Troppe finestre impazzite...

[Markooo]

Salve a tutti,
mentre navigo ogni tanto escono decine e decine di finestrelle del Norton che non riuscirebbe ad inviare una mail a non so chi....
Temo sia qualcosa di poco bello.
Questo il log di hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11.14.07, on 26/11/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Programmi\MarkAny\ContentSafer\MAAgent.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Atheros\ACU.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Programmi\Nuance\PaperPort\pptd40nt.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Nuance\PDF Viewer Plus\pdfpro5hook.exe
C:\Programmi\Browny02\Brother\BrStMonW.exe
C:\WINDOWS\Temp\temp66.exe
C:\Programmi\ControlCenter4\BrCtrlCntr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Dati applicazioni\FLEXnet\Connect\11\ISUSPM.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\sistray.exe
C:\Programmi\ControlCenter4\BrCcUxSys.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Browny02\BrYNSvc.exe
C:\Programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Marco\Documenti\Download\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Programmi\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Programmi\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ACU] C:\Programmi\Atheros\ACU.exe -nogui
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [IndexSearch] "C:\Programmi\Nuance\PaperPort\IndexSearch.exe "
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Programmi\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [PPort12reminder] "C:\Programmi\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Dati applicazioni\ScanSoft\PaperPort\12\Config\Ereg\Ere g.ini"
O4 - HKLM\..\Run: [PDFHook] C:\Programmi\Nuance\PDF Viewer Plus\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Programmi\Nuance\PDF Viewer Plus\RegistryController.exe
O4 - HKLM\..\Run: [ControlCenter4] C:\Programmi\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Programmi\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [SonyAgent] C:\WINDOWS\Temp\temp66.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] C:\Documents and Settings\All Users\Dati applicazioni\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Policies\Explorer\Run: [Softonic] C:\Documents and Settings\Marco\Dati applicazioni\96D932\96D932.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Programmi\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Apri con PDF Viewer Plus - res://C:\Programmi\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Servizio di configurazione Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Programmi\Browny02\BrYNSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Programmi\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O24 - Desktop Component 0: (no name) - http://www.gazzettadiparma.it/mediag...50866136_0.JPG

--
End of file - 8977 bytes

[menatwork]

ciao sei infetto inizia col rimuovere queste righe che partono all'avvio

riesegui hijackthis metti l a spunta accanto alle voci che ti indico e premi fix checked

O4 - HKLM\..\Run: [SonyAgent] C:\WINDOWS\Temp\temp66.exe

O4 - HKCU\..\Policies\Explorer\Run: [Softonic] C:\Documents and Settings\Marco\Dati applicazioni\96D932\96D932.exe

scarica questi programmi e mettili sul desktop

malwarebytes


combofix


avvia malwarebytes

Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.


lancia combofix


alla richiesta se vuoi installare la recovery console clicca su NO

esegui ComboFix.exe

segui le instruzioni

finita la scansione portati in C:\ e allega nella tua prossima risposta, il contenuto del file di testo Combofix.txt


come usare correttamente combofix

[Markooo]

Grazie Menatwork
Allora malwarebytes mi ha fatto eliminare :
- Trojan.Lameshield
- Trojan.GarbRan.DI2

Il report di ComboFix è questo:

ComboFix 12-11-26.01 - Marco 26/11/2012 15.20.33.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.701.325 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Marco\Desktop\ComboFix.exe

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )


C:\Documents and Settings\All Users\Dati applicazioni\TEMP
C:\Documents and Settings\Marco\Dati applicazioni\96D932
C:\Documents and Settings\Marco\Dati applicazioni\96D932\96D932.exe
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\URTTemp
C:\WINDOWS\system32\URTTemp\fusion.dll
C:\WINDOWS\system32\URTTemp\mscoree.dll
C:\WINDOWS\system32\URTTemp\mscoree.dll.local
C:\WINDOWS\system32\URTTemp\mscorsn.dll
C:\WINDOWS\system32\URTTemp\mscorwks.dll
C:\WINDOWS\system32\URTTemp\msvcr71.dll
C:\WINDOWS\system32\URTTemp\regtlib.exe
C:\WINDOWS\system32\wpcap.dll


((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Creati Da 2012-10-26 al 2012-11-26 )))))))))))))))))))))))))))))))))))


2012-11-26 11:27:20 . 2012-09-29 18:54:26 22856 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2012-11-26 09:19:10 . 2012-11-26 09:19:10 50704 ----a-w- C:\WINDOWS\system32\drivers\npf.sys
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )

2012-10-27 08:04:58 . 2012-06-24 17:17:44 261600 ----a-w- C:\Programmi\mozilla firefox\components\browsercomps.dll


((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))


*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ISUSPM"="C:\Documents and Settings\All Users\Dati applicazioni\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 14:06:06 222496]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2008-04-13 18:14:14 1695232]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 18:14:04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [X]
"SoundMan"="SOUNDMAN.EXE" [2010-02-06 18:20:18 77824]
"SiSPower"="SiSPower.dll" [2010-02-06 18:29:22 49152]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2005-03-04 12:13:04 32768]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2006-04-04 11:02:02 71304]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2010-02-18 13:06:43 95960]
"SMSTray"="C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 14:32:56 126976]
"MAAgent"="C:\Programmi\MarkAny\ContentSafer\MAAge nt.exe" [2007-01-30 18:36:30 57344]
"SunJavaUpdateSched"="C:\Programmi\File comuni\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696]
"ACU"="C:\Programmi\Atheros\ACU.exe" [2005-01-31 06:05:50 253952]
"IndexSearch"="C:\Programmi\Nuance\PaperPort\Index Search.exe" [2010-03-08 22:37:26 46368]
"PaperPort PTD"="C:\Programmi\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 22:42:02 29984]
"PPort12reminder"="C:\Programmi\Nuance\PaperPort\E reg\Ereg.exe" [2010-02-09 11:42:26 328992]
"PDFHook"="C:\Programmi\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 18:11:30 636192]
"PDF5 Registry Controller"="C:\Programmi\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 17:11:04 62752]
"ControlCenter4"="C:\Programmi\ControlCenter4\BrCc Boot.exe" [2011-04-20 15:53:38 139264]
"BrStsMon00"="C:\Programmi\Browny02\Brother\BrStMo nW.exe" [2010-12-23 13:36:46 2629632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-13 18:14:04 15360]
"ALUAlert"="C:\Programmi\Symantec\LiveUpdate\ALUNo tify.exe" [2003-08-20 09:20:42 54424]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Programmi\Nuanc e\PaperPort\PDFProFiltSrvPP.exe [08/03/2010 23.40.36 144672]
R3 BrYNSvc;BrYNSvc;C:\Programmi\Browny02\BrYNSvc.exe [12/10/2012 12.28.05 245760]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\drivers\HSFH WSIS.sys [06/02/2010 19.32.13 200576]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - WS2IFSL

Contenuto della cartella 'Scheduled Tasks'

2012-11-09 C:\WINDOWS\Tasks\Norton AntiVirus - Scansione del computer.job
- C:\PROGRA~1\NORTON~1\Navw32.exe [2003-08-22 18:31:36 . 2003-12-04 20:14:22]

2012-11-26 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Programmi\Symantec\LiveUpdate\NDETECT.EXE [2010-02-18 12:18:21 . 2003-08-20 09:20:42]


------- Scansione supplementare -------

uStart Page = hxxp://www.libero.it/
uInternet Connection Wizard,ShellNext = iexplore
IE: Apri con PDF Viewer Plus - C:\Programmi\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Documents and Settings\Marco\Dati applicazioni\Mozilla\Firefox\Profiles\2b3np02r.def ault\
FF - prefs.js: browser.startup.homepage - hxxp://www.libero.it/
FF - prefs.js: network.proxy.type - 0

- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-Locked - (no file)

Prima di fare questi procedimenti fondamentali che mi hai consigliato stavo comunque notando che il problema sembrava terminato una volta che avevo disattivato totalmente Norton (la scansione delle e-mail), ma a quanto pare si sarebbe sicuramente ripresentato....

Ora posso considerare pulito il sistema?

grazie mille ciao

[menatwork]

per cortesia posta il log di malwarebytes lo trovi aprendo il programma nel tabellino ''log'' poi fai anche questa scansione

Scarica OTL e salvalo sul desktop

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta su minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend,

[Markooo]

Buongiorno,
questo il log di malwarebytes:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Versione database: v2012.11.26.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Marco :: MARK-NBCVDQZ5JP [amministratore]

26/11/2012 12.29.13
mbam-log-2012-11-26 (12-29-13).txt

Tipo di scansione: Scansione completa (C:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 229072
Tempo impiegato: 23 minuti, 42 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 2
C:\Documents and Settings\Marco\Impostazioni locali\temp\1C2.tmp (Trojan.GarbRan.DI2) -> Spostato in quarantena ed eliminato con successo.
C:\WINDOWS\Temp\temp66.exe (Trojan.Lameshield) -> Spostato in quarantena ed eliminato con successo.

(fine)




OTL.Txt

Extras.Txt