www.MegaLab.it

[asky]

salve a tutti, mi chiamo vincenzo da qualche giorno quando accendo il pc , non si attiva il servizio centro di sicurezza provo ad attivarlo attraverso la prodedura "servizi" ,dalla schermata mi dice disattivato lo attivo ,riavvio il pc ma non è cambiato nulla . Non so quale sia il problema , ho provato a scansionare il pc con combofix, malwarebyte, dr web e tutti quelli indicati nel vostro articolo sulla sicurezza,ma niente . Vi prego aiutatemiiiiiiii...........

[FDAC]

Ciao.
Scarica ed installa Hijackthis: http://www.trendmicro.com/ftp/products/ ... ckThis.msi
● lancia Hijackthis
● clicca su Do a system scan and save a logfile
● al termine della scansione verrà rilasciato un file di testo: allegalo con il tag memo del forum

[asky]

scusa , ma come faccio per allegare il log file della scansione che ho effettuato? . è la prima volta che lo facccio.....

[Ale2695]

scusa , ma come faccio per allegare il log file della scansione che ho effettuato? . è la prima volta che lo facccio.....

Apri il log, copi il testo contenuto nel file, poi sul sito clicchi sul tasto "MEMO" nell'editor del forum, ed incolli il testo del log tra i due tag, così:

Codice: Seleziona tutto

[MEMO]qui va inserito il log[/MEMO]

[asky]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:37:18, on 27/11/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\IncrediMail\Bin\IncMail.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\RunDll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\tbmipo.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\tbmipo.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O3 - Toolbar: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\tbmipo.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B775D120-5406-4BA4-8B76-C475EC6DD498}: NameServer = 192.168.1.1,151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B775D120-5406-4BA4-8B76-C475EC6DD498}: NameServer = 192.168.1.1,151.99.125.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B775D120-5406-4BA4-8B76-C475EC6DD498}: NameServer = 192.168.1.1,151.99.125.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Servizio Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\Windows\system32\fsproflt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 6526 bytes

[FDAC]

Disinstalla:
Mipony Toolbar


Scarica OTC by OldTimer: http://oldtimer.geekstogo.com/OTC.exe
● posiziona il tool sul Desktop
● doppio click per eseguirlo
● clicca su CleanUp
● ti chiederà di riavviare il sistema
● clicca Yes


Scarica Combofix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Nota: prima di eseguire il download, rinomina il file in pippo.exe

posiziona pippo.exe sul Desktop ed esegui queste operazioni preliminari:
● disconnettiti da Internet
● sconnetti, fisicamente, il modem/router dal Computer

è assolutamente necessario, se attivo:
● disattivare l'Antivirus in uso, dall'icona presente sulla traybar (accanto all'orologio di Windows)
● disattivare il Firewall eventualmente installato, dall'icona presente sulla traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un account con privilegi di Amministratore e segui le istruzioni che verranno rilasciate per eseguire la scansione
● verrà richiesta la installazione della Console di ripristino di emergenza: non la installare
● senza eseguire nessuna altra operazione, lascia che il tool completi la scansione e la fase di creazione del log

Note - durante la scansione:
● verranno creati alcuni file sul Desktop e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall, se attivo, potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti

Quando Combofix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente (in caso contrario, riavvialo tu)
● ricollega, fisicamente, il modem/router al Computer
● connettiti a Internet
● vai in Disco Locale C:, cerca il log dal nome combofix.txt ed allegalo

Per allegare il log utilizza il tag memo di questo forum

[asky]

ComboFix 10-11-27.01 - AMD-X3 27/11/2010 22:07:07.2.3 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1040.18.3327.2568 [GMT 1:00]
Eseguito da: c:\users\AMD-X3\Desktop\pippo.exe.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((( Files Creati Da 2010-10-27 al 2010-11-27 )))))))))))))))))))))))))))))))))))
.

2010-11-27 21:13 . 2010-11-27 21:13 -------- d-----w- c:\users\AMD-X3\AppData\Local\temp
2010-11-27 21:13 . 2010-11-27 21:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-27 11:35 . 2010-11-27 11:35 388096 ----a-r- c:\users\AMD-X3\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-25 16:40 . 2010-11-25 16:41 -------- d-----w- c:\users\AMD-X3\AppData\Local\Ahead
2010-11-24 12:09 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-17 11:28 . 2010-11-17 11:28 -------- d-----w- c:\program files\XoftSpySE
2010-11-17 08:04 . 2010-11-17 08:04 -------- d-----w- c:\program files\TextBridge Pro Millennium
2010-11-17 08:04 . 2010-11-17 08:04 -------- d-----w- c:\windows\Pixtran
2010-11-17 08:04 . 2010-11-17 08:04 -------- d-----w- c:\programdata\TextBridge
2010-11-17 08:04 . 2010-11-17 08:04 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-11-16 16:56 . 2010-11-16 16:56 -------- d-----w- c:\users\AMD-X3\AppData\Local\Adobe
2010-11-11 19:23 . 2010-11-11 19:23 -------- d-----w- c:\programdata\Sports Interactive
2010-11-11 19:22 . 2010-11-16 11:04 -------- d-----w- c:\users\AMD-X3\AppData\Roaming\Sports Interactive
2010-11-11 19:22 . 2010-11-11 19:22 -------- d-----w- c:\users\AMD-X3\AppData\Local\Sports Interactive
2010-11-11 19:01 . 2010-11-11 19:02 -------- d--h--w- c:\program files\Zero G Registry
2010-11-11 19:01 . 2010-11-11 19:01 -------- d-----w- c:\program files\Sports Interactive
2010-11-11 19:00 . 2010-11-11 19:00 -------- d--h--w- c:\users\AMD-X3\InstallAnywhere
2010-11-07 18:07 . 2010-11-07 18:07 -------- d-----w- c:\program files\MiPony
2010-11-07 12:35 . 2010-11-07 12:35 -------- d-----w- c:\users\AMD-X3\AppData\Local\Quadriga Games
2010-11-07 12:15 . 2008-03-05 15:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2010-11-07 12:02 . 2010-11-07 12:02 -------- d-----w- c:\program files\Quadriga Games
2010-11-07 00:58 . 2010-11-07 00:58 -------- d-----w- c:\users\AMD-X3\AppData\Roaming\Media Player Classic
2010-11-07 00:56 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-11-07 00:56 . 2010-11-07 00:57 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-11-05 14:27 . 2010-11-05 14:27 -------- d-----w- c:\users\AMD-X3\.idlerc
2010-11-05 14:22 . 2010-11-05 14:22 -------- d-----w- C:\Python27
2010-11-05 14:16 . 2010-11-05 14:16 -------- d-----w- c:\users\AMD-X3\AppData\Local\qBittorrent
2010-11-05 14:16 . 2010-11-05 14:37 -------- d-----w- c:\users\AMD-X3\AppData\Roaming\qBittorrent
2010-11-05 14:16 . 2010-11-05 14:16 -------- d-----w- c:\program files\qBittorrent
2010-11-03 18:36 . 2010-11-03 18:39 -------- d-----w- c:\program files\Windows Live Safety Center
2010-11-03 17:45 . 2010-11-03 17:48 -------- d-----w- c:\users\AMD-X3\AppData\Roaming\Runscanner.net
2010-11-03 17:08 . 2010-11-03 17:08 -------- d-----w- c:\users\AMD-X3\DoctorWeb
2010-10-31 17:43 . 2010-10-31 17:43 -------- d-----w- c:\users\AMD-X3\AppData\Roaming\Megaupload
2010-10-31 17:42 . 2010-10-31 17:42 -------- d-----w- c:\program files\Megaupload
2010-10-31 11:45 . 2010-10-31 11:45 -------- d-----w- c:\users\AMD-X3\AppData\Roaming\skypePM
2010-10-31 11:37 . 2010-10-31 11:37 -------- d-----w- c:\program files\Common Files\Skype
2010-10-31 11:37 . 2010-10-31 11:54 -------- d-----w- c:\users\AMD-X3\AppData\Roaming\Skype
2010-10-31 11:37 . 2010-10-31 11:37 -------- d-----w- c:\programdata\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2010-09-05 00:28 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-14 00:36 . 2010-10-14 00:36 15451288 ----a-w- c:\windows\system32\xlive.dll
2010-10-14 00:36 . 2010-10-14 00:36 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-10-07 23:21 . 2010-10-26 14:56 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EA08B80-0E00-4A22-AC46-0F955FC4937E}\mpengine.dll
2010-10-03 11:45 . 2010-10-02 19:06 5852 --sha-w- c:\programdata\KGyGaAvL.sys
2010-10-03 11:26 . 2010-10-02 20:17 88 --sh--r- c:\programdata\C339199FAF.sys
2010-09-24 15:48 . 2010-09-24 15:48 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-24 15:48 . 2010-09-24 15:48 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-21 12:03 . 2010-09-21 12:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-11 20:24 . 2010-09-11 20:24 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 04:30 . 2010-10-13 11:37 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-10-13 11:37 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-10-13 11:37 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-10-13 11:37 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-05 11:04 . 2010-09-05 11:04 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-01 04:23 . 2010-10-13 11:37 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34 . 2010-10-13 11:37 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32 . 2010-10-13 11:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32 . 2010-10-13 11:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-09-14 352976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-02-25 9728]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-02-25 3072]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-04 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2008-06-05 43792]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-05 691696]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2010-01-06 142648]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-06-24 65856]
S2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 7168]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2007-12-20 1553896]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'

2010-11-27 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 07:43]

2010-11-17 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 07:43]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.msn.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Scarica con Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
TCP: {B775D120-5406-4BA4-8B76-C475EC6DD498} = 192.168.1.1,151.99.125.1
FF - ProfilePath - c:\users\AMD-X3\AppData\Roaming\Mozilla\Firefox\Profiles\lxybe5qm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - Extension: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Extension: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: All-in-One Sidebar: {097d3191-e6fa-4728-9826-b533d755359d} - c:\users\AMD-X3\AppData\Roaming\Mozilla\Firefox\Profiles\lxybe5qm.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-EASEUS Partition Master Unlimited Edition_is1 - c:\program files\EASEUS\EASEUS Partition Master 3.5 Unlimited Edition\unins000.exe


.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2010-11-27 22:15:07
ComboFix-quarantined-files.txt 2010-11-27 21:15

Pre-Run: 62.360.268.800 byte disponibili
Post-Run: 62.507.806.720 byte disponibili

- - End Of File - - E0E410C220BF5BDA7B8818992FD88C34

[FDAC]

Ciao.

Disinstalla:
SUPERAntiSpyware

Poi:

Start - Esegui e digita: notepad.exe
● clicca Ok
● copia le righe qui sotto, senza saltarne nessuna:

File::
c:\windows\system32\MpSigStub.exe

Folder::
c:\program files\MiPony

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]



● le incolli all'interno dell'editor di testo Notepad
● clicca in alto su File
● nel menù che vedi scegli Salva con nome
● controlla che in alto, dove c'è scritto Salva in, sia selezionato Desktop
● in Nome file se trovi selezionato .txt lo cancelli, e scrivi CFScript.txt
● clicca Salva
● adesso, sul Desktop, trovi il file di testo
● con il tasto sinistro del mouse, lo trascini sopra l'icona di Combofix, lo rilasci, e parte la scansione di Combofix
● non toccare più ne' mouse ne' tastiera, finche' non è finita
● se il sistema non si riavvia da solo, riavvialo tu
● a questo punta allega il log di Combofix utilizzando il tag MEMO del forum

Carica questi files sul sito VirusTotal e posta qui l'esito per ognuno di essi:

c:\windows\system32\xactengine3_0.dll
c:\windows\system32\unrar.dll
c:\windows\system32\xlive.dll
c:\programdata\C339199FAF.sys
c:\program files\XoftSpySE\XoftSpy.exe

Aspetto tue notizie, saluti. :)

[asky]

grazie con quest'ultima procedura mi hai risolto il problema sei un grane , anzi che dico MITICOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!11111

[FDAC]

Ciao Asky.
Grazie, ma mi fai arrossire :)