Olimpo Informatico

salla · Mortale devoto Registrato: 12/01/08 20:40 Messaggi: 11

salve a tutti ragazzi.
scrivo qui per non occupare altro posto e perchè mi si è presentato esattamente lo stesso problema di sum.
mentre il pc è acceso tenta di connettersi a link come doginhispen e skytodayplease, esattamente gli stessi siti che danno problemi a lui.
ovviamente il mio norton 2007 è deceduto immediatamente e ha smesso di funzionare.
io ho anche il cd di norton 2008 ma non sono sicuro di poterlo installare con questi virus ancora nel computer.
ho scaricato i programmi che avete consigliato, adesso provvederò a fare una scansione con hijackthis e posterò qui i risultati, vi sarò molto grato se qualcuno potrà guidarmi per l'eliminazione.
grazie mille a tutti.

bdoriano

Ciao salla, Ciao

Per cortesia, non accodarti ai thread di altri utenti. Grazie per la collaborazione.

Fai questa scansione con FindAWF e allega il log alla tua prossima risposta.

PS: se vuoi, puoi presentarti qui

salla · Mortale devoto Registrato: 12/01/08 20:40 Messaggi: 11

grazie bdoriano... molto gentile hai già provveduto a spostarmi tu Smile

qui il risultato della scansione con awf

salla · Mortale devoto Registrato: 12/01/08 20:40 Messaggi: 11

qui c'è anche il risultato della scansione con hijackthis:

bdoriano

No, gli antivirus in generale vengono disabilitati dai virus o, come in questo caso, addirittura sostituiti. Per quanto riguarda Norton... no comment. Twisted Evil

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

bdoriano

Nel log di hijackthis ho visto un paio di cosette probabilmente pericolose. Think

Una volta che hai fatto i passaggi precedenti, segui le istruzioni di questo topic per postare il log di combofix.

salla · Mortale devoto Registrato: 12/01/08 20:40 Messaggi: 11

qui il risultato di avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\itlokmcs

*******************

Script file located at: \??\C:\WINDOWS\system32\ivxlpvbe.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\DNA\btdna.exe deleted successfully.
File C:\Programmi\Norton AntiVirus\osCheck.exe deleted successfully.
File C:\Programmi\QuickTime\qttask.exe deleted successfully.
File C:\WINDOWS\system32\NeroCheck.exe deleted successfully.
File C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe deleted successfully.
File C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe deleted successfully.
File C:\Programmi\File comuni\Symantec Shared\ccApp.exe deleted successfully.
File C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe deleted successfully.

File C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe not found!
Deletion of file C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe failed!

Could not process line:
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Status: 0xc0000034

File C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe deleted successfully.
File C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe deleted successfully.
File C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe deleted successfully.
File move operation C:\Programmi\DNA\bak\btdna.exe|C:\Programmi\DNA\btdna.exe completed successfully.
File move operation C:\Programmi\Norton AntiVirus\bak\osCheck.exe|C:\Programmi\Norton AntiVirus\osCheck.exe completed successfully.
File move operation C:\Programmi\QuickTime\bak\qttask.exe|C:\Programmi\QuickTime\qttask.exe completed successfully.
File move operation C:\WINDOWS\system32\bak\NeroCheck.exe|C:\WINDOWS\system32\NeroCheck.exe completed successfully.
File move operation C:\Programmi\Alice ti aiuta\SmartBridge\bak\MotiveSB.exe|C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe completed successfully.
File move operation C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe|C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe completed successfully.
File move operation C:\Programmi\File comuni\Symantec Shared\bak\ccApp.exe|C:\Programmi\File comuni\Symantec Shared\ccApp.exe completed successfully.
File move operation C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe|C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe completed successfully.
File move operation C:\Program Files\Hewlett-Packard\OrderReminder\bak\OrderReminder.exe|C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe completed successfully.
File move operation C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe|C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe completed successfully.
File move operation C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe|C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe completed successfully.

Completed script processing.

*******************

Finished! Terminate.

salla · Mortale devoto Registrato: 12/01/08 20:40 Messaggi: 11

qui di seguito il log di combofix:

ComboFix 08-01-09.2 - Salardi 1 2008-01-12 21:08:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.175 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Salardi 1\Desktop\ComboFix.exe
Command switches used :: and Settings\Salardi 1\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmi\myglobalsearch
C:\Programmi\myglobalsearch\bar\History\search
C:\WINDOWS\system32\winbug32.dll

.
((((((((((((((((((((((((( Files Creati Da 2007-12-12 al 2008-01-12 )))))))))))))))))))))))))))))))))))
.

2008-01-12 21:05 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 20:13 . 2008-01-12 20:15 <DIR> d-------- C:\hijackthis
2008-01-12 18:21 . 2008-01-12 18:21 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-12 18:21 . 2008-01-12 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-01-10 23:46 . 2008-01-12 20:51 <DIR> d-------- C:\WINDOWS\system32\bak
2008-01-06 01:46 . 2008-01-10 23:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-06 01:46 . 2008-01-06 01:46 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-16 20:13 . 2007-12-16 20:20 <DIR> d-------- C:\Documents and Settings\Salardi 1\Dati applicazioni\BitTorrent
2007-12-16 20:12 . 2008-01-12 20:51 <DIR> d-------- C:\Programmi\DNA
2007-12-16 20:12 . 2008-01-12 21:12 <DIR> d-------- C:\Documents and Settings\Salardi 1\Dati applicazioni\DNA
2007-12-12 11:16 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 20:07 --------- d-----w C:\Documents and Settings\Salardi 1\Dati applicazioni\Skype
2008-01-12 19:51 --------- d-----w C:\Programmi\QuickTime
2008-01-12 19:51 --------- d-----w C:\Programmi\Norton AntiVirus
2008-01-12 19:51 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-01-11 20:17 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-01-10 22:46 --------- d-----w C:\Programmi\MSN Messenger
2008-01-08 01:52 --------- d-----w C:\Programmi\Mozilla Thunderbird
2007-12-31 17:48 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-31 17:48 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-31 17:48 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-31 17:48 --------- d-----w C:\Programmi\Symantec
2007-12-12 10:16 --------- d-----w C:\Programmi\Java
2007-12-11 08:46 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2007-12-09 17:59 --------- d-----w C:\Programmi\WinMX
2007-12-09 17:58 --------- d-----w C:\Programmi\3DO
2007-12-09 17:39 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2007-12-09 17:17 --------- d-----w C:\Programmi\Google
2007-12-06 12:11 --------- d-----w C:\Documents and Settings\Salardi 1\Dati applicazioni\vlc
2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-30 02:03 --------- d-----w C:\Programmi\Windows Live Toolbar
2007-11-17 18:48 --------- d-----w C:\Programmi\CDBurnerXP
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d869742a-e5d2-4624-96c7-aae26170665e}]
C:\Programmi\MMediaCodec\isaddon.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2006-05-19 17:11 18577448]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-02 00:40 68856]
"BitTorrent DNA"="C:\Programmi\DNA\btdna.exe" [2007-12-16 20:12 290112]

salla · Mortale devoto Registrato: 12/01/08 20:40 Messaggi: 11

qui di seguito il log di hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.32.31, on 12/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\USRobotics\Wireless USB Manager\USR54G.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\DesktopEarth\DesktopEarth.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rossoalice.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Programmi\MMediaCodec\isaddon.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: DesktopEarth AutoStart.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: DesktopEarth AutoStart.lnk = ? (User 'Default user')
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: USRobotics Wireless USB Adapter.lnk = C:\Programmi\USRobotics\Wireless USB Manager\USR54G.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?7cbd2d590af348468291384b7e141842
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?7cbd2d590af348468291384b7e141842
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0102E6B6-BECC-49CA-A342-951422E508AB}: NameServer = 85.37.17.10 85.38.28.86
O17 - HKLM\System\CS2\Services\Tcpip\..\{0102E6B6-BECC-49CA-A342-951422E508AB}: NameServer = 85.37.17.10 85.38.28.86
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 10218 bytes

considerazioni... credo di avere fatto tutto,
-firefox per il momento non funziona più (poco male, lo reinstallo)
-il computer tenta ancora di collegarsi a skytodayplease. Sad

-norton in compenso ha ripreso a funzionare (anche se mi pare di aver capito che è una patacca!)
-spero di non aver compromesso il funzionamento di altri programmi, visti tutti i file che ho cancellato.
-cosa mi consigli bdoriano per eliminare sto maledetto skytodayplease?

salla · Mortale devoto Registrato: 12/01/08 20:40 Messaggi: 11

volendo esagerare, ci ho dato anche unapassata con smithfraudfix:
ecco il rapporto...

SmitFraudFix v2.274

Scan done at 21.59.08,98, 12/01/2008
Run from C:\Documents and Settings\Salardi 1\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BA8FE72C-0D9C-42F0-8ADE-0BD6DC146ECF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE9236D5-1308-4485-AE89-7544856C6A6D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E04E3E0F-E6B3-4982-8653-78601806DE6B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BA8FE72C-0D9C-42F0-8ADE-0BD6DC146ECF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DE9236D5-1308-4485-AE89-7544856C6A6D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E04E3E0F-E6B3-4982-8653-78601806DE6B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BA8FE72C-0D9C-42F0-8ADE-0BD6DC146ECF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE9236D5-1308-4485-AE89-7544856C6A6D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E04E3E0F-E6B3-4982-8653-78601806DE6B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

purtroppo il problema di skytodayplease è rimasto... Crying or Very sad

bdoriano

Probabilmente ne è sfuggito uno, rifai la scansione con FIndAWF. Think

salla · Mortale devoto Registrato: 12/01/08 20:40 Messaggi: 11

ecco qua:

Find AWF report by noahdfear ©2006
Version 1.40

bak folders found
~~~~~~~~~~~

Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 183E-41C5

Directory di C:\PROGRA~1\DNA\BAK

0 File 0 byte
2 Directory 102.507.917.312 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 183E-41C5

Directory di C:\PROGRA~1\MSNMES~1\BAK

0 File 0 byte
2 Directory 102.507.917.312 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 183E-41C5

Directory di C:\PROGRA~1\NORTON~1\BAK

0 File 0 byte
2 Directory 102.507.913.216 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 183E-41C5

Directory di C:\PROGRA~1\QUICKT~1\BAK

0 File 0 byte
2 Directory 102.507.913.216 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 183E-41C5

Directory di C:\WINDOWS\SYSTEM32\BAK

0 File 0 byte
2 Directory 102.507.913.216 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 183E-41C5

Directory di C:\PROGRA~1\3DO\UPRISI~1\BAK

0 File 0 byte
7 Directory 102.507.913.216 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 183E-41C5

Directory di C:\PROGRA~1\ALICET~1\SMARTB~1\BAK

0 File 0 byte
2 Directory 102.507.913.216 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 183E-41C5

Directory di C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

0 File 0 byte
2 Directory 102.507.913.216 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 183E-41C5

Directory di C:\PROGRA~1\FILECO~1\SYMANT~1\BAK

0 File 0 byte
2 Directory 102.507.913.216 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 183E-41C5

Directory di C:\PROGRA~1\GOOGLE\GO333C~1\BAK

01/08/2007 19.54 1.836.544 GoogleDesktop.exe
1 File 1.836.544 byte
2 Directory 102.507.913.216 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 183E-41C5

Directory di C:\PROGRA~1\GOOGLE\GOOGLE~4\BAK

0 File 0 byte
2 Directory 102.507.913.216 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 183E-41C5

Directory di C:\PROGRA~1\SKYPE\PHONE\BAK

0 File 0 byte
2 Directory 102.507.913.216 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 183E-41C5

Directory di C:\PROGRA~2\HEWLET~1\ORDERR~1\BAK

0 File 0 byte
2 Directory 102.507.909.120 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 183E-41C5

Directory di C:\PROGRA~1\3DO\UPRISI~1\BAK\BAK

08/06/2006 14.48 0 _sav_.slk
1 File 0 byte
2 Directory 102.507.909.120 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 183E-41C5

Directory di C:\PROGRA~1\3DO\UPRISI~1\CUSTOM\BAK

08/06/2006 14.52 0 _sav_.slk
1 File 0 byte
2 Directory 102.507.909.120 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 183E-41C5

Directory di C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

0 File 0 byte
2 Directory 102.507.909.120 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 183E-41C5

Directory di C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

0 File 0 byte
2 Directory 102.507.909.120 byte disponibili

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

0 8 Jun 2006 "C:\Programmi\3DO\Uprising 2\bak\bak\_sav_.slk"
0 8 Jun 2006 "C:\Programmi\3DO\Uprising 2\Custom\bak\_sav_.slk"
11768792 27 Oct 2005 "C:\musica\interessante\GoogleEarth-0693.exe"
52272 27 Jan 2007 "C:\Programmi\Google\googletoolbar4user.exe"
1836080 1 Aug 2007 "C:\Programmi\Google\Google Desktop Search\GoogleDesktopSetup.exe"
124912 15 Aug 2007 "C:\Programmi\Google\Google Updater\GoogleUpdater.exe"
69632 12 Sep 2007 "C:\Programmi\Google\Google Earth\googleearth.exe"
4927488 11 Jul 2006 "C:\Programmi\Google\Google Video Player\GoogleVideoPlayer.exe"
68856 2 Jun 2007 "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
26694 6 Oct 2007 "C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe"
19889568 25 Jun 2006 "C:\Documents and Settings\Salardi 1\Desktop\google earth\GoogleSketchUpWEN.exe"
138680 2 Jun 2007 "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
1836544 1 Aug 2007 "C:\Programmi\Google\Google Desktop Search\bak\GoogleDesktop.exe"
1831936 2 Jun 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp1\GoogleDesktopSetupHelper.exe"
1836544 1 Aug 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp2\GoogleDesktopSetupHelper.exe"
1836544 1 Aug 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp3\GoogleDesktopSetupHelper.exe"
1836544 9 Dec 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp4\GoogleDesktopSetupHelper.exe"
1836544 9 Dec 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp5\GoogleDesktopSetupHelper.exe"
124912 15 Aug 2007 "C:\Programmi\Google\Google Updater\2.2.940.34809\GoogleUpdaterRestartManager.exe"
0 8 Jun 2006 "C:\Programmi\3DO\Uprising 2\bak\bak\_sav_.slk"
0 8 Jun 2006 "C:\Programmi\3DO\Uprising 2\Custom\bak\_sav_.slk"
0 8 Jun 2006 "C:\Programmi\3DO\Uprising 2\bak\bak\_sav_.slk"
0 8 Jun 2006 "C:\Programmi\3DO\Uprising 2\Custom\bak\_sav_.slk"

end of report

bdoriano

FindAWF è pulito.
Hai fatto questo passaggio:

salla · Mortale devoto Registrato: 12/01/08 20:40 Messaggi: 11

intanto avevo rifatto il log con hijackthis...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.36.47, on 13/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\antispiware, antimalware\adaware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\DNA\btdna.exe
C:\antispiware, antimalware\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\USRobotics\Wireless USB Manager\USR54G.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\DesktopEarth\DesktopEarth.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ANTISP~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\antispiware, antimalware\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: USRobotics Wireless USB Adapter.lnk = C:\Programmi\USRobotics\Wireless USB Manager\USR54G.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?7cbd2d590af348468291384b7e141842
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?7cbd2d590af348468291384b7e141842
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ANTISP~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ANTISP~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0102E6B6-BECC-49CA-A342-951422E508AB}: NameServer = 85.37.17.10 85.38.28.86
O17 - HKLM\System\CS2\Services\Tcpip\..\{0102E6B6-BECC-49CA-A342-951422E508AB}: NameServer = 85.37.17.10 85.38.28.86
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\antispiware, antimalware\adaware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 10579 bytes
ora provvedo a fare il resto.

salla · Mortale devoto Registrato: 12/01/08 20:40 Messaggi: 11

eccomi di nuovo con combofix... non mi convince molto però, perchè mentre eseguiva mi ha dato alcuni errori di windows...

ComboFix 08-01-09.2 - Salardi 1 2008-01-13 12.43.44.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.136 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Salardi 1\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Creati Da 2007-12-13 al 2008-01-13 )))))))))))))))))))))))))))))))))))
.

2008-01-13 01:44 . 2008-01-13 03:23 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-01-13 01:40 . 2008-01-13 01:40 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-01-12 21:59 . 2008-01-13 01:19 3,972 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-12 21:58 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-12 21:58 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-12 21:58 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-12 21:58 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-12 21:05 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 20:13 . 2008-01-13 12:36 <DIR> d-------- C:\hijackthis
2008-01-12 18:21 . 2008-01-12 18:21 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-12 18:21 . 2008-01-12 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-01-10 23:46 . 2008-01-12 20:51 <DIR> d-------- C:\WINDOWS\system32\bak
2008-01-06 01:46 . 2008-01-10 23:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-06 01:46 . 2008-01-06 01:46 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-16 20:13 . 2007-12-16 20:20 <DIR> d-------- C:\Documents and Settings\Salardi 1\Dati applicazioni\BitTorrent
2007-12-16 20:12 . 2008-01-12 20:51 <DIR> d-------- C:\Programmi\DNA
2007-12-16 20:12 . 2008-01-13 12:36 <DIR> d-------- C:\Documents and Settings\Salardi 1\Dati applicazioni\DNA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 11:36 --------- d-----w C:\Documents and Settings\Salardi 1\Dati applicazioni\Skype
2008-01-13 02:36 --------- d-----w C:\Programmi\BearShare
2008-01-13 00:39 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-01-12 21:33 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-01-12 21:16 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-01-12 19:51 --------- d-----w C:\Programmi\QuickTime
2008-01-12 19:51 --------- d-----w C:\Programmi\Norton AntiVirus
2008-01-10 22:46 --------- d-----w C:\Programmi\MSN Messenger
2008-01-08 01:52 --------- d-----w C:\Programmi\Mozilla Thunderbird
2007-12-31 17:48 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-31 17:48 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-31 17:48 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-31 17:48 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-31 17:48 --------- d-----w C:\Programmi\Symantec
2007-12-12 10:16 --------- d-----w C:\Programmi\Java
2007-12-11 08:46 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2007-12-09 17:59 --------- d-----w C:\Programmi\WinMX
2007-12-09 17:58 --------- d-----w C:\Programmi\3DO
2007-12-09 17:39 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2007-12-09 17:17 --------- d-----w C:\Programmi\Google
2007-12-06 12:11 --------- d-----w C:\Documents and Settings\Salardi 1\Dati applicazioni\vlc
2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-30 02:03 --------- d-----w C:\Programmi\Windows Live Toolbar
2007-11-17 18:48 --------- d-----w C:\Programmi\CDBurnerXP
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:27 727,552 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-30 18:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-30 18:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-29 22:42 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-12_21.24.25.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-13 00:40:48 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2008-01-13 00:40:49 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2008-01-13 00:40:48 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2008-01-13 00:40:49 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
+ 2007-07-11 12:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-08-07 11:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-08-07 11:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 0 2006-06-08 13:48:44 C:\Programmi\3DO\Uprising 2\bak\bak\_sav_.slk

----a-w 0 2006-06-08 13:48:44 C:\Programmi\3DO\Uprising 2\bak\bak\_sav_.slk

----a-w 0 2006-06-08 13:52:40 C:\Programmi\3DO\Uprising 2\Custom\bak\_sav_.slk

----a-w 1,836,544 2007-08-01 18:54:36 C:\Programmi\Google\Google Desktop Search\bak\GoogleDesktop.exe
----a-w 14,348 2008-01-10 22:51:46 C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2006-05-19 17:11 18577448]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-02 00:40 68856]
"BitTorrent DNA"="C:\Programmi\DNA\btdna.exe" [2007-12-16 20:12 290112]
"SpybotSD TeaTimer"="C:\antispiware" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-05-03 11:21 67584 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2004-05-13 08:19 2540544 C:\WINDOWS\ALCWZRD.EXE]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 21:05 339968]
"QuickTime Task"="C:\Programmi\QuickTime\bak\qttask.exe" [ ]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="C:\Programmi\Norton AntiVirus\osCheck.exe" [2007-01-14 00:11 771704]
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-10 23:51 14348]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-12-21 10:00 98304]
"Symantec PIF AlertEng"="C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00 15360]

C:\Documents and Settings\Salardi 1\Menu Avvio\Programmi\Esecuzione automatica\
DesktopEarth AutoStart.lnk - C:\Documents and Settings\Salardi 1\Dati applicazioni\Microsoft\Installer\{D87176E9-ECD0-48C6-8E8B-B0054781DFB4}\_2B52280D74B238E888B1F2.exe [2006-03-14 18:05:37]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
USRobotics Wireless USB Adapter.lnk - C:\Programmi\USRobotics\Wireless USB Manager\USR54G.exe [2006-04-14 13:18:30]
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2006-12-31 19:36:53]
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [2007-06-02 00:39:35]
NkbMonitor.exe.lnk - C:\Programmi\Nikon\PictureProject\NkbMonitor.exe [2005-04-09 13:06:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL

R2 NMSAccessU;NMSAccessU;C:\Programmi\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34]
R2 PPPoEService;PPPoE Service;C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe [2000-07-11 09:48]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 10:54]
R3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver;C:\WINDOWS\system32\DRIVERS\ntspppoe.sys [2002-03-06 10:44]
R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-19 13:00]
S3 NTSTPL1;NTSTPL1;C:\PROGRA~1\Alice\ALICEE~1\app\NTSTPL1.SYS [2002-03-06 10:42]
S3 RAWESR;RAWESR;C:\PROGRA~1\Alice\ALICEE~1\app\RAWESR.SYS [2002-03-06 10:39]
S3 TAPBIND;TAPBIND;C:\PROGRA~1\Alice\ALICEE~1\app\TAPBIND1.SYS [2002-03-06 10:42]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USRWGU(USR);USRobotics Wireless USB Adapter(USR);C:\WINDOWS\system32\DRIVERS\USRWGU.sys [2005-12-29 16:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f756de5a-9c53-11dc-9bde-00036f201f43}]
\Shell\AutoRun\command - RavMon.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-08 02:09:35 C:\WINDOWS\Tasks\Norton AntiVirus - Scansione completa sistema - Salardi 1.job"
- C:\Programmi\Norton AntiVirus\Navw32.exei/TASK:
"2008-01-13 09:13:02 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.

salla · Mortale devoto Registrato: 12/01/08 20:40 Messaggi: 11

qui il risultato della scansione con panda software:

Incident Status Location

Adware:adware/gxb Not disinfected Windows Registry
Adware:adware/abox Not disinfected Windows Registry
Dialer:dialer.asl Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1426AC5-8CE5-4A00-B71E-011D35709AC6}
Dialer:dialer.py Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8522F9B3-38C5-4AA4-AE40-7401F1BBC851}
Dialer:dialer.dk Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91433D86-9F27-402C-B5E3-DEBDD122C339}
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/atiptaxx.exe]
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/btdna.exe]
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/ccApp.exe]
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/GoogleToolbarNotifier.exe]
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/jusched.exe]
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/MotiveSB.exe]
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/NeroCheck.exe]
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/OrderReminder.exe]
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/osCheck.exe]
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/qttask.exe]
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/Reader_sl.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\ComboFix\nircmd.cfexe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\ComboFix\nircmd.com
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Salardi 1\Dati applicazioni\Mozilla\Firefox\Profiles\5okdl599.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Salardi 1\Dati applicazioni\Mozilla\Firefox\Profiles\5okdl599.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Salardi 1\Dati applicazioni\Mozilla\Firefox\Profiles\5okdl599.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Salardi 1\Dati applicazioni\Mozilla\Firefox\Profiles\5okdl599.default\cookies.txt[.adtech.de/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Salardi 1\Dati applicazioni\Mozilla\Firefox\Profiles\5okdl599.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Adverserve Not disinfected C:\Documents and Settings\Salardi 1\Dati applicazioni\Mozilla\Firefox\Profiles\5okdl599.default\cookies.txt[.adverserve.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Salardi 1\Dati applicazioni\Mozilla\Firefox\Profiles\5okdl599.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Salardi 1\Dati applicazioni\Mozilla\Firefox\Profiles\5okdl599.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Salardi 1\Dati applicazioni\Mozilla\Firefox\Profiles\5okdl599.default\cookies.txt[.com.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Salardi 1\Dati applicazioni\Mozilla\Firefox\Profiles\5okdl599.default\cookies.txt[.overture.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Salardi 1\Dati applicazioni\Mozilla\Firefox\Profiles\5okdl599.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Salardi 1\Dati applicazioni\Mozilla\Firefox\Profiles\5okdl599.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Salardi 1\Dati applicazioni\Mozilla\Firefox\Profiles\5okdl599.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Salardi 1\Dati applicazioni\Mozilla\Firefox\Profiles\5okdl599.default\cookies.txt[.xiti.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Salardi 1\Dati applicazioni\Mozilla\Firefox\Profiles\5okdl599.default\cookies.txt[ad.yieldmanager.com/]
Dialer:Dialer.Gen Not disinfected C:\Documents and Settings\Salardi 1\Desktop\appunti[1].exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Salardi 1\Desktop\ComboFix.exe[nircmd.com]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Salardi 1\Desktop\ComboFix.exe[nircmd.cfexe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Salardi 1\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Salardi 1\Desktop\SmitfraudFix\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Salardi 1\Desktop\SmitfraudFix\restart.exe
Virus:Trj/Downloader.RSD Disinfected C:\Documents and Settings\Salardi 1\Impostazioni locali\Temp\3003379824.exe
Dialer:Dialer.Gen Not disinfected C:\Documents and Settings\Salardi 1\Menu Avvio\appunti[1].exe
Adware:Adware/SuperSpider Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\winbug32.dll.vir
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe

bdoriano

Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.