Olimpo Informatico

[Andry690]

salve sto cercando di ripulire il pc e volevo il parere di qualcuno piu esperto su questi log di combofix e hijackthis

ComboFix 10-11-24.01 - Gurrieri 24/11/2010 22.32.34.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.1013.386 [GMT 1:00]
Eseguito da: c:\users\Gurrieri\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\muzapp.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-10-24 al 2010-11-24 )))))))))))))))))))))))))))))))))))
.

2010-11-24 21:44 . 2010-11-24 21:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-24 19:48 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-09 21:20 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-10-27 22:08 . 2010-10-27 22:08 -------- d-----w- c:\program files\WinPcap
2010-10-27 06:35 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 06:35 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 06:35 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-15 03:50 . 2010-08-10 14:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-13 13:56 . 2010-10-14 06:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 06:01 . 2010-10-14 06:40 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-14 06:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-14 06:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-14 06:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:56 . 2010-10-14 06:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:04 . 2010-10-14 06:40 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-14 06:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-14 06:39 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20 . 2010-10-14 06:41 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-14 06:41 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-14 06:41 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-14 06:41 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-14 06:41 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-09-03 16:18 . 2010-09-22 11:17 395776 ----a-w- c:\windows\system32\RCoRes.dat
2010-09-03 14:16 . 2010-09-22 11:17 1084008 ----a-w- c:\windows\system32\RTSndMgr.cpl
2010-09-03 14:16 . 2010-09-22 11:17 3185640 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-09-03 14:16 . 2010-09-22 11:17 1841768 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-09-03 14:16 . 2010-03-28 11:55 66664 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-09-03 14:15 . 2010-09-22 11:17 408168 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-09-03 14:15 . 2010-03-28 11:55 3605096 ----a-w- c:\windows\system32\RtkAPO.dll
2010-09-01 12:22 . 2010-02-21 00:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-01 12:22 . 2010-02-21 00:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-31 15:46 . 2010-10-14 06:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-14 06:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-14 06:35 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-14 06:35 2038272 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"Google Update"="c:\users\Gurrieri\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-10 136176]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-07 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-07 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-02-20 611712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2010-07-07 6854984]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-03 9726568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2010-07-07 924488]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-07-02 10:20 671608 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2006-12-13 14:42 554640 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2897019924-3419078849-2896787356-1000]
"EnableNotificationsRef"=dword:00000001

R1 TCPZ;TCP Half Open Limited Patcher ( TCP-Z);c:\windows\system32\DRIVERS\tcpz-x86d.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [2010-07-07 3364680]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-21 722416]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-07-07 236104]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-07-07 22600]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\OAcat.exe [2010-07-07 1283400]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-19 7168]
S3 NETw5v32;Driver scheda Intel(R) Wireless WiFi Link 5000 Series per Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-05-31 6638080]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2009-12-05 30800]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-04-23 812544]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-11-24 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-02-21 19:36]

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2897019924-3419078849-2896787356-1000Core.job
- c:\users\Gurrieri\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-10 14:49]

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2897019924-3419078849-2896787356-1000UA.job
- c:\users\Gurrieri\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-10 14:49]
.
.
------- Scansione supplementare -------
.
uLocal Page =
uStart Page = hxxp://www.libero.it/
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Scarica usando &BitSpirit - d:\andrea\Programmi\BitSpirit\bsurl.htm
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017}
TCP: {E9648749-8E0F-41DC-816C-32D1D3B0A1CB} = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Gurrieri\AppData\Roaming\Mozilla\Firefox\Profiles\e74otsep.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.libero.it
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\users\Gurrieri\AppData\Roaming\Mozilla\Firefox\Profiles\e74otsep.default\extensions\firesheep@codebutler.com\platform\WINNT_x86-msvc\components\mozpopen.dll
FF - component: c:\users\Gurrieri\AppData\Roaming\Mozilla\Firefox\Profiles\e74otsep.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\users\Gurrieri\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\Gurrieri\AppData\Roaming\Mozilla\Firefox\Profiles\e74otsep.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\users\Gurrieri\AppData\Roaming\Mozilla\Firefox\Profiles\e74otsep.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSConfigStartUp-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
AddRemove-TOSHIBA Software Modem - c:\windows\agrsmdel



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-24 22:44
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000059

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2010-11-24 22:49:55
ComboFix-quarantined-files.txt 2010-11-24 21:49

Pre-Run: 5.119.074.304 byte disponibili
Post-Run: 5.039.628.288 byte disponibili

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,5
- - End Of File - - 92CF5C9D02537208344E05BB00D7BB83



log hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23.21.18, on 24/11/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Gurrieri\Desktop\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Google Update] "C:\Users\Gurrieri\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica usando &BitSpirit - D:\Andrea\Programmi\BitSpirit\bsurl.htm
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9648749-8E0F-41DC-816C-32D1D3B0A1CB}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 8320 bytes


poi mi interessava capire in cosa consiste quel file eliminato da combofix grazie a tutti in anticipo

[R16]

Ciao, e benvenuto
Non analizziamo log al buio.
Per la bonica di un pc, si deve seguire una procedura:
Pulisci i files temporanei con CCleaner (registro compreso)
http://forum.zeusnews.com/viewtopic.php?p=282670#282670

Segui questo percorso e svuota la cartella Prefetch : (non eliminare la cartella)
C:\Windows\Prefetch

Segui le istruzioni di questo topic per eliminare gli ADS:
http://forum.zeusnews.com/viewtopic.php?t=45223

Scarica e installa la versione Free di SuperAntispyware:
link
lo configuri come da immagini :
http://www.zeusnews.it/zz_upload/img/PSV/SAS/7477731.jpg
http://www.zeusnews.it/zz_upload/img/PSV/SAS/9926902.jpg
Esegui una scansione completa.

Segui le istruzioni di questo topic per usare MBAM:
http://forum.zeusnews.com/viewtopic.php?p=297823#297823
Esegui una scansione completa.
Elimina gli eventuali file infetti trovati.

Carica i log di SuperAntispyware, MBAM, su WikiSend e posta il Forum Link che ti viene assegnato.
link

Riguardo il file eliminato da Combofix, sembra un falso positivo.

[Andry690]

grazie del benvenuto

avevo gia fatto prima una pulizia completa con ccleaner e come antispyware ho spybot che non mi sembra maluccio comunque ho fatto una scansione con superantispyware e mbam e sono stati trovati 2 minacce che non mi sembrano gravi perche fanno parte di un programma di nome glesius

ho eliminato i file ads che non l avevo fatto prima ma erano soltanto 2

per quanto riguarda l applizazione eliminata da combofix confermo che e un falso positivo in quanto fa parte del programma emodio che riguarda il lettore mp3 quindi se qualcuno ce la non si deve preoccupare

in ogni caso ecco il log di mbam (quello di superantispyware non ce lo ) mbam-log-2010-11-27 (08-13-01).txt

[R16]

Consiglio:
Disattiva il Tea Timer di SpyBot, crea più problemi che benefici:
Apri SpyBot in modalità avanzata (menù modalità - avanzata) poi vai in utilità - resident e togli la spunta a TeaTimer, e riavvia il pc.

Per recuperare il log di Superantispyware:
Lancia Superantispyware.
nella schermata princpiale clicca su Preferenze.
Apri la scheda Statistiche e Registri.
Al suo interno troverai il log della scansione che hai eseguito.
Posizionati sul log con il mouse per selezionarlo e clicca sul tasto Visualizza il registro.
Si aprirà il log in formato txt, salvalo sul desktop e postalo sul forum.

[Andry690]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/26/2010 at 09:55 PM

Application Version : 4.46.1000

Core Rules Database Version : 5918
Trace Rules Database Version: 3730

Scan type : Complete Scan
Total Scan Time : 01:54:00

Memory items scanned : 623
Memory threats detected : 0
Registry items scanned : 9745
Registry threats detected : 0
File items scanned : 35828
File threats detected : 2

Trojan.FakeAlert-Gen/Variant
C:\PROGRAM FILES\GLESIUS-IRC\ADDON\WEB\TOOLTIP.DLL

Trojan.Agent/Gen-Cryptor[Virut]
C:\TOSHIBA\EBAY\ADDTOOLBARBUTTON.EXE


in che senso il tea timer crea problemi?nel senso che rallenta il pc?

[R16]

[Andry690]

[R16]

Se è vero quello che racconta Superantispyware, non sei messo male :di più.

Leggi questo link riguardo il Virut:
http://forum.zeusnews.com/viewtopic.php?t=46694

Ma non hai risposto alla mia domanda:
Come funziona quel pc?
Che problemi riscontri?

[Andry690]

il pc non presenta molti problemi solo che e abbastanza lento a volte per aprire un programma ci mette una vita come anche per accendersi a volte succede che si blocca il mouse del touchpad (il pc e un notebook) ma se inserisco un mouse usb funzione mentre per far funzionare il touch pad mi tocca riavviare il pc e infine succede che a volte si blocchi completamente il pc costringendomi a spegnerlo dal pulsante....un problema che e spuntato molto tempo fa e stato quello della scheda di rete che e completamante scomparsa dal pc e come se non esistesse piu non compare nemmeno in gestione applicazioni come scheda di rete mi da solo la scheda wireless e dietro al pc le due luci della scheda di rete sono sempre fisse ma quando e comparso questo problema ho provato a scaricare i file dal sito produttore per installarla ma niente avevo anche provato a formattare completamente il pc ma il problema e rimasto e quindi penso che sia semplicemente andata la scheda di rete ethernet .....

comunque sul web ho trovato un caso simile dove uno a trovato lo stesso identico virus dici che potrei provare a fare le stesse cose?

[R16]

Non è consentito postare link di altri forum.
Vedi tu cosa fare.
Da parte mia, posso mettere la mia disponibilità, per cercare di risolvere.

[Andry690]

ok allora per il momento aspetto consigli da te

[R16]

Allora ripartiamo da zero:
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema.
http://forum.zeusnews.com/viewtopic.php?t=22084

Segui le istruzioni di questo topic per rimuovere combofix, e gli altri eventuali tooll installati:
http://forum.zeusnews.com/viewtopic.php?t=47670

Pulisci i files temporanei con CCleaner (registro compreso)
http://forum.zeusnews.com/viewtopic.php?p=282670#282670

Segui questo percorso e svuota la cartella Prefetch : (non eliminare la cartella)
C:\Windows\Prefetch

Segui le istruzioni di questo topic per usare Systemscan:
http://forum.zeusnews.com/viewtopic.php?p=210548#210548

Carica il log di Systemscan su WikiSend e posta il Forum Link che ti viene assegnato.
link

[Andry690]

ecco il report di systemscan

28_11_2010_00_59_report.zip

[R16]

Segui le istruzioni di questo topic per usare Combofix: (usa Internet Explorer e ricorda di scaricarlo sul Desktop.)
http://forum.zeusnews.com/viewtopic.php?t=45224
Posta il log.

[Andry690]

ecco il report di combofix

ComboFix.txt

[R16]

Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

[Andry690]

report combofix

ComboFix.txt

potresti spiegare anche quello che intendi fare con i passaggi? questo passo lo capito pero se almeno i succissivi li spieghi cosi almeno se ce qualcosa che non capisco cerco di imparare

[R16]

Ciao.
Il log di combofix, non è completo.
Manca la parte finale.
Postalo completo, per verificare .
Poi:
Segui le istruzioni di questo topic per postare il log di HiJackThis:
http://forum.zeusnews.com/viewtopic.php?t=23440

[Andry690]

log hijackthis

hijackthis.log

il log di combofix non me lo ha fatto visualizzare dopo che a terminato il lavoro e il pc si e riavviato da solo e il log lo preso dalla cartella C:\Combo-Fix5218C (in realta ho due cartella di combofix in c l altra si chiama solo combo-fix e dentro ci sono tre file "CF22749.cfxxe" "mbr.txt" "rmbr.cfxxe") dove sono presenti numerosi file e l unico che era aggiornato alla data e l ora di quando ho fatto la scansione era quello che ho gia postato non ce scritto nient altro.....che dici cancello tutto programmi e log salvati fino ad ora e ne rifaccio un altro di combofix?

[R16]