Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

regedit e task manager disabilitati (possibile infezione) Opzioni
paspas
Inviato: Saturday, November 28, 2009 6:07:14 PM

Rank: Member

Iscritto dal : 11/28/2009
Posts: 24
Buongiorno,
da circa una settimana mi sono accorto che ho un problema, il regedit e il task manager sono disabilitati.
Il messaggio dice che sono disabilitati dall'amministratore (che del mio pc sono io) ma io non ho toccato nulla.
La scansione di Avast! non trova nulla, Spybot invece trova due chiavi di registro da corregere, le spunta come corrette ma invece non sistema proprio niente.
Allego il log di HijackThis, chi può darmi una mano ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8.13.18, on 28/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\UGSPLM\I-DEAS11\sec\lmgrd.exe
C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\asp\5.1\bin\itconfig_rep.exe
C:\UGSPLM\I-DEAS11\sec\eds_id11.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Programmi\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Sony\VAIO Camera Utility\VCUServe.exe
C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
C:\Programmi\Sony\ISB Utility\ISBMgr.exe
C:\Programmi\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Apoint\Apntex.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\UGS\NX 4.0\UGFLEXLM\lmgrd.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\UGS\NX 4.0\UGFLEXLM\lmgrd.exe
C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqbam08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Programmi\PeerGuardian2\pg2.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\UGS\NX 4.0\UGFLEXLM\uglmd.exe
C:\Programmi\Internet Explorer\iexplore.exe
D:\Documenti\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66027
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66027
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66027
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66027
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Internet Explorer Plugin - {91970793-C69B-414F-9DFF-7E0722955ABA} - polddfr0.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Programmi\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Programmi\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programmi\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Programmi\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Programmi\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VAIO Update 4] "C:\Programmi\Sony\VAIO Update 4\VAIOUpdt.exe" /Stationary
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Programmi\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [3DxAssociateFileExts] C:\Programmi\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer\register.exe "FileExts" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [3DxAssociateFileExts] C:\Programmi\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer\register.exe "FileExts" (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [3DxAssociateFileExts] C:\Programmi\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer\register.exe "FileExts" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [3DxAssociateFileExts] C:\Programmi\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer\register.exe "FileExts" (User 'Default user')
O4 - Startup: Sonic INSTALLit! Setup.lnk = C:\Documents and Settings\marco\Impostazioni locali\Temp\VIES6D6E\Setup.exe
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Start 3DxWare.lnk = C:\Programmi\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe
O4 - Global Startup: ymetray.lnk = C:\Programmi\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Aggiungi sito di supporto RSS a VAIO Information FLOW - C:\Programmi\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Trasferimento tramite Image Converter 2 Plus - C:\Programmi\Sony\Image Converter 2\menu.htm
O9 - Extra button: Selezione intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\programmi\bonjour\mdnsnsp.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Servizio di Google Update (gupdate1ca0ca798b167ae) (gupdate1ca0ca798b167ae) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: I-DEAS License Manager 11.0 - GLOBEtrotter Software Inc. - C:\UGSPLM\I-DEAS11\sec\lmgrd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Programmi\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: IT iona_services.config_rep.nome-adab81b928 cfr-MyDomain - IONA Technologies - C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\asp\5.1\bin\itconfig_rep.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: UGNX4 - Macrovision Corporation - C:\Programmi\UGS\NX 4.0\UGFLEXLM\lmgrd.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 17930 bytes

Grazie
Sponsor
Inviato: Saturday, November 28, 2009 6:07:14 PM

 
shapiro
Inviato: Saturday, November 28, 2009 6:19:47 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

per ora fixa queste due righe, l'altro da eliminare lo controlliamo dopo


Avvia Hijack e clicca su "do a system scan only"
Metti la spunta a queste voci e clicca su "fix checked"

O2 - BHO: Internet Explorer Plugin - {91970793-C69B-414F-9DFF-7E0722955ABA} - polddfr0.dll (file missing)

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

ora controlla se funziona il task manager e regedit - se non dovesse funzionare ancora esegui quanto descritto sotto



scarica questa utility:
http://www.suspectfile.com/download/utility.zip
avviala, esegui l'opzione 2 (Enable Task Manager and Regedit)
riavvia il sistema e vedi se funziona come prima



Scarica e installa
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Aggiornalo e fai una scansione completa del computer. Posta il rapporto ottenuto. Per ora non rimuovere nessuna eventuale minaccia rilevata



paspas
Inviato: Saturday, November 28, 2009 9:33:55 PM

Rank: Member

Iscritto dal : 11/28/2009
Posts: 24
grazie Shapiro,

ho seguito passo passo tutto ma purtroppo senza risultato,
fino ad arrivare all'ultimo step, la scansione che mi hai indicato.
ed ecco il log:

Malwarebytes' Anti-Malware 1.41
Versione del database: 3251
Windows 5.1.2600 Service Pack 2

28/11/2009 21.28.15
mbam-log-2009-11-28 (21-27-50).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 291962
Tempo trascorso: 1 hour(s), 8 minute(s), 41 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 1
Elementi dato del registro infetti: 4
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.NaviPromo) -> No action taken.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit (Hijack.Regedit) -> No action taken.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
shapiro
Inviato: Saturday, November 28, 2009 9:36:44 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ma nemmeno ora apri regedit e task manager? nemmeno con l'utility?

riavvia il programma , elimina tutto e riprova
paspas
Inviato: Saturday, November 28, 2009 10:36:01 PM

Rank: Member

Iscritto dal : 11/28/2009
Posts: 24
Ho messo in quarantena i files infetti.
Ho riavviato ma il problema c'è ancora.
L'utility funziona però è temporanea se la chiudo torna come prima.
Ho fatto una scansione rapida e questo è il log.

Malwarebytes' Anti-Malware 1.41
Versione del database: 3251
Windows 5.1.2600 Service Pack 2

28/11/2009 22.31.46
mbam-log-2009-11-28 (22-31-40).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 129419
Tempo trascorso: 10 minute(s), 25 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 1
Elementi dato del registro infetti: 2
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit (Hijack.Regedit) -> No action taken.

Elementi dato del registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
shapiro
Inviato: Saturday, November 28, 2009 10:42:14 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
elimina anche quelle voci e controlla se funziona

se non dovesse andare, segui questo

apri il registro (start\esegui\regedit)

portati su questa chiave

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\system --> DisableTaskMgr e imposta il valore a 0.dovrebbe trovarsi su 1,dimmi se è così.
paspas
Inviato: Saturday, November 28, 2009 11:02:16 PM

Rank: Member

Iscritto dal : 11/28/2009
Posts: 24
eliminate, ma è come prima.

sono andato nel registro.
in effetti il valore è 1.
io imposto 0 e chiudo il reg.
se faccio Ctrl+Alt+Canc il task manager funziona, ma una volta sola, poi ritorna il problema.

se torno tramita l'utility a fare regedit ed ad aprire il registro e ritorno alla chiave che mi hai indicato, la chiave si è già reimpostata automaticamente al valore 1.

si vede che ho preso la peste bubbonica !

fortunatamente il pc per il momento sembra ancora che vada discretamente.
shapiro
Inviato: Saturday, November 28, 2009 11:05:14 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
vediamo cosa e' nascosto nel pc, ci deve essere altro




Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

non toccare mouse e tastiera durante la scansione
paspas
Inviato: Saturday, November 28, 2009 11:50:15 PM

Rank: Member

Iscritto dal : 11/28/2009
Posts: 24
ComboFix 09-11-28.01 - marco 28/11/2009 23.18.28.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1022.591 [GMT 1:00]
Eseguito da: d:\documenti\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091128-2] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\marco\Dati applicazioni\Desktopicon
c:\documents and settings\marco\Dati applicazioni\inst.exe
c:\documents and settings\marco\Impostazioni locali\Dati applicazioni\hrcowkp.dat
c:\documents and settings\marco\Impostazioni locali\Dati applicazioni\hrcowkp_nav.dat
c:\documents and settings\marco\Impostazioni locali\Dati applicazioni\hrcowkp_navps.dat
c:\documents and settings\marco\Impostazioni locali\Dati applicazioni\oosgeou.dat
c:\documents and settings\marco\Impostazioni locali\Dati applicazioni\oosgeou_nav.dat
c:\documents and settings\marco\Impostazioni locali\Dati applicazioni\oosgeou_navps.dat
c:\documents and settings\marco\Impostazioni locali\Dati applicazioni\wceaosu.dat
c:\documents and settings\marco\Impostazioni locali\Dati applicazioni\wceaosu_nav.dat
c:\documents and settings\marco\Impostazioni locali\Dati applicazioni\wceaosu_navps.dat
c:\windows\kb913800.exe
c:\windows\recover.reg

.
((((((((((((((((((((((((( Files Creati Da 2009-10-28 al 2009-11-28 )))))))))))))))))))))))))))))))))))
.

2009-11-28 22:05 . 2009-11-28 22:05 -------- d-----w- c:\programmi\CCleaner
2009-11-28 18:38 . 2009-11-28 18:38 -------- d-----w- c:\documents and settings\marco\Dati applicazioni\Malwarebytes
2009-11-28 18:38 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-28 18:38 . 2009-11-28 18:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-11-28 18:38 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-28 18:38 . 2009-11-28 18:38 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-11-28 17:58 . 2009-11-28 17:58 -------- d-----w- c:\documents and settings\work\Dati applicazioni\3Dconnexion
2009-11-28 14:15 . 2009-11-28 14:15 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-11-26 23:56 . 2009-11-26 23:56 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-26 23:55 . 2009-11-26 23:55 -------- d-----w- c:\programmi\3Dconnexion
2009-11-26 23:55 . 2009-11-26 23:55 -------- d-----w- c:\programmi\Vodei
2009-11-26 23:55 . 2009-11-26 23:55 -------- d-----w- c:\programmi\DVD Decrypter
2009-11-25 23:53 . 2009-11-25 23:53 79488 ----a-w- c:\documents and settings\marco\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-24 21:56 . 2009-11-24 21:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2009-11-24 21:15 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-11-24 21:15 . 2009-11-24 21:15 -------- d-----w- c:\programmi\Panda Security
2009-11-24 18:42 . 2009-11-24 18:42 43008 ----a-w- c:\windows\system32\polddfr0.dll
2009-11-24 18:38 . 2009-11-24 18:38 43008 ----a-w- c:\windows\system32\jmfa9.dll
2009-11-23 19:45 . 2009-11-23 19:45 -------- d-----w- c:\programmi\Safer Networking
2009-11-23 19:35 . 2009-11-23 20:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-11-23 19:35 . 2009-11-23 19:40 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-11-23 14:53 . 2009-11-23 14:53 -------- d-sh--w- c:\documents and settings\work\IECompatCache
2009-11-23 14:41 . 2009-11-23 14:41 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-11-22 20:29 . 2009-11-22 20:29 43008 ----a-w- c:\windows\system32\ltnjumga.dll
2009-11-20 18:51 . 2004-08-03 23:52 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-11-20 18:51 . 2004-08-03 23:52 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-11-20 18:50 . 2004-08-03 23:44 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-11-20 18:50 . 2004-08-03 23:44 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-11-16 17:58 . 2009-11-16 17:58 -------- d-----w- c:\documents and settings\marco\Dati applicazioni\3Dconnexion
2009-11-14 13:06 . 2009-11-14 13:06 59992 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-28 22:11 . 2009-01-14 22:29 -------- d-----w- c:\documents and settings\marco\Dati applicazioni\DNA
2009-11-28 21:51 . 2006-11-01 08:01 -------- d-----w- c:\documents and settings\marco\Dati applicazioni\Skype
2009-11-28 21:50 . 2009-01-14 22:29 -------- d-----w- c:\programmi\DNA
2009-11-28 20:59 . 2009-07-24 21:43 -------- d-----w- c:\documents and settings\marco\Dati applicazioni\skypePM
2009-11-28 13:39 . 2009-01-14 22:30 -------- d-----w- c:\documents and settings\marco\Dati applicazioni\BitTorrent
2009-11-24 22:00 . 2008-09-21 19:57 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-11-24 20:23 . 2008-02-18 19:38 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-11-24 18:30 . 2006-07-31 14:04 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-25 12:26 . 2009-10-24 19:59 -------- d-----w- c:\programmi\NeoBook 4
2009-10-25 08:13 . 2006-07-31 03:37 94712 ----a-w- c:\windows\system32\perfc010.dat
2009-10-25 08:13 . 2006-07-31 03:37 513388 ----a-w- c:\windows\system32\perfh010.dat
2009-10-24 20:05 . 2009-10-24 20:05 -------- d-----w- c:\programmi\NeoPaint per Windows
2009-10-23 08:05 . 2008-09-13 13:37 74704 ----a-w- c:\documents and settings\work\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-22 17:15 . 2009-10-22 17:14 -------- d-----w- c:\documents and settings\marco\Dati applicazioni\U3
2009-10-17 13:00 . 2006-10-29 21:57 74704 ----a-w- c:\documents and settings\marco\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-17 08:34 . 2009-06-26 16:58 -------- d-----w- c:\documents and settings\marco\Dati applicazioni\DVDFab
2009-10-17 08:32 . 2009-06-25 20:38 -------- d-----w- c:\documents and settings\marco\Dati applicazioni\Vso
2009-10-17 08:32 . 2009-06-25 20:38 47360 ----a-w- c:\documents and settings\marco\Dati applicazioni\pcouffin.sys
2009-10-17 08:32 . 2009-06-25 20:38 47360 ----a-w- c:\documents and settings\marco\Dati applicazioni\pcouffin.sys
2009-10-16 20:33 . 2007-05-01 15:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2009-10-16 19:43 . 2009-06-23 19:09 117760 ----a-w- c:\documents and settings\marco\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-16 19:40 . 2008-09-21 19:58 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-10-16 18:24 . 2006-09-02 07:43 -------- d-----w- c:\programmi\Microsoft Works
2009-10-16 16:26 . 2006-08-01 08:01 -------- d-----w- c:\programmi\Sony
2009-10-04 17:09 . 2009-01-09 18:03 -------- d-----w- c:\programmi\tele2
2009-09-15 11:59 . 2008-08-15 20:57 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 11:56 . 2008-08-15 20:57 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 11:56 . 2008-08-15 20:57 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 11:55 . 2008-08-15 20:57 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 11:55 . 2008-08-15 20:57 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 11:54 . 2008-08-15 20:57 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 11:54 . 2008-08-15 20:57 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 11:53 . 2008-08-15 20:57 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 11:53 . 2008-08-15 20:57 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-11 14:11 . 2006-07-31 03:36 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2006-07-31 03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1" [X]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-07-16 25604904]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2007-02-05 476728]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-16 2000112]
"BitTorrent DNA"="c:\programmi\DNA\btdna.exe" [2009-10-22 323392]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144]
"LDM"="c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-17 67128]
"OM2_Monitor"="c:\programmi\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-11-07 95536]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-04 68856]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VAIO Update 4"="c:\programmi\Sony\VAIO Update 4\VAIOUpdt.exe " [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-08 7561216]
"Apoint"="c:\programmi\Apoint\Apoint.exe" [2004-11-17 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
"VAIOCameraUtility"="c:\programmi\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 217088]
"ISBMgr.exe"="c:\programmi\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\programmi\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 483328]
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2007-01-01 169472]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"hpqSRMon"="c:\programmi\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-06-13 282624]
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-09-07 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-07 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"3DxAssociateFileExts"="c:\programmi\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer\register.exe FileExts" [X]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido HP Photosmart Premier.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-17 67128]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Start 3DxWare.lnk - c:\programmi\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe [2007-11-6 118272]
ymetray.lnk - c:\programmi\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-7-24 54512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-09-21 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-16 19:40 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 12:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Programmi\\Sony\\Click to DVD 2\\CtoDvd.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programmi\\Sony\\VAIO Media 5.0\\Vc.exe"=
"c:\\Programmi\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Programmi\\ANWSOFT\\CAMagic Mobile for Bluetooth\\LiveCheck.exe"=
"c:\\Programmi\\UGS\\NX 4.0\\UGII\\ugraf.exe"=
"c:\\UGSPLM\\I-DEAS11\\ideas\\ideast.exe"=
"c:\\UGSPLM\\I-DEAS11\\geo\\geomod.exe"=
"c:\\UGSPLM\\I-DEAS11\\oarun\\dpsmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\UGS\\NX 4.0\\UGFLEXLM\\lmgrd.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\WinDS PRO\\DeSmuME\\desmume_sse2.exe"=
"c:\\Programmi\\Activision\\Demo di SHREK TERZO\\SHReK the THiRD.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [24/11/2009 22.15.56 28552]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15/08/2008 21.57.31 114768]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 12.53.48 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [27/02/2007 11.39.26 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/08/2008 21.57.31 20560]
R2 I-DEAS License Manager 11.0;I-DEAS License Manager 11.0;c:\ugsplm\I-DEAS11\sec\lmgrd.exe [09/11/2006 20.48.13 595456]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 16.05.04 92008]
R2 UGNX4;UGNX4;c:\programmi\UGS\NX 4.0\UGFLEXLM\lmgrd.exe [27/10/2005 11.34.20 962560]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [31/07/2006 4.38.12 30080]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [31/07/2006 4.38.10 808448]
RUnknown IT iona_services.config_rep.nome-adab81b928 cfr-MyDomain;IT iona_services.config_rep.nome-adab81b928 cfr-MyDomain; [x]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/11/2008 0.17.56 716272]
S2 gupdate1ca0ca798b167ae;Servizio di Google Update (gupdate1ca0ca798b167ae);c:\programmi\Google\Update\GoogleUpdate.exe [24/07/2009 22.42.08 133104]
S3 rockusb;Driver for rockusb Device;c:\windows\system32\drivers\rockusb.sys [22/03/2006 19.57.44 73984]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 16.51.08 4096]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3213A908-DD47-4AE2-AD09-8426D02506D1}]
rundll32 polddfr0.dll,laspi
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-07-24 21:41]

2009-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-07-24 21:41]

2008-09-21 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\programmi\Spybot - Search & Destroy\SpybotSD.exe [2009-11-23 14:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost
IE: Aggiungi sito di supporto RSS a VAIO Information FLOW - c:\programmi\Sony\VAIO Information FLOW\aiesc.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Trasferimento tramite Image Converter 2 Plus - c:\programmi\Sony\Image Converter 2\menu.htm
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Notify-WgaLogon - (no file)
AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI
AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} - c:\programmi\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe REMOVEALL



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-28 23:28
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll
.
Ora fine scansione: 2009-11-28 23:32
ComboFix-quarantined-files.txt 2009-11-28 22:32

Pre-Run: 27.295.219.712 byte disponibili
Post-Run: 28.409.126.912 byte disponibili

- - End Of File - - 5204E92D3FA7D643134CC5695525789F
shapiro
Inviato: Sunday, November 29, 2009 12:25:24 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
non ci metto la mano sul fuoco, ma credo che siamo vicini alla soluzione

analizza qui >>> http://www.virustotal.com/it/

il file in rosso, potrebbe essere il responsabile della disattivazione del task manager e del regedit

c:\windows\system32\jmfa9.dll
paspas
Inviato: Sunday, November 29, 2009 12:40:12 AM

Rank: Member

Iscritto dal : 11/28/2009
Posts: 24

ecco i risultati, speriamo bene


a-squared 4.5.0.43 2009.11.29 Trojan-Spy.Win32.Ambler!IK
AhnLab-V3 5.0.0.2 2009.11.28 -
AntiVir 7.9.1.79 2009.11.27 -
Antiy-AVL 2.0.3.7 2009.11.27 -
Authentium 5.2.0.5 2009.11.28 -
Avast 4.8.1351.0 2009.11.28 -
AVG 8.5.0.426 2009.11.28 -
BitDefender 7.2 2009.11.28 -
CAT-QuickHeal 10.00 2009.11.28 -
ClamAV 0.94.1 2009.11.28 -
Comodo 3071 2009.11.28 TrojWare.Win32.TrojanDownloader.BHO.~BH
DrWeb 5.0.0.12182 2009.11.28 -
eSafe 7.0.17.0 2009.11.26 -
eTrust-Vet 35.1.7146 2009.11.27 -
F-Prot 4.5.1.85 2009.11.28 -
F-Secure 9.0.15370.0 2009.11.24 -
Fortinet 4.0.14.0 2009.11.28 -
GData 19 2009.11.28 -
Ikarus T3.1.1.74.0 2009.11.28 Trojan-Spy.Win32.Ambler
Jiangmin 11.0.800 2009.11.28 -
K7AntiVirus 7.10.906 2009.11.27 -
Kaspersky 7.0.0.125 2009.11.29 -
McAfee 5816 2009.11.28 -
McAfee+Artemis 5816 2009.11.28 -
McAfee-GW-Edition 6.8.5 2009.11.28 -
Microsoft 1.5302 2009.11.28 -
NOD32 4645 2009.11.28 -
Norman 6.03.02 2009.11.27 -
nProtect 2009.1.8.0 2009.11.28 -
Panda 10.0.2.2 2009.11.28 -
PCTools 7.0.3.5 2009.11.28 -
Prevx 3.0 2009.11.29 Medium Risk Malware
Rising 22.23.05.04 2009.11.28 -
Sophos 4.48.0 2009.11.28 -
Sunbelt 3.2.1858.2 2009.11.28 -
Symantec 1.4.4.12 2009.11.29 -
TheHacker 6.5.0.2.081 2009.11.28 -
TrendMicro 9.100.0.1001 2009.11.28 -
VBA32 3.12.12.0 2009.11.28 -
ViRobot 2009.11.28.2060 2009.11.28 -
VirusBuster 5.0.21.0 2009.11.28 -
Informazioni addizionali
File size: 43008 bytes
MD5...: b00ad5a191b0e6a5d67b15d0a67011a7
SHA1..: 4ba53da52d0f310ae2a92d9ed448fc332a49f7d1
SHA256: 1b985d2cea84556c852ad1010c71e8512f5eb2e4dd4beffd8e3bffe907a21d49
ssdeep: 768:3JKPBWTTGzpIEuLCmR7sbLVsy7XcaTpw5IT59wZaB6nn9MqaUP:3QPBHybR0
1caTew9w8B66qaUP

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x203c0
timedatestamp.....: 0x4b0c0966 (Tue Nov 24 16:27:18 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x16000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x17000 0xa000 0x9600 7.90 27847f16270cd272974996b6f5c46a6b
.rsrc 0x21000 0x1000 0xe00 3.41 cabc40e61d3dbdac26ec21850b8931fc

( 7 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree
> ATL.DLL: -
> gdiplus.dll: GdipFree
> MSVCP60.dll: _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB
> MSVCRT.dll: free
> OLEAUT32.dll: -
> USER32.dll: IsWindow

( 6 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, ID, laspi

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
sigcheck:
publisher....: Polax Ltd
copyright....:
product......: Polax Toolbar Helper
description..: Polax Toolbar Helper
original name:
internal name:
file version.: 4.0
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned

<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=CC7807FA00F45177A82100954FEB340097733E01' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=CC7807FA00F45177A82100954FEB340097733E01</a>
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
shapiro
Inviato: Sunday, November 29, 2009 12:47:51 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
paspas ci aggiorniamo a domattina....oltre quel file c'e' altro da togliere

paspas
Inviato: Sunday, November 29, 2009 1:10:10 AM

Rank: Member

Iscritto dal : 11/28/2009
Posts: 24
ok grazie,
sei un grande
shapiro
Inviato: Sunday, November 29, 2009 10:56:55 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
paspas mentre ti preparo lo script, inizia a fare un po' di pulizia


scarica http://www.filehippo.com/download_ccleaner/

1) per il download dell'ultima versione clicca a destra in alto sotto la freccia verde
2) installalo (senza la toolbar aggiuntiva)
3) clicca su "avvia pulizia", ripeti il procedimento 2 volte

poi


scarica http://www.atribune.org/ccount/click.php?id=1


Avvia ATFCleaner.exe con un doppio click

1.1) seleziona la casella Select All
2.1) clicca sul pulsante Empty selected
3.1) aspetta l'avviso Done Cleaning
(se usi opera o firefox,spunta anche le loro
shapiro
Inviato: Sunday, November 29, 2009 11:03:38 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
Decomprimi l'archivio

Avvia il file avenger.exe

Copi e incolli nella finestra: "Imput script here" il SEGUENTE testo COSI' come l'ho scritto CON la dicitura files to delete:


files to delete:
c:\windows\system32\jmfa9.dll
C:\Programmi\DNA\btdna.exe


Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.
paspas
Inviato: Sunday, November 29, 2009 11:37:45 AM

Rank: Member

Iscritto dal : 11/28/2009
Posts: 24
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "c:\windows\system32\jmfa9.dll" deleted successfully.
File "C:\Programmi\DNA\btdna.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
shapiro
Inviato: Sunday, November 29, 2009 11:38:55 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
controlla se adesso task manager e regedit si aprono

paspas
Inviato: Sunday, November 29, 2009 11:39:51 AM

Rank: Member

Iscritto dal : 11/28/2009
Posts: 24
no non funzionano ancora
shapiro
Inviato: Sunday, November 29, 2009 11:43:23 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
lancia di nuovo l'utility che ti ho fatto scaricare e clicca sulla seconda opzione- riavvia il pc e controlla, adesso dovrebbe andare
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.