Home News Guide Hardware Download Forum Glossario

Condividi:        

Adware zango.search

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Regole del forum
Rispondi al post

Adware zango.search

Postdi dadadadi » 24/03/10 18:14

Ciao!!
mi sono trovata sul pc un'infezione (rilevata da spyware Doctor e da Norton) che viene definita "Adware zango.search". Il Doctor non me la toglie, perchè sto usando la versione free e dice che dovrei acquistare la versione a pagamento, idem per il Norton scaduto. Volendo evitare di comprare, ho fatto diverse scansioni con altri antivirus, ma nessun'altro riesce a vedere questa infezione.
Ho visto sul vostro sito che spesso fate fare una scansione con Hijackthis, e l'ho fatta. Come faccio a postarvi il risultato eventualmente?

Ce la fate, per cortesia, a darmi una mano? p.s. tra i programmi non ho nessun Zango
Grazie 1000 anticipate e scusate la "rottura"
Ciao!
p.p.s. sono veramente negata con l'informatica, quindi, avrete capito che ci capisco mooolto poco!
dadadadi
Utente Junior
 
Post: 16
Iscritto il: 18/11/09 13:46
Top
Sponsor
 

Re: helppppp infezione Zango!!!

Postdi -> EleKtrA <- » 24/03/10 19:11

Ciao dadadadi, benvenuta.

Allega un log di hijackthis
Scarica ed installa HIjackthis
Come eseguire il log:
Se usi Vista: Tasto destro su hijackthis.exe
esegui come amministratore
clicca su "Do a system scan and save a logfile"

Disattiva momentaneamente l'antivirus
Scarica Combofix | Tutorial
Se usi Vista: Tasto destro sull'exe, esegui come amministratore
Se usi XP non installare la recovery console
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

Scarica Malwarebytes, installa il programma ed aggiorna le firme.
Nella scheda scansione, seleziona "scansione completa"
Allega il rapporto.

Postare i log nel topic inserendoli nel tag "code". (CLICCA)
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50
Top

Re: Adware zango.search

Postdi dadadadi » 26/03/10 07:22

Eccomi Ciao!

Ti allego i log che mi hai richiesto.
Ti premetto che non sono riuscita a disinstallare AVG prima di lanciare Combofix, perchè mi dava non so quale errore.

grazie 1000 per aver risposto così rapidamente!!

a risentirci
Ciao!

Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.56.28, on 25/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Programmi\Spyware Doctor\pctsAuxs.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Programmi\Spyware Doctor\pctsSvc.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Programmi\Spyware Doctor\pctsTray.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\SSLEmptyCache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\NETGEAR\WPN111\wpn111.exe
C:\Programmi\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
C:\Programmi\AVG\AVG9\avgemc.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2530241
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSoft.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSoft.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSoft.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Programmi\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [bit4id store register] RUNDLL32.EXE "C:\WINDOWS\system32\bit4cnsp.dll",RegisterMyPhysicalStore
O4 - HKLM\..\Run: [SSLEmptyCache] C:\WINDOWS\system32\SSLEmptyCache.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ISUSPM] "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: PHOTOfunSTUDIO -viewer-.lnk = C:\Programmi\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199542780575
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199543378106
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-9bf7d499a98e9995.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{72B5849B-4291-4A63-8624-7279DE92EBD2}: NameServer = 85.37.17.15 85.38.28.74
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Programmi\File comuni\SureThing Shared\stllssvr.exe (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/User/IMPOST~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 14658 bytes



Codice: Seleziona tutto
ComboFix 10-03-25.03 - User 25/03/2010  23.11.48.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.1022.488 [GMT 1:00]
Eseguito da: c:\programmi\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
[i] ADS - WINDOWS: deleted 72 bytes in 1 streams. [/i]

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Dati applicazioni\inst.exe
c:\windows\system32\bit4cnsp.dll
c:\windows\system32\ctfmon .exe

.
(((((((((((((((((((((((((   Files Creati Da 2010-02-25 al 2010-03-25  )))))))))))))))))))))))))))))))))))
.

2010-03-25 21:58 . 2010-03-25 21:58   3902266   ----a-r-   c:\programmi\ComboFix.exe
2010-03-24 04:40 . 2010-03-24 04:40   --------   d-----w-   c:\programmi\Trend Micro
2010-03-24 04:40 . 2010-03-24 04:40   812344   ----a-w-   c:\programmi\HijackThisInstaller.exe
2010-03-21 11:23 . 2010-02-09 16:26   52224   ----a-w-   c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\y18a6ig5.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\FFExternalAlert.dll
2010-03-21 11:23 . 2010-02-09 16:26   101376   ----a-w-   c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\y18a6ig5.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\RadioWMPCore.dll
2010-03-21 11:19 . 2010-03-21 11:20   233824   ----a-w-   c:\programmi\SoftonicDownloader44879.exe
2010-03-21 11:09 . 2003-03-25 14:08   286720   ----a-w-   c:\windows\system32\NCTWMAFile2.dll
2010-03-21 11:09 . 2002-12-03 02:11   143872   ----a-w-   c:\windows\system32\NCTWMAFile.dll
2010-03-21 11:09 . 2008-09-24 19:33   484352   ----a-w-   c:\windows\system32\lame_enc.dll
2010-03-21 11:09 . 2003-03-26 05:59   573440   ----a-w-   c:\windows\system32\NCTAudioInformation2.dll
2010-03-21 11:09 . 2002-12-03 02:07   168448   ----a-w-   c:\windows\system32\NCTAudioPlayer.dll
2010-03-21 11:09 . 2002-12-03 02:02   491520   ----a-w-   c:\windows\system32\NCTAudioFile.dll
2010-03-21 11:08 . 2010-03-21 11:08   6366356   ----a-w-   c:\programmi\4UWMAMP3Converter.exe
2010-03-21 08:29 . 2010-03-21 08:29   95024   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
2010-03-21 08:05 . 2010-03-21 08:08   97132879   ----a-w-   c:\programmi\adaware_82.zip
2010-03-20 19:36 . 2010-01-22 08:56   149456   ----a-w-   c:\windows\SGDetectionTool.dll
2010-03-20 19:36 . 2010-01-22 08:56   165840   ----a-w-   c:\windows\PCTBDRes.dll
2010-03-20 19:36 . 2010-01-22 08:56   1652688   ----a-w-   c:\windows\PCTBDCore.dll
2010-03-20 19:36 . 2010-01-22 08:55   767952   ----a-w-   c:\windows\BDTSupport.dll
2010-03-20 19:36 . 2009-10-28 00:36   1152444   ----a-w-   c:\windows\UDB.zip
2010-03-20 19:36 . 2008-11-26 11:08   131   ----a-w-   c:\windows\IDB.zip
2010-03-20 09:20 . 2010-03-20 09:20   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-03-20 09:20 . 2010-03-22 05:48   --------   d-----w-   c:\documents and settings\User\Dati applicazioni\SUPERAntiSpyware.com
2010-03-20 09:20 . 2010-03-22 05:48   --------   d-----w-   c:\programmi\SUPERAntiSpyware
2010-03-20 09:19 . 2010-03-20 09:19   7757856   ----a-w-   c:\programmi\SUPERAntiSpyware.exe
2010-03-19 19:50 . 2010-03-19 19:50   702000   ----a-w-   c:\programmi\awale-1.3-w32.zip
2010-03-19 13:02 . 2010-03-19 13:02   --------   d-----w-   c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-03-18 05:50 . 2010-03-18 05:50   0   ----a-w-   c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-03-18 05:39 . 2010-03-18 05:39   --------   d-----w-   c:\documents and settings\User\Dati applicazioni\Malwarebytes
2010-03-18 05:38 . 2010-03-18 05:38   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-03-18 05:37 . 2010-03-18 05:37   5115824   ----a-w-   c:\programmi\mbam-setup.exe
2010-03-16 17:38 . 2010-03-16 17:38   --------   d-sh--w-   c:\documents and settings\Administrator\PrivacIE
2010-03-16 16:55 . 2010-03-16 16:55   73944   ----a-w-   c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-15 12:52 . 2010-02-12 10:03   293376   ------w-   c:\windows\system32\browserchoice.exe
2010-03-15 12:49 . 2010-03-15 12:52   59916   ----a-w-   c:\windows\system32\bit4cnsp-uninst.exe
2010-03-15 12:35 . 2010-03-15 12:35   118784   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-15 12:35 . 2010-03-15 12:35   118784   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-15 12:35 . 2010-03-15 12:35   118784   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-15 12:35 . 2010-03-15 12:35   118784   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-15 12:35 . 2010-03-15 12:35   118784   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-15 12:35 . 2010-03-15 12:35   300616   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-15 12:35 . 2010-03-15 12:35   118784   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-15 12:35 . 2010-03-15 12:35   329312   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-15 12:34 . 2010-03-15 12:34   --------   d-----w-   c:\programmi\File comuni\xing shared
2010-03-15 12:19 . 2010-03-15 12:19   --------   d-sh--w-   c:\documents and settings\LocalService\PrivacIE
2010-03-15 12:19 . 2010-03-15 12:19   --------   d-sh--w-   c:\documents and settings\LocalService\IECompatCache
2010-03-15 12:18 . 2010-03-15 12:18   --------   d-----w-   c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Threat Expert
2010-03-15 12:18 . 2010-03-15 12:18   --------   d-----w-   c:\documents and settings\LocalService\Dati applicazioni\Yahoo!
2010-03-15 12:17 . 2010-03-15 12:18   --------   d-----r-   c:\documents and settings\LocalService\Preferiti
2010-03-15 07:34 . 2010-03-15 07:34   360584   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtdix.sys
2010-03-15 07:34 . 2010-03-15 07:34   28424   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgmfx86.sys
2010-03-15 07:34 . 2010-03-15 07:34   333192   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgldx86.sys
2010-03-15 07:34 . 2010-03-15 07:34   12464   ----a-w-   c:\windows\system32\avgrsstx.dll
2010-03-15 07:32 . 2010-03-09 13:10   1658136   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2010-03-15 07:32 . 2010-03-09 13:10   1007896   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.exe
2010-03-15 07:32 . 2010-03-09 13:10   800536   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avginet.dll
2010-03-15 07:32 . 2010-03-09 13:10   613656   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgiproxy.exe
2010-03-13 22:18 . 2010-03-13 22:18   --------   d-----w-   c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Threat Expert
2010-03-13 22:02 . 2010-02-05 08:17   233136   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2010-03-13 22:02 . 2010-03-10 10:36   217032   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2010-03-13 22:02 . 2009-11-23 12:54   88040   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-13 22:02 . 2010-02-05 08:25   70408   ----a-w-   c:\windows\system32\drivers\pctplsg.sys
2010-03-13 22:02 . 2010-03-25 21:58   --------   d-----w-   c:\programmi\Spyware Doctor
2010-03-13 22:02 . 2010-03-13 22:05   --------   d-----w-   c:\programmi\File comuni\PC Tools
2010-03-13 22:02 . 2010-03-13 22:02   --------   d-----w-   c:\documents and settings\User\Dati applicazioni\PC Tools
2010-03-13 22:02 . 2010-03-13 22:02   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\PC Tools
2010-03-13 22:00 . 2010-03-20 19:33   36590872   ----a-w-   c:\programmi\sdsetup.exe
2010-03-13 19:45 . 2010-03-13 19:45   79144   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-03-10 01:38 . 2009-10-23 15:28   3558912   -c----w-   c:\windows\system32\dllcache\moviemk.exe
2010-03-09 13:25 . 2010-03-09 13:10   3777280   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\setup.exe
2010-03-09 13:25 . 2010-03-09 13:10   1260800   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgfrw.exe
2010-03-09 13:11 . 2010-03-15 12:22   --------   d-----w-   C:\$AVG
2010-03-09 13:10 . 2010-03-25 22:03   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\avg9
2010-02-26 14:24 . 2010-03-18 05:30   --------   d-----w-   c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Temp

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-25 22:08 . 2008-02-09 15:20   --------   d---a-w-   c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-03-25 22:06 . 2009-06-09 01:05   --------   d-----w-   c:\programmi\AVG
2010-03-21 11:25 . 2010-03-21 11:24   --------   d-----w-   c:\documents and settings\User\Dati applicazioni\FreeAudioPack
2010-03-21 11:25 . 2010-03-21 11:24   --------   d-----w-   c:\programmi\Free Audio Pack
2010-03-21 11:24 . 2010-03-21 11:24   --------   d-----w-   c:\programmi\Softonic-IT
2010-03-21 11:24 . 2010-03-21 11:24   --------   d-----w-   c:\programmi\Conduit
2010-03-21 11:00 . 2008-01-21 06:05   --------   d-----w-   c:\programmi\eMule
2010-03-21 08:26 . 2008-01-05 15:13   --------   d-----w-   c:\programmi\Lavasoft
2010-03-21 08:24 . 2008-01-24 18:42   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2010-03-19 20:06 . 2008-02-15 14:05   --------   d-----w-   c:\programmi\File comuni\Symantec Shared
2010-03-19 20:00 . 2008-02-10 20:43   --------   d-----w-   c:\programmi\Norton Security Scan
2010-03-18 21:12 . 2008-01-05 19:11   73944   ----a-w-   c:\documents and settings\User\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-18 05:38 . 2010-03-18 05:38   0   ----a-w-   c:\windows\system32\drivers\is-CGKI6.tmp
2010-03-17 05:44 . 2008-05-27 16:26   --------   d-----w-   c:\documents and settings\User\Dati applicazioni\U3
2010-03-15 12:35 . 2008-02-10 21:15   --------   d-----w-   c:\programmi\File comuni\Real
2010-03-15 12:34 . 2010-01-31 09:12   --------   d-----w-   c:\programmi\Real
2010-03-15 12:34 . 2008-01-05 14:18   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2010-03-15 12:34 . 2008-01-05 14:12   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2010-03-15 07:34 . 2009-06-09 01:06   242696   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2010-03-15 07:34 . 2008-01-05 15:21   29512   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2010-03-15 07:33 . 2009-06-09 01:06   216200   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2010-03-13 19:49 . 2008-03-20 21:39   --------   d-----w-   c:\programmi\Safari
2010-03-13 18:18 . 2009-01-06 19:33   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-03-10 20:05 . 2008-01-06 14:39   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-03-08 05:23 . 2008-03-23 21:57   --------   d-----w-   c:\programmi\Windowsavast
2010-02-24 08:16 . 2009-10-02 20:01   181632   ------w-   c:\windows\system32\MpSigStub.exe
2010-02-07 16:56 . 2010-02-07 16:55   3370400   ----a-w-   c:\programmi\ccsetup228.exe
2010-02-06 19:16 . 2008-01-24 21:12   --------   d-----w-   c:\programmi\iTunes
2010-02-06 19:15 . 2010-02-06 19:15   --------   d-----w-   c:\programmi\iPod
2010-02-06 19:15 . 2008-01-24 21:11   --------   d-----w-   c:\programmi\File comuni\Apple
2010-02-06 19:12 . 2008-01-24 21:12   --------   d-----w-   c:\programmi\QuickTime
2010-02-06 19:08 . 2010-02-06 19:08   72488   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-05 13:19 . 2008-01-06 15:01   --------   d-----w-   c:\programmi\Google
2010-01-31 09:09 . 2010-01-31 09:09   486424   ----a-w-   c:\programmi\RealPlayerSPGold_it.exe
2010-01-01 11:29 . 2001-08-31 12:00   84242   ----a-w-   c:\windows\system32\perfc010.dat
2010-01-01 11:29 . 2001-08-31 12:00   488954   ----a-w-   c:\windows\system32\perfh010.dat
2010-01-01 11:26 . 2010-01-01 11:26   152576   ----a-w-   c:\documents and settings\User\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-01 11:26 . 2010-01-01 11:26   79488   ----a-w-   c:\documents and settings\User\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-31 16:50 . 2001-08-31 12:00   353792   ----a-w-   c:\windows\system32\drivers\srv.sys
2009-12-29 07:29 . 2009-12-28 23:06   9618   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\DVDXStudio\CloneDVD4\MainApp.dll
2009-12-28 23:03 . 2008-02-19 20:52   81920   ----a-w-   c:\documents and settings\User\Dati applicazioni\ezpinst.exe
2009-12-28 23:03 . 2008-02-19 20:52   81920   ----a-w-   c:\documents and settings\User\Dati applicazioni\ezpinst.exe
2009-12-28 23:03 . 2008-01-19 07:45   47360   ----a-w-   c:\documents and settings\User\Dati applicazioni\pcouffin.sys
2009-12-28 23:03 . 2008-01-19 07:45   47360   ----a-w-   c:\documents and settings\User\Dati applicazioni\pcouffin.sys
2009-12-27 11:20 . 2008-03-23 20:24   54128   ---ha-w-   c:\windows\system32\mlfcache.dat
2008-02-11 12:57 . 2008-02-12 04:55   2519379   ----a-w-   c:\programmi\defs.ref
2009-01-04 17:59 . 2008-01-19 06:19   96   --sh--w-   c:\windows\SCAEECCF0.tmp
.
[code]<pre>
c:\programmi\File comuni\Ahead\Lib\NeroCheck .exe
</pre>[/code]

(((((((((((((((((((((((((((((((((((((((((((((   AWF   ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-05-11 02:06 . 2007-10-10 18:51   39792   c:\programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
2009-12-18 07:58 . 2009-12-18 07:58   40368   c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

2008-01-03 13:54 . 2008-01-03 13:54   486856   c:\programmi\DAEMON Tools Lite\bak\daemon.exe

2006-12-15 09:52 . 2006-12-15 09:52   221184   c:\programmi\File comuni\Roxio Shared\9.0\SharedCOM\bak\RoxWatchTray9.exe

2008-01-05 14:18 . 2008-01-05 15:24   579072   c:\programmi\Grisoft\AVG Free\bak\avgcc.exe

2008-01-15 02:22 . 2008-01-15 02:22   267048   c:\programmi\iTunes\bak\iTunesHelper.exe
2010-01-22 18:16 . 2010-01-22 18:16   141608   c:\programmi\iTunes\iTunesHelper.exe

2008-01-05 14:15 . 2006-09-05 15:45   497152   c:\programmi\MSI\Live Update 3\bak\LMonitor.exe

2008-01-10 14:27 . 2008-01-10 14:27   385024   c:\programmi\QuickTime\bak\QTTask.exe
2009-11-10 22:08 . 2009-11-10 22:08   417792   c:\programmi\QuickTime\QTTask.exe

2006-11-15 08:05 . 2006-11-15 08:05   1121016   c:\programmi\Roxio\Drag-to-Disc\bak\DrgToDsc.exe

2006-11-14 00:07 . 2006-11-14 00:07   102400   c:\programmi\Roxio\Media Experience\bak\DMXLauncher.exe

2008-01-23 17:04 . 2008-01-23 17:04   1670080   c:\programmi\SlySoft\AnyDVD\bak\AnyDVDtray.exe

2007-12-17 10:12 . 2007-12-17 10:12   243240   c:\programmi\Windows Live\Family Safety\bak\fssui.exe

2001-08-31 12:00 . 2004-08-19 14:39   15360   c:\windows\system32\bak\ctfmon.exe
2001-08-31 12:00 . 2008-04-14 02:14   15360   c:\windows\system32\ctfmon.exe

2008-01-05 14:12 . 2006-09-07 10:13   208896   c:\windows\system32\bak\sw20.exe

2008-01-05 14:12 . 2006-09-07 10:14   69632   c:\windows\system32\bak\sw24.exe

2008-01-05 14:12 . 2006-10-03 06:37   217088   c:\windows\system32\bak\winsys2.exe

2008-01-10 20:41 . 2005-01-25 04:00   98304   c:\windows\system32\spool\drivers\w32x86\3\bak\E_FATIAAE.EXE
2010-01-07 04:32 . 2005-01-25 04:00   98304   c:\windows\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE

.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\programmi\Softonic-IT\tbSoft.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3393495-8103-46a0-8181-270273eddd60}]
2009-12-31 10:53   2349080   ----a-w-   c:\programmi\Softonic-IT\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\programmi\Softonic-IT\tbSoft.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E3393495-8103-46A0-8181-270273EDDD60}"= "c:\programmi\Softonic-IT\tbSoft.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\programmi\CCleaner\CCleaner.exe" [2010-01-26 1724728]
"ISUSPM"="c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-07 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-08-11 86016]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"ArcSoft Connection Service"="c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"EPSON Stylus D68 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE" [2005-01-25 98304]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-03-15 202256]
"bit4id store register"="c:\windows\system32\bit4cnsp.dll" [N/A]
"SSLEmptyCache"="c:\windows\system32\SSLEmptyCache.exe" [2008-10-02 32768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-11-9 212992]
NETGEAR WPN111 Smart Wizard.lnk - c:\programmi\NETGEAR\WPN111\wpn111.exe [2009-11-8 884795]
PHOTOfunSTUDIO -viewer-.lnk - c:\programmi\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2008-7-21 40960]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2009-6-19 525640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-15 07:34   12464   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [13/03/2010 23.02.36 217032]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [09/06/2009 2.06.30 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [09/06/2009 2.06.30 242696]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [05/01/2008 15.05.01 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [10/01/2008 22.44.03 8192]
R2 avg9emc;AVG Free E-mail Scanner;c:\programmi\AVG\AVG9\avgemc.exe [15/03/2010 8.33.48 916760]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [15/03/2010 8.34.27 308064]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programmi\Spyware Doctor\BDT\BDTUpdateService.exe [20/03/2010 20.36.43 112592]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/01/2008 16.12.03 717296]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [05/02/2010 14.19.36 135664]
S2 kggyacap;Server Update;c:\windows\system32\svchost.exe -k netsvcs [31/08/2001 13.00.00 14336]
S2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [10/09/2009 18.08.33 17149]
S3 ForteUSB;PERSTEL Chic USB Driver Service;c:\windows\system32\drivers\ForteUSB.sys [09/05/2008 4.38.45 10658]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [21/05/2009 7.30.00 57984]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [20/03/2010 20.35.20 366840]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
kggyacap
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]

2010-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-05 13:19]

2010-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-05 13:19]

2010-03-20 c:\windows\Tasks\Norton Security Scan.job
- c:\programmi\Norton Security Scan\Nss.exe [2007-09-18 22:42]

2010-03-25 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

2010-03-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-507921405-839522115-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-03-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1454471165-507921405-839522115-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-03-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-31 20:18]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2530241
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
LSP: c:\programmi\File comuni\PC Tools\Lsp\PCTLsp.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game07.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\y18a6ig5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530241&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic-IT Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530241&q=
FF - component: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\y18a6ig5.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\y18a6ig5.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\RadioWMPCore.dll
FF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-{F37167DD-4436-4641-90B6-329D60632DDA} - c:\programmi\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-25 23:18
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(948)
c:\programmi\File comuni\PC Tools\Lsp\PCTLsp.dll
.
Ora fine scansione: 2010-03-25  23:21:37
ComboFix-quarantined-files.txt  2010-03-25 22:21

Pre-Run: 73.408.294.912 byte disponibili
Post-Run: 73.462.755.328 byte disponibili

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 2E0AD640FB53BC9BC0DB2C34669FA38E


Codice: Seleziona tutto
Malwarebytes' Anti-Malware 1.44
Versione del database: 3914
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26/03/2010 7.15.10
mbam-log-2010-03-26 (07-15-10).txt

Tipo di scansione: Scansione completa (A:\|C:\|D:\|)
Elementi scansionati: 238724
Tempo trascorso: 1 hour(s), 54 minute(s), 57 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
dadadadi
Utente Junior
 
Post: 16
Iscritto il: 18/11/09 13:46
Top

Re: Adware zango.search

Postdi -> EleKtrA <- » 26/03/10 10:00

Ciao dadadadi, non ti avevo chiesto di disinstallare l'antivirus, ma solo di disabilitarlo temporaneamente.

Ora procedi seguendo questi step:
Disattiva il TeaTimer: apri SpyBot in modalità avanzata (menù modalità - avanzata) poi vai in utilità - resident e togli la spunta a TeaTimer.

Step 1
Con tutte le applicazioni chiuse e disconnesso da internet
Avvia Hijackthis e clicca su "do a system scan only"
Metti la spunta a queste voci e clicca su "fix checked"
Codice: Seleziona tutto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [bit4id store register] RUNDLL32.EXE "C:\WINDOWS\system32\bit4cnsp.dll",RegisterMyPhysicalStore
O4 - HKLM\..\Run: [SSLEmptyCache] C:\WINDOWS\system32\SSLEmptyCache.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ISUSPM] "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"


Step 2
Scarica the Avenger
Lo salvi in una cartella, scompatti il file .zip
Individua avenger.exe, lo avvii
Inserisci questo script nel box bianco
Codice: Seleziona tutto
Files to delete:
c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
c:\programmi\iTunes\iTunesHelper.exe
c:\programmi\QuickTime\QTTask.exe
c:\windows\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE

Files to move:
c:\programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe | c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
c:\programmi\iTunes\bak\iTunesHelper.exe | c:\programmi\iTunes\iTunesHelper.exe
c:\programmi\QuickTime\bak\QTTask.exe | c:\programmi\QuickTime\QTTask.exe
c:\windows\system32\bak\ctfmon.exe | c:\windows\system32\ctfmon.exe
c:\windows\system32\spool\drivers\w32x86\3\bak\E_FATIAAE.EXE | c:\windows\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE

Step 3
Apri un file di testo sul Desktop
Start > esegui, digita: notepad.exe e poi clicca Ok
Incolla il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente
con il nome CFScript
Codice: Seleziona tutto
Killall::
NetSvcs::
kggyacap
Driver::
kggyacap
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_kggyacap]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_kggyacap]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_kggyacap]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_kggyacap]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_kggyacap]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kggyacap]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kggyacap]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kggyacap]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kggyacap]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\kggyacap]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Server Update]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_Server Update]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_Server Update]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_Server Update]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_Server Update]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Server Update]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Server Update]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Server Update]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Server Update]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Server Update]
Folder::
C:\WINDOWS\temp
C:\WINDOWS\Tasks

Con il mouse trascina il file CFScript.txt sull'icona rossa di Combofix
Immagine
Lascia lavorare il programma
Verrà creato un nuovo log combofix.txt
Allega il rapporto per un controllo.

Step 4
Scarica TFC by OldTimer sul desktop
chiudi tutti i programmi
avvia TFC, clicca su "star"
al termine della scansione ti chiederà il riavvio, dai ok.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50
Top

Re: Adware zango.search

Postdi dadadadi » 26/03/10 12:03

Ciao... scusa ma non sapevo come fare a disattivare AVg (non ho trovato come fare insomma) e così ho cercato di disinstallarlo...
Ho cercato di seguire le tue istruzioni ma credo sia cambiato qualcosa, perchè in Hijackthis non trovo alcuni files. Per evitare di fare casini, prima di andare oltre, ti ri-posto il risultato attuale di Hijackthis.

Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.58.44, on 26/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AVG\AVG9\avgemc.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2530241
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSoft.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSoft.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSoft.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SSLEmptyCache] C:\WINDOWS\system32\SSLEmptyCache.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ISUSPM] "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: PHOTOfunSTUDIO -viewer-.lnk = C:\Programmi\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199542780575
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199543378106
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-9bf7d499a98e9995.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Programmi\File comuni\SureThing Shared\stllssvr.exe (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/User/IMPOST~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 13064 bytes


scusa di nuovo... ora tengo le manine ferme fino alla prox istruzione
grazie mille
dada
dadadadi
Utente Junior
 
Post: 16
Iscritto il: 18/11/09 13:46
Top

Re: Adware zango.search

Postdi -> EleKtrA <- » 26/03/10 12:33

Continua con le istruzioni che ti ho dato, ma prima di ogni disattiva il teatimer di Spybot.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50
Top

Re: Adware zango.search

Postdi dadadadi » 27/03/10 08:47

Ciao scusa se sono pedante ma, davvero ci capisco poco.
Come faccio a seguire le tue istruzioni precedenti se il logfile di Hijackthis è diverso da prima...
Mi hai detto, spunta queste voci, ma ora le voci sono diverse e non trovo corrispondenza con le tue istruzioni.

grazie mille per la pazienza....
ciao!
dada
dadadadi
Utente Junior
 
Post: 16
Iscritto il: 18/11/09 13:46
Top

Re: Adware zango.search

Postdi gahan » 27/03/10 09:48

Ciao dadadadi,

fixa le seguenti voci da hijackthis:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2530241
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)


prosegui con le altre operazioni indicate da -> EleKtrA <-
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09
Top

Re: Adware zango.search

Postdi -> EleKtrA <- » 27/03/10 11:39

Ciao dadadadi, stando all'ultimo log di hijackthis da te postato mancherebbe solo una voce tra quelle che ti ho indicato.
Codice: Seleziona tutto
O4 - HKLM\..\Run: [bit4id store register] RUNDLL32.EXE "C:\WINDOWS\system32\bit4cnsp.dll",RegisterMyPhysicalStore

Se hai problemi fixa quelle che trovi tra le mie citate, l'importante è che vai avanti con le altre indicazioni,
perchè l'infezione è ancora attiva.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50
Top

Re: Adware zango.search

Postdi dadadadi » 27/03/10 19:55

eccomi ciao!

ti allego il logfile di combofix
spero di aver fatto tutto per benino (...)

Codice: Seleziona tutto
ComboFix 10-03-26.02 - User 27/03/2010  18.50.41.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.1022.548 [GMT 1:00]
Eseguito da: C:\ComboFix.exe
Opzioni usate :: c:\documents and settings\User\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 * Creato nuovo punto di ripristino
.

(((((((((((((((((((((((((   Files Creati Da 2010-02-27 al 2010-03-27  )))))))))))))))))))))))))))))))))))
.

2010-03-27 17:50 . 2010-03-27 17:50   12568   ----a-w-   c:\windows\system32\drivers\PROCEXP113.SYS
2010-03-27 17:40 . 2010-03-27 17:40   3903606   ----a-r-   C:\ComboFix.exe
2010-03-27 17:17 . 2010-03-27 17:30   724952   ----a-w-   c:\programmi\avenger.zip
2010-03-25 22:25 . 2010-01-07 15:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-25 22:25 . 2010-03-25 22:25   --------   d-----w-   c:\programmi\Malwarebytes' Anti-Malware
2010-03-25 22:25 . 2010-01-07 15:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-03-25 21:58 . 2010-03-25 21:58   3902266   ----a-r-   c:\programmi\ComboFix.exe
2010-03-24 04:40 . 2010-03-24 04:40   --------   d-----w-   c:\programmi\Trend Micro
2010-03-24 04:40 . 2010-03-24 04:40   812344   ----a-w-   c:\programmi\HijackThisInstaller.exe
2010-03-21 11:19 . 2010-03-21 11:20   233824   ----a-w-   c:\programmi\SoftonicDownloader44879.exe
2010-03-21 11:09 . 2003-03-25 14:08   286720   ----a-w-   c:\windows\system32\NCTWMAFile2.dll
2010-03-21 11:09 . 2002-12-03 02:11   143872   ----a-w-   c:\windows\system32\NCTWMAFile.dll
2010-03-21 11:09 . 2008-09-24 19:33   484352   ----a-w-   c:\windows\system32\lame_enc.dll
2010-03-21 11:09 . 2003-03-26 05:59   573440   ----a-w-   c:\windows\system32\NCTAudioInformation2.dll
2010-03-21 11:09 . 2002-12-03 02:07   168448   ----a-w-   c:\windows\system32\NCTAudioPlayer.dll
2010-03-21 11:09 . 2002-12-03 02:02   491520   ----a-w-   c:\windows\system32\NCTAudioFile.dll
2010-03-21 11:08 . 2010-03-21 11:08   6366356   ----a-w-   c:\programmi\4UWMAMP3Converter.exe
2010-03-21 08:29 . 2010-03-21 08:29   95024   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
2010-03-21 08:05 . 2010-03-21 08:08   97132879   ----a-w-   c:\programmi\adaware_82.zip
2010-03-20 19:36 . 2010-01-22 08:56   149456   ----a-w-   c:\windows\SGDetectionTool.dll
2010-03-20 19:36 . 2010-01-22 08:56   165840   ----a-w-   c:\windows\PCTBDRes.dll
2010-03-20 19:36 . 2010-01-22 08:56   1652688   ----a-w-   c:\windows\PCTBDCore.dll
2010-03-20 19:36 . 2010-01-22 08:55   767952   ----a-w-   c:\windows\BDTSupport.dll
2010-03-20 19:36 . 2009-10-28 00:36   1152444   ----a-w-   c:\windows\UDB.zip
2010-03-20 19:36 . 2008-11-26 11:08   131   ----a-w-   c:\windows\IDB.zip
2010-03-20 09:20 . 2010-03-20 09:20   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-03-20 09:20 . 2010-03-22 05:48   --------   d-----w-   c:\documents and settings\User\Dati applicazioni\SUPERAntiSpyware.com
2010-03-20 09:20 . 2010-03-22 05:48   --------   d-----w-   c:\programmi\SUPERAntiSpyware
2010-03-20 09:19 . 2010-03-20 09:19   7757856   ----a-w-   c:\programmi\SUPERAntiSpyware.exe
2010-03-19 19:50 . 2010-03-19 19:50   702000   ----a-w-   c:\programmi\awale-1.3-w32.zip
2010-03-19 13:02 . 2010-03-19 13:02   --------   d-----w-   c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-03-18 05:50 . 2010-03-18 05:50   0   ----a-w-   c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-03-18 05:39 . 2010-03-18 05:39   --------   d-----w-   c:\documents and settings\User\Dati applicazioni\Malwarebytes
2010-03-18 05:38 . 2010-03-18 05:38   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-03-18 05:37 . 2010-03-25 22:25   5115824   ----a-w-   c:\programmi\mbam-setup.exe
2010-03-16 17:38 . 2010-03-16 17:38   --------   d-sh--w-   c:\documents and settings\Administrator\PrivacIE
2010-03-16 16:55 . 2010-03-16 16:55   73944   ----a-w-   c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-15 12:52 . 2010-02-12 10:03   293376   ------w-   c:\windows\system32\browserchoice.exe
2010-03-15 12:49 . 2010-03-15 12:52   59916   ----a-w-   c:\windows\system32\bit4cnsp-uninst.exe
2010-03-15 12:34 . 2010-03-15 12:34   --------   d-----w-   c:\programmi\File comuni\xing shared
2010-03-15 12:19 . 2010-03-15 12:19   --------   d-sh--w-   c:\documents and settings\LocalService\PrivacIE
2010-03-15 12:19 . 2010-03-15 12:19   --------   d-sh--w-   c:\documents and settings\LocalService\IECompatCache
2010-03-15 12:18 . 2010-03-15 12:18   --------   d-----w-   c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Threat Expert
2010-03-15 12:18 . 2010-03-15 12:18   --------   d-----w-   c:\documents and settings\LocalService\Dati applicazioni\Yahoo!
2010-03-15 12:17 . 2010-03-15 12:18   --------   d-----r-   c:\documents and settings\LocalService\Preferiti
2010-03-15 07:34 . 2010-03-15 07:34   12464   ----a-w-   c:\windows\system32\avgrsstx.dll
2010-03-13 22:18 . 2010-03-13 22:18   --------   d-----w-   c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Threat Expert
2010-03-13 22:02 . 2010-02-05 08:17   233136   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2010-03-13 22:02 . 2010-03-10 10:36   217032   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2010-03-13 22:02 . 2009-11-23 12:54   88040   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-13 22:02 . 2010-02-05 08:25   70408   ----a-w-   c:\windows\system32\drivers\pctplsg.sys
2010-03-13 22:02 . 2010-03-25 21:58   --------   d-----w-   c:\programmi\Spyware Doctor
2010-03-13 22:02 . 2010-03-13 22:05   --------   d-----w-   c:\programmi\File comuni\PC Tools
2010-03-13 22:02 . 2010-03-13 22:02   --------   d-----w-   c:\documents and settings\User\Dati applicazioni\PC Tools
2010-03-13 22:02 . 2010-03-13 22:02   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\PC Tools
2010-03-13 22:00 . 2010-03-20 19:33   36590872   ----a-w-   c:\programmi\sdsetup.exe
2010-03-10 01:38 . 2009-10-23 15:28   3558912   -c----w-   c:\windows\system32\dllcache\moviemk.exe
2010-03-09 13:11 . 2010-03-15 12:22   --------   d-----w-   C:\$AVG
2010-03-09 13:10 . 2010-03-25 22:03   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\avg9
2010-02-26 14:24 . 2010-03-18 05:30   --------   d-----w-   c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Temp

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-27 17:57 . 2008-02-09 15:20   --------   d---a-w-   c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-03-27 17:31 . 2008-01-24 21:12   --------   d-----w-   c:\programmi\iTunes
2010-03-27 17:31 . 2008-01-24 21:12   --------   d-----w-   c:\programmi\QuickTime
2010-03-27 17:24 . 2009-01-06 19:33   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-03-26 21:17 . 2008-03-23 21:57   --------   d-----w-   c:\programmi\Windowsavast
2010-03-26 20:02 . 2008-02-15 14:05   --------   d-----w-   c:\programmi\File comuni\Symantec Shared
2010-03-26 20:00 . 2008-02-10 20:43   --------   d-----w-   c:\programmi\Norton Security Scan
2010-03-25 22:06 . 2009-06-09 01:05   --------   d-----w-   c:\programmi\AVG
2010-03-21 11:25 . 2010-03-21 11:24   --------   d-----w-   c:\documents and settings\User\Dati applicazioni\FreeAudioPack
2010-03-21 11:25 . 2010-03-21 11:24   --------   d-----w-   c:\programmi\Free Audio Pack
2010-03-21 11:24 . 2010-03-21 11:24   --------   d-----w-   c:\programmi\Softonic-IT
2010-03-21 11:24 . 2010-03-21 11:24   --------   d-----w-   c:\programmi\Conduit
2010-03-21 11:00 . 2008-01-21 06:05   --------   d-----w-   c:\programmi\eMule
2010-03-21 08:26 . 2008-01-05 15:13   --------   d-----w-   c:\programmi\Lavasoft
2010-03-21 08:24 . 2008-01-24 18:42   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2010-03-18 21:12 . 2008-01-05 19:11   73944   ----a-w-   c:\documents and settings\User\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-18 05:38 . 2010-03-18 05:38   0   ----a-w-   c:\windows\system32\drivers\is-CGKI6.tmp
2010-03-17 05:44 . 2008-05-27 16:26   --------   d-----w-   c:\documents and settings\User\Dati applicazioni\U3
2010-03-15 12:35 . 2010-03-15 12:35   118784   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-15 12:35 . 2010-03-15 12:35   118784   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-15 12:35 . 2010-03-15 12:35   118784   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-15 12:35 . 2010-03-15 12:35   118784   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-15 12:35 . 2010-03-15 12:35   118784   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-15 12:35 . 2010-03-15 12:35   300616   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-15 12:35 . 2010-03-15 12:35   118784   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-15 12:35 . 2010-03-15 12:35   329312   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-15 12:35 . 2008-02-10 21:15   --------   d-----w-   c:\programmi\File comuni\Real
2010-03-15 12:34 . 2010-01-31 09:12   --------   d-----w-   c:\programmi\Real
2010-03-15 12:34 . 2008-01-05 14:18   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2010-03-15 12:34 . 2008-01-05 14:12   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2010-03-15 07:34 . 2010-03-15 07:34   360584   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtdix.sys
2010-03-15 07:34 . 2010-03-15 07:34   28424   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgmfx86.sys
2010-03-15 07:34 . 2010-03-15 07:34   333192   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgldx86.sys
2010-03-15 07:34 . 2009-06-09 01:06   242696   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2010-03-15 07:34 . 2008-01-05 15:21   29512   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2010-03-15 07:33 . 2009-06-09 01:06   216200   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2010-03-13 19:49 . 2008-03-20 21:39   --------   d-----w-   c:\programmi\Safari
2010-03-13 19:45 . 2010-03-13 19:45   79144   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-03-10 20:05 . 2008-01-06 14:39   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-03-09 13:10 . 2010-03-09 13:25   3777280   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\setup.exe
2010-03-09 13:10 . 2010-03-09 13:25   1260800   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgfrw.exe
2010-03-09 13:10 . 2010-03-15 07:32   1658136   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2010-03-09 13:10 . 2010-03-15 07:32   1007896   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.exe
2010-03-09 13:10 . 2010-03-15 07:32   800536   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avginet.dll
2010-03-09 13:10 . 2010-03-15 07:32   613656   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgiproxy.exe
2010-02-24 08:16 . 2009-10-02 20:01   181632   ------w-   c:\windows\system32\MpSigStub.exe
2010-02-09 16:26 . 2010-03-21 11:23   52224   ----a-w-   c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\y18a6ig5.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\FFExternalAlert.dll
2010-02-09 16:26 . 2010-03-21 11:23   101376   ----a-w-   c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\y18a6ig5.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\RadioWMPCore.dll
2010-02-07 16:56 . 2010-02-07 16:55   3370400   ----a-w-   c:\programmi\ccsetup228.exe
2010-02-06 19:15 . 2010-02-06 19:15   --------   d-----w-   c:\programmi\iPod
2010-02-06 19:15 . 2008-01-24 21:11   --------   d-----w-   c:\programmi\File comuni\Apple
2010-02-06 19:08 . 2010-02-06 19:08   72488   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-05 13:19 . 2008-01-06 15:01   --------   d-----w-   c:\programmi\Google
2010-01-31 09:09 . 2010-01-31 09:09   486424   ----a-w-   c:\programmi\RealPlayerSPGold_it.exe
2010-01-01 11:29 . 2001-08-31 12:00   84242   ----a-w-   c:\windows\system32\perfc010.dat
2010-01-01 11:29 . 2001-08-31 12:00   488954   ----a-w-   c:\windows\system32\perfh010.dat
2010-01-01 11:26 . 2010-01-01 11:26   152576   ----a-w-   c:\documents and settings\User\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-01 11:26 . 2010-01-01 11:26   79488   ----a-w-   c:\documents and settings\User\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-31 16:50 . 2001-08-31 12:00   353792   ----a-w-   c:\windows\system32\drivers\srv.sys
2009-12-29 07:29 . 2009-12-28 23:06   9618   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\DVDXStudio\CloneDVD4\MainApp.dll
2009-12-28 23:03 . 2008-02-19 20:52   81920   ----a-w-   c:\documents and settings\User\Dati applicazioni\ezpinst.exe
2009-12-28 23:03 . 2008-02-19 20:52   81920   ----a-w-   c:\documents and settings\User\Dati applicazioni\ezpinst.exe
2009-12-28 23:03 . 2008-01-19 07:45   47360   ----a-w-   c:\documents and settings\User\Dati applicazioni\pcouffin.sys
2009-12-28 23:03 . 2008-01-19 07:45   47360   ----a-w-   c:\documents and settings\User\Dati applicazioni\pcouffin.sys
2008-02-11 12:57 . 2008-02-12 04:55   2519379   ----a-w-   c:\programmi\defs.ref
2009-01-04 17:59 . 2008-01-19 06:19   96   --sh--w-   c:\windows\SCAEECCF0.tmp
.
[code]<pre>
c:\programmi\File comuni\Ahead\Lib\NeroCheck .exe
</pre>[/code]

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\programmi\Softonic-IT\tbSoft.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3393495-8103-46a0-8181-270273eddd60}]
2009-12-31 10:53   2349080   ----a-w-   c:\programmi\Softonic-IT\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\programmi\Softonic-IT\tbSoft.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E3393495-8103-46A0-8181-270273EDDD60}"= "c:\programmi\Softonic-IT\tbSoft.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"ArcSoft Connection Service"="c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-11-9 212992]
NETGEAR WPN111 Smart Wizard.lnk - c:\programmi\NETGEAR\WPN111\wpn111.exe [2009-11-8 884795]
PHOTOfunSTUDIO -viewer-.lnk - c:\programmi\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2008-7-21 40960]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2009-6-19 525640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-15 07:34   12464   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [13/03/2010 23.02.36 217032]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/01/2008 16.12.03 717296]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [09/06/2009 2.06.30 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [09/06/2009 2.06.30 242696]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [05/01/2008 15.05.01 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [10/01/2008 22.44.03 8192]
R2 avg9emc;AVG Free E-mail Scanner;c:\programmi\AVG\AVG9\avgemc.exe [15/03/2010 8.33.48 916760]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [15/03/2010 8.34.27 308064]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programmi\Spyware Doctor\BDT\BDTUpdateService.exe [20/03/2010 20.36.43 112592]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [05/02/2010 14.19.36 135664]
S2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [10/09/2009 18.08.33 17149]
S3 ForteUSB;PERSTEL Chic USB Driver Service;c:\windows\system32\drivers\ForteUSB.sys [09/05/2008 4.38.45 10658]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [21/05/2009 7.30.00 57984]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [20/03/2010 20.35.20 366840]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-05 13:19]

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-05 13:19]

2010-03-27 c:\windows\Tasks\Norton Security Scan.job
- c:\programmi\Norton Security Scan\Nss.exe [2007-09-18 22:42]

2010-03-27 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

2010-03-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-507921405-839522115-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-03-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1454471165-507921405-839522115-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-03-27 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-31 20:18]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2530241
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
LSP: c:\programmi\File comuni\PC Tools\Lsp\PCTLsp.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game07.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\y18a6ig5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530241&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic-IT Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530241&q=
FF - component: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\y18a6ig5.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\y18a6ig5.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\RadioWMPCore.dll
FF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-27 18:58
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x86DA81F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf7226cb8
\Driver\atapi -> atapi.sys @ 0xf71bbb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS:  -> SendCompleteHandler -> 0x0
 PacketIndicateHandler -> 0x0
 SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(968)
c:\programmi\File comuni\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(476)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\windows\System32\SCardSvr.exe
c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\programmi\AVG\AVG9\avgnsx.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\System32\nvsvc32.exe
c:\programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ArcCon.ac
.
**************************************************************************
.
Ora fine scansione: 2010-03-27  19:08:06 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2010-03-27 18:08
ComboFix2.txt  2010-03-25 22:21

Pre-Run: 72.753.983.488 byte disponibili
Post-Run: 73.410.248.704 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 87E79A72ECA3343C24DE615921AD1A18


grazie ancora
ciao
anto
dadadadi
Utente Junior
 
Post: 16
Iscritto il: 18/11/09 13:46
Top

Re: Adware zango.search

Postdi -> EleKtrA <- » 27/03/10 22:09

Scarica OTC by OldTimer sul desktop
doppio clic per eseguirlo
clicca su "CleanUP" > "Yes" > "Yes"
riavvia.

Collegati al sito Kaspersky ed esegui una scansione online usando Internet Explorer
allega il risultato.
Guida.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50
Top

Re: Adware zango.search

Postdi dadadadi » 28/03/10 21:07

Ciao! Rieccomi

Ti allego il risultato di Kaspersky

Codice: Seleziona tutto
KASPERSKY ONLINE SCANNER 7.0: scan report 
Sunday, March 28, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, March 28, 2010 12:17:40
Records in database: 3888465
 
 
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
 
Scan area Critical areas
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
C:\Documents and Settings\User\Menu Avvio\Programmi\Esecuzione automatica
C:\Program Files
C:\Programmi
C:\WINDOWS 
 
Scan statistics
Objects scanned 60990
Threats found 3
Infected objects found 7
Suspicious objects found 0
Scan duration 02:31:03

File name Threat Threats count
C:\Programmi\eMule\Incoming\ Neffa - Lontano Dal Tuo Sole.mp3 Infected: Trojan-Downloader.WMA.GetCodec.ak 1 
 
C:\Programmi\eMule\Incoming\Beyonce - Sweet Dreams.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aj 1 
 
C:\Programmi\eMule\Incoming\Elisa - Ti vorrei sollevare (Con Giuliano Sangiorgi).mp3 Infected: Trojan-Downloader.WMA.GetCodec.ak 1 
 
C:\Programmi\eMule\Incoming\Elisa ft. Sangiorgi - Ti vorrei sollevare.mp3 Infected: Trojan-Downloader.WMA.GetCodec.ak 1 
 
C:\Programmi\eMule\Incoming\Shakira - She Wolf(2).mp3 Infected: Trojan-Downloader.WMA.GetCodec.aj 1 
 
C:\Programmi\eMule\Incoming\shakira - she wolf.mp3 Infected: Trojan-Downloader.WMA.GetCodec.ak 1 
 
C:\Programmi\eMule\Incoming\Total Too Much Love Will Kill You .avi Infected: Trojan-Downloader.WMA.GetCodec.ai 1 
 
Selected area has been scanned.


Poi ho rilanciato Spyware Doctor ed il risultato è stato:
Application.TrackingCookies (1infezione)
Application.NirCmd (7 infezioni)

ancora grazie...
ciao!
dada
dadadadi
Utente Junior
 
Post: 16
Iscritto il: 18/11/09 13:46
Top

Re: Adware zango.search

Postdi -> EleKtrA <- » 29/03/10 21:29

La scansione andava eseguita su "my computer" non solo sulle aree critiche.
Comunque credo che il problema sia risolto.
Segui il percorso dei file segnalati da Kaspersky ed eliminali manualmente.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50
Top

Re: Adware zango.search

Postdi dadadadi » 31/03/10 15:06

ciao eccomi di nuovo a romperti le scatole ...

dunque, ho fatto come mi hai detto e dopo vari scan con Kaspersky sembrava tutto pulito
ti allego i files
Codice: Seleziona tutto
KASPERSKY ONLINE SCANNER 7.0: scan report 
Tuesday, March 30, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, March 30, 2010 08:51:59
Records in database: 3899682
 
 
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
 
Scan area My Computer
A:\
C:\
D:\ 
 
Scan statistics
Objects scanned 103359
Threats found 2
Infected objects found 2
Suspicious objects found 0
Scan duration 05:19:15

File name Threat Threats count
C:\Programmi\eMule\Incoming\Beyonce - Sweet Dreams.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aj 1 
 
C:\Programmi\eMule\Incoming\Elisa - Ti vorrei sollevare (Con Giuliano Sangiorgi).mp3 Infected: Trojan-Downloader.WMA.GetCodec.ak 1 
 
Selected area has been scanned.

Codice: Seleziona tutto
KASPERSKY ONLINE SCANNER 7.0: scan report 
Wednesday, March 31, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, March 30, 2010 08:51:59
Records in database: 3899682
 
 
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
 
Scan area My Computer
A:\
C:\
D:\ 
 
Scan statistics
Objects scanned 103201
Threats found 2
Infected objects found 2
Suspicious objects found 0
Scan duration 03:02:29

File name Threat Threats count
C:\RECYCLER\S-1-5-21-1454471165-507921405-839522115-1003\Dc53.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aj 1 
 
C:\RECYCLER\S-1-5-21-1454471165-507921405-839522115-1003\Dc54.mp3 Infected: Trojan-Downloader.WMA.GetCodec.ak 1 
 
Selected area has been scanned.


Codice: Seleziona tutto
KASPERSKY ONLINE SCANNER 7.0: scan report 
Wednesday, March 31, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, March 30, 2010 08:51:59
Records in database: 3899682
 
 
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
 
Scan area My Computer
A:\
C:\
D:\
E:\
G:\ 
 
Scan statistics
Objects scanned 103587
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 03:34:51

No threats found. Scanned area is clean.
Selected area has been scanned.


poi ho rilanciato spyware doctor e mi ha trovato ancora (1) minaccia e (7) infezioni - indicando Application.NirCmd.
Cosa posso fare a questo punto?

grazie come sempre
ciao
dada
dadadadi
Utente Junior
 
Post: 16
Iscritto il: 18/11/09 13:46
Top

Re: Adware zango.search

Postdi dadadadi » 07/04/10 05:24

Ciao Elektra
ti avevo inviato un post qualche giorno fa, dandoti gli ultimi risultati ma non ho più ricevuto risposta.
Se ti è possibile, potresti per cortesia farmi sapere come posso fare per togliere queste infezioni?
Grazie 10000
dadadadi
dadadadi
Utente Junior
 
Post: 16
Iscritto il: 18/11/09 13:46
Top

Re: Adware zango.search

Postdi -> EleKtrA <- » 07/04/10 08:15

Ciao dadadadi, l'ultimo report di Kasperky è pulito, i virus sono stati eliminati.
Elimina quanto trovato da Spyware Doctor; Application NirCmd dovrebbe riferirsi a qualche componente di Combofix.
Hai usato OTC by OldTimer come ti avevo suggerito?
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50
Top

Re: Adware zango.search

Postdi dadadadi » 08/04/10 03:15

Ciao!
Si ho usato OTC by OldTimer come mi avevi richiesto.
Il problema ora è che Spyware Doctor mi segnala Application NirCmd come ti ho detto, ma non me lo lascia eliminare se non acquisto il programma (sto usando la versione free).
Ho provato con spybot ma non lo vede nemmeno - idem il norton e AVG.
Cosa posso fare per eliminare questa Application.NirCmd a questo punto?

grazie 1000 come sempre
ciao
Anto
dadadadi
Utente Junior
 
Post: 16
Iscritto il: 18/11/09 13:46
Top

Re: Adware zango.search

Postdi -> EleKtrA <- » 08/04/10 08:58

Ciao dadadadi, ripeto che non dovrebbero essere file pericolosi.
Se vuoi eliminarli dovresti fornirmi il percorso dei file che ti vengono segnalati da Spyware Doctor.
Riesci a salvare un report?
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50
Top

Re: Adware zango.search

Postdi Dylan666 » 08/04/10 14:20

-> EleKtrA <- ha scritto:Step 1
Con tutte le applicazioni chiuse e disconnesso da internet
Avvia Hijackthis e clicca su "do a system scan only"
Metti la spunta a queste voci e clicca su "fix checked"
Codice: Seleziona tutto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [bit4id store register] RUNDLL32.EXE "C:\WINDOWS\system32\bit4cnsp.dll",RegisterMyPhysicalStore
O4 - HKLM\..\Run: [SSLEmptyCache] C:\WINDOWS\system32\SSLEmptyCache.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ISUSPM] "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"



Ciao -> EleKtrA <- , volevo solo fare una domanda: come mai per eliminare il virus è necessario anche togliere l'avvio le voci sopra citate? Sono tutte legittime, spesso molto utili (tipo E_FATIAAE.EXE che server a monitorare lo stato della stampante Epson o NvMcTray.dll, NvCpl.dll e nwiz.exe che riguardano la scheda video) e alcuni solo prodotti dalla Microsoft (vedi ctfmon.exe)

Cosa c'entrano col virus?

Anche bit4cnsp.dll è una libreria utilizzata da molti comuni lettori di card per la firma digitale (hai presente InfoCamere) e non vedo che danni potrebbe arrecare alla macchina...
Avatar utente
Dylan666
Moderatore
 
Post: 40224
Iscritto il: 18/11/03 16:46
Top

Re: Adware zango.search

Postdi -> EleKtrA <- » 08/04/10 15:37

Ciao Dylan666, :) quelle voci non c'entrano nulla con il virus le faccio fixare per velocizzare l'avvio del sistema.
I programmi continueranno a funzionare.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50
Top
Prossimo
Rispondi al post

Torna a Sicurezza e Privacy


Topic correlati a "Adware zango.search":

Come disattivare programmi adware ?
Autore: luigi75 		Forum: Sistemi Operativi Windows
Risposte: 1
SpyBot search & destroy
Autore: franco58 		Forum: Software Windows
Risposte: 7
Come eliminare questo fastidioso vrus Search....
Autore: paolodik 		Forum: Sicurezza e Privacy
Risposte: 1
Norton Safe Search as default for Chrome- irrimovibile
Autore: Wilstar 		Forum: Sicurezza e Privacy
Risposte: 17
Aiuto! Malware trace e adware tracking cookie
Autore: azaz92 		Forum: Sicurezza e Privacy
Risposte: 4

Chi c’è in linea

Visitano il forum: Nessuno e 21 ospiti

cron