Pagine che si aprono da sole...

[Eberna]

Buongiorno,
ho un problema che a quanto pare appartiene a molti. Mi si aprono pagine web indesiderate.
Ho provato con diversi sistemi ( antivirus, spybot, malwarebytes, ecc.), ma senza risultato.
Ho provato a far girare HijackThis ma non capisco nulla del report che mi da alla fine.

Grazie

[Eberna]

Report :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:06:46, on 24.01.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Fujitsu HandyDrive\Password\F3EJTHDD.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Motive\McciCMService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Spyware Doctor\pctsAuxs.exe
C:\Programmi\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Programmi\Spyware Doctor\pctsTray.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickHelp2\QuickHelp.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\DoubleD\Desktop Smiley Toolbar\3.6.1.7000\stbapp.exe
C:\Programmi\DNA\btdna.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Programmi\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Programmi\DoubleD\Desktop Smiley Toolbar\3.6.1.7000\stbappHelper.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre6\bin\jucheck.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://WWW.BLUEWIN.CH/INDEX_I.HTML
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Programmi\Internet Saving Optimizer\2.0.0.2440\NPIEAddOn.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926. 3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Programmi\System Search Dispatcher\1.2.0.750\ssd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Offliner AdFilter Helper - {DC9377A2-2E8D-44A1-99DB-F8A821DF254D} - C:\WINDOWS\system32\SiPlugins.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Desktop Smiley Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Programmi\DoubleD\Desktop Smiley Toolbar\3.6.1.7000\stb0.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AdsCleaner Links Bar - {A8415B7A-F661-4D31-92D7-4398E50483DF} - C:\PROGRA~1\SOFTIN~1\ADSCLE~1\PAKIEGUI.dll (file missing)
O3 - Toolbar: AdsCleaner Bar - {75CD0BC5-E317-449C-9FF6-4986B3D48F64} - C:\PROGRA~1\SOFTIN~1\ADSCLE~1\PAKIEGUI.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISTray] "C:\Programmi\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickHelp2_McciTrayApp] C:\Programmi\QuickHelp2\QuickHelp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Programmi\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [SmileyApp] C:\Programmi\DoubleD\Desktop Smiley Toolbar\3.6.1.7000\stbapp.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [AdsCleaner] C:\Programmi\SoftInform\AdsCleaner Trial\AdsCleaner.exe /MIN
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Utilità controllo supporti di Cyber-shot Viewer.lnk = C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Programmi\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AdsCleaner Bar - {B5D8F853-BEC9-4F9C-B3C9-0F744B6869D1} - C:\PROGRA~1\SOFTIN~1\ADSCLE~1\PAKIEGUI.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{58B75CA3-C38C-4C39-8B43-7D4DF1EF1BE9}: NameServer = 195.186.1.111,195.186.4.111

[Eberna]

report parte 2:

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: HandyDrive Password Lock Tool Service (F3EJTHDD) - FUJITSU LIMITED - C:\Programmi\Fujitsu HandyDrive\Password\F3EJTHDD.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Programmi\File comuni\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe

--
End of file - 13443 bytes

[Deifobe]

ciao,

Scarica e installa malwarebytes.
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto.


poi, scarica SystemScan - disconnetti il pc da internet => disattiva l'antivirus => esegui systemscan => clicca su "Scan Now". Finita la scansione, riattiva l'antivirus... carica il rapporto che trovi sul desktop su Freefilehosting e posta sul forum il link ottenuto.

nota: systemscan viene riconosciuto come infetto per il tipo di scansione effettuata (è un falso positivo). La procedura postata è sicura.

[Eberna]

Malwarebytes' Anti-Malware 1.33
Versione del database: 1678
Windows 5.1.2600 Service Pack 3

24.01.2009 15:40:41
mbam-log-2009-01-24 (15-40-41).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 131956
Tempo trascorso: 34 minute(s), 16 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

[Eberna]

Ecco il link suspect file:
Dimenticavo... grazie per l'interessamento al mio problema...

http://freefilehosting.net/download/44bkh

[Deifobe]

ciao,
prima di scervellarmi inutilmente, mi posti il rapporto di combofix, cortesemente?

[Eberna]

ComboFix 09-01-21.04 - Ciao 2009-01-24 17:12:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.347 [GMT 1:00]
Eseguito da: c:\documents and settings\Ciao\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090123-0] *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((( Files Creati Da 2008-12-24 al 2009-01-24 )))))))))))))))))))))))))))))))))))
.

2009-01-24 16:48 . 2009-01-24 16:48 <DIR> d-------- c:\programmi\Navilog1
2009-01-24 16:47 . 2009-01-24 16:47 <DIR> d-------- c:\programmi\CCleaner
2009-01-24 14:50 . 2009-01-24 14:50 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Internet Saving Optimizer
2009-01-22 17:13 . 2009-01-22 17:13 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Motive
2009-01-22 16:47 . 2009-01-22 16:47 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2009-01-22 16:37 . 2009-01-22 16:37 <DIR> d-------- c:\documents and settings\Ciao\Dati applicazioni\Malwarebytes
2009-01-22 16:36 . 2009-01-22 16:37 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-01-22 16:36 . 2009-01-22 16:36 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-01-22 16:36 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-22 16:36 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-12 21:24 . 2009-01-12 21:24 <DIR> d-------- c:\programmi\Lavasoft
2009-01-12 21:24 . 2009-01-12 21:27 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-01-12 21:23 . 2009-01-12 21:23 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2009-01-12 21:22 . 2009-01-22 17:12 <DIR> d-------- c:\programmi\SmartPopupBlocker
2009-01-03 17:52 . 2009-01-03 17:52 <DIR> d-------- c:\programmi\Trend Micro
2009-01-03 17:06 . 2009-01-03 17:06 <DIR> d-------- c:\documents and settings\Ciao\Dati applicazioni\SoftInform
2009-01-03 17:03 . 2009-01-12 23:27 <DIR> d-------- c:\programmi\SoftInform
2009-01-03 17:03 . 2009-01-03 17:08 <DIR> d-------- c:\documents and settings\Ciao\Dati applicazioni\AdsCleaner
2009-01-03 12:21 . 2009-01-03 12:21 68,628 --ah----- c:\windows\system32\mlfcache.dat
2009-01-02 21:58 . 2009-01-02 21:58 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_C oinstaller_Critical.Wdf
2009-01-02 21:58 . 2009-01-02 21:58 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ggsemc_010 07.Wdf
2009-01-02 21:57 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2009-01-02 21:52 . 2009-01-02 21:52 1,107,296 --a------ c:\windows\system32\WdfCoInstaller01007.dll
2008-12-28 16:44 . 2008-12-28 16:44 <DIR> d-------- c:\documents and settings\Ciao\Dati applicazioni\Sony
2008-12-28 16:44 . 2008-12-28 16:44 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Sony
2008-12-28 16:37 . 2008-12-28 16:37 <DIR> d-------- c:\documents and settings\Ciao\Dati applicazioni\Internet Saving Optimizer
2008-12-28 16:10 . 2008-12-28 16:13 <DIR> d--h-c--- c:\documents and settings\All Users\Dati applicazioni\{4B7788ED-BF55-41B7-98E0-92442036B28E}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2009-01-24 16:11 --------- d-----w c:\documents and settings\Ciao\Dati applicazioni\DNA
2009-01-24 13:51 --------- d-----w c:\programmi\DNA
2009-01-24 13:48 --------- d-----w c:\programmi\Spyware Doctor
2009-01-24 13:44 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-01-23 14:00 --------- d-----w c:\programmi\Norton Security Scan
2009-01-13 20:21 --------- d-----w c:\programmi\Spybot - Search & Destroy
2009-01-13 20:21 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-01-12 20:08 --------- d--h--w c:\programmi\Zero G Registry
2009-01-12 20:04 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-03 11:19 --------- d-----w c:\documents and settings\Ciao\Dati applicazioni\Apple Computer
2009-01-02 20:52 22,368 ----a-w c:\windows\system32\drivers\ggsemc.sys
2009-01-02 20:52 10,976 ----a-w c:\windows\system32\drivers\ggflt.sys
2008-12-28 15:36 --------- d-----w c:\programmi\QuickTime
2008-12-28 15:29 --------- d-----w c:\programmi\Sony Ericsson
2008-12-28 15:29 --------- d-----w c:\programmi\Sony
2008-12-28 15:16 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Sony Ericsson
2008-12-28 15:14 --------- d-----w c:\programmi\Internet Saving Optimizer
2008-12-27 04:31 --------- d-----w c:\documents and settings\Ciao\Dati applicazioni\BitTorrent
2008-12-26 14:01 --------- d-----w c:\programmi\File comuni\Symantec Shared
2008-12-17 17:36 --------- dc-h--w c:\documents and settings\All Users\Dati applicazioni\{11B44B27-11B6-4109-AEAF-C118DFA4B753}
2008-12-17 16:19 --------- d-----w c:\programmi\Google
2008-12-15 19:53 --------- d-----w c:\programmi\eMule
2008-12-13 06:36 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 19:51 --------- d-----w c:\documents and settings\Ciao\Dati applicazioni\PlayFirst
2008-12-11 19:51 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\PlayFirst
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-09 14:57 --------- d-----w c:\programmi\eTax.ticino2007
2008-12-09 11:39 --------- d-----w c:\programmi\File comuni\Teleca Shared
2008-12-07 21:02 --------- d-----w c:\programmi\Zattoo
2008-12-06 19:40 --------- d-----w c:\programmi\File comuni\Adobe
2008-12-06 13:09 --------- dc-h--w c:\documents and settings\All Users\Dati applicazioni\{3BC09CD6-FAC6-4518-9623-54480BBCD96B}
2008-11-27 00:40 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-11-27 00:40 --------- d-----w c:\programmi\Java
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
2007-06-13 21:07 774,144 ----a-w c:\programmi\RngInterstitial.dll
2008-10-05 18:17 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazi oni locali\Cronologia\History.IE5\MSHist01200810052008 1006\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" [2007-03-12 67128]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\G oogleToolbarNotifier.exe" [2007-07-04 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"SmileyApp"="c:\programmi\DoubleD\Desktop Smiley Toolbar\3.6.1.7000\stbapp.exe" [2008-12-17 598248]
"BitTorrent DNA"="c:\programmi\DNA\btdna.exe" [2008-12-19 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\j usched.exe" [2008-11-27 136600]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\P DVDServ.exe" [2004-11-02 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-09-07 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScI nst.exe" [2004-09-07 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-09-07 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-09-07 455168]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-18 49152]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.e xe" [2008-09-10 289576]
"QuickHelp2_McciTrayApp"="c:\programmi\QuickHelp2\ QuickHelp.exe" [2007-11-01 1474048]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-11-07 185872]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2008-11-26 81000]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 c:\windows\RTHDCPL.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Ciao\Menu Avvio\Programmi\Esecuzione automatica\
Utilit… controllo supporti di Cyber-shot Viewer.lnk - c:\programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-07-04 155648]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-11-10 45056]
Acer WLAN 11g USB Dongle.lnk - c:\programmi\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2007-03-12 67128]
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2006-11-14 450560]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"c:\\Programmi\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\program files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Zattoo\\Zattoo2.exe"=
"c:\\Programmi\\Zattoo\\Zattoo1.exe"=
"c:\\Programmi\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:eMULE-TPC
"4672:UDP"= 4672:UDP:eMULE-UDP

R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2004-12-15 76544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-14 111184]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2009-01-14 20560]
R4 F3EJTHDD;HandyDrive Password Lock Tool Service;c:\programmi\Fujitsu HandyDrive\Password\F3EJTHDD.EXE [2008-10-07 45056]
S3 athrusb6;Siemens Wireless LAN USB device driver 6 Series;c:\windows\system32\drivers\athru6.sys [2008-10-22 873472]
S3 CBPSp50;CBPSp50 NDIS Protocol Driver;c:\windows\system32\drivers\CBPSp50.sys [2008-10-22 20096]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-07-11 10976]
S3 ZD1211BU(Siemens);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(Siemens);c:\windows\system32\drivers\ZD1211B U.sys [2005-10-28 450560]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contenuto della cartella 'Scheduled Tasks'

2009-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-23 c:\windows\Tasks\Norton Security Scan.job
- c:\programmi\Norton Security Scan\Nss.exe [2007-09-18 23:42]
.
.

[Eberna]

------- Scansione supplementare -------
.
uStart Page = hxxp://WWW.BLUEWIN.CH/INDEX_I.HTML
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {58B75CA3-C38C-4C39-8B43-7D4DF1EF1BE9} = 195.186.1.111,195.186.4.111
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Ciao\Dati applicazioni\Mozilla\Firefox\Profiles\s9k7bzkr.def ault\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.google.ch
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\npr pbrowserrecordplugin.dll
FF - component: c:\programmi\DoubleD\Desktop Smiley Toolbar\3.6.1.7000\FFToolbar\components\SmileyCore .dll
FF - component: c:\programmi\Internet Saving Optimizer\2.0.0.2440\FF\components\NPFFAddOn.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\programmi\Real\RealArcade\Plugins\Mozilla\nprac plug.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 17:13:46
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

************************************************** ************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1732)
c:\windows\system32\Ati2evxx.dll
c:\programmi\Funk Software\Odyssey Client\odLogin.dll
.
Ora fine scansione: 2009-01-24 17:15:25
ComboFix-quarantined-files.txt 2009-01-24 16:15:23
ComboFix2.txt 2009-01-24 13:58:22

Pre-Run: 86'171'332'608 byte disponibili
Post-Run: 86,158,696,448 byte disponibili

207 --- E O F --- 2009-01-15 00:14:25

[Deifobe]

vai su Virustotal, analizza questi tre file e posta i link alle scansioni:

C:\WINDOWS\system32\SiPlugins.dll
C:\WINDOWS\system32\SiRPCPrx3.dll
C:\WINDOWS\system32\SiRPCSrv3.dll