www.MegaLab.it

[carlo*]

Buongiorno a tutti
Dal pc di mio figlio (utilizza Vista) si aprono in continuazione pagine di siti porno. L'ultima è "cam girl e ragazze in webcam" ma cambiano ogni volta. Ho visto che in installazioni c'è favorit però non so se è in relazione; mi sembrava che favorit facesse aprire solo pagine pubblicitarie normali. Grazie dell'eventuale aiuto

[crazy.cat]

Intanto comincia a disinstallarlo, tanto favorit non serve a niente.
Poi se non basta scaricati malwarebytes o superantispyware e ripulisci quello che può essere rimasto.

[carlo*]

Ciao grazie per la riposta. Ho disinstallato Favorit dal pannello, ma l'avevo già fatto ieri e oggi me l'ho ritrovato quindi sicuramente non basta. Il download di malwarebytes per Vista sai dove posso trovarlo? Ciao

[ste_95]

http://www.malwarebytes.org/mbam-download.php

[carlo*]

Forse ho risolto il problema. Dopo aver disinstallato Favorit ho utilizzato ATF Cleaner e da stamattina va tutto ok. Grazie per l'interessamento, saluti a tutti.

[carlo*]

Il problema purtroppo non è stato risolto. Le pagine porno sono ricomparse il giorno dopo. La cosa grave è che dopo aver utilizzato ComboFix per fare una scansione ora non riesco più a connettermi ad internet e non funziona più avast; non so se sono in relazione. Ho disinstallato e riinstallato Avast però chiede l'aggiornamento e naturalmente non lo posso fare. Dopo ComboFix ho fatto una scansione completa anche con Malwarebyters dove riporta che è tutto a posto: dappertutto c'è scritto "nessun elemento malevolo trovato". (??).

[Amantide]

Posta qui il log di Combofix, così almeno riusciremo a vedere cosa ha combinato.

[carlo*]

ComboFix 09-10-19.01 - utente 20/10/2009 17.34.42.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.39.1040.18.2941.2074 [GMT 2:00]
Eseguito da: c:\users\utente\Desktop\ComboFix.exe
Opzioni usate :: c:\users\utente\Desktop\CFScript.txt.txt
AV: avast! antivirus 4.8.1201 [VPS 090520-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1201 [VPS 090520-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ToolbarPorno
c:\program files\ToolbarPorno\AddinExpress.IE.dll
c:\program files\ToolbarPorno\adxloader.dll
c:\program files\ToolbarPorno\adxloader.dll.manifest
c:\program files\ToolbarPorno\adxloader.exe
c:\program files\ToolbarPorno\adxregext.exe
c:\program files\ToolbarPorno\IE BHO Helper.dll
c:\program files\ToolbarPorno\Interop.SHDocVw.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-09-20 al 2009-10-20 )))))))))))))))))))))))))))))))))))
.

2009-10-20 15:41 . 2009-10-20 15:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-20 15:41 . 2009-10-20 15:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-20 12:32 . 2009-10-20 12:32 -------- d-----w- c:\users\utente\AppData\Local\assembly
2009-10-20 12:06 . 2009-10-20 12:06 -------- d-----w- c:\users\utente\AppData\Local\ATI
2009-10-20 12:06 . 2009-10-20 12:06 -------- d-----w- c:\users\utente\AppData\Local\Acer ePower Management V4
2009-10-20 11:44 . 2009-10-20 11:44 -------- d-----w- c:\users\utente\AppData\Local\Microsoft Help
2009-10-19 17:01 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-17 16:48 . 2009-10-20 13:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-17 16:48 . 2009-10-20 13:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-17 13:15 . 2009-10-17 13:15 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-10-15 15:31 . 2009-10-15 15:31 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-10-15 15:31 . 2009-10-15 15:31 -------- d-----w- c:\program files\DVDVideoSoft
2009-10-14 17:52 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 17:52 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 17:39 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 17:39 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 17:39 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-20 15:37 . 2009-03-24 13:57 662846 ----a-w- c:\windows\system32\perfh010.dat
2009-10-20 15:37 . 2009-03-24 13:57 120326 ----a-w- c:\windows\system32\perfc010.dat
2009-10-20 15:30 . 2009-09-20 08:15 1356 ----a-w- c:\users\utente\AppData\Local\d3d9caps.dat
2009-10-20 14:23 . 2009-06-01 10:46 -------- d-----w- c:\users\utente\AppData\Roaming\dvdcss
2009-10-20 12:05 . 2009-05-21 11:01 70176 ----a-w- c:\users\utente\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-20 11:44 . 2009-03-24 06:40 -------- d-----w- c:\programdata\Microsoft Help
2009-10-19 16:48 . 2009-03-24 07:01 -------- d-----w- c:\program files\Windows Live
2009-10-18 06:00 . 2009-03-24 06:42 -------- d-----w- c:\program files\Microsoft Works
2009-10-15 15:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-07 11:54 . 2009-05-23 15:56 -------- d-----w- c:\users\utente\AppData\Roaming\vlc
2009-09-10 17:30 . 2009-10-14 17:58 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 10:01 . 2009-08-22 20:05 -------- d-----w- c:\programdata\Norton
2009-09-08 10:01 . 2009-08-22 20:05 -------- d-----w- c:\programdata\Symantec
2009-09-06 16:35 . 2009-09-06 16:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-28 12:39 . 2009-09-03 11:47 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-03 11:47 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 13:32 . 2009-10-14 17:58 833024 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:29 . 2009-10-14 17:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 13:08 . 2009-08-27 13:08 -------- d-----w- c:\programdata\Tarma Installer
2009-08-27 13:08 . 2009-08-27 13:08 -------- d-----w- c:\program files\Data Design Interactive
2009-08-27 10:58 . 2009-10-14 17:58 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-22 20:05 . 2009-08-22 20:05 -------- d-----w- c:\programdata\NortonInstaller
2009-08-19 19:20 . 2009-08-19 19:20 29687296 ----a-w- C:\Jurassic Park Operation Genesis.msi
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-17 16:10 . 2009-05-21 18:51 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:05 . 2009-05-21 18:51 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-05-21 18:51 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:05 . 2009-05-21 18:51 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 16:04 . 2009-05-21 18:51 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-05-21 18:51 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:02 . 2009-05-21 18:51 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-14 17:07 . 2009-09-09 08:32 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-09 08:32 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-09 08:32 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-09 08:32 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-09 08:32 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-09 08:32 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-09 08:32 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-09 08:32 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-09 08:32 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-09 08:32 10240 ----a-w- c:\windows\system32\finger.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-10-20_12.26.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-10-20 15:31 50068 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-10-20 15:31 80670 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-05-21 10:59 . 2009-10-20 15:31 10270 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1740609431-3112825975-3734759770-1000_UserData.bin
+ 2009-05-21 10:55 . 2009-10-20 15:31 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-21 10:55 . 2009-10-20 12:13 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-21 10:55 . 2009-10-20 12:13 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-21 10:55 . 2009-10-20 15:31 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-21 10:55 . 2009-10-20 15:31 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-21 10:55 . 2009-10-20 12:13 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-02 09:41 . 2009-10-20 12:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-02 09:41 . 2009-06-02 09:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-02 09:41 . 2009-06-02 09:41 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-02 09:41 . 2009-10-20 12:33 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-02 09:41 . 2009-06-02 09:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-02 09:41 . 2009-10-20 12:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-20 12:03 . 2009-10-20 12:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-20 15:29 . 2009-10-20 15:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-20 12:03 . 2009-10-20 12:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-20 15:29 . 2009-10-20 15:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-10-20 15:37 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-20 12:08 587178 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-10-20 15:37 101250 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-10-20 12:08 101250 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 10:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-21 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-05-21 30192]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-14 6814240]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-14 1833504]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-05-21 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-03-09 249600]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-02-06 686624]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-10-27 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-10-27 346672]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [21/05/2009 20.51.41 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [21/05/2009 20.51.41 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [21/05/2009 20.51.20 53328]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [21/05/2009 13.19.45 75048]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [21/05/2009 13.09.39 653856]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [21/01/2008 4.33.13 21504]
R2 mwlPSDFilter;mwlPSDFilter;c:\windows\System32\drivers\mwlPSDFilter.sys [09/10/2008 16.47.12 19504]
R2 mwlPSDNServ;mwlPSDNServ;c:\windows\System32\drivers\mwlPSDNserv.sys [09/10/2008 16.47.12 16432]
R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\System32\drivers\mwlPSDVDisk.sys [09/10/2008 16.47.12 59952]
R2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe [27/10/2008 12.05.28 306736]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [10/03/2009 0.53.02 44800]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [23/09/2008 15.11.34 144632]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [04/09/2008 6.12.56 223232]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [21/05/2009 13.02.06 22072]
S2 gupdate1c9f28fd61892b4;Servizio di Google Update (gupdate1c9f28fd61892b4);c:\program files\Google\Update\GoogleUpdate.exe [21/06/2009 18.46.31 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21/01/2008 4.32.44 179712]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [21/05/2009 13.00.09 30192]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [23/09/2008 15.11.32 50424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contenuto della cartella 'Scheduled Tasks'

2009-10-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-21 13:08]

2009-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-21 16:46]

2009-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-21 16:46]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://google.it/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_5536
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {BB8FC7B8-0F99-430A-8FD0-6A863DD7EB99} = 192.168.251.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-20 17:41
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\users\utente\AppData\Local\Temp\catchme.dll 53248 bytes executable
c:\windows\TEMP\TMP0000006D438DD9B80929F148 524288 bytes executable

Scansione completata con successo
Files nascosti: 2

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1740609431-3112825975-3734759770-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7FC29702-F501-1411-DEA3-7BA0DBCBDEA5}*]
"bbikhamaapialpphomebjfakmednakmeccpe"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2009-10-20 17.43.38
ComboFix-quarantined-files.txt 2009-10-20 15:43
ComboFix2.txt 2009-10-20 12:28

Pre-Run: 84.527.198.208 byte disponibili
Post-Run: 84.496.990.208 byte disponibili

[Amantide]

Ti posso solo dire che Combofix (almeno guardando questo log) non ha rimosso nulla di troppo, come puoi vedere:

Codice: Seleziona tutto

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ToolbarPorno
c:\program files\ToolbarPorno\AddinExpress.IE.dll
c:\program files\ToolbarPorno\adxloader.dll
c:\program files\ToolbarPorno\adxloader.dll.manifest
c:\program files\ToolbarPorno\adxloader.exe
c:\program files\ToolbarPorno\adxregext.exe
c:\program files\ToolbarPorno\IE BHO Helper.dll
c:\program files\ToolbarPorno\Interop.SHDocVw.dll

Però vedo anche che questa non è stata la prima volta che lo hai utilizzato e che addirittura avevi programmato l'eliminazione tramite il file CFScript.tx, che noi non ti abbiamo suggerito (che tra altro è stato creato male, vista la doppia estensione del file CFScript.txt.txt)

Per caso vieni seguito su qualche altro forum?

[carlo*]

Si su PC facile.

[carlo*]

Però sul portatile, dove ho il problema, non avevo mai usato ComboFix.

[Amantide]

Questa voce però dice che c'era un'altra scansione ieri verso mezzogiorno ed a me interesserebbe proprio il primo log.

((((((((((((((((((((((((((((( SnapShot@2009-10-20_12.26.52 )))))))))))))))))))))))))))))))))))))))))

[carlo*]

Trovato, dovrebbe essere questo.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.52.13, on 20/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\utente\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Users\utente\AppData\Local\Temp\Temp4_HiJackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b...p;m=aspire_5536
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b...p;m=aspire_5536
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b...p;m=aspire_5536
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: IE BHO Helper - {b879dc47-7f5a-4973-a570-1e03a60c7c02} - C:\Program Files\ToolbarPorno\adxloader.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: (no name) - {cba0ec77-dd2c-4d2a-8853-94e4a8092822} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {9e26c99f-6954-4e1e-80d4-de6dc4777ab3} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB8FC7B8-0F99-430A-8FD0-6A863DD7EB99}: NameServer = 192.168.251.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Servizio di Google Update (gupdate1c9f28fd61892b4) (gupdate1c9f28fd61892b4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

--
End of file - 9985 bytes

[Amantide]

No, questo è il log di un altro programma, Hijackthis.

Controlla bene se c'è dell'altro nella cartella dove hai trovato il primo log.

[carlo*]

Non ho nessuna cartella. Ho salvato il log che poi ho postato qui. L'unica cosa che mi ricordo è che all'inizio dell'operazione non avevo disinstallato l'antivirus e l'ho fatto a procedimento appena iniziato. Non so se è in relazione. Ciao

[Amantide]

Controlla in C:\ e in C:\Qoobox se ci sono altri file che si chiamano Combofix.txt

[carlo*]

Nella cartella Qoobox ho trovato 2 cartelle : BackEnv e Quarantine.
Poi 4 Documenti di testo: Add-Remove Programs, CFScript_used_2009-10-20_17.34.01, ComboFix2, ComboFix-quarantined-files.
1 File DAT ( che non so aprire!!) SnapShot@2009-10-20_12.26.52.dat.

[Amantide]

Puoi zippare tutta la cartella Qoobox ed uppare su http://www.mediafire.com ? Se sei sicuro che è stato proprio Combofix a crearti i problemi, ho bisogno di vedere cosa di preciso ha rimosso.

[carlo*]

Ho installato Winzip sul pc di mio figlio, ma non sono capace di zippare la cartella . Mi dispiace , inoltre è scritto tutto in inglese di cui non capisco una parola. Figurarsi poi uppare.

[carlo*]

Con il mio Pc sono riuscito a zippare la cartella, ma non riesco assolutamente ad uppare. Forse mi dovresti spiegare passo passo cosa cliccare sul sito dato che è tutto in inglese. A presto