Olimpo Informatico

carfora · Mortale devoto Registrato: 09/04/09 13:16 Messaggi: 9

salve a tutti!
da quando provai ad installare un programmino (adsltv) ho problemi con un file tipo run32dll quando spengo il pc mi dice termina programma altrimenti nn si spegne!
questo è il mio logfile!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.13.25, on 09/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Programmi\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmi\Pop up Blocker\pd.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Alwil Software\Avast4\ashSimpl.exe
C:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tgcom.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programmi\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programmi\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [305b51e8] rundll32.exe "C:\WINDOWS\system32\sujhlyse.dll",b
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Programmi\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [VeohPlugin] "C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Pop up Blocker] "C:\Programmi\Pop up Blocker\pd.exe" Minimize
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Programmi\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: PD - {FF3F4CDE-E7D5-4D76-86AD-CDC7429E0443} - C:\Programmi\Pop up Blocker\pd.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://www.coolstreaming.us/consolle/plug-in/SOPCORE.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Servizio di Google Update (gupdate1c9b6d75abc43e2) (gupdate1c9b6d75abc43e2) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9059 bytes

R16 · Dio maturo Registrato: 07/03/08 22:58 Messaggi: 10129

Ciao carfora.
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema.
Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programmi\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [305b51e8] rundll32.exe "C:\WINDOWS\system32\sujhlyse.dll",b
O4 - HKCU\..\Run: [Pop up Blocker] "C:\Programmi\Pop up Blocker\pd.exe" Minimize
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://www.coolstreaming.us/consolle/plug-in/SOPCORE.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Fai una pulizia registro compreso con CCleaner:
http://forum.zeusnews.com/viewtopic.php?p=282670#282670
Riavvia il pc.

Segui le istruzioni di questo topic per usare MBAM:
http://forum.zeusnews.com/viewtopic.php?p=297823#297823

Segui le istruzioni di questo topic per eseguire combofix:
http://forum.zeusnews.com/viewtopic.php?p=235539#235539
Poi posta un log aggiornato di HijackThis:
N.B:
Tutti i log richiesti, (MBAM, Combofix, HJT ) li carichi su WikiSend e posta il Forum Link che ti viene assegnato.
http://www.wikisend.com/

carfora · Mortale devoto Registrato: 09/04/09 13:16 Messaggi: 9

grazie ragazzi ho fatto tutto quello descritto sopra! questi sono i forumlink assegnati!
log.txt
mbam-log-2009-04-12 (17-47-03).txt
hijackthis.log

R16 · Dio maturo Registrato: 07/03/08 22:58 Messaggi: 10129

Ciao carfora. Non riesco a visualizzare il log di MBAM.

Apri un file di testo sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e09935a4-a1da-11dd-9b39-00193e96f629}]

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix.
Riferisci se il problema è risolto.

carfora · Mortale devoto Registrato: 09/04/09 13:16 Messaggi: 9

Il problema di run32dll già è risolto e anche il virus di bonuspromooffer o qualcosa del genere....davvero nn so come ringraziarti!
cmq ho fatto come dici e questo è il log aggiornato:

ComboFix 09-04-13.A2 - xfonz 2009-04-13 20.39.10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1278.764 [GMT 2:00]
Eseguito da: c:\documents and settings\xfonz\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\xfonz\Desktop\CFScript.txt.txt
AV: avast! antivirus 4.8.1335 [VPS 090413-0] *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-03-13 al 2009-04-13 )))))))))))))))))))))))))))))))))))
.

2009-04-12 15:16 . 2009-04-12 15:16 -------- d-----w c:\documents and settings\xfonz\Dati applicazioni\Malwarebytes
2009-04-12 15:16 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-12 15:16 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-12 15:16 . 2009-04-12 15:16 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-04-12 15:07 . 2009-04-13 18:36 4958588 ----a-w c:\windows\{00000002-00000000-00000003-00001102-00000004-10071102}.BAK
2009-04-09 17:11 . 2009-04-09 18:44 -------- d-----w c:\windows\BDOSCAN8
2009-04-09 11:11 . 2009-04-09 11:11 401720 ----a-w C:\HiJackThis.exe
2009-04-09 10:54 . 2009-04-09 10:54 -------- d-----w c:\documents and settings\xfonz\Dati applicazioni\Uniblue
2009-04-07 17:37 . 2009-04-07 17:37 64 ----a-w c:\windows\wininit.ini
2009-04-07 07:28 . 2009-04-07 07:28 -------- d-----w c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
2009-04-06 16:47 . 2009-04-06 16:47 -------- d-----w c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2009-04-06 16:47 . 2009-04-06 16:49 -------- d-----w c:\documents and settings\xfonz\Impostazioni locali\Dati applicazioni\Google
2009-04-06 16:46 . 2009-04-13 18:23 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-03-23 08:34 . 2009-03-23 08:50 -------- d-----w c:\windows\SxsCaPendDel
2009-03-23 07:44 . 2008-10-16 13:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-03-23 07:44 . 2008-10-16 13:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-03-23 07:44 . 2008-10-16 13:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-03-22 19:01 . 2009-03-23 09:07 -------- d-----w c:\documents and settings\xfonz\Tracing
2009-03-22 18:59 . 2006-11-29 12:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-03-21 14:46 . 2009-03-21 14:46 -------- d-----w C:\Poker
2009-03-16 20:27 . 2009-03-16 20:27 268 ---ha-w C:\sqmdata06.sqm
2009-03-16 20:27 . 2009-03-16 20:27 244 ---ha-w C:\sqmnoopt06.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-13 18:43 . 2008-11-29 19:00 60545056 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-13 18:43 . 2008-11-29 19:00 60545056 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-13 18:27 . 2001-08-31 12:00 80886 ----a-w c:\windows\system32\perfc010.dat
2009-04-13 18:27 . 2001-08-31 12:00 482596 ----a-w c:\windows\system32\perfh010.dat
2009-04-13 14:26 . 2008-11-29 19:00 710696 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-12 15:16 . 2009-04-12 15:16 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-12 15:02 . 2008-11-16 21:42 -------- d-----w c:\programmi\SopCast
2009-04-09 15:27 . 2009-04-09 15:27 -------- d-----w c:\programmi\Enigma Software Group
2009-04-09 11:13 . 2009-04-09 11:13 9060 ----a-w C:\hijackthis.log
2009-04-08 11:23 . 2009-04-08 11:23 -------- d-----w c:\programmi\Pop up Blocker
2009-04-06 16:47 . 2008-08-11 08:14 -------- d-----w c:\programmi\Google
2009-04-05 20:11 . 2009-04-05 20:11 -------- d-----w c:\programmi\XBox 360 Controller for Windows Software
2009-04-04 13:43 . 2009-04-04 17:17 1931264 ----a-w c:\windows\Internet Logs\xDB12.tmp
2009-03-31 18:25 . 2008-08-11 13:49 -------- d-----w c:\documents and settings\xfonz\Dati applicazioni\uTorrent
2009-03-25 10:31 . 2008-08-10 20:24 -------- d-----w c:\programmi\eMule
2009-03-23 14:02 . 2008-08-10 19:24 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-03-23 09:17 . 2009-03-23 09:17 -------- d-----w c:\programmi\MSN Messenger
2009-03-23 09:13 . 2008-08-10 19:10 -------- d-----w c:\programmi\Windows Live
2009-03-23 08:51 . 2008-08-19 12:36 -------- d-----w c:\programmi\Microsoft Silverlight
2009-03-22 19:01 . 2008-08-10 17:49 67864 ----a-w c:\documents and settings\xfonz\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-03-22 19:01 . 2009-03-22 18:57 -------- d-----w c:\programmi\Microsoft
2009-03-22 19:01 . 2009-03-22 19:01 -------- d-----w c:\programmi\Microsoft Office Outlook Connector
2009-03-22 18:56 . 2009-03-22 18:56 -------- d-----w c:\programmi\Windows Live SkyDrive
2009-03-22 18:49 . 2009-03-22 18:49 -------- d-----w c:\programmi\File comuni\Windows Live
2009-03-22 08:45 . 2009-03-22 08:45 3269202 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-21 10:13 . 2008-08-10 17:45 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-03-09 18:37 . 2008-12-29 19:27 -------- d-----w c:\documents and settings\xfonz\Dati applicazioni\PC Suite
2009-03-06 23:37 . 2009-03-06 23:37 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\KONAMI
2009-03-06 22:12 . 2008-08-12 07:23 -------- d-----w c:\programmi\KONAMI
2009-03-01 16:42 . 2009-01-13 12:19 304160 ----a-w C:\PA207.DAT
2009-02-23 12:52 . 2009-02-23 08:00 -------- d-----w c:\programmi\Alice Messenger
2009-02-23 07:59 . 2009-02-23 07:59 -------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2009-02-21 17:53 . 2009-02-21 17:59 1759744 ----a-w c:\windows\Internet Logs\xDB11.tmp
2009-02-09 14:56 . 2004-08-19 13:31 1846272 ----a-w c:\windows\system32\win32k.sys
2009-01-13 22:56 . 2009-01-14 12:51 1673216 ----a-w c:\windows\Internet Logs\xDB10.tmp
2009-01-13 22:56 . 2009-01-14 12:51 36352 ----a-w c:\windows\Internet Logs\xDBF.tmp
2008-12-29 17:14 . 2008-12-25 11:58 814216 ----a-w c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
.

------- Sigcheck -------

[-] 2008-04-14 02:14 510464 9259170D29B5A256735FCB8B80280857 c:\windows\SoftwareDistribution\Download\fc8deab818fa7e7ffabfc43e34347907\winlogon.exe
[-] 2008-08-20 16:36 504832 FD46B348FCA32A1987B9A32B6BA81D2E c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-04-12_18.15.10.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-13 18:23 . 2009-04-13 18:23 16384 c:\windows\Temp\Perflib_Perfdata_7c0.dat
- 2001-08-31 12:00 . 2009-04-12 15:53 80886 c:\windows\system32\perfc010.dat
+ 2001-08-31 12:00 . 2009-04-13 18:27 80886 c:\windows\system32\perfc010.dat
- 2001-08-31 12:00 . 2009-04-12 15:53 68540 c:\windows\system32\perfc009.dat
+ 2001-08-31 12:00 . 2009-04-13 18:27 68540 c:\windows\system32\perfc009.dat
- 2001-08-31 12:00 . 2009-04-12 15:53 482596 c:\windows\system32\perfh010.dat
+ 2001-08-31 12:00 . 2009-04-13 18:27 482596 c:\windows\system32\perfh010.dat
+ 2001-08-31 12:00 . 2009-04-13 18:27 435896 c:\windows\system32\perfh009.dat
- 2001-08-31 12:00 . 2009-04-12 15:53 435896 c:\windows\system32\perfh009.dat
+ 2008-11-29 19:00 . 2009-04-13 18:43 60545056 c:\windows\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 13:22 1172792 --a------ c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"RemoteCenter"="c:\programmi\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"VeohPlugin"="c:\programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-11-04 3522296]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-06 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE]
"CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=

R2 gupdate1c9b6d75abc43e2;Servizio di Google Update (gupdate1c9b6d75abc43e2);c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-06 133104]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2008-06-27 100888]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 ctgame;Game Port;c:\windows\system32\DRIVERS\ctgame.sys [2008-07-07 18840]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 PAC207;PC Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2007-10-25 616064]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e09935a4-a1da-11dd-9b39-00193e96f629}]
\Shell\Auto\command - CSRSS.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL CSRSS.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-04-13 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-06 18:46]

2009-04-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-06 18:47]

2009-04-13 c:\windows\Tasks\User_Feed_Synchronization-{AC3687D1-BC93-4B4A-A068-6FEB38E2C7AE}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
.
------- Scansione supplementare -------
.
uStart Page = www.tgcom.it/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\programmi\Google\GoogleToolbar1.dll/cmsearch.html
IE: Collegamenti a ritroso - c:\programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Pagine simili - c:\programmi\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Versione cache della pagina - c:\programmi\Google\GoogleToolbar1.dll/cmcache.html
IE: {{FF3F4CDE-E7D5-4D76-86AD-CDC7429E0443} - c:\programmi\Pop up Blocker\pd.exe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 20:43
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3448)
c:\programmi\RocketDock\RocketDock.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-04-13 20.45.08
ComboFix-quarantined-files.txt 2009-04-13 18:45
ComboFix2.txt 2009-04-12 16:16

Pre-Run: 144.693.215.232 byte disponibili
Post-Run: 144,856,879,104 byte disponibili

210 --- E O F --- 2009-03-23 14:03

R16 · Dio maturo Registrato: 07/03/08 22:58 Messaggi: 10129

Ciao.
Lo script non è andato a buon fine, in quanto hai sbagliato a salvarlo:
Dovevi salvarlo con il nome CFScript.txt e non con il nome :CFScript.txt.txt .
A mio avviso, quelle chiavi vanno eliminate, poi vedi tu.(se dici che il pc và bene.... Rolling Eyes

)

Segui questi consigli per una pulizia generale:
Dai una pulita (registro compreso)con CCleaner .
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella Temp. (non eliminare la cartella)

Svuota del suo contenuto la cartella Prefetch :
C:\Windows\Prefetch
( non eliminare la cartella)
SVUOTA IL CESTINO

Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected
Ricordati di riattivare il ripristino configurazione di sistema

carfora · Mortale devoto Registrato: 09/04/09 13:16 Messaggi: 9

ciao! tutto ok con ccleaner poi nella cartella %temp% nn sono riuscito ad eliminare due file che dice essere in esecuzione: Nglalog e Perflib_perfdata_fa8
Lanciato Hijackthis ho ripulito i tanti ads trovati e
nella cartella prefetch tutto eliminato, poi ho rifatto il file di testo cfsscript e questo è il risultato:

ComboFix 09-04-13.A2 - xfonz 2009-04-13 20.39.10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1278.764 [GMT 2:00]
Eseguito da: c:\documents and settings\xfonz\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\xfonz\Desktop\CFScript.txt.txt
AV: avast! antivirus 4.8.1335 [VPS 090413-0] *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-03-13 al 2009-04-13 )))))))))))))))))))))))))))))))))))
.

2009-04-12 15:16 . 2009-04-12 15:16 -------- d-----w c:\documents and settings\xfonz\Dati applicazioni\Malwarebytes
2009-04-12 15:16 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-12 15:16 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-12 15:16 . 2009-04-12 15:16 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-04-12 15:07 . 2009-04-13 18:36 4958588 ----a-w c:\windows\{00000002-00000000-00000003-00001102-00000004-10071102}.BAK
2009-04-09 17:11 . 2009-04-09 18:44 -------- d-----w c:\windows\BDOSCAN8
2009-04-09 11:11 . 2009-04-09 11:11 401720 ----a-w C:\HiJackThis.exe
2009-04-09 10:54 . 2009-04-09 10:54 -------- d-----w c:\documents and settings\xfonz\Dati applicazioni\Uniblue
2009-04-07 17:37 . 2009-04-07 17:37 64 ----a-w c:\windows\wininit.ini
2009-04-07 07:28 . 2009-04-07 07:28 -------- d-----w c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
2009-04-06 16:47 . 2009-04-06 16:47 -------- d-----w c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2009-04-06 16:47 . 2009-04-06 16:49 -------- d-----w c:\documents and settings\xfonz\Impostazioni locali\Dati applicazioni\Google
2009-04-06 16:46 . 2009-04-13 18:23 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-03-23 08:34 . 2009-03-23 08:50 -------- d-----w c:\windows\SxsCaPendDel
2009-03-23 07:44 . 2008-10-16 13:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-03-23 07:44 . 2008-10-16 13:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-03-23 07:44 . 2008-10-16 13:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-03-22 19:01 . 2009-03-23 09:07 -------- d-----w c:\documents and settings\xfonz\Tracing
2009-03-22 18:59 . 2006-11-29 12:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-03-21 14:46 . 2009-03-21 14:46 -------- d-----w C:\Poker
2009-03-16 20:27 . 2009-03-16 20:27 268 ---ha-w C:\sqmdata06.sqm
2009-03-16 20:27 . 2009-03-16 20:27 244 ---ha-w C:\sqmnoopt06.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-13 18:43 . 2008-11-29 19:00 60545056 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-13 18:43 . 2008-11-29 19:00 60545056 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-13 18:27 . 2001-08-31 12:00 80886 ----a-w c:\windows\system32\perfc010.dat
2009-04-13 18:27 . 2001-08-31 12:00 482596 ----a-w c:\windows\system32\perfh010.dat
2009-04-13 14:26 . 2008-11-29 19:00 710696 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-12 15:16 . 2009-04-12 15:16 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-12 15:02 . 2008-11-16 21:42 -------- d-----w c:\programmi\SopCast
2009-04-09 15:27 . 2009-04-09 15:27 -------- d-----w c:\programmi\Enigma Software Group
2009-04-09 11:13 . 2009-04-09 11:13 9060 ----a-w C:\hijackthis.log
2009-04-08 11:23 . 2009-04-08 11:23 -------- d-----w c:\programmi\Pop up Blocker
2009-04-06 16:47 . 2008-08-11 08:14 -------- d-----w c:\programmi\Google
2009-04-05 20:11 . 2009-04-05 20:11 -------- d-----w c:\programmi\XBox 360 Controller for Windows Software
2009-04-04 13:43 . 2009-04-04 17:17 1931264 ----a-w c:\windows\Internet Logs\xDB12.tmp
2009-03-31 18:25 . 2008-08-11 13:49 -------- d-----w c:\documents and settings\xfonz\Dati applicazioni\uTorrent
2009-03-25 10:31 . 2008-08-10 20:24 -------- d-----w c:\programmi\eMule
2009-03-23 14:02 . 2008-08-10 19:24 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-03-23 09:17 . 2009-03-23 09:17 -------- d-----w c:\programmi\MSN Messenger
2009-03-23 09:13 . 2008-08-10 19:10 -------- d-----w c:\programmi\Windows Live
2009-03-23 08:51 . 2008-08-19 12:36 -------- d-----w c:\programmi\Microsoft Silverlight
2009-03-22 19:01 . 2008-08-10 17:49 67864 ----a-w c:\documents and settings\xfonz\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-03-22 19:01 . 2009-03-22 18:57 -------- d-----w c:\programmi\Microsoft
2009-03-22 19:01 . 2009-03-22 19:01 -------- d-----w c:\programmi\Microsoft Office Outlook Connector
2009-03-22 18:56 . 2009-03-22 18:56 -------- d-----w c:\programmi\Windows Live SkyDrive
2009-03-22 18:49 . 2009-03-22 18:49 -------- d-----w c:\programmi\File comuni\Windows Live
2009-03-22 08:45 . 2009-03-22 08:45 3269202 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-21 10:13 . 2008-08-10 17:45 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-03-09 18:37 . 2008-12-29 19:27 -------- d-----w c:\documents and settings\xfonz\Dati applicazioni\PC Suite
2009-03-06 23:37 . 2009-03-06 23:37 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\KONAMI
2009-03-06 22:12 . 2008-08-12 07:23 -------- d-----w c:\programmi\KONAMI
2009-03-01 16:42 . 2009-01-13 12:19 304160 ----a-w C:\PA207.DAT
2009-02-23 12:52 . 2009-02-23 08:00 -------- d-----w c:\programmi\Alice Messenger
2009-02-23 07:59 . 2009-02-23 07:59 -------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2009-02-21 17:53 . 2009-02-21 17:59 1759744 ----a-w c:\windows\Internet Logs\xDB11.tmp
2009-02-09 14:56 . 2004-08-19 13:31 1846272 ----a-w c:\windows\system32\win32k.sys
2009-01-13 22:56 . 2009-01-14 12:51 1673216 ----a-w c:\windows\Internet Logs\xDB10.tmp
2009-01-13 22:56 . 2009-01-14 12:51 36352 ----a-w c:\windows\Internet Logs\xDBF.tmp
2008-12-29 17:14 . 2008-12-25 11:58 814216 ----a-w c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
.

------- Sigcheck -------

[-] 2008-04-14 02:14 510464 9259170D29B5A256735FCB8B80280857 c:\windows\SoftwareDistribution\Download\fc8deab818fa7e7ffabfc43e34347907\winlogon.exe
[-] 2008-08-20 16:36 504832 FD46B348FCA32A1987B9A32B6BA81D2E c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-04-12_18.15.10.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-13 18:23 . 2009-04-13 18:23 16384 c:\windows\Temp\Perflib_Perfdata_7c0.dat
- 2001-08-31 12:00 . 2009-04-12 15:53 80886 c:\windows\system32\perfc010.dat
+ 2001-08-31 12:00 . 2009-04-13 18:27 80886 c:\windows\system32\perfc010.dat
- 2001-08-31 12:00 . 2009-04-12 15:53 68540 c:\windows\system32\perfc009.dat
+ 2001-08-31 12:00 . 2009-04-13 18:27 68540 c:\windows\system32\perfc009.dat
- 2001-08-31 12:00 . 2009-04-12 15:53 482596 c:\windows\system32\perfh010.dat
+ 2001-08-31 12:00 . 2009-04-13 18:27 482596 c:\windows\system32\perfh010.dat
+ 2001-08-31 12:00 . 2009-04-13 18:27 435896 c:\windows\system32\perfh009.dat
- 2001-08-31 12:00 . 2009-04-12 15:53 435896 c:\windows\system32\perfh009.dat
+ 2008-11-29 19:00 . 2009-04-13 18:43 60545056 c:\windows\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 13:22 1172792 --a------ c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"RemoteCenter"="c:\programmi\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"VeohPlugin"="c:\programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-11-04 3522296]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-06 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE]
"CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=

R2 gupdate1c9b6d75abc43e2;Servizio di Google Update (gupdate1c9b6d75abc43e2);c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-06 133104]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2008-06-27 100888]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 ctgame;Game Port;c:\windows\system32\DRIVERS\ctgame.sys [2008-07-07 18840]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 PAC207;PC Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2007-10-25 616064]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e09935a4-a1da-11dd-9b39-00193e96f629}]
\Shell\Auto\command - CSRSS.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL CSRSS.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-04-13 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-06 18:46]

2009-04-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-06 18:47]

2009-04-13 c:\windows\Tasks\User_Feed_Synchronization-{AC3687D1-BC93-4B4A-A068-6FEB38E2C7AE}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
.
------- Scansione supplementare -------
.
uStart Page = www.tgcom.it/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\programmi\Google\GoogleToolbar1.dll/cmsearch.html
IE: Collegamenti a ritroso - c:\programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Pagine simili - c:\programmi\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Versione cache della pagina - c:\programmi\Google\GoogleToolbar1.dll/cmcache.html
IE: {{FF3F4CDE-E7D5-4D76-86AD-CDC7429E0443} - c:\programmi\Pop up Blocker\pd.exe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 20:43
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3448)
c:\programmi\RocketDock\RocketDock.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-04-13 20.45.08
ComboFix-quarantined-files.txt 2009-04-13 18:45
ComboFix2.txt 2009-04-12 16:16

Pre-Run: 144.693.215.232 byte disponibili
Post-Run: 144,856,879,104 byte disponibili

210 --- E O F --- 2009-03-23 14:03

R16 · Dio maturo Registrato: 07/03/08 22:58 Messaggi: 10129

Ciao.
Hai sbagliato di nuovo.
Devi aprire un normale foglio Block Note, sul Desktop.
Cliccare su "file" .
Clicca su "salva con nome".
In alto, dove c'è scritto "Salva in" seleziona nel menù a tendina "Desktop".
In basso, dove c'è scritto "Nome file", elimina quello che c'è scritto nella stringa, e scrivi CFScript.txt e clicca su "Salva".
Poi copia-incolla lo script in rosso che ti fatto, e lo trascini sull'icona di Combofix, e aspetti la fine dei lavori.

carfora · Mortale devoto Registrato: 09/04/09 13:16 Messaggi: 9

R1 ero convinto d'aver fatto come descritto, cmq l'ho rifatto e questo è il log:
ComboFix 09-04-13.A2 - xfonz 2009-04-15 10.18.07.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1278.784 [GMT 2:00]
Eseguito da: c:\documents and settings\xfonz\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\xfonz\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090414-0] *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2009-03-15 al 2009-04-15 )))))))))))))))))))))))))))))))))))
.

2009-04-15 07:49 . 2009-04-15 07:49 -------- d-----w c:\windows\LastGood
2009-04-14 08:43 . 2009-04-15 08:14 4958588 ----a-w c:\windows\{00000002-00000000-00000003-00001102-00000004-10071102}.BAK
2009-04-12 15:16 . 2009-04-12 15:16 -------- d-----w c:\documents and settings\xfonz\Dati applicazioni\Malwarebytes
2009-04-12 15:16 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-12 15:16 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-12 15:16 . 2009-04-12 15:16 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-04-09 17:11 . 2009-04-09 18:44 -------- d-----w c:\windows\BDOSCAN8
2009-04-09 11:11 . 2009-04-09 11:11 401720 ----a-w C:\HiJackThis.exe
2009-04-09 10:54 . 2009-04-09 10:54 -------- d-----w c:\documents and settings\xfonz\Dati applicazioni\Uniblue
2009-04-07 17:37 . 2009-04-07 17:37 64 ----a-w c:\windows\wininit.ini
2009-04-07 07:28 . 2009-04-07 07:28 -------- d-----w c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
2009-04-06 16:47 . 2009-04-06 16:47 -------- d-----w c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2009-04-06 16:47 . 2009-04-06 16:49 -------- d-----w c:\documents and settings\xfonz\Impostazioni locali\Dati applicazioni\Google
2009-04-06 16:46 . 2009-04-14 19:24 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-03-23 08:34 . 2009-03-23 08:50 -------- d-----w c:\windows\SxsCaPendDel
2009-03-23 07:44 . 2008-10-16 13:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-03-23 07:44 . 2008-10-16 13:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-03-23 07:44 . 2008-10-16 13:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-03-22 19:01 . 2009-03-23 09:07 -------- d-----w c:\documents and settings\xfonz\Tracing
2009-03-22 18:59 . 2006-11-29 12:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-03-21 14:46 . 2009-03-21 14:46 -------- d-----w C:\Poker
2009-03-16 20:27 . 2009-03-16 20:27 268 ---ha-w C:\sqmdata06.sqm
2009-03-16 20:27 . 2009-03-16 20:27 244 ---ha-w C:\sqmnoopt06.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 08:22 . 2008-11-29 19:00 61354016 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-15 08:22 . 2008-11-29 19:00 61354016 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-15 07:51 . 2001-08-31 12:00 80886 ----a-w c:\windows\system32\perfc010.dat
2009-04-15 07:51 . 2001-08-31 12:00 482596 ----a-w c:\windows\system32\perfh010.dat
2009-04-14 21:48 . 2008-11-29 19:00 719072 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-14 08:00 . 2009-03-22 08:45 4605415 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-04-12 15:16 . 2009-04-12 15:16 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-12 15:02 . 2008-11-16 21:42 -------- d-----w c:\programmi\SopCast
2009-04-09 15:27 . 2009-04-09 15:27 -------- d-----w c:\programmi\Enigma Software Group
2009-04-09 11:13 . 2009-04-09 11:13 9060 ----a-w C:\hijackthis.log
2009-04-08 11:23 . 2009-04-08 11:23 -------- d-----w c:\programmi\Pop up Blocker
2009-04-06 16:47 . 2008-08-11 08:14 -------- d-----w c:\programmi\Google
2009-04-05 20:11 . 2009-04-05 20:11 -------- d-----w c:\programmi\XBox 360 Controller for Windows Software
2009-04-04 13:43 . 2009-04-04 17:17 1931264 ----a-w c:\windows\Internet Logs\xDB12.tmp
2009-03-31 18:25 . 2008-08-11 13:49 -------- d-----w c:\documents and settings\xfonz\Dati applicazioni\uTorrent
2009-03-25 10:31 . 2008-08-10 20:24 -------- d-----w c:\programmi\eMule
2009-03-23 14:02 . 2008-08-10 19:24 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-03-23 09:17 . 2009-03-23 09:17 -------- d-----w c:\programmi\MSN Messenger
2009-03-23 09:13 . 2008-08-10 19:10 -------- d-----w c:\programmi\Windows Live
2009-03-23 08:51 . 2008-08-19 12:36 -------- d-----w c:\programmi\Microsoft Silverlight
2009-03-22 19:01 . 2008-08-10 17:49 67864 ----a-w c:\documents and settings\xfonz\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-03-22 19:01 . 2009-03-22 18:57 -------- d-----w c:\programmi\Microsoft
2009-03-22 19:01 . 2009-03-22 19:01 -------- d-----w c:\programmi\Microsoft Office Outlook Connector
2009-03-22 18:56 . 2009-03-22 18:56 -------- d-----w c:\programmi\Windows Live SkyDrive
2009-03-22 18:49 . 2009-03-22 18:49 -------- d-----w c:\programmi\File comuni\Windows Live
2009-03-21 10:13 . 2008-08-10 17:45 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-03-09 18:37 . 2008-12-29 19:27 -------- d-----w c:\documents and settings\xfonz\Dati applicazioni\PC Suite
2009-03-06 23:37 . 2009-03-06 23:37 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\KONAMI
2009-03-06 22:12 . 2008-08-12 07:23 -------- d-----w c:\programmi\KONAMI
2009-03-01 16:42 . 2009-01-13 12:19 304160 ----a-w C:\PA207.DAT
2009-02-23 12:52 . 2009-02-23 08:00 -------- d-----w c:\programmi\Alice Messenger
2009-02-23 07:59 . 2009-02-23 07:59 -------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2009-02-21 17:53 . 2009-02-21 17:59 1759744 ----a-w c:\windows\Internet Logs\xDB11.tmp
2009-02-09 14:56 . 2004-08-19 13:31 1846272 ----a-w c:\windows\system32\win32k.sys
2008-12-29 17:14 . 2008-12-25 11:58 814216 ----a-w c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
.

------- Sigcheck -------

[-] 2008-04-14 02:14 510464 9259170D29B5A256735FCB8B80280857 c:\windows\SoftwareDistribution\Download\fc8deab818fa7e7ffabfc43e34347907\winlogon.exe
[-] 2008-08-20 16:36 504832 FD46B348FCA32A1987B9A32B6BA81D2E c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-04-12_18.15.10.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-15 07:46 . 2009-04-15 07:46 16384 c:\windows\Temp\Perflib_Perfdata_788.dat
- 2001-08-31 12:00 . 2009-04-12 15:53 80886 c:\windows\system32\perfc010.dat
+ 2001-08-31 12:00 . 2009-04-15 07:51 80886 c:\windows\system32\perfc010.dat
- 2001-08-31 12:00 . 2009-04-12 15:53 68540 c:\windows\system32\perfc009.dat
+ 2001-08-31 12:00 . 2009-04-15 07:51 68540 c:\windows\system32\perfc009.dat
- 2001-08-31 12:00 . 2009-04-12 15:53 482596 c:\windows\system32\perfh010.dat
+ 2001-08-31 12:00 . 2009-04-15 07:51 482596 c:\windows\system32\perfh010.dat
+ 2001-08-31 12:00 . 2009-04-15 07:51 435896 c:\windows\system32\perfh009.dat
- 2001-08-31 12:00 . 2009-04-12 15:53 435896 c:\windows\system32\perfh009.dat
+ 2008-11-29 19:00 . 2009-04-15 08:21 61351968 c:\windows\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 13:22 1172792 --a------ c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"RemoteCenter"="c:\programmi\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"VeohPlugin"="c:\programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-11-04 3522296]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-06 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE]
"CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=

R2 gupdate1c9b6d75abc43e2;Servizio di Google Update (gupdate1c9b6d75abc43e2);c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-06 133104]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2008-06-27 100888]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 ctgame;Game Port;c:\windows\system32\DRIVERS\ctgame.sys [2008-07-07 18840]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 PAC207;PC Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2007-10-25 616064]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e09935a4-a1da-11dd-9b39-00193e96f629}]
\Shell\Auto\command - CSRSS.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL CSRSS.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-04-15 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-06 18:46]

2009-04-15 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-06 18:47]

2009-04-14 c:\windows\Tasks\User_Feed_Synchronization-{AC3687D1-BC93-4B4A-A068-6FEB38E2C7AE}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
.
------- Scansione supplementare -------
.
uStart Page = www.tgcom.it/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\programmi\Google\GoogleToolbar1.dll/cmsearch.html
IE: Collegamenti a ritroso - c:\programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Pagine simili - c:\programmi\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Versione cache della pagina - c:\programmi\Google\GoogleToolbar1.dll/cmcache.html
IE: {{FF3F4CDE-E7D5-4D76-86AD-CDC7429E0443} - c:\programmi\Pop up Blocker\pd.exe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 10:22
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(1316)
c:\programmi\RocketDock\RocketDock.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-04-15 10.23.52
ComboFix-quarantined-files.txt 2009-04-15 08:23
ComboFix2.txt 2009-04-14 08:49
ComboFix3.txt 2009-04-13 18:45
ComboFix4.txt 2009-04-12 16:16

Pre-Run: 144.549.720.064 byte disponibili
Post-Run: 144,638,599,168 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

217 --- E O F --- 2009-03-23 14:03

R16 · Dio maturo Registrato: 07/03/08 22:58 Messaggi: 10129

Ciao carfora.
Ti devo chiedere scusa, non è colpa tua, è colpa mia.

Apri un file di testo sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e09935a4-a1da-11dd-9b39-00193e96f629}]

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix.
Posta il log su WikiSend

Riverside · Inviato: 15 Apr 2009 11:36 Oggetto:

@ carfora, per favore, soprassiedi, per ora, con lo script suggerito ed allega un nuovo log di Hijackthis.

carfora · Mortale devoto Registrato: 09/04/09 13:16 Messaggi: 9

ok ecco Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.49.51, on 15/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\xfonz\Impostazioni locali\Temporary Internet Files\Content.IE5\WZ2AZ8F8\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.tgcom.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programmi\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Programmi\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [VeohPlugin] "C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: PD - {FF3F4CDE-E7D5-4D76-86AD-CDC7429E0443} - C:\Programmi\Pop up Blocker\pd.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Servizio di Google Update (gupdate1c9b6d75abc43e2) (gupdate1c9b6d75abc43e2) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8184 bytes

Riverside · Inviato: 15 Apr 2009 12:10 Oggetto:

R16 · Dio maturo Registrato: 07/03/08 22:58 Messaggi: 10129

Riverside · Inviato: 16 Apr 2009 10:13 Oggetto:

carfora · Mortale devoto Registrato: 09/04/09 13:16 Messaggi: 9

ragazzi state tranquilli, grazie ad entrambe! Riverside uso Avast perchè è gratuito, me ne consigli qualcuno in particolare? in istall. appl. è presente SweetIm per Messenger, lo devo disinstallare? cmq ho rifatto il tutto e questo è il log di Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.15.38, on 16/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\xfonz\Impostazioni locali\Temporary Internet Files\Content.IE5\1V7MIMXM\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.tgcom.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programmi\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Programmi\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: PD - {FF3F4CDE-E7D5-4D76-86AD-CDC7429E0443} - C:\Programmi\Pop up Blocker\pd.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Servizio di Google Update (gupdate1c9b6d75abc43e2) (gupdate1c9b6d75abc43e2) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7216 bytes

R16 · Dio maturo Registrato: 07/03/08 22:58 Messaggi: 10129

[quote="Riverside"]

Riverside · Inviato: 16 Apr 2009 13:44 Oggetto:

Riverside · Inviato: 16 Apr 2009 14:05 Oggetto:

carfora · Mortale devoto Registrato: 09/04/09 13:16 Messaggi: 9

riverside, ok tutto fatto e questo è il report!
grazie ancora sia a te che a R1!
c'è qualcos'altro da fare?

Avira AntiVir Personal
Report file date: venerdì 17 aprile 2009 10:13

Scanning for 1355200 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : XFONZINO

Version information:
BUILD.DAT : 9.0.0.387 17962 Bytes 24/03/2009 11:04:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes 24/02/2009 10:13:26
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 08:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 09:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 18:33:26
ANTIVIR2.VDF : 7.1.3.63 1588224 Bytes 16/04/2009 08:12:17
ANTIVIR3.VDF : 7.1.3.66 9216 Bytes 17/04/2009 08:12:17
Engineversion : 8.2.0.143
AEVDF.DLL : 8.1.1.0 106868 Bytes 27/01/2009 15:36:42
AESCRIPT.DLL : 8.1.1.75 373113 Bytes 17/04/2009 08:12:27
AESCN.DLL : 8.1.1.10 127348 Bytes 17/04/2009 08:12:26
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 16:24:41
AEPACK.DLL : 8.1.3.12 397687 Bytes 17/04/2009 08:12:25
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 18:01:56
AEHEUR.DLL : 8.1.0.116 1708407 Bytes 17/04/2009 08:12:24
AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 18:01:56
AEGEN.DLL : 8.1.1.34 340340 Bytes 17/04/2009 08:12:19
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 12:32:40
AECORE.DLL : 8.1.6.9 176500 Bytes 17/04/2009 08:12:18
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 12:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 06:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 08:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 12:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 08:32:09
AVARKT.DLL : 9.0.0.1 292609 Bytes 09/02/2009 05:52:24
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 08:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 13:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 06:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 08:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 09:45:45
RCTEXT.DLL : 9.0.35.0 87297 Bytes 11/03/2009 13:55:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\programmi\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: delete
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, F:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: venerdì 17 aprile 2009 10:13

Starting search for hidden objects.
'41109' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'RcMan.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'CtHelper.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
32 processes with 32 modules were scanned

Starting master boot sector scan:

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '50' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\WINDOWS\SoftwareDistribution\Download\f48a9f7f425aaaeffceaa0b6a1f1f251\BIT11.tmp
[0] Archive type: CAB (Microsoft)
--> x86\WUDFUpdate_01005.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
Begin scan in 'F:\'
F:\Setup Software\NOD32 2.70.39 ITA\CRACK\NOD32 FiX v2.2.exe
[DETECTION] Is the TR/Dropp.D Trojan
[NOTE] A backup was created as '4a2c411f.qua' ( QUARANTINE )
[NOTE] The file was deleted!
F:\System Volume Information\_restore{AF0B178C-BDF5-45CB-8050-DB289BDC5B4F}\RP10\A0002015.exe
[DETECTION] Is the TR/Dropp.D Trojan
[NOTE] A backup was created as '4a184141.qua' ( QUARANTINE )
[NOTE] The file was deleted!

End of the scan: venerdì 17 aprile 2009 10:43
Used time: 30:59 Minute(s)

The scan has been done completely.

4846 Scanned directories
205433 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
2 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
205430 Files not concerned
2465 Archives were scanned
3 Warnings
3 Notes
41109 Objects were scanned with rootkit scan
0 Hidden objects were found