377,577,984 byte disponibili
18 Directory 123,358,932,992 byte disponibili

324 --- E O F --- 2008-06-11 07:19:58

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Ok, mi pare che ci siamo;

adesso collegati a Kaspersky online scanner e procedi con la scansione estesa del PC.

cardrag · Eroe Registrato: 07/04/08 16:38 Messaggi: 56 Residenza: marsiconuovo ( pz )

ciao sante scusami tanto il ritardo ma ho avuto un casino di contrattempi con la scansione di kaspersky, o dura tantissimo o non l'ho capito io, comunque la pagina è stata modificata rispetto a quella che mi hai spiegato.
Provo a postarti i log uno dopo l'altro, scusami se sbaglio:

CRITICAL AREAS

Friday, June 13, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, June 13, 2008 15:00:21
Records in database: 860033
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area Critical Areas
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
C:\Documents and Settings\ilaria-d\Menu Avvio\Programmi\Esecuzione automatica
C:\Program Files
C:\Programmi
C:\WINDOWS
Scan statistics
Files scanned 42431
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 01:05:54

No malware has been detected. The scan area is clean.
The selected area was scanned.

MY COMPUTER

Friday, June 13, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, June 13, 2008 15:00:21
Records in database: 860033
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
Scan statistics
Files scanned 72592
Threat name 1
Infected objects 2
Suspicious objects 0
Duration of the scan 03:13:25

File name Threat name Threats count
C:\Documents and Settings\ilaria-d\glxtacic.exe Infected: Trojan.Win32.Dialer.bqh 1
C:\Documents and Settings\ilaria-d\Impostazioni locali\Temp\jar_cache34237.tmp Infected: Trojan.Win32.Dialer.bqh 1
The selected area was scanned.

FOLDER C:

Saturday, June 14, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, June 13, 2008 15:00:21
Records in database: 860033
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area Folder
C:\
Scan statistics
Files scanned 61576
Threat name 1
Infected objects 2
Suspicious objects 0
Duration of the scan 02:07:30

File name Threat name Threats count
C:\Documents and Settings\ilaria-d\glxtacic.exe Infected: Trojan.Win32.Dialer.bqh 1
C:\Documents and Settings\ilaria-d\Impostazioni locali\Temp\jar_cache34237.tmp Infected: Trojan.Win32.Dialer.bqh 1
The selected area was scanned.

Spero di aver fatto bene, altrimenti grazie per la pazienza e non solo...

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Nessun problema per il ritardo...

Si, hai fatto bene...effettivamente la scansione con Kasper può durare parecchio;

utilizza CCleaner per pulire la cache di internet;

poi elimina manualmente questi file:

cardrag · Eroe Registrato: 07/04/08 16:38 Messaggi: 56 Residenza: marsiconuovo ( pz )

ok sembra tutto a posto.
Se non ti secca vorrei chiederti un'ultima cosa, ogni tanto mi si blocca il puntatore del mouse, a volte riesco a rifarlo muovere altre volte però il puntatore sta fermo nonostante il mouse continui a funzionare lo stesso, quindi devo far ripartire il computer per rifarlo funzionare.
Ho cercato nei vari forum ma nessun problema del genere anche perchè a me lo fa non con un programma particolare ma quando decide lui.
Se ne capisci qualcosa, altrimenti ti ringrazio lo stesso per tutto il fastidio che ti ho procurato, grazie ancora.
Ciao Razz

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Lo fa quando decide lui.....quindi sei sicuro che non lo fa con lo/gli stesso/i programmi giusto?

Vai su Pannello di controllo->Mouse;

Apri la pagina Pulsanti e fai delle prove con la cartellina a destra, aumentando o diminuendo la sensibilità;

altrimenti dovresti provare con un altro mouse, magari in prestito e vedere se funziona; in caso positivo il tuo è da sostituire;

oppure, ancora devi verificare i relativi driver di riconoscimento in gestione periferiche....insomma puoi fare una serie di verifiche;