PDA

View Full Version : apertura continua nuovi browser firefox 3, sono infetto?

vipermario
03-02-2009, 18:45
ciao ragazzi, ho un problema che sembra affliggere altri utenti ma non sono riuscito a porvi rimedio.

il problema sostanzialmente è che durante la navigazione mi si aprono altri browser (non pop up o finestre!) di firefox 3 contenenti messaggi pubbicitari (ad esempio in questo momento ne ho iconizzati 3, con i seguenti link
hxxp://www.better.it/scommesse/better.do?77tadunit=a5768325&77tentry=ZXB120x60
hxxp://best-store.net/click.php?ok=1&chk=076488261866&b=110&c=173
hxxp://www.perfspot.com/join.asp?p=80247&t=CD579)

ho il blocco pop up attivo e ho eliminato tutte le eccezioni per provare a vedere se cambiava qualcosa, ma nulla

ho provato a fare la scansione sia con antivir che con spybot dalla modalità provvisioria come amministratore dopo aver eliminato il ripristino di sistema, come suggerito nella guida per la disinfestazione, ma non mi è stato segnalato alcun problema

a questo punto, seguendo altre discussioni, ho scaricato hijack che mi ha riportato questo file log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.22.24, on 03/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\File comuni\TerraTec\Remote\TTTVRC.exe
D:\documents and settings\mario\impostazioni locali\dati applicazioni\ccbfvd.exe
D:\Programmi\Logitech\SetPoint\SetPoint.exe
D:\WINDOWS\system32\rundll32.exe
D:\PROGRA~1\Webshots\Webshots.scr
D:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Programmi\Bonjour\mDNSResponder.exe
D:\Programmi\File comuni\Logitech\KhalShared\KHALMNPR.EXE
D:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
D:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Programmi\Mozilla Firefox\firefox.exe
D:\Programmi\Norton Ghost\Agent\VProSvc.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\System32\wbem\wmiapsrv.exe
K:\eMule AdunanzA\eMule_AdnzA.exe
D:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - D:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min /nosplash
O4 - HKLM\..\Run: [NVIDIA nTune] "D:\Programmi\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Remote Control Editor] "D:\Programmi\File comuni\TerraTec\Remote\TTTVRC.exe"
O4 - HKCU\..\Run: [Skype] "D:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ccbfvd] "d:\documents and settings\mario\impostazioni locali\dati applicazioni\ccbfvd.exe" ccbfvd
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = D:\Programmi\Webshots\Launcher.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - D:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Norton Ghost - Symantec Corporation - D:\Programmi\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6669 bytes

tramite la guida inserita a questa pagina http://www.hwupgrade.it/forum/showthread.php?t=734483 ho trovato che la stringa
O4 - HKCU\..\Run: [ccbfvd] "d:\documents and settings\mario\impostazioni locali\dati applicazioni\ccbfvd.exe" ccbfvd
dovrebbe essere dannosa, è corretto? (prima volta che uso questo programma)

ringrazio già chi avrà il buon cuore di aiutarmi, informandolo che non so cosa significhi fixare o come si rimuovono librerie, file di registro o altro per disinfestarmi, scusate ma, non avendo mai avuto problemi di sorta, sono un niubbone in materia!

ciau!

ps: configurazione, se può servire: win xp sp3, avira antivir, zone alarm, spybot.
Chill-Out
03-02-2009, 19:11
1 Disattiva il Ripristino Configurazione Sistema:

Windows XP

tasto destro del mouse sull'icona Risorse del Computer
seleziona la voce Proprietà
apri la scheda Ripristino configurazione di Sistema
spunta la voce Disattiva ripristino configurazione di sistema
conferma, la modifica, con Applica e, poi Ok



2 Esegui HJT clicca su Do a system scan only e metti il segno di spunta nella casella bianca a sx delle sottoindicate voci e clicca su Fix cheked:

O4 - HKCU\..\Run: [ccbfvd] "d:\documents and settings\mario\impostazioni locali\dati applicazioni\ccbfvd.exe" ccbfvd


3 Provvedi a svuotare il contenuto della cartella Prefetch da Start - Tutti i programmi - Accessori - Esplora risorse il percorso è il seguente C:\WINDOWS\Prefetch mi raccomando devi eliminare SOLO il contenuto NON LA CARTELLA

4 Fai girare questo tool:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Doppio click su combofix.exe e segui le istruzioni
Allegare il log C:\combofix.txt
N.B.: Durante la scansione verranno creati alcuni file sul desktop e poi eliminati - spariranno tutte le icone del desktop - il firewall potrebbe avvisare che verranno rimossi alcuni driver (consentire)
ComboFix deve essere eseguito a macchina dedicata - disconnessi dalla rete, disabilitando momentaneamente i realtime dei software di sicurezza


Riepilogo log da allegare:
Combofix
Nuovo log HJT


NB: i log vanno allegati secondo le modalità che trovi nelle Regole di sezione in firma

Ciao
vipermario
03-02-2009, 21:04
innanzitutto ti ringrazio, ho seguito, spero correttamente, la procedura che mi hai postato e attualmente, dopo una mezz'ora di navigazione, il problema non si è più presentato.

dato che ora è tutto ok non inserisco i nuovi log generati, nel caso sia necessario o il problema si ripresenti (ma spero proprio di no) li posterò.

grazie ancora,

ciau!
Chill-Out
03-02-2009, 21:34
innanzitutto ti ringrazio, ho seguito, spero correttamente, la procedura che mi hai postato e attualmente, dopo una mezz'ora di navigazione, il problema non si è più presentato.

dato che ora è tutto ok non inserisco i nuovi log generati, nel caso sia necessario o il problema si ripresenti (ma spero proprio di no) li posterò.

grazie ancora,

ciau!


Come preferisci, considera però che i log sono lo strumento per poter valutare la situazione :)
vipermario
03-02-2009, 22:43
ok, eccoli allora:

combofix

ComboFix 09-02-02.04 - mario 2009-02-03 20:40:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.2047.1573 [GMT 1:00]
Eseguito da: d:\documents and settings\mario\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\mario\Impostazioni locali\Dati applicazioni\ccbfvd.dat
d:\documents and settings\mario\Impostazioni locali\Dati applicazioni\ccbfvd.exe
d:\documents and settings\mario\Impostazioni locali\Dati applicazioni\ccbfvd_nav.dat
d:\documents and settings\mario\Impostazioni locali\Dati applicazioni\ccbfvd_navps.dat
d:\windows\IE4 Error Log.txt
d:\windows\system32\CmdLineExt.dll
L:\Autorun.inf
L:\resycled
l:\resycled\boot.com

.
((((((((((((((((((((((((( Files Creati Da 2009-01-03 al 2009-02-03 )))))))))))))))))))))))))))))))))))
.

2009-02-03 18:22 . 2009-02-03 18:22 <DIR> d-------- d:\programmi\Trend Micro
2009-02-01 16:25 . 2009-02-01 16:25 <DIR> d-------- D:\Webshots Data
2009-02-01 14:03 . 2006-12-14 19:47 782,336 -ra------ d:\windows\system32\tmpA7.tmp
2009-02-01 02:28 . 2009-02-01 02:28 <DIR> d-------- d:\windows\Sun
2009-01-31 13:19 . 2009-01-31 13:19 <DIR> d-------- d:\programmi\Spybot - Search & Destroy
2009-01-31 13:19 . 2009-01-31 13:24 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-01-30 20:17 . 2009-01-30 20:17 <DIR> d-------- d:\programmi\Lavasoft
2009-01-30 20:17 . 2009-01-30 20:18 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-01-30 15:13 . 2006-12-14 19:47 782,336 -ra------ d:\windows\system32\tmp1AC.tmp
2009-01-28 18:08 . 2009-01-28 18:10 <DIR> d-------- d:\programmi\Live-Player
2009-01-27 01:52 . 2009-01-27 01:52 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\DAEMON Tools Pro
2009-01-27 01:52 . 2009-01-27 01:52 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\DAEMON Tools
2009-01-27 01:51 . 2009-01-27 01:53 <DIR> d-------- d:\programmi\DAEMON Tools Lite
2009-01-27 01:51 . 2009-01-27 01:51 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2009-01-27 01:48 . 2009-01-27 01:53 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\DAEMON Tools Lite
2009-01-27 01:40 . 2006-12-14 19:47 782,336 -ra------ d:\windows\system32\tmp23C.tmp
2009-01-26 20:25 . 2006-12-14 19:47 782,336 -ra------ d:\windows\system32\tmp179.tmp
2009-01-26 20:17 . 2009-01-26 20:17 <DIR> d-------- d:\programmi\OpenAL
2009-01-26 20:17 . 2006-12-14 19:47 782,336 -ra------ d:\windows\system32\tmp154.tmp
2009-01-26 17:23 . 2008-04-13 18:53 14,720 --a------ d:\windows\system32\drivers\kbdhid.sys
2009-01-26 17:23 . 2008-04-13 18:53 14,720 --a--c--- d:\windows\system32\dllcache\kbdhid.sys
2009-01-25 18:41 . 2009-01-25 18:43 <DIR> d-------- d:\programmi\HattrickOrganizer
2009-01-25 14:43 . 2009-01-25 14:43 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\TVU Networks
2009-01-21 11:23 . 2009-01-21 11:23 <DIR> d-------- d:\windows\USB Vibration
2009-01-21 11:23 . 2009-01-21 11:23 <DIR> d-------- d:\programmi\USB Vibration
2009-01-21 11:23 . 2005-11-24 10:49 73,728 --a------ d:\windows\system32\dancemat.exe
2009-01-21 11:23 . 2006-10-23 11:42 31,899 --a------ d:\windows\system32\drivers\hid8101.sys
2009-01-21 01:02 . 2009-01-31 04:39 125 --a------ d:\windows\cdplayer.ini
2009-01-19 17:33 . 2009-01-19 17:33 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\vlc
2009-01-19 16:39 . 2008-10-16 21:04 6,066,176 -----c--- d:\windows\system32\dllcache\ieframe.dll
2009-01-19 16:39 . 2007-04-17 10:32 2,455,488 -----c--- d:\windows\system32\dllcache\ieapfltr.dat
2009-01-19 16:39 . 2007-03-08 06:11 1,032,192 -----c--- d:\windows\system32\dllcache\ieframe.dll.mui
2009-01-19 16:39 . 2008-10-16 21:04 459,264 -----c--- d:\windows\system32\dllcache\msfeeds.dll
2009-01-19 16:39 . 2008-10-16 21:04 383,488 -----c--- d:\windows\system32\dllcache\ieapfltr.dll
2009-01-19 16:39 . 2008-10-16 21:04 267,776 -----c--- d:\windows\system32\dllcache\iertutil.dll
2009-01-19 16:39 . 2008-10-16 21:04 63,488 -----c--- d:\windows\system32\dllcache\icardie.dll
2009-01-19 16:39 . 2008-10-16 21:04 52,224 -----c--- d:\windows\system32\dllcache\msfeedsbs.dll
2009-01-19 16:39 . 2008-10-16 14:11 13,824 -----c--- d:\windows\system32\dllcache\ieudinit.exe
2009-01-19 00:31 . 2009-01-30 02:54 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\dvdcss
2009-01-18 20:07 . 2009-01-24 17:50 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2009-01-18 19:44 . 2009-01-18 19:44 <DIR> d-------- d:\programmi\Hattrick Control
2009-01-18 19:32 . 2009-01-18 19:33 <DIR> d-------- d:\programmi\EasyRecovery Professional
2009-01-18 12:54 . 2009-01-18 12:54 <DIR> d-------- d:\programmi\MSXML 4.0
2009-01-18 12:29 . 2009-01-18 12:29 <DIR> d-------- d:\programmi\File comuni\Skype
2009-01-18 12:29 . 2009-02-03 20:08 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\skypePM
2009-01-18 12:29 . 2009-01-18 12:29 56 --ah----- d:\windows\system32\ezsidmv.dat
2009-01-18 03:04 . 2009-02-03 14:30 69 --a------ d:\windows\NeroDigital.ini
2009-01-17 16:27 . 2009-01-17 16:27 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\Symantec
2009-01-17 16:03 . 2009-01-17 16:03 <DIR> d-------- d:\programmi\Norton Ghost
2009-01-17 16:03 . 2009-01-17 16:03 <DIR> d-------- d:\programmi\File comuni\Symantec Shared
2009-01-17 16:03 . 2009-01-17 16:10 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Symantec
2009-01-17 16:03 . 2007-03-28 20:29 131,944 --a------ d:\windows\system32\drivers\symsnap.sys
2009-01-17 16:03 . 2007-03-28 20:49 128,104 --a------ d:\windows\system32\drivers\WimFltr.sys
2009-01-17 16:03 . 2007-03-28 20:29 37,864 --a------ d:\windows\system32\drivers\v2imount.sys
2009-01-17 16:03 . 2007-03-28 20:23 14,072 --a------ d:\windows\system32\drivers\vproeventmonitor.sys
2009-01-17 16:01 . 2003-06-19 01:31 17,920 --a------ d:\windows\system32\mdimon.dll
2009-01-17 16:01 . 2009-01-17 16:01 424 --a------ d:\windows\ODBC.INI
2009-01-17 16:00 . 2009-01-17 16:00 <DIR> d-------- d:\programmi\Microsoft Works
2009-01-17 15:59 . 2009-01-17 16:00 <DIR> d-------- d:\windows\SHELLNEW
2009-01-17 15:59 . 2009-01-17 15:59 <DIR> d-------- d:\programmi\Microsoft.NET
2009-01-17 15:49 . 2009-01-18 19:18 <DIR> d-------- d:\programmi\TUGZip
2009-01-17 15:49 . 2007-03-12 23:34 162,304 --a------ d:\windows\system32\ztvunrar36.dll
2009-01-17 15:49 . 2007-03-12 23:34 77,312 --a------ d:\windows\system32\ztvunace26.dll
2009-01-17 15:49 . 2007-03-12 23:34 69,632 --a------ d:\windows\system32\ztvcabinet.dll
2009-01-17 15:46 . 2009-01-17 15:46 <DIR> d-------- d:\programmi\Webshots
2009-01-17 15:46 . 2009-01-17 15:46 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\Webshots
2009-01-17 15:45 . 2009-01-17 15:45 <DIR> d-------- d:\programmi\PowerOff
2009-01-17 15:43 . 2009-01-17 15:43 <DIR> d-------- d:\programmi\File comuni\Ahead
2009-01-17 15:43 . 2009-01-17 15:43 <DIR> d-------- d:\programmi\Ahead
2009-01-17 15:43 . 2004-07-26 16:16 1,568,768 --------- d:\windows\system32\ImagX7.dll
2009-01-17 15:43 . 2004-07-26 16:16 476,320 --------- d:\windows\system32\ImagXpr7.dll
2009-01-17 15:43 . 2004-07-26 16:16 471,040 --------- d:\windows\system32\ImagXRA7.dll
2009-01-17 15:43 . 2004-07-26 16:16 262,144 --------- d:\windows\system32\ImagXR7.dll
2009-01-17 15:43 . 2001-07-09 10:50 155,648 --a------ d:\windows\system32\NeroCheck.exe
2009-01-17 15:43 . 2004-03-02 16:37 125,184 --------- d:\windows\system32\drivers\imagesrv.sys
2009-01-17 15:43 . 2000-06-26 10:45 106,496 --a------ d:\windows\system32\TwnLib20.dll
2009-01-17 15:43 . 2004-03-02 16:37 5,504 --------- d:\windows\system32\drivers\imagedrv.sys
2009-01-17 15:41 . 2009-01-17 15:41 <DIR> d-------- d:\programmi\Google
2009-01-17 15:39 . 2009-01-17 15:39 <DIR> d-------- d:\programmi\Java
2009-01-17 15:39 . 2009-01-17 15:39 <DIR> d-------- d:\programmi\File comuni\Java
2009-01-17 15:39 . 2007-09-24 23:31 69,632 --a------ d:\windows\system32\javacpl.cpl
2009-01-17 15:38 . 2009-01-17 15:38 <DIR> d-------- d:\programmi\Microsoft Silverlight
2009-01-17 15:36 . 2009-01-17 15:36 <DIR> d-------- d:\programmi\CCleaner
2009-01-17 15:33 . 2009-01-17 15:33 <DIR> d-------- d:\programmi\Real
2009-01-17 15:33 . 2009-01-17 15:33 <DIR> d-------- d:\programmi\File comuni\xing shared
2009-01-17 15:33 . 2009-01-17 15:33 <DIR> d-------- d:\programmi\File comuni\Real
2009-01-17 15:32 . 2005-06-15 03:00 102,400 --a------ d:\windows\system32\tsccvid.dll
2009-01-17 15:31 . 2009-01-18 21:04 <DIR> d-------- d:\programmi\eXtreme Movie Manager
2009-01-17 15:31 . 2000-05-21 23:00 1,009,336 --a------ d:\windows\system32\Mschrt20.ocx
2009-01-17 15:21 . 2009-01-17 15:26 <DIR> d-------- d:\programmi\File comuni\Adobe
2009-01-17 15:09 . 2009-01-17 15:57 <DIR> d-------- d:\programmi\NOS
2009-01-17 15:09 . 2009-01-17 15:57 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\NOS
2009-01-17 15:07 . 2009-01-17 15:07 <DIR> d-------- d:\programmi\iTunes
2009-01-17 15:07 . 2009-01-17 15:07 <DIR> d-------- d:\programmi\iPod
2009-01-17 15:07 . 2009-01-17 15:07 <DIR> d-------- d:\programmi\Bonjour
2009-01-17 15:07 . 2009-01-21 13:39 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\Apple Computer
2009-01-17 15:07 . 2009-01-17 15:07 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-17 15:07 . 2007-03-28 20:12 109,360 --a------ d:\windows\system32\GEARAspi.dll
2009-01-17 15:07 . 2007-03-28 20:12 15,664 --a------ d:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-17 15:06 . 2009-01-17 15:07 <DIR> d-------- d:\programmi\QuickTime
2009-01-17 15:06 . 2009-01-17 15:07 <DIR> d-------- d:\programmi\File comuni\Apple
2009-01-17 15:06 . 2009-01-17 15:06 <DIR> d-------- d:\programmi\Apple Software Update
2009-01-17 15:06 . 2009-01-17 15:07 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-01-17 15:06 . 2009-01-17 15:06 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Apple
2009-01-17 14:49 . 2009-01-17 15:00 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\VoipStunt
2009-01-17 14:48 . 2009-01-17 14:48 <DIR> d-------- d:\programmi\VoipStunt.com
2009-01-17 14:47 . 2009-01-18 12:29 <DIR> d-------- d:\programmi\Skype
2009-01-17 14:47 . 2009-02-03 20:39 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\Skype
2009-01-17 14:47 . 2009-01-17 14:47 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Skype
2009-01-17 14:45 . 2009-01-17 14:45 <DIR> d-------- d:\programmi\RealVNC
2009-01-17 14:45 . 2007-10-09 22:02 19,968 --a------ d:\windows\system32\vncmirror.dll
2009-01-17 14:45 . 2007-10-09 22:02 3,072 --a------ d:\windows\system32\drivers\vncmirror.sys
2009-01-17 14:43 . 2009-01-17 14:44 <DIR> d-------- d:\programmi\TVUPlayer
2009-01-17 14:43 . 2009-01-17 14:43 <DIR> d-------- d:\documents and settings\mario\LocalLow
2009-01-17 14:41 . 2009-01-28 20:21 <DIR> d-------- d:\programmi\TVAnts
2009-01-17 14:37 . 2009-01-25 14:43 <DIR> d-------- d:\programmi\SopCast
2009-01-17 14:31 . 2009-01-17 14:31 <DIR> d-------- d:\programmi\DNA
2009-01-17 14:31 . 2009-01-17 14:51 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\DNA
2009-01-17 14:31 . 2009-02-01 03:29 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\BitTorrent
2009-01-17 14:27 . 2009-01-17 14:27 <DIR> d-------- d:\documents and settings\mario\Dati applicazioni\eMule AdunanzA
2009-01-17 14:15 . 2009-01-17 14:15 <DIR> d-------- d:\programmi\Avira
2009-01-17 14:15 . 2009-01-17 14:15 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Avira
2009-01-17 14:10 . 2009-02-03 20:32 17,405,984 --ahs---- d:\windows\system32\drivers\fidbox.dat
2009-01-17 14:10 . 2009-02-03 20:32 209,348 --ahs---- d:\windows\system32\drivers\fidbox.idx
2009-01-17 14:07 . 2009-01-17 14:07 <DIR> d-------- d:\programmi\Zone Labs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 12:00 50,076 ----a-w d:\windows\Internet Logs\zlclient_2nd_2009_02_02_03_55_51_small.dmp.zip
2009-02-02 12:00 43,724 ----a-w d:\windows\Internet Logs\zlclient_2nd_2009_02_02_03_55_46_small.dmp.zip
2009-02-01 15:13 53,530 ----a-w d:\windows\Internet Logs\zlclient_2nd_2009_02_01_16_05_23_small.dmp.zip
2009-01-30 19:18 12,632 ----a-w d:\windows\system32\lsdelete.exe
2009-01-28 18:46 51,824 ----a-w d:\windows\Internet Logs\zlclient_2nd_2009_01_28_19_38_42_small.dmp.zip
2009-01-28 18:46 46,986 ----a-w d:\windows\Internet Logs\zlclient_2nd_2009_01_28_19_38_39_small.dmp.zip
2009-01-27 00:48 717,296 ----a-w d:\windows\system32\drivers\sptd.sys
2009-01-24 17:42 55,862 ----a-w d:\windows\Internet Logs\zlclient_2nd_2009_01_24_18_35_24_small.dmp.zip
2009-01-24 17:42 41,654 ----a-w d:\windows\Internet Logs\zlclient_2nd_2009_01_24_18_35_20_small.dmp.zip
2009-01-21 10:23 --------- d--h--w d:\programmi\InstallShield Installation Information
2009-01-21 09:24 20,480 ----a-w d:\windows\Internet Logs\xDB3.tmp
2009-01-21 01:10 2,828,288 ----a-w d:\windows\Internet Logs\xDB1.tmp
2009-01-21 01:10 1,522,176 ----a-w d:\windows\Internet Logs\xDB2.tmp
2009-01-17 11:52 --------- d-----w d:\programmi\File comuni\InstallShield
2009-01-16 17:49 --------- d-----w d:\programmi\NeoSmart Technologies
2009-01-16 17:15 --------- d-----w d:\programmi\PC Inspector File Recovery
2009-01-16 16:33 --------- d-----w d:\programmi\microsoft frontpage
2009-01-16 16:30 --------- d-----w d:\programmi\Servizi in linea
2008-12-11 10:57 333,952 ----a-w d:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Remote Control Editor"="d:\programmi\File comuni\TerraTec\Remote\TTTVRC.exe" [2008-11-04 1105920]
"Skype"="d:\programmi\Skype\Phone\Skype.exe" [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"NVIDIA nTune"="d:\programmi\NVIDIA Corporation\nTune\\nTune.exe" [2004-12-06 532480]
"nwiz"="nwiz.exe" [2008-12-26 d:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

d:\documents and settings\mario\Menu Avvio\Programmi\Esecuzione automatica\
Webshots.lnk - d:\programmi\Webshots\Launcher.exe [2009-01-17 157008]

d:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech SetPoint.lnk - d:\programmi\Logitech\SetPoint\SetPoint.exe [2009-01-17 692224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 d:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-06-12 13:28 266497 d:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2009-01-17 14:31 342848 d:\programmi\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-29 11:40 687560 d:\programmi\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
--a------ 2005-11-22 17:38 221184 d:\programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 d:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 d:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 12.0]
--a------ 2007-03-28 20:41 2037352 d:\programmi\Norton Ghost\Agent\VProTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-12-26 00:08 86016 d:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 d:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-01-26 15:31 2144088 d:\programmi\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
--a------ 2008-04-04 11:38 88584 d:\programmi\Logitech\Gaming Software\LWEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 d:\programmi\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2009-01-17 15:33 185896 d:\programmi\File comuni\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2008-07-09 09:05 919016 d:\programmi\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-08-17 11:32 17920 d:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-08-17 11:32 18944 d:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-04-11 15:32 56080 d:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2007-04-11 15:32 56080 d:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinVNC4"=2 (0x2)
"vsmon"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programmi\\TerraTec\\TerraTec Home Cinema\\InstTool.exe"=
"d:\\Programmi\\TerraTec\\TerraTec Home Cinema\\tvtvSetup\\tvtv_Wizard.exe"=
"d:\\Programmi\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe"=
"d:\\Programmi\\DNA\\btdna.exe"=
"k:\\BitTorrent\\bittorrent.exe"=
"d:\\Programmi\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"d:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"d:\\Programmi\\iTunes\\iTunes.exe"=
"d:\\Programmi\\TerraTec\\TerraTec Home Cinema\\VersionCheck\\VersionCheck.exe"=
"d:\\Programmi\\Skype\\Phone\\Skype.exe"=

R3 Cinergy_HT_PCI_MKII;Cinergy HT PCI (MKII) service;d:\windows\system32\drivers\Cinergy_HT_PCI_MKII.sys [2009-01-17 221184]
S3 hid8101;hid8101;d:\windows\system32\drivers\hid8101.sys [2009-01-21 31899]
.
Contenuto della cartella 'Scheduled Tasks'

2009-01-30 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-ccbfvd - d:\documents and settings\mario\impostazioni locali\dati applicazioni\ccbfvd.exe
MSConfigStartUp-DAEMON Tools - d:\programmi\DAEMON Tools\daemon.exe
MSConfigStartUp-MSMSGS - d:\programmi\Messenger\msmsgs.exe


.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - d:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\mario\Dati applicazioni\Mozilla\Firefox\Profiles\2nhp00h5.default\
FF - plugin: d:\documents and settings\mario\Dati applicazioni\Mozilla\Firefox\Profiles\2nhp00h5.default\extensions\[email protected]\plugins\npTVUAx.dll
FF - plugin: d:\programmi\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 20:42:23
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2009-02-03 20:43:43
ComboFix-quarantined-files.txt 2009-02-03 19:43:41

Pre-Run: 22,498,557,952 byte disponibili
Post-Run: 22,486,355,968 byte disponibili

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
288 --- E O F --- 2009-01-21 11:42:42


nuovo HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.44.24, on 03/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Programmi\Bonjour\mDNSResponder.exe
D:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
D:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Programmi\Norton Ghost\Agent\VProSvc.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\explorer.exe
D:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - D:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVIDIA nTune] "D:\Programmi\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Remote Control Editor] "D:\Programmi\File comuni\TerraTec\Remote\TTTVRC.exe"
O4 - HKCU\..\Run: [Skype] "D:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = D:\Programmi\Webshots\Launcher.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - D:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Norton Ghost - Symantec Corporation - D:\Programmi\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5574 bytes

spero di averli postati correttamente questa volta!

ciau!
Chill-Out
04-02-2009, 00:34
I log sono ok, presta attenzione potresti avere supporti removibili USB infetti, ti suggerisco inoltre la lettura di questo 3D http://www.hwupgrade.it/forum/showthread.php?t=1726383

Ciao ;)
vipermario
04-02-2009, 12:10
ciao, ho dato una letta alla discussione linkata, davvero un ottimo spunto per migliorare la sicurezza del mio pc!

per quanto riguarda le periferiche usb in pratica ho solo un hd esterno, che è stato sempre collegato durante tutto il processo di disinfestazione e quindi spero sia ok

grazie ancora,

ciau!
Chill-Out
04-02-2009, 12:53
ciao, ho dato una letta alla discussione linkata, davvero un ottimo spunto per migliorare la sicurezza del mio pc!

per quanto riguarda le periferiche usb in pratica ho solo un hd esterno, che è stato sempre collegato durante tutto il processo di disinfestazione e quindi spero sia ok

grazie ancora,

ciau!

Prego, ciao ;)