Olimpo Informatico

[enferal]

Ciao a tutti. Da un po di tempo il mio PC ha perso velocità fino a raggiungere una lentezza esagerata. Ho notato che il file winlogon è quasi sempre in movimento e assorbe circa il 50% delle risorse della CPU. Seguendo un consiglio dato, alla segnalazione di un caso simile, da un esperto di Olimpo Informatico, ho usato Combifix e Hijackthis di cui allego i relativi log. Grazie per l'eventuale aiuto e buone vacanze a tutti.
EnFerAl

COMBOFIX

ComboFix 08-08-01.04 - riccardo 2008-08-02 18.38.30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.976 [GMT 2:00]
Eseguito da: C:\Malware cleaner\Combo-Fix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\riccardo\Dati applicazioni\macromedia\Flash Player\#SharedObjects\AZVUA3AQ\iforex.com
C:\Documents and Settings\riccardo\Dati applicazioni\macromedia\Flash Player\#SharedObjects\AZVUA3AQ\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\riccardo\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\riccardo\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINDOWS\BM3fb13543.txt
C:\WINDOWS\BM3fb13543.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\byXPhGXp.dll
C:\WINDOWS\system32\gnygiueu.ini
C:\WINDOWS\system32\mrydgsnu.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pmnoOghF.dll
C:\WINDOWS\system32\tuvUMcyY.dll
C:\WINDOWS\system32\veocodkv.ini
C:\WINDOWS\system32\YycMUvut.ini
C:\WINDOWS\system32\YycMUvut.ini2

.
((((((((((((((((((((((((( Files Creati Da 2008-07-02 al 2008-08-02 )))))))))))))))))))))))))))))))))))
.

2008-08-02 13:16 . 2008-08-02 17:48 <DIR> d-------- C:\Malware cleaner
2008-08-02 12:41 . 2008-08-02 12:41 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Uniblue
2008-08-02 10:32 . 2008-08-02 12:06 <DIR> d-------- C:\Hijackthis
2008-08-01 19:58 . 2008-08-02 10:34 <DIR> d-------- C:\app2
2008-08-01 16:44 . 2008-08-01 16:44 91,648 --a------ C:\WINDOWS\system32\xjctgntk.dll
2008-08-01 16:44 . 2008-08-01 16:44 83,456 --a------ C:\WINDOWS\system32\vkdocoev.dll
2008-07-31 16:14 . 2008-07-31 16:14 91,648 --a------ C:\WINDOWS\system32\oxwwdupq.dll
2008-07-30 11:49 . 2008-07-30 11:49 91,648 --a------ C:\WINDOWS\system32\yjonhotp.dll
2008-07-23 17:03 . 2008-07-23 17:03 <DIR> d-------- C:\Programmi\Heck Part Dash
2008-07-16 13:02 . 2008-07-16 13:02 268 --ah----- C:\sqmdata07.sqm
2008-07-16 13:02 . 2008-07-16 13:02 244 --ah----- C:\sqmnoopt07.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 11:58 --------- d-----w C:\Programmi\BitDownload
2008-08-01 17:26 --------- d-----w C:\Documents and Settings\riccardo\Dati applicazioni\Heck Part Dash
2008-08-01 17:25 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\soft chic meet great
2008-07-07 14:31 --------- d-----w C:\Programmi\BitTorrent Fastest Tool
2008-06-15 18:52 --------- d-----w C:\Programmi\eMule
2008-06-04 20:47 --------- d-----w C:\Programmi\Biliardo
2008-03-07 15:07 32,784 -c--a-w C:\Documents and Settings\riccardo\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-10-17 13:58 22,822 -c--a-w C:\Programmi\FM2008.mds
2007-02-07 20:32 24,192 -c--a-w C:\Documents and Settings\riccardo\usbsermptxp.sys
2007-02-07 20:32 22,768 -c--a-w C:\Documents and Settings\riccardo\usbsermpt.sys
2006-12-30 15:20 31,167 -c--a-w C:\Programmi\INSTALL.LOG
2001-11-05 08:30 165,376 -c--a-w C:\Programmi\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2007-12-02 16:13 394680 --a------ C:\Programmi\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 07:32 5537792]
"BM3fb13543"="C:\WINDOWS\system32\xjctgntk.dll" [2008-08-01 16:44 91648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Programmi\\BitDownload\\BitDownload.exe"=

S3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 13:29]
S3 wma9bus;9507 Mobile Phone driver (WDM);C:\WINDOWS\system32\DRIVERS\wma9bus.sys [2005-05-10 16:23]
S3 wma9mdfl;9507 Mobile Phone USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\wma9mdfl.sys [2005-05-10 16:24]
S3 wma9mdm;9507 Mobile Phone USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\wma9mdm.sys [2005-05-10 16:24]
S3 wma9obex;9507 Mobile Phone USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\wma9obex.sys [2005-05-10 16:27]
.
Contenuto della cartella 'Scheduled Tasks'

2008-08-02 C:\WINDOWS\Tasks\AFDA4B6F9185C937.job
- c:\docume~1\riccardo\datiap~1\heckpa~1\Locks Two Meet.exe [2008-07-23 17:04]

2008-07-07 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-06-13 11:31]

2008-03-09 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-06-13 11:31]

2008-08-02 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 18:39]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\riccardo\Dati applicazioni\Mozilla\Firefox\Profiles\eangfnlw.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.it


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-02 18:56:30
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


C:\WINDOWS\BM3fb13543.txt 72 bytes

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Ora fine scansione: 2008-08-02 19:03:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-02 17:03:49

Pre-Run: 20,234,022,912 byte disponibili
Post-Run: 20,159,258,624 byte disponibili

133 --- E O F --- 2008-03-09 06:48:38

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.07.16, on 02/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Multi Media Italy Toolbar - {2e6f36ce-1217-4ba1-982f-24560c0eb677} - C:\Programmi\Multi_Media_Italy\tbMult.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programmi\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Programmi\torrent_search\tbtor0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Multi Media Italy Toolbar - {2e6f36ce-1217-4ba1-982f-24560c0eb677} - C:\Programmi\Multi_Media_Italy\tbMult.dll
O3 - Toolbar: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Programmi\torrent_search\tbtor0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BM3fb13543] Rundll32.exe "C:\WINDOWS\system32\xjctgntk.dll",s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?2efc5dbfb9ae4a8db749bb62828b11f3
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?2efc5dbfb9ae4a8db749bb62828b11f3
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 5931 bytes

[baciami]

combofix ti ha eliminato un bel po di robaccia..fai un po di pulizia con atf cleaner http://forum.zeusnews.com/viewtopic.php?t=34711

[enferal]

Grazie bac. Ora va bene, devo fare solo un defrag poi tutto sistemato. Grazie ancora e buon agosto. Ciao, EnFerAl

[bdoriano]

No, non basta solo il defrag... c'è anche altra roba da eliminare.

Riporto qui le istruzioni da seguire:

• Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
  
• Segui le istruzioni di questo topic per usare MBAM.
  
• Segui le istruzioni di questo topic per eseguire combofix.
  
• Segui le istruzioni di questo topic per postare il log di HiJackThis.
  
• Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
  
  • Carica il log di MBAM su WikiSend e posta il Forum Link che ti viene assegnato.
    
  • Carica il log di Combofix su WikiSend e posta il Forum Link che ti viene assegnato.
    
  • Carica il log di HiJackThis su WikiSend e posta il Forum Link che ti viene assegnato.

[baciami]

fai quel che dice bdoriano che è un esperto.ciao

[enferal]

Grazie veramente! Ho letto ora i messaggi, non ci sono stato in questi giorni. Provvedo subito poi vi faccio sapere.
Ciao, EnFerAl

[enferal]

Ho fatto esattamente ciò che mi hai suggerito. Ora all'avvio il file Iexplorer.exe usa la CPU al 100% per più di un minuto, non so se questo è normale. Se vuoi ti posto il logs di ritorno da WikiSend.
Grazie ancora Bdoriano.
EnFerAl

[bdoriano]

Si, posta tutti i logs, così gli diamo un'occhiata.

[enferal]

Questi sono i log tornati da Wikisend:

COMBOFIX

ComboFix 08-08-01.04 - Administrator 2008-08-08 10.36.35.5 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1023 [GMT 2:00]Eseguito da: C:\X Pulizia PC\Combo-Fix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((( Files Creati Da 2008-07-08 al 2008-08-08 )))))))))))))))))))))))))))))))))))
.

2008-08-08 10:25 . 2008-08-08 10:25 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Malwarebytes
2008-08-08 10:19 . 2008-08-08 10:19 <DIR> d-------- C:\Programmi\CCleaner
2008-08-06 19:14 . 2008-08-06 19:16 <DIR> d-------- C:\App2
2008-08-06 10:34 . 2008-08-06 10:34 <DIR> d-------- C:\Documents and Settings\riccardo\Dati applicazioni\Malwarebytes
2008-08-06 10:33 . 2008-08-08 10:25 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-08-06 10:33 . 2008-08-06 10:33 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-08-06 10:33 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-06 10:33 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-02 13:16 . 2008-08-08 10:18 <DIR> d-------- C:\X Pulizia PC
2008-08-02 12:41 . 2008-08-02 12:41 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Uniblue
2008-08-02 10:32 . 2008-08-06 22:28 <DIR> d-------- C:\Hijackthis
2008-08-01 16:44 . 2008-08-01 16:44 83,456 --a------ C:\WINDOWS\system32\vkdocoev.dll
2008-07-31 16:14 . 2008-07-31 16:14 91,648 --a------ C:\WINDOWS\system32\oxwwdupq.dll
2008-07-30 11:49 . 2008-07-30 11:49 91,648 --a------ C:\WINDOWS\system32\yjonhotp.dll
2008-07-23 17:03 . 2008-07-23 17:03 <DIR> d-------- C:\Programmi\Heck Part Dash
2008-07-16 13:02 . 2008-07-16 13:02 268 --ah----- C:\sqmdata07.sqm
2008-07-16 13:02 . 2008-07-16 13:02 244 --ah----- C:\sqmnoopt07.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-06 16:13 --------- d-----w C:\Programmi\eMule
2008-08-02 11:58 --------- d-----w C:\Programmi\BitDownload
2008-08-01 17:26 --------- d-----w C:\Documents and Settings\riccardo\Dati applicazioni\Heck Part Dash
2008-08-01 17:25 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\soft chic meet great
2008-07-07 14:31 --------- d-----w C:\Programmi\BitTorrent Fastest Tool
2008-03-07 15:07 32,784 -c--a-w C:\Documents and Settings\riccardo\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-10-17 13:58 22,822 -c--a-w C:\Programmi\FM2008.mds
2007-02-07 20:32 24,192 -c--a-w C:\Documents and Settings\riccardo\usbsermptxp.sys
2007-02-07 20:32 22,768 -c--a-w C:\Documents and Settings\riccardo\usbsermpt.sys
2006-12-30 15:20 31,167 -c--a-w C:\Programmi\INSTALL.LOG
2001-11-05 08:30 165,376 -c--a-w C:\Programmi\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2007-12-02 16:13 394680 --a------ C:\Programmi\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 07:32 5537792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Programmi\\BitDownload\\BitDownload.exe"=

S3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 13:29]
S3 wma9bus;9507 Mobile Phone driver (WDM);C:\WINDOWS\system32\DRIVERS\wma9bus.sys [2005-05-10 16:23]
S3 wma9mdfl;9507 Mobile Phone USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\wma9mdfl.sys [2005-05-10 16:24]
S3 wma9mdm;9507 Mobile Phone USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\wma9mdm.sys [2005-05-10 16:24]
S3 wma9obex;9507 Mobile Phone USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\wma9obex.sys [2005-05-10 16:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autorun.exe
.
Contenuto della cartella 'Scheduled Tasks'

2008-08-08 C:\WINDOWS\Tasks\AFDA4B6F9185C937.job
- c:\docume~1\riccardo\datiap~1\heckpa~1\Locks Two Meet.exe [2008-07-23 17:04]

2008-08-06 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-06-13 11:31]

2008-03-09 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-06-13 11:31]

2008-08-06 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
- C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe [2008-01-29 11:13]

2008-08-06 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 18:39]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-08 10:39:15
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-08-08 10:40:57
ComboFix-quarantined-files.txt 2008-08-08 08:40:44
ComboFix2.txt 2008-08-06 19:53:49
ComboFix3.txt 2008-08-06 08:58:01
ComboFix4.txt 2008-08-05 16:47:06
ComboFix5.txt 2008-08-08 08:36:03

Pre-Run: 32,145,424,384 byte disponibili
Post-Run: 32,132,640,768 byte disponibili

104 --- E O F --- 2008-03-09 06:48:38


HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.50.07, on 08/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Hijackthis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Multi Media Italy Toolbar - {2e6f36ce-1217-4ba1-982f-24560c0eb677} - C:\Programmi\Multi_Media_Italy\tbMult.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programmi\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Programmi\torrent_search\tbtor0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Multi Media Italy Toolbar - {2e6f36ce-1217-4ba1-982f-24560c0eb677} - C:\Programmi\Multi_Media_Italy\tbMult.dll
O3 - Toolbar: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Programmi\torrent_search\tbtor0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 4815 bytes

MBAM

Malwarebytes' Anti-Malware 1.24
Versione del database: 1012
Windows 5.1.2600 Service Pack 2

10.34.37 08/08/2008
mbam-log-8-8-2008 (10-34-37).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 39995
Tempo trascorso: 8 minute(s), 32 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

Ciao e ancora grazie.
EnFerAl





[/b]

[enferal]

...scusami ma non so come ne erano partiti due di messaggi

[bdoriano]

Apri il Blocco note e crea un file di testo con le seguenti istruzioni:

[enferal]

...il log aggiornato di combofix, ciao

ComboFix 08-08-01.04 - riccardo 2008-08-10 9.53.02.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.971 [GMT 2:00]
Eseguito da: C:\X Pulizia PC\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\riccardo\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

FILE ::
c:\documenti and setting\riccardo\dati applicazioni\heck part dash\locks two meet.exe
C:\WINDOWS\system32\oxwwdupq.dll
C:\WINDOWS\system32\vkdocoev.dll
C:\WINDOWS\system32\yjonhotp.dll
C:\WINDOWS\Tasks\AFDA4B6F9185C937.job
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All users\Dati applicazioni\soft chic meet great
C:\Documents and Settings\All users\Dati applicazioni\soft chic meet great\Drv Math.exe
C:\Documents and Settings\riccardo\Dati applicazioni\Heck Part Dash
C:\Documents and Settings\riccardo\Dati applicazioni\Heck Part Dash\0
C:\Documents and Settings\riccardo\Dati applicazioni\Heck Part Dash\forprocpile.exe
C:\Documents and Settings\riccardo\Dati applicazioni\Heck Part Dash\Locks Two Meet.exe
C:\Documents and Settings\riccardo\Dati applicazioni\Heck Part Dash\pdtoujeu.exe
C:\WINDOWS\system32\oxwwdupq.dll
C:\WINDOWS\system32\vkdocoev.dll
C:\WINDOWS\system32\yjonhotp.dll
C:\WINDOWS\Tasks\AFDA4B6F9185C937.job

.
((((((((((((((((((((((((( Files Creati Da 2008-07-10 al 2008-08-10 )))))))))))))))))))))))))))))))))))
.

2008-08-08 12:48 . 2008-08-08 12:48 <DIR> d-------- C:\Programmi\Nero
2008-08-08 10:25 . 2008-08-08 10:25 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Malwarebytes
2008-08-08 10:19 . 2008-08-08 10:19 <DIR> d-------- C:\Programmi\CCleaner
2008-08-06 19:14 . 2008-08-08 18:18 <DIR> d-------- C:\App2
2008-08-06 10:34 . 2008-08-06 10:34 <DIR> d-------- C:\Documents and Settings\riccardo\Dati applicazioni\Malwarebytes
2008-08-06 10:33 . 2008-08-08 10:25 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-08-06 10:33 . 2008-08-06 10:33 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-08-06 10:33 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-06 10:33 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-02 13:16 . 2008-08-08 10:18 <DIR> d-------- C:\X Pulizia PC
2008-08-02 12:41 . 2008-08-08 11:40 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Uniblue
2008-08-02 10:32 . 2008-08-08 10:49 <DIR> d-------- C:\Hijackthis
2008-07-23 17:03 . 2008-07-23 17:03 <DIR> d-------- C:\Programmi\Heck Part Dash
2008-07-16 13:02 . 2008-07-16 13:02 268 --ah----- C:\sqmdata07.sqm
2008-07-16 13:02 . 2008-07-16 13:02 244 --ah----- C:\sqmnoopt07.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-08 16:19 --------- d-----w C:\Programmi\Alwil Software
2008-08-08 10:52 --------- d-----w C:\Documents and Settings\riccardo\Dati applicazioni\Ahead
2008-08-08 10:48 --------- d-----w C:\Programmi\File comuni\Ahead
2008-08-08 10:44 --------- d-----w C:\Programmi\Ahead
2008-08-06 16:13 --------- d-----w C:\Programmi\eMule
2008-08-02 11:58 --------- d-----w C:\Programmi\BitDownload
2008-07-07 14:31 --------- d-----w C:\Programmi\BitTorrent Fastest Tool
2008-03-07 15:07 32,784 -c--a-w C:\Documents and Settings\riccardo\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-10-17 13:58 22,822 -c--a-w C:\Programmi\FM2008.mds
2007-02-07 20:32 24,192 -c--a-w C:\Documents and Settings\riccardo\usbsermptxp.sys
2007-02-07 20:32 22,768 -c--a-w C:\Documents and Settings\riccardo\usbsermpt.sys
2006-12-30 15:20 31,167 -c--a-w C:\Programmi\INSTALL.LOG
2001-11-05 08:30 165,376 -c--a-w C:\Programmi\UNWISE.EXE
.

((((((((((((((((((((((((((((( snapshot@2008-08-08_18.37.18.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-10 07:19:20 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_6dc.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2007-12-02 16:13 394680 --a------ C:\Programmi\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 07:32 5537792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Programmi\\BitDownload\\BitDownload.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
S3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 13:29]
S3 wma9bus;9507 Mobile Phone driver (WDM);C:\WINDOWS\system32\DRIVERS\wma9bus.sys [2005-05-10 16:23]
S3 wma9mdfl;9507 Mobile Phone USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\wma9mdfl.sys [2005-05-10 16:24]
S3 wma9mdm;9507 Mobile Phone USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\wma9mdm.sys [2005-05-10 16:24]
S3 wma9obex;9507 Mobile Phone USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\wma9obex.sys [2005-05-10 16:27]
.
Contenuto della cartella 'Scheduled Tasks'

2008-08-06 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-06-13 11:31]

2008-03-09 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-06-13 11:31]

2008-08-06 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
- C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe [2008-01-29 11:13]

2008-08-10 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 18:39]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-10 09:56:21
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-08-10 9:58:45
ComboFix-quarantined-files.txt 2008-08-10 07:58:25
ComboFix2.txt 2008-08-08 16:37:58
ComboFix3.txt 2008-08-08 08:40:58
ComboFix4.txt 2008-08-06 19:53:49
ComboFix5.txt 2008-08-10 07:50:32

Pre-Run: 30,317,969,408 byte disponibili
Post-Run: 30,301,245,440 byte disponibili

129 --- E O F --- 2008-03-09 06:48:38

[bdoriano]

Mi sembra che vada già meglio.

• Disabilita il tuo antivirus
  
• Collegati a BitDefender (con IE) e fai la scansione completa.
  
• Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
  Salva il risultato della scansione in un file (in formato TXT), carica il file su WikiSend e posta qui il Forum Link che ti viene assegnato.

[enferal]

Probabulmente qualcosa ho sbagliato perché mi trovo 4 log da Kaspersky. Io li ho mandati tutti a Wikisend e ti posto il feedback.
Ora il PC sembra essere a posto. GRAZIE ancora, ciao.

1° LOG

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, August 11, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 11, 2008 18:48:28
Records in database: 1083117
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 57746
Threat name: 3
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 01:34:10


File name / Threat name / Threats count
C:\Programmi\BitTorrent Fastest Tool\3wPlayer-1.9.0.0-setup-0312.exe Infected: Trojan.Win32.Obfuscated.iwf 1
C:\Programmi\BitTorrent Fastest Tool\BitDownload-4.5-setup.exe Infected: Trojan.Win32.Obfuscated.iwf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\vkdocoev.dll.vir Infected: Trojan.Win32.Monder.bwt 1
C:\QooBox\Quarantine\C\WINDOWS\system32\yjonhotp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aejo 1

The selected area was scanned.

2° LOG-
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, August 12, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 11, 2008 18:48:28
Records in database: 1083117
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Folder:
C:\

Scan statistics:
Files scanned: 57706
Threat name: 3
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 01:10:16


File name / Threat name / Threats count
C:\Programmi\BitTorrent Fastest Tool\3wPlayer-1.9.0.0-setup-0312.exe Infected: Trojan.Win32.Obfuscated.iwf 1
C:\Programmi\BitTorrent Fastest Tool\BitDownload-4.5-setup.exe Infected: Trojan.Win32.Obfuscated.iwf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\vkdocoev.dll.vir Infected: Trojan.Win32.Monder.bwt 1
C:\QooBox\Quarantine\C\WINDOWS\system32\yjonhotp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aejo 1

The selected area was scanned.

3° LOG
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, August 12, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 11, 2008 18:48:28
Records in database: 1083117
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - File:
C:\Pippo.3

Scan statistics:
Files scanned: 0
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 00:00:01

No malware has been detected. The scan area is clean.

The selected area was scanned.

4° LOG
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, August 12, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 11, 2008 18:48:28
Records in database: 1083117
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
C:\Documents and Settings\riccardo\Menu Avvio\Programmi\Esecuzione automatica
C:\Program Files
C:\Programmi
C:\WINDOWS

Scan statistics:
Files scanned: 38389
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 00:35:09


File name / Threat name / Threats count
C:\Programmi\BitTorrent Fastest Tool\3wPlayer-1.9.0.0-setup-0312.exe Infected: Trojan.Win32.Obfuscated.iwf 1
C:\Programmi\BitTorrent Fastest Tool\BitDownload-4.5-setup.exe Infected: Trojan.Win32.Obfuscated.iwf 1

The selected area was scanned.

[bdoriano]

Puoi cancellare questi files:
C:\Programmi\BitTorrent Fastest Tool\3wPlayer-1.9.0.0-setup-0312.exe
C:\Programmi\BitTorrent Fastest Tool\BitDownload-4.5-setup.exe

Dopo, fai questi passaggi:

1. Pulizia dei files temporanei con ATF-Cleaner e/o CCleaner
   
2. Pulizia del registro con EUsingFreeRegistryCleaner o Wise Registry Cleaner e, infine, una passata con Auslogics Registry Defrag
   
3. Deframmentazione del disco

[enferal]

Ora va tutto bene. Grazie per il prezioso aiuto e buon Ferragosto.
EnFerAl