www.MegaLab.it

[helga]

Ho almeno un paio di virus nel pc che mi creano enormi problemi con Firefox... da dove devo iniziare per sconfiggerli? Grazie. Helga

[crazy.cat]

Se non ci dai almeno un log della scansione di combofix non abbiamo nessun dato su cui lavorare.
Non sappiamo che virus hai e che problemi ti provocano.

[helga]

Ok ecco qua il log:

ComboFix 09-05-05.04 - User 06/05/2009 12.59.17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.219 [GMT 2:00]
Eseguito da: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Impostazioni locali\Dati applicazioni\okwsk.dat
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\okwsk_nav.dat
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\okwsk_navps.dat

.
((((((((((((((((((((((((( Files Creati Da 2009-04-06 al 2009-05-06 )))))))))))))))))))))))))))))))))))
.

2009-05-03 10:36 . 2009-05-03 10:36 -------- d-----w c:\documents and settings\User\Tracing
2009-05-03 10:35 . 2009-05-03 10:35 -------- d-----w c:\programmi\Microsoft Sync Framework
2009-05-03 10:31 . 2009-05-03 10:31 -------- d-----w c:\programmi\Microsoft
2009-05-03 10:31 . 2009-05-03 10:31 -------- d-----w c:\programmi\Windows Live SkyDrive
2009-05-03 10:26 . 2009-05-03 10:26 -------- d-----w c:\programmi\File comuni\Windows Live
2009-04-30 18:45 . 2009-05-01 18:09 -------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-04-30 18:44 . 2009-04-28 14:25 44544 ----a-w c:\windows\system32\msxml4a.dll
2009-04-28 18:49 . 2009-04-28 18:50 -------- d-----w c:\programmi\ConvertHelper
2009-04-26 17:14 . 2009-04-26 17:14 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Pinnacle
2009-04-26 14:35 . 2009-04-26 18:26 -------- d-----w c:\documents and settings\All Users\PinnacleExtractor
2009-04-26 09:38 . 2008-07-10 11:56 107864 ----a-w c:\windows\system32\tsccvid.dll
2009-04-26 09:38 . 2009-04-26 09:38 -------- d-----w c:\windows\system32\QuickTime
2009-04-26 09:38 . 2009-04-26 09:38 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\TechSmith
2009-04-26 09:37 . 2009-04-26 09:37 -------- d-----w c:\programmi\File comuni\TechSmith Shared
2009-04-26 09:37 . 2009-04-26 09:37 -------- d-----w c:\programmi\TechSmith
2009-04-17 14:14 . 2009-04-17 14:13 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-16 16:21 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 16:20 . 2009-03-06 14:19 286208 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 16:20 . 2009-02-09 11:22 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 16:20 . 2009-02-09 10:51 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 16:20 . 2009-02-09 10:51 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 16:20 . 2009-02-09 10:51 683520 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 16:20 . 2009-02-09 10:51 734720 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 16:20 . 2009-02-09 10:51 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 16:20 . 2009-02-09 10:51 736256 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 16:15 . 2008-04-21 21:14 219136 -c----w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-06 11:03 . 2008-10-14 08:53 21084704 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-05 19:10 . 2008-10-14 08:53 283916 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-04 11:57 . 2008-09-21 11:33 -------- d-----w c:\programmi\Spybot - Search & Destroy
2009-05-04 11:57 . 2008-01-03 15:11 -------- d-----w c:\programmi\Creative
2009-05-03 10:35 . 2007-12-10 19:18 -------- d-----w c:\programmi\Windows Live
2009-05-03 10:35 . 2007-12-10 19:33 -------- d-----w c:\programmi\Windows Live Toolbar
2009-05-03 09:53 . 2007-12-10 19:14 -------- d-----w c:\programmi\Google
2009-04-30 18:44 . 2008-08-08 12:18 -------- d-----w c:\programmi\File comuni\SourceTec
2009-04-30 18:43 . 2008-08-08 12:18 -------- d-----w c:\programmi\SourceTec
2009-04-26 12:14 . 2007-12-09 18:08 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-04-26 12:01 . 2009-04-26 12:17 1056256 ----a-w c:\windows\Internet Logs\xDB1CB.tmp
2009-04-17 14:13 . 2007-12-10 21:36 -------- d-----w c:\programmi\Java
2009-04-17 14:10 . 2006-03-02 12:00 72022 ----a-w c:\windows\system32\perfc010.dat
2009-04-17 14:10 . 2006-03-02 12:00 443886 ----a-w c:\windows\system32\perfh010.dat
2009-04-12 09:05 . 2009-04-12 10:56 1484288 ----a-w c:\windows\Internet Logs\xDB60.tmp
2009-04-12 08:51 . 2009-04-12 08:59 1483776 ----a-w c:\windows\Internet Logs\xDB5F.tmp
2009-03-26 17:38 . 2009-03-27 18:57 1467392 ----a-w c:\windows\Internet Logs\xDB5E.tmp
2009-03-25 17:50 . 2009-03-26 17:37 176640 ----a-w c:\windows\Internet Logs\xDB5D.tmp
2009-03-20 17:10 . 2009-03-21 12:26 1462272 ----a-w c:\windows\Internet Logs\xDB5C.tmp
2009-03-20 17:10 . 2009-03-21 12:26 28672 ----a-w c:\windows\Internet Logs\xDB5B.tmp
2009-03-19 21:54 . 2009-03-20 08:07 1461760 ----a-w c:\windows\Internet Logs\xDB5A.tmp
2009-03-19 21:54 . 2009-03-20 08:07 2503168 ----a-w c:\windows\Internet Logs\xDB59.tmp
2009-03-18 07:11 . 2008-10-02 18:46 -------- d-----w c:\programmi\McAfee
2009-03-09 12:00 . 2009-03-09 18:08 2669568 ----a-w c:\windows\Internet Logs\xDB57.tmp
2009-03-09 12:00 . 2009-03-09 18:08 1417728 ----a-w c:\windows\Internet Logs\xDB58.tmp
2009-03-06 14:19 . 2006-03-02 12:00 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2006-03-02 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-26 20:17 . 2009-02-27 18:46 1678848 ----a-w c:\windows\Internet Logs\xDB55.tmp
2009-02-26 20:16 . 2009-02-26 20:17 1678848 ----a-w c:\windows\Internet Logs\xDB54.tmp
2009-02-26 20:16 . 2009-02-26 20:17 986112 ----a-w c:\windows\Internet Logs\xDB53.tmp
2009-02-26 19:50 . 2009-02-27 18:46 1678336 ----a-w c:\windows\Internet Logs\xDB56.tmp
2009-02-20 17:08 . 2006-03-02 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-18 19:11 . 2009-02-19 18:47 1653760 ----a-w c:\windows\Internet Logs\xDB52.tmp
2009-02-18 19:11 . 2009-02-19 18:47 1166848 ----a-w c:\windows\Internet Logs\xDB51.tmp
2009-02-18 13:51 . 2009-02-18 13:51 2274899 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-02-15 12:36 . 2009-02-15 19:59 1651712 ----a-w c:\windows\Internet Logs\xDB50.tmp
2009-02-10 17:02 . 2004-08-19 15:34 2069760 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 20:58 . 2009-02-10 12:30 328704 ----a-w c:\windows\Internet Logs\xDB4F.tmp
2009-02-09 14:04 . 2006-03-02 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 12:09 . 2009-02-09 12:17 1642496 ----a-w c:\windows\Internet Logs\xDB4E.tmp
2009-02-09 11:23 . 2006-03-02 12:00 2192768 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:22 . 2006-03-02 12:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2006-03-02 12:00 734720 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2006-03-02 12:00 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2006-03-02 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2006-03-02 12:00 736256 ----a-w c:\windows\system32\ntdll.dll
2009-02-08 20:21 . 2009-02-08 20:47 1641984 ----a-w c:\windows\Internet Logs\xDB4D.tmp
2009-02-08 17:36 . 2009-02-08 18:55 971264 ----a-w c:\windows\Internet Logs\xDB4B.tmp
2009-02-08 17:36 . 2009-02-08 18:55 1641984 ----a-w c:\windows\Internet Logs\xDB4C.tmp
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 10:39 . 2006-03-02 12:00 35328 ----a-w c:\windows\system32\sc.exe
2008-08-09 12:03 . 2008-08-11 09:53 3241472 ----a-w c:\programmi\Veedub64.exe
2008-08-09 12:03 . 2008-08-11 09:53 275167 ----a-w c:\programmi\Veedub64.vdi
2008-08-09 12:02 . 2008-08-11 09:53 9728 ----a-w c:\programmi\vdub64.exe
2008-08-09 12:02 . 2008-08-11 09:53 72704 ----a-w c:\programmi\vdremote64.dll
2008-08-09 12:02 . 2008-08-11 09:53 57856 ----a-w c:\programmi\vdsvrlnk64.dll
2008-04-12 14:24 . 2008-08-11 09:53 1296 ----a-w c:\programmi\frameserver64.reg
2008-04-12 14:24 . 2008-08-11 09:53 18321 ----a-w c:\programmi\copying
2008-02-25 07:33 . 2008-08-21 11:49 29409880 ----a-w c:\programmi\kav7.0.1.321en.exe
2000-09-10 12:00 . 2008-03-10 17:47 49 ----a-w c:\programmi\setup.lid
2000-09-10 12:00 . 2008-03-10 17:47 334 ----a-w c:\programmi\layout.bin
2000-09-10 12:00 . 2008-03-10 17:47 1865883 ----a-w c:\programmi\data1.cab
2000-09-10 12:00 . 2008-03-10 17:47 73 ----a-w c:\programmi\SETUP.INI
2000-09-10 12:00 . 2008-03-10 17:47 45255 ----a-w c:\programmi\_user1.cab
2000-09-10 12:00 . 2008-03-10 17:47 109 ----a-w c:\programmi\DATA.TAG
2000-09-10 12:00 . 2008-03-10 17:47 186302 ----a-w c:\programmi\_sys1.cab
2000-09-10 11:54 . 2008-03-10 17:47 1994 ----a-w c:\programmi\ReadMe.htm
2000-09-10 11:52 . 2008-03-10 17:47 1463 ----a-w c:\programmi\ReadMe.txt
2000-09-10 11:26 . 2008-03-10 17:47 57252 ----a-w c:\programmi\setup.ins
1997-11-19 15:08 . 2008-03-10 17:47 11264 ----a-w c:\programmi\_setup.dll
1997-11-19 15:05 . 2008-03-10 17:47 8192 ----a-w c:\programmi\_ISDEL.EXE
1997-11-19 15:05 . 2008-03-10 17:47 300178 ----a-w c:\programmi\_INST32I.EX_
1997-05-30 10:31 . 2008-03-10 17:47 4557 ----a-w c:\programmi\lang.dat
1997-05-06 13:15 . 2008-03-10 17:47 417 ----a-w c:\programmi\os.dat
2007-12-11 10:20 . 2007-12-11 10:20 952 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-05-11 02:06 . 2007-10-10 18:51 39792 c:\programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
2008-03-23 15:50 . 2007-10-10 18:51 39792 c:\programmi\Adobe\Reader 8.0\Reader\Reader_SL.exe

2007-12-10 17:14 . 2004-09-23 12:41 860160 c:\programmi\Analog Devices\SoundMAX\bak\smax4.exe

2007-12-10 17:14 . 2004-10-14 09:11 1388544 c:\programmi\Analog Devices\SoundMAX\bak\SMax4PNP.exe

2006-05-10 10:12 . 2006-05-10 10:12 90112 c:\programmi\ATI Technologies\ATI.ACE\bak\CLIStart.exe

2008-01-03 15:12 . 2006-08-07 09:06 700416 c:\programmi\Creative\Sync Manager Unicode\bak\CTSyncU.exe

2007-12-10 17:18 . 2007-12-10 17:18 949376 c:\programmi\ESET\bak\nod32kui.exe

2007-03-09 17:53 . 2007-03-09 17:53 153136 c:\programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe

2007-03-12 12:49 . 2007-03-12 12:49 153136 c:\programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe

2007-12-10 21:36 . 2007-09-25 00:11 132496 c:\programmi\Java\jre1.6.0_03\bin\bak\jusched.exe

2006-10-26 23:47 . 2006-10-26 23:47 31016 c:\programmi\Microsoft Office\Office12\bak\GrooveMonitor.exe
2007-08-24 05:00 . 2007-08-24 05:00 33648 c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe

2007-10-18 10:34 . 2007-10-18 10:34 5724184 c:\programmi\Windows Live\Messenger\bak\msnmsgr.exe
2009-02-06 16:52 . 2009-02-06 16:52 3885408 c:\programmi\Windows Live\Messenger\msnmsgr.exe

2007-12-10 22:00 . 2006-05-17 12:14 20480 c:\windows\bak\CameraFixer.exe
2008-08-14 10:13 . 2006-05-17 11:14 20480 c:\windows\CameraFixer.exe

2007-12-10 22:00 . 2005-12-20 13:39 94208 c:\windows\bak\tsnpstd3.exe
2008-08-13 20:24 . 2005-12-20 12:39 94208 c:\windows\tsnpstd3.exe

2007-12-10 22:00 . 2006-09-19 08:07 827392 c:\windows\bak\vsnpstd3.exe
2008-08-13 20:24 . 2006-09-19 07:07 827392 c:\windows\vsnpstd3.exe

2006-03-02 12:00 . 2006-03-02 12:00 15360 c:\windows\system32\bak\ctfmon.exe
2006-03-02 12:00 . 2008-04-14 02:14 15360 c:\windows\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Gadwin PrintScreen"="c:\programmi\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
"SBI"="c:\documents and settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\U1D3EWHX\setup_sbd_it[1].exe" [N/A]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [N/A]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [N/A]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-04-17 148888]
"mcagent_exe"="c:\programmi\McAfee.com\Agent\mcagent.exe" [N/A]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-08-03 185896]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-06-12 413696]
"CameraFixer"="c:\windows\CameraFixer.exe" [2006-05-17 20480]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 14:28 352256 ----a-w c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATnotes.exe]
[N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\bak\\msnmsgr.exe"=
"c:\\Programmi\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\kav\\kav7.0\\english\\setup.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [03/09/2008 14.07.14 8944]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [03/09/2008 14.07.12 55024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programmi\McAfee\SiteAdvisor\McSACore.exe [02/10/2008 20.47.29 210216]
R2 SeaPort;SeaPort;c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14/01/2009 17.53.02 226656]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [03/09/2008 14.07.16 7408]
.
Contenuto della cartella 'Scheduled Tasks'

2009-05-06 c:\windows\Tasks\User_Feed_Synchronization-{C10F9DA9-F13E-46B1-AB9F-06B7C1EB9322}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)


.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = 127.0.0.1;<local>
IE: Download Image with Download Manager - tbr:iemenudownload
IE: Download URL in selection with Download Manager - tbr:iemenudownsel
IE: Download URL with Download Manager - tbr:iemenudownload
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\54ny0rsn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - GoogleCOM
FF - prefs.js: browser.startup.homepage - hxxp://google.it
FF - prefs.js: keyword.URL - hxxp://www.wcsearch.com/search/?ie=UTF- ... &gfns=1&q=
FF - component: c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\54ny0rsn.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\54ny0rsn.default\extensions\capturefoxmovie@advancity.net\components\test.dll
FF - component: c:\programmi\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - GoogleCOM
FF - user.js: keyword.URL - hxxp://www.wcsearch.com/search/?ie=UTF- ... &gfns=1&q=
FF - user.js: general.useragent.extra.zencast - .

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-06 13:03
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SBI = c:\documents and settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\U1D3EWHX\setup_sbd_it[1].exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-05-06 13.08.55
ComboFix-quarantined-files.txt 2009-05-06 11:08

Pre-Run: 216.790.171.648 byte disponibili
Post-Run: 218.081.181.696 byte disponibili

270 --- E O F --- 2009-05-04 18:00

[crazy.cat]

Combofix ha già rimosso qualcosa, ci dici dove ti vengono segnalati i virus?

Potresti fare analizzare questi file
c:\windows\bak\tsnpstd3.exe
c:\windows\tsnpstd3.exe
c:\windows\bak\vsnpstd3.exe
c:\windows\vsnpstd3.exe
sul sito www.virustotal.com e vedere s esono proprio dei virus.
Prima di dire di elimarli vorrei essere sicuro.

[helga]

Li ho analizzati e nessuno di questi risulta un virus.

Dove mi vengono segnalati i virus, in che senso?

[winman]

http://www.processlibrary.com/it/direct ... /vsnpstd3/

http://www.file.net/process/tsnpstd3.exe.html

su digitaltrends ho trovato un tizio che parla di un problema analogo al tuo ( in inglese però)

http://forums.digitaltrends.com/showthread.php?t=11429

[helga]

http://www.processlibrary.com/it/directory/files/vsnpstd3/

http://www.file.net/process/tsnpstd3.exe.html

su digitaltrends ho trovato un tizio che parla di un problema analogo al tuo ( in inglese però)

http://forums.digitaltrends.com/showthread.php?t=11429

Non riesco ad installare registrybooster.exe perché esce una scritta che dice che non sono connessa ad internet... eppure IExplorer è aperto!

[crazy.cat]

Dove mi vengono segnalati i virus, in che senso?

In quale cartella, in quale file?

Lascia perdere registry booster

[helga]

Dove mi vengono segnalati i virus, in che senso?

In quale cartella, in quale file?

non saprei dove... devo rifare la scansione?

[helga]

allora cosa devo fare? lasci il discorso a metà? sono in alto mare

[crazy.cat]

Mi sembrava ovvio che dovessi rifarla, altrimenti come facciamo a dirti qualcosa se non sappiamo niente?

[helga]

Mi sembrava ovvio che dovessi rifarla, altrimenti come facciamo a dirti qualcosa se non sappiamo niente?

Ok, scusa. Senti è meglio se la faccio con Kaspersky on line?

[crazy.cat]

Falla con kaspersky e alla fine posta il risultato che ne viene fuori

[helga]

Dato che ho avuto problemi con la scansione on line di Kaspersky, l'ho effettuata con Avira che è installato nel mio pc; ecco qua il log:

Avira AntiVir Personal
Report file date: mercoledì 13 maggio 2009 20:35

Scanning for 1392690 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: DESKTOP

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 19:23:43
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 18:57:03
ANTIVIR2.VDF : 7.1.3.185 2010112 Bytes 12/05/2009 18:01:54
ANTIVIR3.VDF : 7.1.3.199 70656 Bytes 13/05/2009 17:59:12
Engineversion : 8.2.0.166
AEVDF.DLL : 8.1.1.1 106868 Bytes 30/04/2009 18:08:45
AESCRIPT.DLL : 8.1.1.81 385401 Bytes 09/05/2009 17:57:03
AESCN.DLL : 8.1.1.10 127348 Bytes 04/04/2009 19:57:58
AERDL.DLL : 8.1.1.3 438645 Bytes 25/11/2008 19:23:50
AEPACK.DLL : 8.1.3.16 397686 Bytes 09/05/2009 17:57:03
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27/02/2009 19:12:09
AEHEUR.DLL : 8.1.0.128 1757559 Bytes 09/05/2009 17:57:02
AEHELP.DLL : 8.1.2.2 119158 Bytes 27/02/2009 19:12:06
AEGEN.DLL : 8.1.1.42 348531 Bytes 09/05/2009 17:57:00
AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 11:17:42
AECORE.DLL : 8.1.6.9 176500 Bytes 15/04/2009 11:32:36
AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 11:17:38
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.3 155688 Bytes 17/04/2009 16:13:30
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\programmi\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercoledì 13 maggio 2009 20:35

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'PrintScreen.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'McSACore.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
Scan process 'DevSvc.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '61' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\ilenia\Impostazioni locali\Temporary Internet Files\Content.IE5\ZSSZB7A6\scnAVavbase13700000[1].cab
[0] Archive type: CAB (Microsoft)
scnAVavbase.inf
[WARNING] No further files can be extracted from this archive. The archive will be closed


End of the scan: mercoledì 13 maggio 2009 21:53
Used time: 1:18:48 Hour(s)

The scan has been done completely.

12364 Scanning directories
597084 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
597083 Files not concerned
3752 Archives were scanned
2 Warnings
0 Notes

[crazy.cat]

Avira non ha trovato niente.
Tu hai ancora problemi e di che tipo?

[helga]

Avira non ha trovato niente.
Tu hai ancora problemi e di che tipo?

i soliti di lentezza e blocchi

[helga]

Avira non ha trovato niente.
Tu hai ancora problemi e di che tipo?

i soliti di lentezza e blocchi

come devo procedere?