Olimpo Informatico

[pevic]

salve ragazzi,vi scrivo nella speranza che possiate risolvere anche stavolta quest altro problema:mentre navigavo in rete per cercare di scaricare la mia serie televisiva da vari siti contenenti torrent,mi è apparso sul desktop l'icona dell'Antivirus XP 2008.Bene,anzi...male perchè io non so proprio da dove sia potuto uscire!Cmq una volta partito da solo ha cominciato a trovare oltre 300 file infetti rallentando notevolmente il pc,alchè ho deciso di disinstallarlo visto che un antivirus l'avevo già,e si tratta di avast,ma niente da fare.Ora appena accendo il pc parte e per eliminarmi i virus che trova vorrebbe che gli pagassi non so quanti dollari,perche' solo cosi' potrei ottenere la versione completa che ha la funzione elimina!Siccome non so come venirne a capo vi pregerei di un'ennesimo aiuto!a presto!

[danielegr]

Io credo che quello NON sia un antivirus, ma un VIRUS. Aspettiamo l'intervento degli esperti, ma intanto io incomincerei a fare le solite pulizie, cancellerei i file temporanei, e posterei un log di Hijackthis

[bdoriano]

Ciao pevic e benvenuto,

Fai queste operazioni:

• Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
  
• Segui le istruzioni di questo topic per usare MBAM.
  
• Segui le istruzioni di questo topic per eseguire combofix.
  
• Segui le istruzioni di questo topic per postare il log di HiJackThis.
  
• Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
  
  • Carica il log di MBAM su WikiSend e posta il Forum Link che ti viene assegnato.
    
  • Carica il log di Combofix su WikiSend e posta il Forum Link che ti viene assegnato.
    
  • Carica il log di HiJackThis su WikiSend e posta il Forum Link che ti viene assegnato.

PS: se vuoi, puoi presentarti qui

@zauberling:
Per le discussioni su quale sia il S.O. migliore, meno costoso, più sicuro etc, etc... non è questa la sezione adatta. Qui ci si occupa esclusivamente di aiutare i malcapitati che si beccano schifezze in giro per internet.

[pevic]

ComboFix 08-08-10.02 - Palma 2008-08-11 13:23:24.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.491 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Palma\Desktop\ComboFix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Antivirus XP 2008
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Antivirus XP 2008\Uninstall.lnk
C:\WINDOWS\system32\shell31.dll
C:\WINDOWS\wiaservb.log

.
((((((((((((((((((((((((( Files Creati Da 2008-07-11 al 2008-08-11 )))))))))))))))))))))))))))))))))))
.

2008-08-11 05:21 . 2008-08-11 05:21 <DIR> d-------- C:\Documents and Settings\Palma\Dati applicazioni\Malwarebytes
2008-08-11 05:20 . 2008-08-11 05:20 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-08-11 05:20 . 2008-08-11 05:20 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-08-11 05:20 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-11 05:20 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-03 05:12 . 2008-08-03 05:12 <DIR> d-------- C:\Documents and Settings\Palma\Dati applicazioni\vlc
2008-08-02 13:00 . 2008-08-02 13:22 <DIR> d-------- C:\Programmi\Alice Messenger
2008-08-01 11:17 . 2008-08-01 11:17 <DIR> d-------- C:\Programmi\VideoLAN
2008-07-31 12:53 . 2008-07-31 13:03 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-07-26 13:24 . 2005-04-25 12:10 33,538 --a------ C:\WINDOWS\system32\drivers\Capt905c.sys
2008-07-26 13:24 . 2005-04-13 15:21 24,605 --a------ C:\WINDOWS\system32\drivers\Camd905c.sys
2008-07-26 13:19 . 2008-07-26 13:19 5,632 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-07-26 01:54 . 2008-07-26 01:54 <DIR> d-------- C:\Programmi\AIDA32 - Enterprise System Information
2008-07-16 19:05 . 2008-07-16 19:05 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-07-16 17:41 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-16 14:25 . 2008-07-16 14:25 <DIR> d-------- C:\Programmi\MySpace
2008-07-16 14:25 . 2008-07-16 14:25 <DIR> d-------- C:\Documents and Settings\Palma\Dati applicazioni\MySpace
2008-07-16 09:17 . 2008-06-30 13:46 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-07-16 09:17 . 2008-06-30 13:46 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-07-16 09:17 . 2008-06-30 13:46 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-07-16 09:17 . 2008-06-30 11:55 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-07-16 09:17 . 2008-06-30 13:46 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-07-16 09:17 . 2008-08-11 13:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-07-16 09:17 . 2008-06-30 13:46 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-07-16 09:17 . 2008-06-30 13:46 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-07-16 09:17 . 2008-07-16 09:18 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-16 01:21 . 2008-07-16 01:21 1,169 --a------ C:\WINDOWS\mozver.dat
2008-07-15 20:48 . 2008-07-15 20:48 <DIR> d-------- C:\Programmi\Messenger Plus! Live
2008-07-15 20:48 . 2008-07-15 21:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2008-07-15 19:02 . 2008-07-15 19:02 <DIR> d---s---- C:\Documents and Settings\Palma\UserData
2008-07-15 18:17 . 2008-08-02 14:12 <DIR> d-------- C:\Documents and Settings\Palma\Contacts
2008-07-15 18:03 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-07-15 18:02 . 2008-07-15 18:02 <DIR> d-------- C:\Programmi\Microsoft SQL Server Compact Edition
2008-07-15 17:58 . 2008-07-15 17:58 <DIR> d-------- C:\Programmi\Windows Live Toolbar
2008-07-15 17:58 . 2008-07-15 17:58 <DIR> d-------- C:\Programmi\Windows Live Favorites
2008-07-15 17:54 . 2008-07-15 17:54 <DIR> d-------- C:\Documents and Settings\Giuseppe\Documenti
2008-07-15 17:54 . 2008-07-15 17:54 <DIR> d-------- C:\Documents and Settings\Giuseppe
2008-07-15 17:41 . 2008-07-15 17:41 268 --ah----- C:\sqmdata00.sqm
2008-07-15 17:41 . 2008-07-15 17:41 244 --ah----- C:\sqmnoopt00.sqm
2008-07-15 17:40 . 2008-07-15 17:40 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-15 17:38 . 2008-07-16 01:05 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Winamp Toolbar
2008-07-15 17:32 . 2008-07-15 17:40 <DIR> d-------- C:\Programmi\Winamp
2008-07-15 17:32 . 2008-07-15 17:46 <DIR> d-------- C:\Documents and Settings\Palma\Dati applicazioni\Winamp
2008-07-15 17:25 . 2008-07-15 17:35 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-07-15 17:24 . 2008-07-15 18:03 <DIR> d-------- C:\Programmi\Windows Live
2008-07-15 17:24 . 2008-07-15 17:24 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-07-15 12:11 . 2008-07-15 18:54 <DIR> d-------- C:\Programmi\uTorrent
2008-07-15 12:06 . 2008-08-09 12:04 <DIR> d-------- C:\Documents and Settings\Palma\Dati applicazioni\uTorrent
2008-07-15 11:33 . 2008-07-15 11:33 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-15 10:57 . 2008-08-09 12:56 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-14 21:46 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-14 21:16 . 2008-07-15 11:22 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-07-14 21:07 . 2008-07-14 21:07 <DIR> d-------- C:\WINDOWS\Motive
2008-07-14 21:07 . 2008-07-14 21:07 <DIR> d-------- C:\Programmi\File comuni\Motive
2008-07-14 21:07 . 2008-07-14 21:07 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Motive
2008-07-14 21:06 . 2008-07-14 21:06 <DIR> d-------- C:\Programmi\Motive
2008-07-14 21:06 . 2008-07-14 21:06 <DIR> d-------- C:\Programmi\Common Files
2008-07-14 21:06 . 2008-07-14 21:07 <DIR> d-------- C:\Programmi\Alice ti aiuta
2008-07-14 21:06 . 2002-10-17 19:07 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2008-07-14 21:06 . 2002-10-17 20:44 171,280 --a------ C:\WINDOWS\system32\jit.dll
2008-07-14 21:06 . 2002-10-17 20:44 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-07-14 21:06 . 2002-10-17 20:44 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-07-14 21:06 . 2002-10-17 19:28 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-07-14 21:06 . 2002-10-17 19:08 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-07-14 21:04 . 2008-07-14 21:04 <DIR> d-------- C:\Programmi\Telecom Italia
2008-07-14 21:04 . 2008-07-14 21:04 <DIR> d-------- C:\Documents and Settings\NetworkService\Menu Avvio
2008-07-14 14:43 . 2008-07-14 14:43 <DIR> d-------- C:\Programmi\File comuni\Adobe
2008-07-14 14:43 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-07-14 14:43 . 2008-07-14 20:12 526 --a------ C:\WINDOWS\ODBC.INI
2008-07-14 14:41 . 2008-07-14 14:41 <DIR> d-------- C:\Programmi\Microsoft.NET
2008-07-14 14:40 . 2008-07-26 13:19 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-14 14:38 . 2008-07-14 14:38 <DIR> dr-h----- C:\MSOCache
2008-07-14 14:36 . 2008-07-14 14:36 <DIR> d-------- C:\Programmi\AC3Filter
2008-07-14 14:36 . 2008-07-14 14:36 <DIR> d-------- C:\Documents and Settings\Palma\Dati applicazioni\Ahead
2008-07-14 14:36 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl
2008-07-14 14:35 . 2008-07-14 14:35 <DIR> d-------- C:\Programmi\XviD
2008-07-14 14:34 . 2008-07-14 14:34 <DIR> d-------- C:\Programmi\Nero
2008-07-14 14:34 . 2008-07-14 14:34 <DIR> d-------- C:\Programmi\File comuni\Ahead
2008-07-14 14:34 . 2008-07-14 14:34 <DIR> d-------- C:\Programmi\Alwil Software
2008-07-14 14:34 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-07-14 14:34 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-07-14 14:34 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-07-14 14:26 . 2008-07-14 14:26 <DIR> d-------- C:\Programmi\S3Inc
2008-07-14 14:26 . 2008-07-14 14:26 <DIR> d-------- C:\Programmi\C-Media 3D Audio
2008-07-14 14:26 . 2008-07-14 14:31 <DIR> d-------- C:\Program Files
2008-07-14 14:25 . 2008-07-26 13:24 <DIR> d--h----- C:\Programmi\InstallShield Installation Information
2008-07-14 14:25 . 2008-07-14 14:25 <DIR> d-------- C:\Documents and Settings\Palma\WINDOWS
2008-07-14 14:25 . 1998-10-06 18:57 327,168 --a------ C:\WINDOWS\IsUn0410.exe
2008-07-14 14:25 . 2003-07-02 04:42 27,904 -ra------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2008-07-14 14:25 . 2007-03-29 11:36 9,216 -ra------ C:\WINDOWS\system32\drivers\videX32.sys
2008-07-14 14:24 . 2008-07-14 14:24 <DIR> d-------- C:\Programmi\VIA
2008-07-14 14:24 . 2008-07-26 13:24 <DIR> d-------- C:\Programmi\File comuni\InstallShield
2008-07-14 14:24 . 2007-04-11 15:35 331,184 --------- C:\WINDOWS\system32\difxapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 19:06 155,995 ----a-w C:\WINDOWS\java\Packages\EGRZVDJP.ZIP
2008-06-30 10:01 --------- d-----w C:\Programmi\microsoft frontpage
2008-06-30 09:58 --------- d-----w C:\Programmi\Servizi in linea
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-09-25 19:11 155648]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
"VTPreset"="VTPreset.exe" [2004-02-24 20:17 45056 C:\WINDOWS\system32\VTPreset.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]
"MySpaceIM"="C:\Programmi\MySpace\IM\MySpaceIM.exe" [2008-04-18 01:27 9117696]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=C:\WINDOWS\pss\Alice ti aiuta.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-07-09 23:33 36352 C:\Programmi\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\MySpace\\IM\\MySpaceIM.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 11:36]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
.
Contenuto della cartella 'Scheduled Tasks'

2008-08-09 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-AliceMessenger - C:\Programmi\Alice Messenger\alicemessenger.exe
HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Palma\Dati applicazioni\Mozilla\Firefox\Profiles\x1dmmv9u.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 13:25:28
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-08-11 13:27:22
ComboFix-quarantined-files.txt 2008-08-11 11:27:16
ComboFix2.txt 2008-01-29 17:16:39

Pre-Run: 59,459,092,480 byte disponibili
Post-Run: 59,448,344,576 byte disponibili

186 --- E O F --- 2008-07-14 19:47:34

[pevic]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.33.42, on 11/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 4272 bytes

[pevic]

mbam sembra aver eliminato tutte le minaccie!

[pevic]

ops!non ho eseguito hijackthis in modalità provvisoria!bisogna che lo riavvii?
scusate la mia poca dimestichezza!

[pevic]

ComboFix.txt

[pevic]

hijackthis.log

[bdoriano]

I logs sembrano puliti.

Fai questi altri passaggi:

• Disabilita il tuo antivirus
  
• Collegati a BitDefender (con IE) e fai la scansione completa.
  
• Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
  Salva il risultato della scansione in un file (in formato TXT), carica il file su WikiSend e posta qui il Forum Link che ti viene assegnato.

[pevic]

kasperkidscansione.html

[bdoriano]

Ottimo!
Viene rilevato solo il file d'installazione di Nero che contiene un adware (nulla di pericoloso, solo di fastidioso).

Ultimi passaggi:

1. Pulizia dei files temporanei con ATF-Cleaner e/o CCleaner
   
2. Pulizia del registro con EUsingFreeRegistryCleaner o Wise Registry Cleaner e, infine, una passata con Auslogics Registry Defrag
   
3. Deframmentazione del disco