www.MegaLab.it

[markinson]

Solo un piccolo piccolo inciso ...

Il file hosts non è infetto, sono modifiche fatte dal vecchio winmx http://it.wikipedia.org/wiki/WinMX
non so nemmeno se sono ancora valide visto che il sito principale non esiste più.

Per questo le avevo definite "zozzerie" (= "cose inutili") ...
Sarò troppo rigido, ma il mio file host quando ha 127.0.0.1 localhost ... è già abbastanza, anzi ... troppo!

Passo comunque la palla!!! A volte mi avventuro in terreni che non sono proprio i miei ...

[Cavaliere]

Ragazzi ancora non ho fatto la pulizia di nessun programma iniziero' domani mattina seguendo prima la pulizia del pc base consigliata da fabrix con l'aggiunta del SOFTWARE PER Rigenerare il filehosts data da FDAC !

e poi vi faccio sapere...


Intanto grazie per i tanti consigli....

[Palpas]

Spero di essermi chiarito, amico Palpas :)

si adesso ho capito

[FDAC]

Bene, intanto ho scaricato una marea di guide presenti in questo sito, davvero utili.

[Cavaliere]

Ciao a tutti ragazzi ho mandato alle 12 la scansione di antivir sull'altro pc e fin ora ha trovato gia' 32 detections......

[FDAC]

Aspettiamo che tu esegua le operazioni che ti abbiamo suggerito.
Saluti.

[Cavaliere]

Ragazzi dopo 6 ore di scansione, ho fatto applynow hai virus trovati e mentre li portava in quarantena mi e' apparsa AVSCAN.EXE errore NON INVIARE E si e' chiuso....

[FDAC]

Posta un log aggiornato di HJT.

[Cavaliere]

FDAC ho rilanciato la scansione togliendo un harddisk esterno ilq uale per ora non mi interessa scansionarlo dovrebbe finire fra due ore vediamo un po' che esce e poi vedo se riesco a fare l'altro software in provvisoria....e vi ffaccio sapere...

[Uomo_Senza_Sonno]

Scusate se mi intrometto, ma con tutti questi problemi e rilevazioni varie, non sarebbe meglio utilizzare un rescue disk? Mi viene in mente perché le infezioni sembrano estese e nei tentativi di rimozione si generano errori nel sistema.

Io ne propongo due, davvero molto utili al momento del bisogno:

Kaspersky Rescue Disk

Avira AntiVir Rescue System

[Cavaliere]

Ciao uomo, allora questa mattina dopo aver scansionato tutta la notte, quando sono andato a fare apply now per passare tutti file in quarantena arrivato all'80% Antivir si e' bloccato nuovamente dando lo stesso medesimo errore di ieri, AVSCAN.EXE, ora pero' sono passato al passaggio successivo ossia scansione completa con Malwarebytes vediamo cosa trova.

Uomo quei software che consigli tu devo lanciarli in modalita' provvisoria? e a cosa servono?


N.B. Non ho comunque disattivato il ripristino di sistema.

[Uomo_Senza_Sonno]

i rescue disk sono degli antivirus bootabili (mettiamola così in soldoni) e non devi fare altro che masterizzare su cd e avviare il pc facendo eseguire il boot da cd rom. Una volta caricato il tutto, si scaricano gli aggiornamenti e si esegue la scansione su tutti i drive. In questo modo è sicuro che non ci sono intoppi o interruzioni di qualsiasi genere.

Se non hai disattivato il ripristino di sistema fallo ora perché altrimenti ogni volta che riavvi il sistema ritrovi le infezioni

[FDAC]

Se riesci a postare un log aggiornato di HJT sarebbe meglio, altrimenti prosegui con l'ottimo consiglio di Uomo Senza Sonno.
P.S. Colgo l'occasione per salutarti Uomo :)

[Cavaliere]

Ragazzi ecco a voi i log di

COMBOFIX:

ComboFix 10-09-20.03 - Utente 21/09/2010 14.19.53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3007.2308 [GMT 2:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\vbzlib1.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Creati Da 2010-08-21 al 2010-09-21 )))))))))))))))))))))))))))))))))))
.

2010-09-21 05:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-21 05:29 . 2010-09-21 05:30 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-09-21 05:29 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-20 16:06 . 2010-09-20 16:06 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Avira
2010-09-20 16:01 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-20 16:01 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-09-20 16:01 . 2010-09-20 16:01 -------- d-----w- c:\programmi\Avira
2010-09-20 16:01 . 2010-09-20 16:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2010-09-20 16:01 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-09-20 15:55 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-20 08:56 . 2010-09-20 16:04 -------- d-----w- c:\windows\system32\NtmsData
2010-09-20 08:54 . 2010-09-20 08:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-09-19 22:11 . 2001-08-30 18:41 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-09-19 22:11 . 2001-08-30 18:41 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-09-19 22:10 . 2009-11-23 15:37 14856 ----a-w- c:\windows\system32\drivers\LGVirHid.sys
2010-09-17 15:57 . 2010-09-17 15:57 -------- d-----w- c:\programmi\Trend Micro
2010-08-23 06:28 . 2010-08-23 06:28 -------- d-----w- c:\programmi\File comuni\Java
2010-08-23 06:24 . 2010-08-23 06:24 503808 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-59251459-n\msvcp71.dll
2010-08-23 06:24 . 2010-08-23 06:24 499712 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-59251459-n\jmc.dll
2010-08-23 06:24 . 2010-08-23 06:24 348160 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-59251459-n\msvcr71.dll
2010-08-23 06:24 . 2010-08-23 06:24 61440 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-53f20cb7-n\decora-sse.dll
2010-08-23 06:24 . 2010-08-23 06:24 12800 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-53f20cb7-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-21 12:24 . 2010-01-12 15:42 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-09-21 12:24 . 2010-01-12 15:41 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-09-21 12:23 . 2010-03-02 09:20 0 ----a-w- c:\windows\system32\Access.dat
2010-09-19 22:27 . 2010-06-15 19:26 -------- d-----w- c:\programmi\SecondLifeViewer2
2010-09-19 22:26 . 2010-01-11 11:40 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Skype
2010-09-19 22:10 . 2010-01-12 13:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Logitech
2010-09-19 14:05 . 2010-01-12 20:22 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\skypePM
2010-09-17 15:37 . 2010-01-13 10:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2010-09-17 15:37 . 2010-01-13 10:36 -------- d-----w- c:\programmi\Spyware Terminator
2010-09-17 06:13 . 2010-01-13 10:36 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Spyware Terminator
2010-09-15 06:06 . 2010-01-11 15:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-09-15 05:32 . 2010-01-11 11:06 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-09-06 06:03 . 2010-03-14 22:13 -------- d-----w- c:\programmi\Ganymede
2010-08-23 06:35 . 2001-08-31 16:00 85132 ----a-w- c:\windows\system32\perfc010.dat
2010-08-23 06:35 . 2001-08-31 16:00 492266 ----a-w- c:\windows\system32\perfh010.dat
2010-08-23 06:27 . 2010-01-11 11:38 -------- d-----w- c:\programmi\Java
2010-08-17 13:17 . 2008-04-13 21:14 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-26 12:04 . 2010-07-26 12:04 -------- d-----w- c:\programmi\File comuni\Skype
2010-07-22 15:48 . 2008-04-13 21:13 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 03:00 . 2010-04-16 08:08 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-04 10:31 . 2010-01-11 16:02 102336 ----a-w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-06-30 12:31 . 2008-04-13 21:13 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2008-04-13 21:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2008-04-13 20:50 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-01-11 11:44 . 2010-01-11 11:44 0 --sh--w- c:\windows\S82420C8B.tmp
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-16 188416]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Winpower"="c:\programmi\UpsPilot\Winpower.exe" [2010-03-04 114688]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Launch LgDeviceAgent"="c:\programmi\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]
"Launch LCDMon"="c:\programmi\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992]
"Launch LGDCore"="c:\programmi\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\
X-Mouse Button Control.lnk - c:\programmi\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [2009-7-19 460288]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-1-12 66864]

[HKLM\~\startupfolder\C:^Documents and Settings^Utente^Menu Avvio^Programmi^Esecuzione automatica^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Utente^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClubCooee

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- e:\daemoon tools\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-02-13 12:06 2196240 ----a-w- c:\programmi\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2010-01-13 10:36 3037696 ----a-w- c:\programmi\Spyware Terminator\SpywareTerminatorUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-01-26 20:53 1217808 ----a-w- e:\steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SoundMAX"="c:\programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\utorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"e:\\Xfire\\xfire.exe"=
"e:\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"e:\\STEAM\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"e:\\Steam\\Steam.exe"=
"e:\\Steam\\steamapps\\common\\Call of Duty Modern Warfare 2\\iw4mp.exe"=
"c:\\Programmi\\WinMX\\WinMX.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"e:\\Limewire\\LimeWire.exe"=
"e:\\Anno 1404\\Anno4.exe"=
"e:\\Anno 1404\\tools\\Anno4Web.exe"=
"e:\\Anno 1404\\Addon.exe"=
"e:\\Anno 1404\\tools\\AddonWeb.exe"=
"e:\\tunngle\\Tunngle\\TnglCtrl.exe"=
"e:\\tunngle\\Tunngle\\Tunngle.exe"=
"e:\\Metin2\\metin2.bin"=
"e:\\Metin2\\metin2client.bin"=
"c:\\Programmi\\File comuni\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"e:\\Second Life\\SecondLife\\SLVoice.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\manager.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\server.exe"=
"c:\\Programmi\\Autodesk\\3ds Max Design 2010\\3dsmax.exe"=
"c:\\Programmi\\Autodesk\\3ds Max Design 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"c:\\Programmi\\Autodesk\\3ds Max Design 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Programmi\\Snowglobe\\SLVoice.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Adobe\\Adobe Photoshop CS4\\Photoshop.exe"=
"c:\\Programmi\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Documents and Settings\\Utente\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Programmi\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Programmi\\SecondLifeViewer2\\SLVoice.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [13/01/2010 12.36.37 142592]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\programmi\CyberLink\PowerDVD8\000.fcl [01/02/2008 18.24.04 41456]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [20/09/2010 18.01.34 135336]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 32-bit 32-bit;c:\programmi\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [12/03/2009 17.36.24 86016]
R2 TeamViewer5;TeamViewer 5;c:\programmi\TeamViewer\Version5\TeamViewer_Service.exe [21/05/2010 13.27.04 173352]
R2 TunngleService;TunngleService;e:\tunngle\Tunngle\TnglCtrl.exe [02/03/2010 11.19.29 685816]
R3 CM1083264;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\CM108.sys [12/01/2010 17.13.13 1294336]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [14/07/2009 16.35.30 19720]
R3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\drivers\LGPBTDD.sys [27/01/2010 13.51.36 23432]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [20/09/2010 0.10.37 14856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/09/2010 7.29.59 20952]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [02/03/2010 11.19.32 27136]
S2 MBAMService;MBAMService;"e:\pulitori\Malware-bytes\Malwarebytes' Anti-Malware\mbamservice.exe" e:\pulitori\Malware-bytes\Malwarebytes' Anti-Malware\mbamservice.exe
S3 ADM8511;Convertitore ADMtek ADM8511/AN986 da USB a Fast Ethernet;c:\windows\system32\drivers\ADM8511.SYS [11/01/2010 17.13.31 20160]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\programmi\File comuni\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 6.46.20 284016]
S3 TipCtrl;TipCtrl;"e:\utipu\TipCtrl.exe" e:\utipu\TipCtrl.exe
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/01/2010 10.46.04 691696]
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-06-20 c:\windows\Tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job
- e:\pulitori\Auslogics Disk Defrag\Auslogics Disk Defrag\cdefrag.exe [2010-01-20 11:56]

2010-09-21 c:\windows\Tasks\GlaryInitialize.job
- e:\pulitori\Glary_Utilities_Pro\Glary Utilities\initialize.exe [2010-01-15 15:35]

2010-09-21 c:\windows\Tasks\User_Feed_Synchronization-{10D0F979-F4E3-4692-9223-2562D0C4C7CD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Aggiungi a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti destinazione link in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
TCP: {676781EB-6408-42E9-84F9-9553CFCEB262} = 212.216.112.112,212.216.172.62
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} - hxxp://www.boblorica.it/IMMP4Control.ocx
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\1t650eha.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ITALIA version Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://ww.google.it
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 1032372&q=
FF - component: c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\1t650eha.default\extensions\{253edde5-f653-492d-b13e-1dbb2e2dbdad}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\1t650eha.default\extensions\{253edde5-f653-492d-b13e-1dbb2e2dbdad}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\1t650eha.default\extensions\{323d5e65-9ec7-481e-a888-5bbe30b80dfb}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\1t650eha.default\extensions\{323d5e65-9ec7-481e-a888-5bbe30b80dfb}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\1t650eha.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\1t650eha.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\1t650eha.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPDARTS.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPPOKER.dll
FF - plugin: c:\programmi\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\programmi\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\programmi\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\programmi\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\programmi\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: e:\veetle\Player\npvlc.dll
FF - plugin: e:\veetle\plugins\npVeetle.dll
FF - plugin: e:\veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-CM108Sound - CM108.cpl
HKLM-Run-Malwarebytes' Anti-Malware - e:\pulitori\Malware-bytes\Malwarebytes' Anti-Malware\mbamgui.exe
MSConfigStartUp-Malwarebytes' Anti-Malware - e:\pulitori\Malware-bytes\Malwarebytes' Anti-Malware\mbamgui.exe
MSConfigStartUp-Norton Ghost 14 - e:\pulitori\Agent\VProTray.exe
AddRemove-mIRC - d:\markus89\[TUTTI GLI SCRIPT DI MIRC]\mIRC angelcity\mirc.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-21 14:25
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD8\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Dati applicazioni\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Programmi\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000410
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{AC0A97B5-991D-4761-B4E9-B6F9811B6A38}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.468.1"
"UniqueId"="0003E9B54B4B450A"
"ScannerBuild"=dword:0000167c
"ScannerVersionId"=dword:0000117a
"ScannerVersion"="Open window for status."
"FixId"=dword:00000007
"ei2"=hex(b):92,a8,d0,9c,6a,66,f5,69
"ei1"=hex(b):00,08,a1,ba,e9,c4,00,00
"ei3"=hex(b):13,eb,7d,4c,00,00,00,00
"ei4"=dword:00000002

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(7640)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\Avira\AntiVir Desktop\avshadow.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\RunDll32.exe
c:\programmi\UpsPilot\jre\bin\javaw.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
c:\programmi\Spyware Terminator\sp_rsser.exe
c:\programmi\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
c:\programmi\Logitech\GamePanel Software\Applets\LCDClock.exe
c:\programmi\Logitech\GamePanel Software\Applets\LCDCountdown.exe
c:\programmi\Logitech\GamePanel Software\Applets\ColorOnly\LCDPictureViewer.exe
c:\programmi\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
c:\programmi\Logitech\GamePanel Software\Applets\ColorOnly\LCDWebCam.exe
c:\programmi\TeamViewer\Version5\TeamViewer.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\UpsPilot\wpRMI.exe
c:\programmi\UpsPilot\jre\bin\javaw.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Ora fine scansione: 2010-09-21 14:30:10 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-09-21 12:30

Pre-Run: 105.522.614.272 byte disponibili
Post-Run: 105.779.429.376 byte disponibili

- - End Of File - - 8D126E26150F3C4ACFC39A1585CE9ABE

E quello di HIJACK:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.51.21, on 21/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmi\UpsPilot\Winpower.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Programmi\UpsPilot\jre\bin\javaw.exe
C:\Programmi\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\Programmi\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
C:\Programmi\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Programmi\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Logitech\GamePanel Software\Applets\ColorOnly\LCDPictureViewer.exe
C:\Programmi\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
C:\Programmi\Logitech\GamePanel Software\Applets\ColorOnly\LCDWebCam.exe
C:\Programmi\TeamViewer\Version5\TeamViewer_Service.exe
E:\tunngle\Tunngle\TnglCtrl.exe
C:\Programmi\TeamViewer\Version5\TeamViewer.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\UpsPilot\wpRMI.exe
C:\Programmi\UpsPilot\jre\bin\javaw.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programmi\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programmi\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Winpower] C:\Programmi\UpsPilot\Winpower.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Programmi\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programmi\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programmi\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: X-Mouse Button Control.lnk = C:\Programmi\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: X-Mouse Button Control.lnk = C:\Programmi\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe (User 'Default user')
O4 - Startup: X-Mouse Button Control.lnk = C:\Programmi\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\EXPRES~1\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.it
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3226585171
O16 - DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} (IMMP4Control Control) - http://www.boblorica.it/IMMP4Control.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{676781EB-6408-42E9-84F9-9553CFCEB262}: NameServer = 212.216.112.112,212.216.172.62
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Programmi\File comuni\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBAMService - Unknown owner - E:\Pulitori\Malware-bytes\Malwarebytes' Anti-Malware\mbamservice.exe (file missing)
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Programmi\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Programmi\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TipCtrl - Unknown owner - E:\Utipu\TipCtrl.exe (file missing)
O23 - Service: TunngleService - Tunngle.net GmbH - E:\tunngle\Tunngle\TnglCtrl.exe
O23 - Service: Winpowermanager - Macrovision - C:\Programmi\UpsPilot\manager.exe
O23 - Service: Winpowermonitor - Macrovision - C:\Programmi\UpsPilot\monitor.exe
O23 - Service: WinpowerRMI - Macrovision - C:\Programmi\UpsPilot\wpRMI.exe

--
End of file - 12479 bytes

Che ne dite?

[FDAC]

Ciao amico.
Ho dato una occhiata al log di Combofix e pare che tu sia infetto da un Rootkit.
Lo script da eseguire con Combofix lo lascio a qualcuno di capace :)

Rilancia Hijackthis e:
- spunta la casellina fianco di ogni singola voce che ti indicherò sotto
- una volta spuntate le voci:
- chiudi tutte le applicazioni aperte
- chiudi tutte le pagine del browser aperte
- in Hijakthis fixa le voci cliccando su Fix checked

Queste le voci da fixare:
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3226585171
O16 - DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} (IMMP4Control Control) - http://www.boblorica.it/IMMP4Control.ocx

Scarica ed installa HitmanPro (scegli la versione adatta al tuo S.O. - 32Bit o 64Bit):
http://www.surfright.nl/en/downloads
- lascia le impostazioni di default e lancia la scansione (attiva anche la licenza, sarà valida per 30 giorni);
- al termine della scansione (sarà velocissima, 3/4 minuti al massimo) ti verrà mostrato una finestra di riepilogo: nella finestra di riepilogo, in basso a sinistra, avrai modo di salvare il Report generato
- invia qui sul forum il log del programma

[crazy.cat]

Ho dato una occhiata al log di Combofix e pare che tu sia infetto da un Rootkit.

Quale rootkit??

[FDAC]

Ciao Crazy, parlo di questo:
c:\windows\system32\drivers\lvuvc.hs

[crazy.cat]

X cavaliere
File da provare sul sito di www.virustotal.com per vedere di cosa si tratta di preciso.

c:\windows\system32\drivers\lvuvc.hs

(in base alla risposta eliminare o meno).

[Cavaliere]

FACCIO Il controllo inviando il file ma niente non mi da il risultato....come se non lo carica come mai?

Pero' facendo una ricerca online risulta questo:

http://www.google.it/#sclient=psy&hl=it ... 395fc118d9

[Cavaliere]

l 'unica cosa cheha trovato sono queste ecco il log !

Log computer="COMPUTER" scan="Normal" version="3.5.6.115" date="2010-09-21T17:47:11" timeSpentInSecs="167" filesProcessed="34147"><Item type="Repair" score="0.0" status="Deleted"><File path="C:\Documents and Settings\Utente\Cookies\utente@atdmt[2].txt" /></Item><Item type="Suspicious" score="23.0" status="None"><File path="E:\Metin2\metin2client.bin" hash="E886BD58EBA13C3E47E53682C0C33BF200ED55041152D33738CE4526A2C53C22" /><Startup><Key path="HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\E:\Metin2\metin2client.bin" /></Startup><References><Key path="HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache\E:\Metin2\metin2client.bin" /><Key path="HKU\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache\E:\Metin2\metin2client.bin" /></References></Item></Log>