Datemi una mano con hijacthis

[iltrullo]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.59.53, on 30/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
C:\Programmi\Acronis\TrueImageWorkstation\TimounterMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\vVX3000.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\QuickTime\QTTask.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Microsoft ActiveSync\Wcescomm.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\oem\impostazioni locali\dati applicazioni\nwwgfo.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Cerca Italia Toolbar - {45dd02aa-87d3-441a-9e77-068f8fa93fc8} - C:\Programmi\Cerca_Italia\tbCer0.dll
F3 - REG:win.ini: load=C:\WINDOWS\System\spoolsv.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Cerca Italia Toolbar - {45dd02aa-87d3-441a-9e77-068f8fa93fc8} - C:\Programmi\Cerca_Italia\tbCer0.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programmi\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programmi\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Programmi\Netcraft Toolbar\nctb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Cerca Italia Toolbar - {45dd02aa-87d3-441a-9e77-068f8fa93fc8} - C:\Programmi\Cerca_Italia\tbCer0.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Acronis\TrueImageWorkstation\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [nwwgfo] "c:\documents and settings\oem\impostazioni locali\dati applicazioni\nwwgfo.exe" nwwgfo
O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\WINDOWS\logman.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [MstInit] C:\WINDOWS\mstinit.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ComRepl] C:\DOCUME~1\OEM\DATIAP~1\comrepl.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ComRepl] C:\DOCUME~1\OEM\DATIAP~1\comrepl.exe /waitservice (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9f17fd84e150a) (gupdate1c9f17fd84e150a) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O24 - Desktop Component 0: (no name) - http://upload.wikimedia.org/wikipedia/c ... chuhen.jpg

--
End of file - 11758 bytes

[Luke57]

Ciao, Scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Disconnetiti da internet
Disattiva eventuli antivirus o antispyware in real time.
Avvia il file ComboFix.exe
Digita 1 per avviare il tool
Segui le instruzioni senza fare niente altro (non installare la recovery console) e alla fine verrà generato un log.
Finito, posta il log che trovi in C:\Combofix.txt

[iltrullo]

ComboFix 09-12-29.06 - OEM 30/12/2009 22.38.45.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1023.479 [GMT 1:00]
Eseguito da: c:\documents and settings\OEM\Documenti\Download\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {00000002-0002-0000-2C24-9E7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\OEM\Impostazioni locali\Dati applicazioni\nwwgfo.dat
c:\documents and settings\OEM\Impostazioni locali\Dati applicazioni\nwwgfo.exe
c:\documents and settings\OEM\Impostazioni locali\Dati applicazioni\nwwgfo_nav.dat
c:\documents and settings\OEM\Impostazioni locali\Dati applicazioni\nwwgfo_navps.dat
c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\drivers\npf.sys
c:\windows\vVX3000 .exe

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Creati Da 2009-11-28 al 2009-12-30 )))))))))))))))))))))))))))))))))))
.

2009-12-30 20:58 . 2009-12-30 20:58 -------- d-----w- c:\programmi\Trend Micro
2009-12-25 10:33 . 2009-12-25 17:26 -------- d-----w- c:\documents and settings\OEM\Dati applicazioni\Imperivm Online
2009-12-25 10:31 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-12-25 10:31 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-12-25 10:31 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-12-25 10:31 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-12-25 10:31 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-12-25 10:31 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-12-25 10:31 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-12-25 10:13 . 2009-12-26 19:16 -------- d-----w- c:\programmi\Imperivm Online

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 14:27 . 2007-09-13 15:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-12-25 10:28 . 2007-08-28 18:52 -------- d--h--w- c:\programmi\FX Uninstall Information
2009-12-23 20:36 . 2008-05-18 16:51 -------- d-----w- c:\programmi\Imperivm Civitas
2009-12-22 15:43 . 2007-09-23 17:29 -------- d-----w- c:\programmi\eMule
2009-12-19 15:51 . 2007-11-10 14:48 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-12-16 20:26 . 2007-08-28 18:52 -------- d-----w- c:\programmi\MVM 2004 - Imperivm - Le Guerre Puniche
2009-12-10 21:37 . 2009-05-20 16:50 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-29 19:02 . 2007-08-26 19:01 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-26 16:49 . 2009-10-11 14:15 -------- d-----w- c:\programmi\Cerca_Italia
2009-10-25 10:08 . 2001-08-31 15:00 77874 ----a-w- c:\windows\system32\perfc010.dat
2009-10-25 10:08 . 2001-08-31 15:00 456946 ----a-w- c:\windows\system32\perfh010.dat
.

Codice: Seleziona tutto

<pre>
c:\programmi\File comuni\Ahead\Lib\NeroCheck .exe
c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\programmi\Sony\SonicStage\SsAAD .exe
</pre>

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{45dd02aa-87d3-441a-9e77-068f8fa93fc8}"= "c:\programmi\Cerca_Italia\tbCer0.dll" [2009-11-26 2166296]

[HKEY_CLASSES_ROOT\clsid\{45dd02aa-87d3-441a-9e77-068f8fa93fc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45dd02aa-87d3-441a-9e77-068f8fa93fc8}]
2009-11-26 16:49 2166296 ----a-w- c:\programmi\Cerca_Italia\tbCer0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{45dd02aa-87d3-441a-9e77-068f8fa93fc8}"= "c:\programmi\Cerca_Italia\tbCer0.dll" [2009-11-26 2166296]

[HKEY_CLASSES_ROOT\clsid\{45dd02aa-87d3-441a-9e77-068f8fa93fc8}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{45DD02AA-87D3-441A-9E77-068F8FA93FC8}"= "c:\programmi\Cerca_Italia\tbCer0.dll" [2009-11-26 2166296]

[HKEY_CLASSES_ROOT\clsid\{45dd02aa-87d3-441a-9e77-068f8fa93fc8}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-10 39408]
"nwwgfo"="c:\documents and settings\oem\impostazioni locali\dati applicazioni\nwwgfo.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [N/A]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"TrueImageMonitor.exe"="c:\programmi\Acronis\TrueImageWorkstation\TrueImageMonitor.exe" [2006-07-21 1106528]
"AcronisTimounterMonitor"="c:\programmi\Acronis\TrueImageWorkstation\TimounterMonitor.exe" [2006-07-20 1848155]
"Acronis Scheduler2 Service"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2006-07-20 126976]
"EPSON Stylus Photo RX420 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304]
"VirtualCloneDrive"="c:\programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"SoundMan"="SOUNDMAN.EXE" [2006-03-02 577536]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [N/A]
"LifeCam"="c:\programmi\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Logman"="c:\windows\logman.exe" [N/A]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"MstInit"="c:\windows\mstinit.exe" [N/A]

[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ComRepl"="c:\docume~1\OEM\DATIAP~1\comrepl.exe" [N/A]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
InterVideo WinCinema Manager.lnk - c:\programmi\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-8-25 212992]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Xfire\\xfire.exe"=
"c:\\Programmi\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\32nd America's Cup\\VskAC32.exe"=
"c:\\Programmi\\Acronis\\TrueImageWorkstation\\TrueImage.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Cyanide\\Pro Cycling Manager\\Cym2005.exe"=
"c:\\Programmi\\Cyanide\\GameCenter\\GameCenter.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\MVM 2004 - Imperivm - Le Guerre Puniche\\Imperivm.exe"=

R2 cpwnt;cpwnt;c:\windows\system32\drivers\CPWNT.SYS [26/08/2007 15.35.02 21824]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [22/03/2009 9.55.56 54752]
S2 gupdate1c9f17fd84e150a;Google Update Service (gupdate1c9f17fd84e150a);c:\programmi\Google\Update\GoogleUpdate.exe [20/06/2009 9.19.32 133104]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21.48.42 704864]
.
Contenuto della cartella 'Scheduled Tasks'

2009-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-20 08:19]

2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-20 08:19]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: warnervillage.it\www
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\OEM\Dati applicazioni\Mozilla\Firefox\Profiles\wm0zqhpx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\JavaSoft\JRE\1.3\bin\npjava11.dll
FF - plugin: c:\programmi\JavaSoft\JRE\1.3\bin\npjava12.dll
FF - plugin: c:\programmi\JavaSoft\JRE\1.3\bin\npjava32.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npagent.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-mIRC - c:\documents and settings\OEM\Desktop\mircITA\mirc.exe
AddRemove-nwwgfo - c:\documents and settings\oem\impostazioni locali\dati applicazioni\nwwgfo.exe
AddRemove-Telematiko_is1 - f:\programmi\Telematiko\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-30 23:01
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(864)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(392)
c:\windows\system32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\docume~1\OEM\IMPOST~1\Temp\catchme.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Lavasoft\Ad-Aware\aawservice.exe
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MICROS~2\rapimgr.exe
c:\windows\system32\wscntfy.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexingService.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Ora fine scansione: 2009-12-30 23:01:21 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-12-30 22:01

Pre-Run: 14.309.445.632 byte disponibili
Post-Run: 15.186.714.624 byte disponibili

- - End Of File - - 8B8F888865D20CE0F4B36F524BCCAF7D

[Luke57]

Ciao, Apri un file di testo, dal blocco note di windows e al suo interno copia e incolla il seguente script:

Codice: Seleziona tutto

File::
c:\windows\logman.exe
c:\windows\mstinit.exe
c:\docume~1\OEM\DATIAP~1\comrepl.exe

Registry::
[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ComRepl"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Logman"="-
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"MstInit"=-
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwwgfo"=-

salvi il file con il nome obbligatorio di CFScript.txt
lo metti nella stessa cartella di combofix e poi, con il puntatore del mouse, lo trascini sull'icona del programma che farà una nuova scansione.
Posta il nuovo report prodotto.

[iltrullo]

ComboFix 09-12-29.06 - OEM 31/12/2009 13.09.12.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1023.618 [GMT 1:00]
Eseguito da: c:\documents and settings\OEM\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\OEM\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-2C24-9E7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\docume~1\OEM\DATIAP~1\comrepl.exe"
"c:\windows\logman.exe"
"c:\windows\mstinit.exe"
.

((((((((((((((((((((((((( Files Creati Da 2009-11-28 al 2009-12-31 )))))))))))))))))))))))))))))))))))
.

2009-12-31 11:58 . 2009-12-31 11:58 -------- d-----w- c:\windows\LastGood
2009-12-31 08:46 . 2004-08-19 13:39 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-12-30 22:27 . 2009-12-30 22:27 -------- d-----w- c:\windows\ServicePackFiles
2009-12-30 20:58 . 2009-12-30 20:58 -------- d-----w- c:\programmi\Trend Micro
2009-12-25 10:33 . 2009-12-25 17:26 -------- d-----w- c:\documents and settings\OEM\Dati applicazioni\Imperivm Online
2009-12-25 10:31 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-12-25 10:31 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-12-25 10:31 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-12-25 10:31 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-12-25 10:31 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-12-25 10:31 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-12-25 10:31 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-12-25 10:13 . 2009-12-26 19:16 -------- d-----w- c:\programmi\Imperivm Online

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 09:07 . 2001-08-31 15:00 77874 ----a-w- c:\windows\system32\perfc010.dat
2009-12-31 09:07 . 2001-08-31 15:00 456946 ----a-w- c:\windows\system32\perfh010.dat
2009-12-31 09:01 . 2009-03-22 08:56 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-12-30 14:27 . 2007-09-13 15:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-12-25 10:28 . 2007-08-28 18:52 -------- d--h--w- c:\programmi\FX Uninstall Information
2009-12-23 20:36 . 2008-05-18 16:51 -------- d-----w- c:\programmi\Imperivm Civitas
2009-12-22 15:43 . 2007-09-23 17:29 -------- d-----w- c:\programmi\eMule
2009-12-19 15:51 . 2007-11-10 14:48 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-12-16 20:26 . 2007-08-28 18:52 -------- d-----w- c:\programmi\MVM 2004 - Imperivm - Le Guerre Puniche
2009-12-10 21:37 . 2009-05-20 16:50 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-29 19:02 . 2007-08-26 19:01 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-26 16:49 . 2009-10-11 14:15 -------- d-----w- c:\programmi\Cerca_Italia
.

Codice: Seleziona tutto

<pre>
c:\programmi\File comuni\Ahead\Lib\NeroCheck .exe
c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\programmi\Sony\SonicStage\SsAAD .exe
</pre>

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{45dd02aa-87d3-441a-9e77-068f8fa93fc8}"= "c:\programmi\Cerca_Italia\tbCer0.dll" [2009-11-26 2166296]

[HKEY_CLASSES_ROOT\clsid\{45dd02aa-87d3-441a-9e77-068f8fa93fc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45dd02aa-87d3-441a-9e77-068f8fa93fc8}]
2009-11-26 16:49 2166296 ----a-w- c:\programmi\Cerca_Italia\tbCer0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{45dd02aa-87d3-441a-9e77-068f8fa93fc8}"= "c:\programmi\Cerca_Italia\tbCer0.dll" [2009-11-26 2166296]

[HKEY_CLASSES_ROOT\clsid\{45dd02aa-87d3-441a-9e77-068f8fa93fc8}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{45DD02AA-87D3-441A-9E77-068F8FA93FC8}"= "c:\programmi\Cerca_Italia\tbCer0.dll" [2009-11-26 2166296]

[HKEY_CLASSES_ROOT\clsid\{45dd02aa-87d3-441a-9e77-068f8fa93fc8}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-10 39408]
"nwwgfo"="c:\documents and settings\oem\impostazioni locali\dati applicazioni\nwwgfo.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [N/A]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"TrueImageMonitor.exe"="c:\programmi\Acronis\TrueImageWorkstation\TrueImageMonitor.exe" [2006-07-21 1106528]
"AcronisTimounterMonitor"="c:\programmi\Acronis\TrueImageWorkstation\TimounterMonitor.exe" [2006-07-20 1848155]
"Acronis Scheduler2 Service"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2006-07-20 126976]
"EPSON Stylus Photo RX420 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304]
"VirtualCloneDrive"="c:\programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"SoundMan"="SOUNDMAN.EXE" [2006-03-02 577536]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [N/A]
"LifeCam"="c:\programmi\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Logman"="c:\windows\logman.exe" [N/A]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
InterVideo WinCinema Manager.lnk - c:\programmi\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-8-25 212992]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Xfire\\xfire.exe"=
"c:\\Programmi\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\32nd America's Cup\\VskAC32.exe"=
"c:\\Programmi\\Acronis\\TrueImageWorkstation\\TrueImage.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Cyanide\\Pro Cycling Manager\\Cym2005.exe"=
"c:\\Programmi\\Cyanide\\GameCenter\\GameCenter.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\MVM 2004 - Imperivm - Le Guerre Puniche\\Imperivm.exe"=

R2 cpwnt;cpwnt;c:\windows\system32\drivers\CPWNT.SYS [26/08/2007 15.35.02 21824]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [22/03/2009 9.55.56 54752]
S2 gupdate1c9f17fd84e150a;Google Update Service (gupdate1c9f17fd84e150a);c:\programmi\Google\Update\GoogleUpdate.exe [20/06/2009 9.19.32 133104]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21.48.42 704864]
.
Contenuto della cartella 'Scheduled Tasks'

2009-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-20 08:19]

2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-20 08:19]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: warnervillage.it\www
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\OEM\Dati applicazioni\Mozilla\Firefox\Profiles\wm0zqhpx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\JavaSoft\JRE\1.3\bin\npjava11.dll
FF - plugin: c:\programmi\JavaSoft\JRE\1.3\bin\npjava12.dll
FF - plugin: c:\programmi\JavaSoft\JRE\1.3\bin\npjava32.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npagent.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-31 13:16
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(864)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(2352)
c:\windows\system32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-12-31 13:19:10
ComboFix-quarantined-files.txt 2009-12-31 12:19
ComboFix2.txt 2009-12-30 22:01

Pre-Run: 13.481.418.752 byte disponibili
Post-Run: 13.467.693.056 byte disponibili

- - End Of File - - B85951D1B6ED0E89F786A087FC1839A6

[Luke57]

Ciao, mah, quei valori di registro infetti sembrano ancora lì, Scarica e installa malwarebytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completata, posta il rapporto.

[iltrullo]

Malwarebytes' Anti-Malware 1.43
Versione del database: 3458
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

31/12/2009 18.14.03
mbam-log-2009-12-31 (18-14-03).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 225131
Tempo trascorso: 2 hour(s), 34 minute(s), 35 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 2
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nwwgfo (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\logman (Trojan.Agent) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

[Luke57]

Ciao, ok, posta un nuovo report di hijackthis.

[iltrullo]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.26.51, on 02/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
C:\Programmi\Acronis\TrueImageWorkstation\TimounterMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\vVX3000.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Microsoft ActiveSync\Wcescomm.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Cerca Italia Toolbar - {45dd02aa-87d3-441a-9e77-068f8fa93fc8} - C:\Programmi\Cerca_Italia\tbCer0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Cerca Italia Toolbar - {45dd02aa-87d3-441a-9e77-068f8fa93fc8} - C:\Programmi\Cerca_Italia\tbCer0.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programmi\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programmi\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Programmi\Netcraft Toolbar\nctb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Cerca Italia Toolbar - {45dd02aa-87d3-441a-9e77-068f8fa93fc8} - C:\Programmi\Cerca_Italia\tbCer0.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Acronis\TrueImageWorkstation\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9f17fd84e150a) (gupdate1c9f17fd84e150a) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O24 - Desktop Component 0: (no name) - http://upload.wikimedia.org/wikipedia/c ... chuhen.jpg

--
End of file - 10884 bytes

[Luke57]

Ciao, pare a posto, hai sempre problemi?

[iltrullo]

per quanto riguarda le pubblicità in internet no... posso chiederti di aiutarmi anche con un altro computer che ha gli stessi problemi?

[Luke57]

Certo, posta il report di combofix.

[iltrullo]

ComboFix 10-01-03.05 - OEM 04/01/2010 14.12.38.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3066.1989 [GMT 1:00]
Eseguito da: c:\downloads\Software\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-882718197-68631507-246064436-500
c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\users\canonicos\AppData\Local\lrpvcage.dat
c:\users\canonicos\AppData\Local\lrpvcage.exe
c:\users\canonicos\AppData\Local\lrpvcage_nav.dat
c:\users\canonicos\AppData\Local\lrpvcage_navps.dat
c:\users\canonicos\AppData\Roaming\.#
c:\windows\Suyin.reg
c:\windows\Temp\log.txt

.
((((((((((((((((((((((((( Files Creati Da 2009-12-04 al 2010-01-04 )))))))))))))))))))))))))))))))))))
.

2010-01-04 13:16 . 2010-01-04 13:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-25 17:11 . 2009-12-25 17:11 -------- d-----w- c:\users\canonicos\AppData\Roaming\PeerNetworking
2009-12-25 16:21 . 2009-12-25 16:21 -------- d-----w- c:\users\Default\AppData\Roaming\Intel
2009-12-25 16:21 . 2009-12-25 16:21 -------- d-----w- c:\programdata\Roaming
2009-12-25 16:20 . 2009-12-25 16:20 -------- d-----w- c:\program files\Cisco
2009-12-25 16:20 . 2009-12-25 16:20 -------- d-----w- c:\programdata\Intel
2009-12-25 08:32 . 2009-12-25 08:32 -------- d-----w- C:\found.000
2009-12-16 22:07 . 2009-12-16 22:08 -------- d-----w- c:\windows\system32\ca-ES
2009-12-16 22:07 . 2009-12-16 22:08 -------- d-----w- c:\windows\system32\eu-ES
2009-12-16 22:07 . 2009-12-16 22:08 -------- d-----w- c:\windows\system32\vi-VN
2009-12-16 19:12 . 2009-12-16 19:12 -------- d-----w- c:\windows\system32\EventProviders
2009-12-16 19:11 . 2009-11-02 19:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-10 16:02 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 16:01 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 16:01 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 15:17 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 13:17 . 2009-10-03 16:27 -------- d-----w- c:\users\canonicos\AppData\Roaming\Free Download Manager
2010-01-04 13:16 . 2009-09-29 18:22 -------- d-----w- c:\program files\pdfforge Toolbar
2010-01-04 12:55 . 2009-02-25 08:42 662846 ----a-w- c:\windows\system32\perfh010.dat
2010-01-04 12:55 . 2009-02-25 08:42 120326 ----a-w- c:\windows\system32\perfc010.dat
2010-01-04 12:49 . 2009-10-03 16:27 95 ----a-w- c:\users\canonicos\AppData\Local\hyzse.bat
2010-01-04 12:48 . 2009-09-26 11:35 48747 ----a-w- c:\programdata\nvModes.dat
2010-01-04 08:26 . 2009-09-26 11:35 7592 ----a-w- c:\users\canonicos\AppData\Local\d3d9caps.dat
2009-12-25 16:20 . 2009-02-11 20:12 -------- d-----w- c:\program files\Intel
2009-12-17 14:48 . 2009-09-26 16:54 -------- d-----w- c:\program files\Google
2009-12-17 13:49 . 2009-07-15 12:56 -------- d-----w- c:\programdata\NVIDIA
2009-12-16 22:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-16 22:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-16 22:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-16 22:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-12-16 22:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-12-16 22:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-16 22:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-12-16 22:07 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-16 19:06 . 2009-02-25 00:40 -------- d-----w- c:\programdata\McAfee
2009-12-10 16:01 . 2009-02-25 01:05 -------- d-----w- c:\programdata\Microsoft Help
2009-12-10 15:52 . 2009-09-26 18:52 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-02 17:11 . 2009-07-15 13:04 -------- d-----w- c:\programdata\eSobi
2009-11-21 06:40 . 2009-12-09 15:22 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 15:22 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 15:22 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 15:22 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-19 17:47 . 2009-11-19 17:43 -------- d-----w- c:\program files\Docfa4
2009-11-19 17:39 . 2009-11-19 17:38 -------- d-----w- c:\program files\Java
2009-11-19 17:38 . 2009-11-19 17:38 -------- d-----w- c:\program files\Common Files\Java
2009-11-19 17:11 . 2009-11-19 17:11 -------- d-----w- c:\programdata\NtiDvdCopy
2009-11-18 20:15 . 2009-09-26 14:09 -------- d-----w- c:\users\canonicos\AppData\Roaming\Autodesk
2009-11-18 19:31 . 2009-11-18 19:24 -------- d-----w- c:\programdata\Autodesk
2009-11-18 19:31 . 2009-09-26 16:55 102192 ----a-w- c:\users\canonicos\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-18 19:29 . 2009-11-18 19:24 -------- d-----w- c:\program files\AutoCAD 2009
2009-11-18 19:29 . 2009-09-26 14:06 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-11-08 09:41 . 2009-09-26 19:51 -------- d-----w- c:\program files\Messenger Plus! Live
2009-10-29 09:17 . 2009-11-27 16:42 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-21 13:20 . 2009-11-21 13:21 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-07-31 00:00 698880 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-07-31 698880]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 21:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Free Download Manager"="c:\progra~1\FREEDO~1\FDM.exe" [2009-09-30 3399727]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-16 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-16 92704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-19 6793760]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-19 1833504]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-06-25 1069576]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-21 30192]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-07-29 1024512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):98,52,5e,a7,1f,7f,ca,01

R1 mwlPSDFilter;mwlPSDFilter;c:\windows\System32\drivers\mwlPSDFilter.sys [04/12/2008 17.34.34 19504]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\System32\drivers\mwlPSDNserv.sys [04/12/2008 17.34.34 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\System32\drivers\mwlPSDVDisk.sys [04/12/2008 17.34.34 59952]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [25/02/2009 2.19.31 75048]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [15/07/2009 14.02.21 707104]
R2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe [14/05/2009 22.03.30 305448]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [11/04/2009 18.32.00 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [23/09/2008 14.11.34 144632]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [04/09/2008 5.12.56 223232]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [15/07/2009 22.33.35 3666432]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [15/07/2009 22.32.42 45600]
S2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/10/2009 15.36.41 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21/01/2008 3.23.20 179712]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [26/09/2009 20.19.00 54632]
S3 fsssvc;Servizio Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21.48.42 704864]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [26/09/2009 17.54.23 30192]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [23/09/2008 14.11.32 50424]
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 14:36]

2010-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 14:36]

2010-01-04 c:\windows\Tasks\User_Feed_Synchronization-{BDF665B5-EEE9-43FA-A1B1-13A143D3FD14}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_5738
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Scarica con Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\canonicos\AppData\Roaming\Mozilla\Firefox\Profiles\m8ha6tvy.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?fr=gr ... =971163&p=
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJPI142_06.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-lrpvcage - c:\users\canonicos\appdata\local\lrpvcage.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Access Gateway USB - c:\program files\Pirelli\Access Gateway USB Network\SETUP.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-04 14:17
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-882718197-68631507-246064436-1000\Software\SecuROM\License information*]
"datasecu"=hex:e0,86,53,2f,16,fc,6e,86,ae,1f,8b,22,f5,d3,ba,45,32,9a,e0,93,23,
be,89,0e,71,73,4a,3c,4b,9b,ac,ef,73,29,7f,09,c0,02,1a,bf,c2,c9,d5,e6,23,c3,\
"rkeysecu"=hex:cb,10,f7,8f,90,21,e1,b7,a2,8c,f9,9f,9a,d8,bf,98

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Ora fine scansione: 2010-01-04 14:19:12
ComboFix-quarantined-files.txt 2010-01-04 13:19

Pre-Run: 256.082.739.200 byte disponibili
Post-Run: 256.264.445.952 byte disponibili

- - End Of File - - F028476AF93FEA96251C72CA3C338556

[Luke57]

Ciao, pare a posto, combofix ha eliminato l'infezione (navipromo).

[iltrullo]

Non saprei, continuo ad aver eproblemi con le pubblicità in internet

[Luke57]

Ciao, vai qui:
http://www.megalab.it/2964/guida-comple ... ntispyware

installa e aggiorna la versione free di superantispyware e fai una scansione completa del computer.

Poi vai qui:
http://www.ilsoftware.it/querydl.asp?id=1078
scarica e installa malwarebytes. Dopo averlo aggiornato, fai una scansione completa del computer.

Posta il report di malwarebytes.

[iltrullo]

Malwarebytes' Anti-Malware 1.43
Versione del database: 3495
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

05/01/2010 14.14.12
mbam-log-2010-01-05 (14-14-12).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 239131
Tempo trascorso: 41 minute(s), 17 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

[Luke57]

Ciao, hai sempre problemi?