www.MegaLab.it

[massi]

ComboFix 09-05-26.02 - Utente 28/05/2009 15.42.07.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1023.377 [GMT 2:00]
Eseguito da: c:\documents and settings\Utente\Desktop\troian.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-14EF-9D7C08000A00}
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\dvd4free.dll
c:\windows\system32\pptp16.dll
c:\windows\system32\pptp32.dll
c:\windows\system32\qo.dll
c:\windows\system32\satdll.dll
c:\windows\system32\scsiusr4.dll
c:\windows\system32\se500mdm.dll
c:\windows\system32\tcpwrk.dll
c:\windows\system32\xptptt.dll
c:\windows\system32\yvpp01.dll
c:\windows\system32\yvsvga.dll
c:\windows\system32\zopenssl.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-04-28 al 2009-05-28 )))))))))))))))))))))))))))))))))))
.

2009-05-26 18:20 . 2009-05-27 14:31 -------- d-----w C:\MegaLabcd
2009-05-26 18:06 . 2009-05-26 18:06 -------- d-s---w c:\windows\Cookies
2009-05-26 15:15 . 2009-05-26 15:15 -------- d-----w C:\Averagfix
2009-05-19 11:59 . 2009-05-19 11:59 -------- d--h--w c:\windows\PIF
2009-05-19 07:34 . 2009-03-30 08:33 96104 ----a-w c:\windows\system32\drivers\avipbb.sys
2009-05-19 07:34 . 2009-03-24 14:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-19 07:34 . 2009-02-13 10:29 22360 ----a-w c:\windows\system32\drivers\avgntmgr.sys
2009-05-19 07:34 . 2009-02-13 10:17 45416 ----a-w c:\windows\system32\drivers\avgntdd.sys
2009-05-19 07:34 . 2009-05-19 07:34 -------- d-----w c:\programmi\Avira
2009-05-19 07:34 . 2009-05-19 07:34 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avira
2009-05-18 22:24 . 2009-05-18 22:30 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\_comodo_
2009-05-18 22:24 . 2009-05-18 22:24 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2009-05-18 21:33 . 2009-05-18 21:33 249592 ----a-w c:\windows\system32\cssdll32.dll
2009-05-18 21:33 . 2009-05-18 21:33 -------- d-----w c:\programmi\AskSearch
2009-05-18 21:33 . 2009-05-18 21:33 -------- d-----w c:\programmi\AskBarDis
2009-05-18 21:33 . 2009-05-18 22:38 -------- d-----w c:\programmi\COMODO
2009-05-14 13:58 . 2009-05-14 13:57 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-05-13 13:45 . 2009-05-13 13:45 -------- d-----w c:\windows\Sun
2009-05-13 13:38 . 2009-05-26 22:14 -------- d--h--w c:\windows\$hf_mig$
2009-05-12 09:30 . 2009-05-13 13:36 152576 ----a-w c:\documents and settings\Utente\Dati applicazioni\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-11 16:17 . 2009-05-12 11:38 -------- d-----w C:\VTrader
2009-05-11 16:03 . 2004-08-19 13:39 25600 ----a-w c:\documents and settings\LocalService\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-11 15:57 . 2009-05-11 15:57 -------- d-----w c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Help
2009-05-11 15:15 . 2009-05-11 15:15 -------- d-----w c:\documents and settings\Utente\Dati applicazioni\Motive
2009-05-08 22:04 . 2009-05-08 22:04 6656 ----a-w c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdel.exe
2009-05-08 22:04 . 2009-05-08 22:04 5632 ----a-w c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\fileobjinfo.sys
2009-05-08 22:04 . 2009-05-08 22:04 131072 ----a-w c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys
2009-05-08 22:04 . 2009-05-26 19:33 -------- d-----w c:\programmi\Spyware Terminator
2009-05-08 22:04 . 2009-05-08 22:04 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-05-08 22:03 . 2003-03-18 20:20 1060864 ----a-w c:\windows\system32\MFC71.dll
2009-05-08 22:03 . 2003-03-18 19:14 499712 ----a-w c:\windows\system32\MSVCP71.dll
2009-05-08 22:03 . 2009-05-18 21:31 -------- d-----w c:\programmi\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-13 13:37 . 2009-05-12 09:31 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-13 13:37 . 2009-05-13 13:37 -------- d-----w c:\programmi\Java
2009-05-12 16:53 . 2009-05-12 16:53 -------- d-----w c:\programmi\eMule
2009-05-12 09:31 . 2009-05-12 09:31 57344 ----a-w c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\6.0\50\5b902232-2e951ded-n\Decora-SSE.dll
2009-05-12 09:31 . 2009-05-12 09:31 24064 ----a-w c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\6.0\15\4e09eacf-10e43efd-n\Decora-D3D.dll
2009-05-12 09:31 . 2009-05-12 09:31 315392 ----a-w c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\6.0\62\6baea4fe-6505c7ee-n\jogl.dll
2009-05-12 09:31 . 2009-05-12 09:31 20480 ----a-w c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\6.0\62\6baea4fe-6505c7ee-n\jogl_awt.dll
2009-05-12 09:31 . 2009-05-12 09:31 114688 ----a-w c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\6.0\62\6baea4fe-6505c7ee-n\jogl_cg.dll
2009-05-12 09:31 . 2009-05-12 09:31 20480 ----a-w c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\6.0\45\4f710eed-3d4cfc9c-n\gluegen-rt.dll
2009-05-12 09:31 . 2009-05-12 09:31 348160 ----a-w c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\6.0\33\258cea61-34745fae-n\msvcr71.dll
2009-05-12 09:31 . 2009-05-12 09:31 499712 ----a-w c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\6.0\33\258cea61-34745fae-n\msvcp71.dll
2009-05-12 09:31 . 2009-05-12 09:31 499712 ----a-w c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\6.0\33\258cea61-34745fae-n\jmc.dll
2009-05-08 21:47 . 2009-04-21 08:10 -------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-04-28 09:03 . 2009-04-20 14:10 68512 ----a-w c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-28 08:08 . 2001-08-31 15:00 47592 ----a-w c:\windows\system32\perfc010.dat
2009-04-28 08:08 . 2001-08-31 15:00 345010 ----a-w c:\windows\system32\perfh010.dat
2009-04-28 08:00 . 2009-04-20 13:21 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-04-27 15:05 . 2009-04-27 14:37 -------- d-----w c:\programmi\ABBYY FineReader 6.0 Sprint
2009-04-27 14:50 . 2009-04-27 14:50 -------- d-----w c:\programmi\Microsoft ActiveSync
2009-04-27 14:45 . 2009-04-27 14:45 -------- d-----w c:\documents and settings\Utente\Dati applicazioni\EPSON
2009-04-27 14:40 . 2009-04-15 14:15 -------- d-----w c:\programmi\File comuni\InstallShield
2009-04-27 14:39 . 2009-04-27 14:38 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\UDL
2009-04-27 14:38 . 2009-04-27 14:35 -------- d-----w c:\programmi\epson
2009-04-27 14:09 . 2009-04-27 14:09 -------- d-----w c:\programmi\Runtime Software
2009-04-21 09:19 . 2009-04-21 09:19 -------- d-----w c:\programmi\PC Wizard 2008
2009-04-21 09:12 . 2009-04-21 09:12 0 ----a-w c:\windows\nsreg.dat
2009-04-21 08:15 . 2009-04-21 08:15 -------- d-----w c:\documents and settings\Utente\Dati applicazioni\DVD Flick
2009-04-21 08:12 . 2009-04-21 08:12 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\TechSmith
2009-04-21 08:12 . 2009-04-21 08:12 -------- d-----w c:\programmi\TechSmith
2009-04-21 08:09 . 2009-04-21 08:09 -------- d-----w c:\programmi\CamStudio
2009-04-21 07:41 . 2009-04-21 07:41 -------- d-----w c:\programmi\Yahoo & Google Historical Quotes Downloader
2009-04-21 07:41 . 2009-04-21 07:41 87267 ----a-w c:\windows\Yahoo & Google Historical Quotes Downloader Uninstaller.exe
2009-04-21 07:41 . 2009-04-21 07:41 -------- d-----w c:\programmi\File comuni\Thraex Software
2009-04-20 15:02 . 2009-04-20 15:02 -------- d-----w c:\documents and settings\Utente\Dati applicazioni\ImgBurn
2009-04-20 14:58 . 2009-04-20 14:58 -------- d-----w c:\programmi\DVD Flick
2009-04-20 14:24 . 2009-04-20 14:24 -------- d-----w c:\documents and settings\Utente\Dati applicazioni\vlc
2009-04-20 14:24 . 2009-04-20 14:24 -------- d-----w c:\programmi\VideoLAN
2009-04-20 14:15 . 2009-04-20 14:15 -------- d-----w c:\programmi\File comuni\Adobe
2009-04-20 14:10 . 2009-04-20 14:10 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2009-04-20 14:06 . 2009-04-20 14:00 -------- d-----w c:\programmi\Universal Shield 4.1
2009-04-20 13:58 . 2009-04-20 13:58 -------- d-----w c:\programmi\vso
2009-04-20 13:57 . 2009-04-20 13:57 -------- d-----w c:\programmi\VS Revo Group
2009-04-20 13:53 . 2009-04-20 13:53 -------- d-----w c:\programmi\CCleaner
2009-04-20 13:53 . 2009-04-20 13:53 -------- d-----w c:\programmi\Yahoo!
2009-04-20 13:46 . 2009-04-20 13:46 -------- d-----w c:\programmi\Alcohol Soft
2009-04-20 13:42 . 2009-04-20 13:42 -------- d-----w c:\documents and settings\Utente\Dati applicazioni\Ashampoo Photo Commander 5
2009-04-20 13:42 . 2009-04-20 13:41 -------- d-----w c:\programmi\Ashampoo
2009-04-20 13:41 . 2009-04-20 13:41 -------- d-----w c:\documents and settings\Utente\Dati applicazioni\Ashampoo
2009-04-20 13:41 . 2009-04-20 13:41 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\ashampoo
2009-04-20 13:23 . 2009-04-20 13:23 -------- d-----w c:\programmi\Microsoft Works
2009-04-15 14:07 . 2009-04-15 13:53 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-15 13:54 . 2009-04-15 13:54 -------- d-----w c:\programmi\microsoft frontpage
2009-04-15 13:53 . 2009-04-15 13:53 -------- d-----w c:\programmi\Servizi in linea
2009-04-15 13:51 . 2009-04-15 13:51 21840 ----a-w c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-05-26_14.47.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-08-31 15:00 . 2005-04-28 19:32 37888 c:\windows\system32\olecnv32.dll
+ 2001-08-31 15:00 . 2005-04-28 19:32 75264 c:\windows\system32\olecli32.dll
+ 2001-08-31 15:00 . 2005-04-28 19:32 37888 c:\windows\system32\dllcache\olecnv32.dll
+ 2001-08-31 15:00 . 2005-04-28 19:32 75264 c:\windows\system32\dllcache\olecli32.dll
+ 2009-05-26 18:06 . 2009-05-26 17:58 16384 c:\windows\Cookies\index.dat
+ 2004-08-19 13:39 . 2005-04-28 19:32 395776 c:\windows\system32\rpcss.dll
- 2004-08-19 13:39 . 2004-08-19 13:39 395776 c:\windows\system32\rpcss.dll
- 2004-08-19 13:39 . 2004-08-19 13:39 395776 c:\windows\system32\dllcache\rpcss.dll
+ 2004-08-19 13:39 . 2005-04-28 19:32 395776 c:\windows\system32\dllcache\rpcss.dll
+ 2004-08-19 13:39 . 2005-04-28 19:32 1284608 c:\windows\system32\ole32.dll
+ 2004-08-19 13:39 . 2005-04-28 19:32 1284608 c:\windows\system32\dllcache\ole32.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 13:20 279944 ----a-w c:\programmi\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]
"H/PC Connection Agent"="c:\progra~1\MI3AA1~1\wcescomm.exe" [2006-06-21 1211176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2009-05-08 1420800]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-05-13 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-04-23 3756032]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-04-23 46080]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-12-01 77824]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-04-23 831488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-5-7 217088]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"6579:TCP"= 6579:TCP:vnqyqlx

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys [09/05/2009 0.04.48 131072]
R3 US30Kbd;US30Kbd;c:\windows\system32\drivers\US30Kbd2K.sys [31/03/2005 14.20.10 10464]
S3 FileObjInfo;STFileDriver;c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\fileobjinfo.sys [09/05/2009 0.04.48 5632]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
vxmeblk
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.comodo.com/search/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\fbvguzmh.default\
FF - prefs.js: browser.startup.homepage - www.spystocks.com

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-28 15:47
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-527237240-1715567821-839522115-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-527237240-1715567821-839522115-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-527237240-1715567821-839522115-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-527237240-1715567821-839522115-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:00000007

[HKEY_USERS\S-1-5-21-527237240-1715567821-839522115-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:0000000b
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(4048)
c:\progra~1\ALICET~1\SMARTB~1\SBHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\browselc.dll
c:\programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
c:\windows\system32\shdoclc.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\progra~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Universal Shield 4.1\US30Service.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-05-28 15.49.33 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-05-28 13:49
ComboFix2.txt 2009-05-26 18:05
ComboFix3.txt 2009-05-26 14:49

Pre-Run: 21.527.175.168 byte disponibili
Post-Run: 21.521.358.848 byte disponibili

255

[Amantide]

Forse ci siamo
Si vede solo un rimasuglio di quel servizio che possiamo rimuovere con The Avenger eseguendo il seguente script:

Drivers to unload:
vxmeblk

Ok, finito con i virus, passiamo ora agli antivirus.

Da come ho capito usi Avira come antivirus, è vero? Però si vedono le tracce anche di Avast nel tuo PC.
Usa questo tool di rimozione per rimuoverlo definitivamente:
http://www.avast.com/eng/avast-uninstall-utility.html

Ora passiamo agli antispyware. Dal momento che c'è il COMODO installato con il efficacissimo modulo HIPS, non si ha più bisogno di Spyware Terminator, quindi disinstallalo.

Per finire fai la scansione completa con Malwarebytes' Anti-Malware e posta qui il report della scansione tramite il tag LOG.
Dopo aver fatto tutto ciò, fammi sapere come va la connessione.

[massi]

ciao Amantide non si apre il collegamento a http://www.malwarebytes.org/mbam.php Ora devo andare a lavorare riprovo questa sera sul tardi ciao e grazie ancora

[Amantide]

ciao Amantide non si apre il collegamento a http://www.malwarebytes.org/mbam.php

E' strano inizio a pensare che c'è qualche problema nella configurazione di rete o nel file di host.
Intanto ti posto il link diretto per scaricare Malwarebytes, eccolo QUI

Postami anche il log della scansione con Hijackthis

[massi]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.18.35, on 29/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Universal Shield 4.1\US30Service.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Programmi\Alice ti aiuta\bin\mad.exe
E:\Dowload Internet\HiJackThis.exe
C:\WINDOWS\system32\imapi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programmi\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programmi\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programmi\Yahoo!\Common\Yinsthelper200711281.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{31A0C510-187D-42C1-8E7C-348E9A822D93}: NameServer = 85.37.17.15 85.38.28.74
O17 - HKLM\System\CS1\Services\Tcpip\..\{31A0C510-187D-42C1-8E7C-348E9A822D93}: NameServer = 85.37.17.15 85.38.28.74
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: US30Service - Unknown owner - C:\Programmi\Universal Shield 4.1\US30Service.exe

--
End of file - 6707 bytes

[massi]

ciao Amantide non si apre il collegamento a http://www.malwarebytes.org/mbam.php

E' strano inizio a pensare che c'è qualche problema nella configurazione di rete o nel file di host.
Intanto ti posto il link diretto per scaricare Malwarebytes, eccolo QUI

Postami anche il log della scansione con Hijackthis

Non mi fa scaricare Malwarebytes ciao e grazie