Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllereste anche questo log di un altro pc grazie ancora per il vostro lavoro

controllereste anche questo log di un altro pc grazie ancora per il vostro lavoro Opzioni
Topic Precedente · Topic Sucessivo
faccino
Inviato: Friday, February 26, 2010 12:39:30 PM
Rank: AiutAmico

Iscritto dal : 2/3/2005
Posts: 38

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.37.56, on 26/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programmi\ESET\ESET Smart Security\ekrn.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Programmi\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\LogMeIn\x86\RaMaint.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\LogMeIn\x86\LogMeIn.exe
C:\DOCUME~1\VANNIT~1\IMPOST~1\Temp\qow60g.exe
C:\Programmi\LogMeIn\x86\LMIGuardian.exe
C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
C:\Programmi\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programmi\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Programmi\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com/en/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: C:\WINDOWS\system32\s6sqb.dll - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\WINDOWS\system32\s6sqb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programmi\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Calc32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programmi\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [FreeCall] "C:\programmi\freecall.com\freecall\freecall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [uishf9wuifwuh387fh3wufinhjfdwefe] C:\DOCUME~1\VANNIT~1\IMPOST~1\Temp\qow60g.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: VAIO Launcher.lnk = C:\Programmi\Sony\VAIO Launcher\Launcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: VAIO Launcher.lnk = C:\Programmi\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Programmi\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: msconfig32.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?db16e68428ff446bb10cc461d90ccd97
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?db16e68428ff446bb10cc461d90ccd97
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Trasferimento tramite Image Converter 2 - C:\Programmi\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167385874281
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll
O22 - SharedTaskScheduler: dfgfgfiljojigidghu7yuhdiugrh98au - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\WINDOWS\system32\s6sqb.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Programmi\ESET\ESET Smart Security\ekrn.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Programmi\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programmi\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programmi\LogMeIn\x86\LogMeIn.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Programmi\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 13611 bytes
Torna in alto
 
Sponsor
Inviato: Friday, February 26, 2010 12:39:30 PM

 
Torna in alto
 
paolopa
Inviato: Friday, February 26, 2010 12:49:46 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
sembra ci siano problemi anche qua,esegui mbam: http://software.aiutamici.com/software?ID=80346
ricordati di aggiornarlo.
ricorda che dovrai aggiornare all sp3 ,è importante per la sicurezza.
stesso discorso fatto nell altro post per il teatimer di spybot,conviene eliminarlo.
eset smart security è quella promozione che durava 4 mesi?ti fa ancora gli aggiornamenti?
Torna in alto
 
faccino
Inviato: Friday, February 26, 2010 1:49:12 PM
Rank: AiutAmico

Iscritto dal : 2/3/2005
Posts: 38
ciao paolo, grazie per la disponibilità vorrei chiederti se per caso devo eliminare qualcosa dal log di hijackthis prima di fare la scansione con malware.
east smart security è quello di 4 mesi, ma va bene? o mi consigli qualcosa di meglio magari gratuito da trovare su internet.
Torna in alto
 
paolopa
Inviato: Friday, February 26, 2010 2:06:43 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
mi correggo,credo siano 3 mesi la promozione gratuita,ma quello che volevo sapere era quando l avevi fatta.io uso tutti prodotti free e non ho problemi,poi magari vedremo.
io non mi sento in grado di dirti con serenita' cosa fixare con hijack,so cosa farei sul mio pc, ma quando si tratta di altri sono molto prudente perchè si fa presto a fare danni,per cui intanto che aspetti altri pareri fai(se vuoi)una scansione completa con mbam aggiornato e posta il log,cosi' intanto vediamo cosa elimina.
Torna in alto
 
faccino
Inviato: Friday, February 26, 2010 2:57:11 PM
Rank: AiutAmico

Iscritto dal : 2/3/2005
Posts: 38
ecco il log di Anti-malware

Malwarebytes' Anti-Malware 1.44
Versione del database: 3795
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

26/02/2010 14.56.37
mbam-log-2010-02-26 (14-56-28).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|F:\|G:\|H:\|)
Elementi scansionati: 226294
Tempo trascorso: 43 minute(s), 48 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 9
Valori di registro infetti: 6
Elementi dato del registro infetti: 2
Cartelle infette: 0
File infetti: 12

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\iehlprobj.iehlprobj.1 (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f171a44f-7af5-43e1-afed-edc826a1b0f5} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f171a450-7af5-43e1-afed-edc826a1b0f5} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{f171a442-7af5-43e1-afed-edc826a1b0f5} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f171a450-7af5-43e1-afed-edc826a1b0f5} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\MNDOWN (Trojan.PWS) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> No action taken.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Documents and Settings\Vanni Tortoli\Impostazioni locali\Temp\jkj7go.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Vanni Tortoli\Impostazioni locali\Temp\054.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Vanni Tortoli\Impostazioni locali\Temp\529.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Vanni Tortoli\Impostazioni locali\Temp\y5z9efne.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Vanni Tortoli\Impostazioni locali\Temp\dbgke.exe (Trojan.Downloader) -> No action taken.
C:\RECYCLER\S-1-5-21-1507669340-9544429885-704465558-3180\nissan.exe (Worm.Autorun.B) -> No action taken.
C:\WINDOWS\Temp\NOD77.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\qg30h.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\drivers\fxdsbdhy.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\flags.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\uses32.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\Vanni Tortoli\Menu Avvio\Programmi\Esecuzione automatica\msconfig32.exe (Trojan.Bredolab) -> No action taken.
Torna in alto
 
r16
Inviato: Friday, February 26, 2010 3:03:39 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Bel Vundo.
Elimina tutto quello che ha trovato Malwarebytes.

Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
Torna in alto
 
faccino
Inviato: Friday, February 26, 2010 4:42:08 PM
Rank: AiutAmico

Iscritto dal : 2/3/2005
Posts: 38
ComboFix 10-02-25.02 - Vanni Tortoli 26/02/2010 16.15.23.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.2047.1597 [GMT 1:00]
Eseguito da: c:\documents and settings\Vanni Tortoli\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Firewall ESET *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Resident AV is active


ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1507669340-9544429885-704465558-3180
c:\recycler\S-1-5-21-2158278161-9757959436-076246564-2390
c:\recycler\S-1-5-21-2681277300-10902874-3896863843-1003
c:\recycler\S-1-5-21-2858160232-5899185961-919369888-9232
c:\recycler\S-1-5-21-2878540811-5877928357-877845780-9379
c:\recycler\S-1-5-21-3596807729-3511705347-315515572-1098
c:\recycler\S-1-5-21-5054426340-4412421046-524067951-0175
c:\recycler\S-1-5-21-5293784107-7692673130-819369021-9915
c:\recycler\S-1-5-21-5317862204-1011376325-080872583-1756
c:\recycler\S-1-5-21-5622007678-0511393997-106588442-5649
c:\recycler\S-1-5-21-5935139457-7390003045-344194476-3986
c:\recycler\S-1-5-21-6398573919-3062489737-329492007-6353
c:\recycler\S-1-5-21-7585942024-7898139745-555065904-6512
c:\recycler\S-1-5-21-8563419788-4513976587-178272719-5055
c:\windows\box.exe
c:\windows\srchasst\nls302en.lex

.
((((((((((((((((((((((((( Files Creati Da 2010-01-26 al 2010-02-26 )))))))))))))))))))))))))))))))))))
.

2010-02-26 12:05 . 2010-02-26 12:05 -------- d-----w- c:\documents and settings\Vanni Tortoli\Dati applicazioni\Malwarebytes
2010-02-26 12:05 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-26 12:04 . 2010-02-26 12:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-02-26 12:04 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-26 12:04 . 2010-02-26 12:05 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-26 11:36 . 2010-02-26 11:36 -------- d-----w- c:\programmi\Trend Micro
2010-02-25 13:56 . 2010-02-25 13:56 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\ESET
2010-02-25 13:55 . 2010-02-25 13:55 -------- d-----w- c:\documents and settings\Vanni Tortoli\Dati applicazioni\ESET
2010-02-25 13:55 . 2010-02-25 13:55 -------- d-----w- c:\documents and settings\Vanni Tortoli\Impostazioni locali\Dati applicazioni\ESET
2010-02-25 13:54 . 2010-02-25 13:54 -------- d-----w- c:\programmi\ESET
2010-02-25 13:54 . 2010-02-25 13:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ESET
2010-02-11 12:54 . 2010-02-26 15:24 0 ----a-w- c:\windows\system32\drivers\fxdsbdhy.sys
2010-02-11 12:53 . 2010-02-11 13:28 22528 ----a-w- C:\fndxes.exe
2010-02-03 16:44 . 2009-12-16 13:42 43008 ----a-w- c:\documents and settings\Vanni Tortoli\Dati applicazioni\Mozilla\Firefox\Profiles\bludfozr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-02-03 16:44 . 2009-12-16 13:42 340480 ----a-w- c:\documents and settings\Vanni Tortoli\Dati applicazioni\Mozilla\Firefox\Profiles\bludfozr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-02-03 16:44 . 2009-12-16 13:41 346624 ----a-w- c:\documents and settings\Vanni Tortoli\Dati applicazioni\Mozilla\Firefox\Profiles\bludfozr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-02-03 16:44 . 2009-12-16 13:42 872960 ----a-w- c:\documents and settings\Vanni Tortoli\Dati applicazioni\Mozilla\Firefox\Profiles\bludfozr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 15:26 . 2007-01-16 12:52 -------- d-----w- c:\documents and settings\Vanni Tortoli\Dati applicazioni\Skype
2010-02-26 11:11 . 2007-12-10 14:06 -------- d-----w- c:\programmi\LogMeIn
2010-02-25 13:01 . 2007-02-23 08:41 -------- d-----w- c:\programmi\AdunanzA
2010-02-17 12:30 . 2006-01-10 20:24 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\Sony Corporation
2009-12-30 22:20 . 2005-08-04 07:45 57394 ----a-w- c:\windows\system32\perfc010.dat
2009-12-30 22:20 . 2005-08-04 07:45 366504 ----a-w- c:\windows\system32\perfh010.dat
2007-11-16 23:32 . 2006-01-11 21:53 1890 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\atapi.sys
[7] 2004-08-19 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[-] 2004-08-03 20:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 68856]
"Yahoo! Pager"="c:\programmi\Yahoo!\Messenger\ypager.exe" [2004-08-06 2502656]
"FreeCall"="c:\programmi\freecall.com\freecall\freecall.exe" [2007-04-17 7247408]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2007-09-13 22880040]
"updateMgr"="c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2005-10-06 278528]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-06-03 81920]
"LogMeIn GUI"="c:\programmi\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2006-09-01 282624]
"CanonSolutionMenu"="c:\programmi\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"egui"="c:\programmi\ESET\ESET Smart Security\egui.exe" [2009-10-01 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\Default User\Menu Avvio\Programmi\Esecuzione automatica\
VAIO Launcher.lnk - c:\programmi\Sony\VAIO Launcher\Launcher.exe [2003-10-2 778240]

c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
VAIO Launcher.lnk - c:\programmi\Sony\VAIO Launcher\Launcher.exe [2003-10-2 778240]

c:\documents and settings\LogMeInRemoteUser\Menu Avvio\Programmi\Esecuzione automatica\
VAIO Launcher.lnk - c:\programmi\Sony\VAIO Launcher\Launcher.exe [2003-10-2 778240]

c:\documents and settings\Vanni Tortoli\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-20 113664]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-19 12:02 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 15:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Programmi\\Sony\\VAIO Media 4.0\\Vc.exe"=
"c:\\Programmi\\Sony\\VAIO Media Integrated Server\\Platform\\SV_Httpd.exe"=
"c:\\Programmi\\Sony\\VAIO Media Integrated Server\\Platform\\UPnPFramework.exe"=
"c:\\Programmi\\Sony\\VAIO Media Integrated Server\\Platform\\VMConsole.exe"=
"c:\\Programmi\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2541:TCP"= 2541:TCP:lmzdxmfc

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [23/01/2006 17.01.15 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [23/01/2006 17.01.15 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [01/10/2009 15.06.40 108792]
R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [06/07/2004 13.07.06 45627]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [20/10/2004 3.47.54 98304]
R2 ekrn;ESET Service;c:\programmi\ESET\ESET Smart Security\ekrn.exe [01/10/2009 15.06.52 735960]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programmi\LogMeIn\x86\rainfo.sys [03/08/2007 15.09.34 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [10/12/2007 15.06.34 47640]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [20/10/2004 2.40.46 118784]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [04/08/2005 8.45.38 71961]
S2 wgavjfot;Installer Server;c:\windows\system32\svchost.exe -k netsvcs [04/08/2005 8.44.48 14336]
S3 Hdatruev;Hdatruev; [x]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [02/01/2007 17.23.56 163840]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - fxdsbdhy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wgavjfot
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-26 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://google.it/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Apri in nuova scheda in primo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?db16e68428ff446bb10cc461d90ccd97
IE: Apri in nuova scheda in secondo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?db16e68428ff446bb10cc461d90ccd97
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Trasferimento tramite Image Converter 2 - c:\programmi\Sony\Image Converter 2\menu.htm
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
FF - ProfilePath - c:\documents and settings\Vanni Tortoli\Dati applicazioni\Mozilla\Firefox\Profiles\bludfozr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://it.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - component: c:\documents and settings\Vanni Tortoli\Dati applicazioni\Mozilla\Firefox\Profiles\bludfozr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\programmi\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\programmi\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\programmi\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\programmi\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\programmi\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\programmi\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\programmi\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npbittorrent.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{A3BA40A2-74F0-42BD-F434-00B15A2C8953} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-26 16:25
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A3276D8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cfc3
\Driver\ACPI -> ACPI.sys @ 0xba757cb8
\Driver\atapi -> 0x8a3276d8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xba4b6ba0
PacketIndicateHandler -> NDIS.sys @ 0xba4a5a0b
SendHandler -> NDIS.sys @ 0xba4b9b31
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fxdsbdhy]

--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wgavjfot]
"ServiceDll"="c:\windows\system32\ymrhvqnh.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:8d,d4,c6,25,09,44,24,e5,0c,46,7f,ae,77,5e,2b,03,4e,30,f8,fa,ad,
53,01,54,49,bc,08,76,24,7c,36,ff,f1,22,6a,d8,81,2c,8a,ec,18,22,8f,19,fc,fd,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:8d,d4,c6,25,09,44,24,e5,0c,46,7f,ae,77,5e,2b,03,4e,30,f8,fa,ad,
53,01,54,49,bc,08,76,24,7c,36,ff,f1,22,6a,d8,81,2c,8a,ec,18,22,8f,19,fc,fd,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1500)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\VESWinlogon.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(1808)
c:\programmi\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\AvidSDMService.exe
c:\programmi\LogMeIn\x86\RaMaint.exe
c:\programmi\LogMeIn\x86\LogMeIn.exe
c:\programmi\LogMeIn\x86\LMIGuardian.exe
c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\programmi\Sony\VAIO Event Service\VESMgr.exe
c:\programmi\Sony\VAIO Media Integrated Server\VMISrv.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\programmi\LogMeIn\x86\LMIGuardian.exe
c:\programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\programmi\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
c:\programmi\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
c:\programmi\File comuni\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-02-26 16:30:33 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-02-26 15:30

Pre-Run: 10.971.127.808 byte disponibili
Post-Run: 11.185.668.096 byte disponibili

- - End Of File - - 96A6F5F8A1D6ED2C083565939E0FF93D
Torna in alto
 
r16
Inviato: Friday, February 26, 2010 7:37:32 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Vai in "Installazione Applicazioni" e rimuovi TUTTE le versioni JAVA.
Fai una pulizia con CCleaner (registro compreso)
In seguito installeremo l'ultima versione.

Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe e poi clicca Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::

File::
c:\windows\system32\drivers\fxdsbdhy.sys
C:\fndxes.exe
c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
c:\windows\system32\ymrhvqnh.dll

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2541:TCP"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fxdsbdhy]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wgavjfot]

Driver::
wgavjfot
Hdatruev
fxdsbdhy

Domains::

NetSvcs::
wgavjfot


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
Torna in alto
 
faccino
Inviato: Thursday, March 04, 2010 6:46:33 PM
Rank: AiutAmico

Iscritto dal : 2/3/2005
Posts: 38
ecco il log come mi hai chiesto


ComboFix 10-02-25.02 - Vanni Tortoli 04/03/2010 18.07.55.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.2047.1557 [GMT 1:00]
Eseguito da: c:\documents and settings\Vanni Tortoli\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Vanni Tortoli\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Firewall ESET *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Resident AV is active


ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"C:\fndxes.exe"
"c:\windows\system32\drivers\fxdsbdhy.sys"
"c:\windows\system32\ymrhvqnh.dll"
"c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\fndxes.exe
c:\windows\system32\drivers\fxdsbdhy.sys

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FXDSBDHY
-------\Legacy_WGAVJFOT
-------\Service_fxdsbdhy
-------\Service_Hdatruev
-------\Service_wgavjfot


((((((((((((((((((((((((( Files Creati Da 2010-02-04 al 2010-03-04 )))))))))))))))))))))))))))))))))))
.

2010-02-26 12:05 . 2010-02-26 12:05 -------- d-----w- c:\documents and settings\Vanni Tortoli\Dati applicazioni\Malwarebytes
2010-02-26 12:05 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-26 12:04 . 2010-02-26 12:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-02-26 12:04 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-26 12:04 . 2010-02-26 12:05 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-26 11:36 . 2010-02-26 11:36 -------- d-----w- c:\programmi\Trend Micro
2010-02-25 13:56 . 2010-02-25 13:56 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\ESET
2010-02-25 13:55 . 2010-02-25 13:55 -------- d-----w- c:\documents and settings\Vanni Tortoli\Dati applicazioni\ESET
2010-02-25 13:55 . 2010-02-25 13:55 -------- d-----w- c:\documents and settings\Vanni Tortoli\Impostazioni locali\Dati applicazioni\ESET
2010-02-25 13:54 . 2010-02-25 13:54 -------- d-----w- c:\programmi\ESET
2010-02-25 13:54 . 2010-02-25 13:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ESET
2010-02-03 16:44 . 2009-12-16 13:42 43008 ----a-w- c:\documents and settings\Vanni Tortoli\Dati applicazioni\Mozilla\Firefox\Profiles\bludfozr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-02-03 16:44 . 2009-12-16 13:42 340480 ----a-w- c:\documents and settings\Vanni Tortoli\Dati applicazioni\Mozilla\Firefox\Profiles\bludfozr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-02-03 16:44 . 2009-12-16 13:41 346624 ----a-w- c:\documents and settings\Vanni Tortoli\Dati applicazioni\Mozilla\Firefox\Profiles\bludfozr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-02-03 16:44 . 2009-12-16 13:42 872960 ----a-w- c:\documents and settings\Vanni Tortoli\Dati applicazioni\Mozilla\Firefox\Profiles\bludfozr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 15:51 . 2007-01-02 16:01 -------- d-----w- c:\programmi\Creative
2010-03-04 15:48 . 2005-08-05 11:53 -------- d-----w- c:\programmi\Google
2010-03-04 15:44 . 2007-10-01 18:16 -------- d-----w- c:\programmi\Skype
2010-03-04 15:43 . 2007-01-16 12:52 -------- d-----w- c:\documents and settings\Vanni Tortoli\Dati applicazioni\Skype
2010-03-04 15:42 . 2005-08-05 11:54 -------- d-----w- c:\programmi\Yahoo!
2010-03-04 15:41 . 2007-09-12 23:00 -------- d-----w- c:\programmi\Windows Live Toolbar
2010-03-04 13:26 . 2007-12-17 15:15 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-03-04 13:26 . 2007-12-17 15:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-03-04 10:47 . 2007-12-10 14:06 -------- d-----w- c:\programmi\LogMeIn
2010-03-04 10:46 . 2009-09-10 21:51 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-03-03 17:36 . 2007-02-23 08:41 -------- d-----w- c:\programmi\AdunanzA
2010-02-17 12:30 . 2006-01-10 20:24 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\Sony Corporation
2009-12-31 16:14 . 2005-08-04 07:44 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 22:20 . 2005-08-04 07:45 57394 ----a-w- c:\windows\system32\perfc010.dat
2009-12-30 22:20 . 2005-08-04 07:45 366504 ----a-w- c:\windows\system32\perfh010.dat
2009-12-22 05:34 . 2005-08-04 07:44 671232 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:34 . 2005-08-04 07:44 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-17 07:58 . 2005-08-04 14:55 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2005-08-04 07:44 33280 ----a-w- c:\windows\system32\csrsrv.dll
2007-11-16 23:32 . 2006-01-11 21:53 1890 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-02-26_15.23.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-04 17:16 . 2010-03-04 17:16 16384 c:\windows\temp\Perflib_Perfdata_464.dat
- 2007-01-29 08:58 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2007-01-29 08:58 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
- 2005-08-04 07:44 . 2009-10-29 05:19 39424 c:\windows\system32\pngfilt.dll
+ 2005-08-04 07:44 . 2009-12-22 05:34 39424 c:\windows\system32\pngfilt.dll
+ 2004-08-19 15:39 . 2009-11-27 17:33 17920 c:\windows\system32\msyuv.dll
+ 2005-08-04 07:44 . 2009-11-27 16:38 28672 c:\windows\system32\msvidc32.dll
+ 2005-08-04 07:44 . 2009-11-27 16:38 11264 c:\windows\system32\msrle32.dll
- 2005-08-04 07:44 . 2004-08-19 12:00 11264 c:\windows\system32\msrle32.dll
- 2005-08-04 07:44 . 2009-10-29 05:19 16384 c:\windows\system32\jsproxy.dll
+ 2005-08-04 07:44 . 2009-12-22 05:34 16384 c:\windows\system32\jsproxy.dll
+ 2004-08-19 15:39 . 2009-11-27 16:38 48128 c:\windows\system32\iyuv_32.dll
+ 2005-08-04 07:44 . 2009-12-22 05:34 96768 c:\windows\system32\inseng.dll
- 2005-08-04 07:44 . 2009-10-29 05:19 96768 c:\windows\system32\inseng.dll
- 2005-08-04 07:44 . 2009-06-16 14:53 82432 c:\windows\system32\fontsub.dll
+ 2005-08-04 07:44 . 2009-10-15 17:20 82432 c:\windows\system32\fontsub.dll
- 2005-08-04 07:44 . 2009-10-29 05:19 55808 c:\windows\system32\extmgr.dll
+ 2005-08-04 07:44 . 2009-12-22 05:34 55808 c:\windows\system32\extmgr.dll
- 2007-04-18 12:46 . 2009-10-29 05:19 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2007-04-18 12:46 . 2009-12-22 05:34 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-19 15:39 . 2009-11-27 17:33 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2009-11-27 16:38 . 2009-11-27 16:38 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:38 . 2009-11-27 16:38 11264 c:\windows\system32\dllcache\msrle32.dll
- 2007-04-18 12:46 . 2009-10-29 05:19 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-04-18 12:46 . 2009-12-22 05:34 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-19 15:39 . 2009-11-27 16:38 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2007-04-18 12:46 . 2009-12-22 05:34 96768 c:\windows\system32\dllcache\inseng.dll
- 2007-04-18 12:46 . 2009-10-29 05:19 96768 c:\windows\system32\dllcache\inseng.dll
- 2005-08-04 07:44 . 2009-09-25 05:48 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2005-08-04 07:44 . 2009-12-22 05:34 81920 c:\windows\system32\dllcache\ieencode.dll
- 2007-04-18 10:42 . 2009-10-27 11:01 18432 c:\windows\system32\dllcache\iedw.exe
+ 2007-04-18 10:42 . 2009-12-16 13:35 18432 c:\windows\system32\dllcache\iedw.exe
- 2009-06-16 14:53 . 2009-06-16 14:53 82432 c:\windows\system32\dllcache\fontsub.dll
+ 2009-06-16 14:53 . 2009-10-15 17:20 82432 c:\windows\system32\dllcache\fontsub.dll
+ 2007-04-18 12:46 . 2009-12-22 05:34 55808 c:\windows\system32\dllcache\extmgr.dll
- 2007-04-18 12:46 . 2009-10-29 05:19 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2009-12-14 07:35 . 2009-12-14 07:35 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-06-10 14:23 . 2009-11-27 16:38 85504 c:\windows\system32\dllcache\avifil32.dll
- 2009-06-10 14:23 . 2009-06-10 14:23 85504 c:\windows\system32\dllcache\avifil32.dll
+ 2005-08-04 07:44 . 2009-11-27 16:38 85504 c:\windows\system32\avifil32.dll
- 2005-08-04 07:44 . 2009-06-10 14:23 85504 c:\windows\system32\avifil32.dll
- 2008-10-15 23:44 . 2009-12-23 15:32 23040 c:\windows\Installer\{91CA0410-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-10-15 23:44 . 2010-03-03 18:04 23040 c:\windows\Installer\{91CA0410-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-10-15 23:44 . 2009-12-23 15:32 61440 c:\windows\Installer\{91CA0410-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-10-15 23:44 . 2010-03-03 18:04 61440 c:\windows\Installer\{91CA0410-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-10-15 23:44 . 2010-03-03 18:04 27136 c:\windows\Installer\{91CA0410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-10-15 23:44 . 2009-12-23 15:32 27136 c:\windows\Installer\{91CA0410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-10-15 23:44 . 2009-12-23 15:32 11264 c:\windows\Installer\{91CA0410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-10-15 23:44 . 2010-03-03 18:04 11264 c:\windows\Installer\{91CA0410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-10-15 23:44 . 2009-12-23 15:32 12288 c:\windows\Installer\{91CA0410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-10-15 23:44 . 2010-03-03 18:04 12288 c:\windows\Installer\{91CA0410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-01-17 17:45 . 2009-12-23 15:31 90112 c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2006-01-17 17:45 . 2010-03-03 17:47 90112 c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2006-01-17 17:45 . 2009-12-23 15:31 45056 c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2006-01-17 17:45 . 2010-03-03 17:47 45056 c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2006-01-17 17:45 . 2010-03-03 17:48 22528 c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2006-01-17 17:45 . 2009-12-23 15:31 22528 c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2006-01-17 17:45 . 2010-03-03 17:47 30720 c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2006-01-17 17:45 . 2009-12-23 15:31 30720 c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2006-01-17 17:45 . 2009-12-23 15:31 16384 c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2006-01-17 17:45 . 2010-03-03 17:47 16384 c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2006-01-17 17:45 . 2009-12-23 15:31 34304 c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2006-01-17 17:45 . 2010-03-03 17:47 34304 c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2006-01-17 17:45 . 2010-03-03 17:47 81920 c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2006-01-17 17:45 . 2009-12-23 15:31 81920 c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2009-11-27 17:33 . 2009-11-27 17:33 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:38 . 2009-11-27 16:38 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2001-08-30 23:08 . 2009-11-27 16:38 8704 c:\windows\system32\tsbyuv.dll
+ 2001-08-30 23:08 . 2009-11-27 16:38 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2008-10-15 23:44 . 2010-03-03 18:04 4096 c:\windows\Installer\{91CA0410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-10-15 23:44 . 2009-12-23 15:32 4096 c:\windows\Installer\{91CA0410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-01-17 17:45 . 2010-03-03 17:47 3584 c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2006-01-17 17:45 . 2009-12-23 15:31 3584 c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2006-01-17 17:45 . 2009-12-23 15:31 8192 c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2006-01-17 17:45 . 2010-03-03 17:47 8192 c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2006-01-17 17:45 . 2010-03-03 17:47 2560 c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2006-01-17 17:45 . 2009-12-23 15:31 2560 c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-11-27 16:38 . 2009-11-27 16:38 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
- 2004-12-18 12:07 . 2009-10-28 00:43 368640 c:\windows\system32\xpsp3res.dll
+ 2004-12-18 12:07 . 2009-12-16 14:00 368640 c:\windows\system32\xpsp3res.dll
- 2005-08-04 07:44 . 2009-10-29 05:19 629248 c:\windows\system32\urlmon.dll
+ 2005-08-04 07:44 . 2009-12-22 05:34 629248 c:\windows\system32\urlmon.dll
- 2005-08-04 07:44 . 2009-06-16 14:53 119808 c:\windows\system32\t2embed.dll
+ 2005-08-04 07:44 . 2009-10-15 21:50 119808 c:\windows\system32\t2embed.dll
+ 2005-08-04 07:44 . 2009-12-08 09:00 474624 c:\windows\system32\shlwapi.dll
- 2005-08-04 07:44 . 2009-09-25 05:48 474624 c:\windows\system32\shlwapi.dll
+ 2005-08-04 07:44 . 2009-12-22 05:34 532480 c:\windows\system32\mstime.dll
- 2005-08-04 07:44 . 2009-10-29 05:19 532480 c:\windows\system32\mstime.dll
- 2005-08-04 07:44 . 2009-10-29 05:19 146432 c:\windows\system32\msrating.dll
+ 2005-08-04 07:44 . 2009-12-22 05:34 146432 c:\windows\system32\msrating.dll
- 2005-08-04 07:44 . 2009-10-29 05:19 449024 c:\windows\system32\mshtmled.dll
+ 2005-08-04 07:44 . 2009-12-22 05:34 449024 c:\windows\system32\mshtmled.dll
- 2005-08-04 07:44 . 2009-10-29 05:19 251904 c:\windows\system32\iepeers.dll
+ 2005-08-04 07:44 . 2009-12-22 05:34 251904 c:\windows\system32\iepeers.dll
+ 2005-08-04 07:44 . 2009-12-22 05:34 205312 c:\windows\system32\dxtrans.dll
- 2005-08-04 07:44 . 2009-10-29 05:19 205312 c:\windows\system32\dxtrans.dll
+ 2005-08-04 07:44 . 2009-12-22 05:34 357888 c:\windows\system32\dxtmsft.dll
- 2005-08-04 07:44 . 2009-10-29 05:19 357888 c:\windows\system32\dxtmsft.dll
+ 2005-08-04 07:44 . 2009-12-04 14:41 453760 c:\windows\system32\drivers\mrxsmb.sys
- 2007-04-18 12:46 . 2009-10-29 05:19 671232 c:\windows\system32\dllcache\wininet.dll
+ 2007-04-18 12:46 . 2009-12-22 05:34 671232 c:\windows\system32\dllcache\wininet.dll
- 2007-04-18 12:46 . 2009-10-29 05:19 629248 c:\windows\system32\dllcache\urlmon.dll
+ 2007-04-18 12:46 . 2009-12-22 05:34 629248 c:\windows\system32\dllcache\urlmon.dll
- 2009-06-16 14:53 . 2009-06-16 14:53 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-06-16 14:53 . 2009-10-15 21:50 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2006-08-14 10:34 . 2009-12-31 16:14 352640 c:\windows\system32\dllcache\srv.sys
- 2007-04-18 12:46 . 2009-09-25 05:48 474624 c:\windows\system32\dllcache\shlwapi.dll
+ 2007-04-18 12:46 . 2009-12-08 09:00 474624 c:\windows\system32\dllcache\shlwapi.dll
- 2007-04-18 12:46 . 2009-10-29 05:19 532480 c:\windows\system32\dllcache\mstime.dll
+ 2007-04-18 12:46 . 2009-12-22 05:34 532480 c:\windows\system32\dllcache\mstime.dll
+ 2007-04-18 12:46 . 2009-12-22 05:34 146432 c:\windows\system32\dllcache\msrating.dll
- 2007-04-18 12:46 . 2009-10-29 05:19 146432 c:\windows\system32\dllcache\msrating.dll
+ 2009-12-17 07:58 . 2009-12-17 07:58 346112 c:\windows\system32\dllcache\mspaint.exe
- 2007-04-18 12:46 . 2009-10-29 05:19 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-04-18 12:46 . 2009-12-22 05:34 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-05-05 09:41 . 2009-12-04 14:41 453760 c:\windows\system32\dllcache\mrxsmb.sys
+ 2007-04-18 12:46 . 2009-12-22 05:34 251904 c:\windows\system32\dllcache\iepeers.dll
- 2007-04-18 12:46 . 2009-10-29 05:19 251904 c:\windows\system32\dllcache\iepeers.dll
- 2007-04-18 12:46 . 2009-10-29 05:19 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-04-18 12:46 . 2009-12-22 05:34 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-04-18 12:46 . 2009-12-22 05:34 357888 c:\windows\system32\dllcache\dxtmsft.dll
- 2007-04-18 12:46 . 2009-10-29 05:19 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-04-18 12:46 . 2009-12-22 05:34 151552 c:\windows\system32\dllcache\cdfview.dll
- 2007-04-18 12:46 . 2009-10-29 05:19 151552 c:\windows\system32\dllcache\cdfview.dll
+ 2005-08-04 07:44 . 2009-11-21 16:38 470528 c:\windows\system32\dllcache\aclayers.dll
+ 2005-08-04 07:44 . 2009-12-22 05:34 151552 c:\windows\system32\cdfview.dll
- 2005-08-04 07:44 . 2009-10-29 05:19 151552 c:\windows\system32\cdfview.dll
- 2008-10-15 23:44 . 2009-12-23 15:32 409600 c:\windows\Installer\{91CA0410-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-10-15 23:44 . 2010-03-03 18:04 409600 c:\windows\Installer\{91CA0410-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-10-15 23:44 . 2010-03-03 18:04 286720 c:\windows\Installer\{91CA0410-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-10-15 23:44 . 2009-12-23 15:32 286720 c:\windows\Installer\{91CA0410-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-10-15 23:44 . 2010-03-03 18:04 249856 c:\windows\Installer\{91CA0410-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-10-15 23:44 . 2009-12-23 15:32 249856 c:\windows\Installer\{91CA0410-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-10-15 23:44 . 2010-03-03 18:04 794624 c:\windows\Installer\{91CA0410-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-10-15 23:44 . 2009-12-23 15:32 794624 c:\windows\Installer\{91CA0410-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-10-15 23:44 . 2009-12-23 15:32 135168 c:\windows\Installer\{91CA0410-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-10-15 23:44 . 2010-03-03 18:04 135168 c:\windows\Installer\{91CA0410-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-01-17 17:45 . 2010-03-03 17:47 114688 c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2006-01-17 17:45 . 2009-12-23 15:31 114688 c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2006-01-17 17:45 . 2010-03-03 17:47 167936 c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2006-01-17 17:45 . 2009-12-23 15:31 167936 c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2005-08-04 15:15 . 2009-12-04 14:41 453760 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2005-08-04 07:44 . 2009-11-21 16:38 470528 c:\windows\AppPatch\aclayers.dll
- 2005-08-04 07:44 . 2009-10-29 05:19 1510400 c:\windows\system32\shdocvw.dll
+ 2005-08-04 07:44 . 2009-12-22 05:34 1510400 c:\windows\system32\shdocvw.dll
+ 2005-08-04 07:44 . 2009-11-27 17:33 1296384 c:\windows\system32\quartz.dll
+ 2005-08-04 07:44 . 2009-12-22 05:34 3092480 c:\windows\system32\mshtml.dll
+ 2006-09-04 06:11 . 2009-12-22 05:34 1510400 c:\windows\system32\dllcache\shdocvw.dll
- 2006-09-04 06:11 . 2009-10-29 05:19 1510400 c:\windows\system32\dllcache\shdocvw.dll
+ 2007-10-29 22:42 . 2009-11-27 17:33 1296384 c:\windows\system32\dllcache\quartz.dll
+ 2007-05-04 12:59 . 2009-12-22 05:34 3092480 c:\windows\system32\dllcache\mshtml.dll
+ 2007-04-18 12:46 . 2009-12-22 05:34 1056256 c:\windows\system32\dllcache\danim.dll
- 2007-04-18 12:46 . 2009-09-25 05:48 1056256 c:\windows\system32\dllcache\danim.dll
- 2007-04-18 12:46 . 2009-10-29 05:19 1024000 c:\windows\system32\dllcache\browseui.dll
+ 2007-04-18 12:46 . 2009-12-22 05:34 1024000 c:\windows\system32\dllcache\browseui.dll
+ 2005-08-04 07:44 . 2009-12-22 05:34 1056256 c:\windows\system32\danim.dll
- 2005-08-04 07:44 . 2009-09-25 05:48 1056256 c:\windows\system32\danim.dll
- 2005-08-04 07:44 . 2009-10-29 05:19 1024000 c:\windows\system32\browseui.dll
+ 2005-08-04 07:44 . 2009-12-22 05:34 1024000 c:\windows\system32\browseui.dll
+ 2010-01-19 16:51 . 2010-01-19 16:51 5524480 c:\windows\Installer\e2d8f2.msp
+ 2009-12-01 14:52 . 2009-12-01 14:52 7970816 c:\windows\Installer\cf6929.msp
+ 2009-12-01 14:52 . 2009-12-01 14:52 9630208 c:\windows\Installer\cf6914.msp
+ 2010-01-19 17:29 . 2010-01-19 17:29 5050368 c:\windows\Installer\cf68ff.msp
+ 2007-04-19 11:49 . 2007-04-19 11:49 1661280 c:\windows\Installer\$PatchCache$\Managed\0140AC1900063D11C8EF10054038389C\11.0.8173\PPTVIEW.EXE
+ 2007-09-14 15:04 . 2010-02-01 10:26 30364104 c:\windows\system32\MRT.exe
+ 2010-03-03 17:50 . 2010-03-03 17:50 15710720 c:\windows\Installer\cf6932.msp
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2005-10-06 278528]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-06-03 81920]
"LogMeIn GUI"="c:\programmi\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2006-09-01 282624]
"CanonSolutionMenu"="c:\programmi\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"egui"="c:\programmi\ESET\ESET Smart Security\egui.exe" [2009-10-01 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\Default User\Menu Avvio\Programmi\Esecuzione automatica\
VAIO Launcher.lnk - c:\programmi\Sony\VAIO Launcher\Launcher.exe [2003-10-2 778240]

c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
VAIO Launcher.lnk - c:\programmi\Sony\VAIO Launcher\Launcher.exe [2003-10-2 778240]

c:\documents and settings\LogMeInRemoteUser\Menu Avvio\Programmi\Esecuzione automatica\
VAIO Launcher.lnk - c:\programmi\Sony\VAIO Launcher\Launcher.exe [2003-10-2 778240]

c:\documents and settings\Vanni Tortoli\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-20 113664]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-19 12:02 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 15:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Sony\\VAIO Media 4.0\\Vc.exe"=
"c:\\Programmi\\Sony\\VAIO Media Integrated Server\\Platform\\SV_Httpd.exe"=
"c:\\Programmi\\Sony\\VAIO Media Integrated Server\\Platform\\UPnPFramework.exe"=
"c:\\Programmi\\Sony\\VAIO Media Integrated Server\\Platform\\VMConsole.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [23/01/2006 17.01.15 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [01/10/2009 15.06.40 108792]
R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [06/07/2004 13.07.06 45627]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [20/10/2004 3.47.54 98304]
R2 ekrn;ESET Service;c:\programmi\ESET\ESET Smart Security\ekrn.exe [01/10/2009 15.06.52 735960]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programmi\LogMeIn\x86\rainfo.sys [03/08/2007 15.09.34 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [10/12/2007 15.06.34 47640]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [20/10/2004 2.40.46 118784]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [04/08/2005 8.45.38 71961]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [02/01/2007 17.23.56 163840]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [23/01/2006 17.01.15 160640]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://google.it/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Trasferimento tramite Image Converter 2 - c:\programmi\Sony\Image Converter 2\menu.htm
FF - ProfilePath - c:\documents and settings\Vanni Tortoli\Dati applicazioni\Mozilla\Firefox\Profiles\bludfozr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://it.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - component: c:\documents and settings\Vanni Tortoli\Dati applicazioni\Mozilla\Firefox\Profiles\bludfozr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npbittorrent.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{A3BA40A2-74F0-42BD-F434-00B15A2C8953} - (no file)
HKCU-Run-Yahoo! Pager - c:\programmi\Yahoo!\Messenger\ypager.exe
HKCU-Run-FreeCall - c:\programmi\freecall.com\freecall\freecall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 18:17
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:8d,d4,c6,25,09,44,24,e5,0c,46,7f,ae,77,5e,2b,03,4e,30,f8,fa,ad,
53,01,54,49,bc,08,76,24,7c,36,ff,f1,22,6a,d8,81,2c,8a,ec,18,22,8f,19,fc,fd,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:8d,d4,c6,25,09,44,24,e5,0c,46,7f,ae,77,5e,2b,03,4e,30,f8,fa,ad,
53,01,54,49,bc,08,76,24,7c,36,ff,f1,22,6a,d8,81,2c,8a,ec,18,22,8f,19,fc,fd,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1452)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\VESWinlogon.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(3168)
c:\programmi\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\AvidSDMService.exe
c:\programmi\LogMeIn\x86\RaMaint.exe
c:\programmi\LogMeIn\x86\LogMeIn.exe
c:\programmi\LogMeIn\x86\LMIGuardian.exe
c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\programmi\Sony\VAIO Event Service\VESMgr.exe
c:\programmi\Sony\VAIO Media Integrated Server\VMISrv.exe
c:\programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\programmi\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
c:\programmi\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
c:\programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\programmi\LogMeIn\x86\LMIGuardian.exe
c:\programmi\File comuni\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
.
**************************************************************************
.
Ora fine scansione: 2010-03-04 18:21:44 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-03-04 17:21
ComboFix2.txt 2010-02-26 15:30

Pre-Run: 11.395.686.400 byte disponibili
Post-Run: 11.268.780.032 byte disponibili

- - End Of File - - A555A3B5D40F4B2524D5CDC5615B5B85
Torna in alto
 
r16
Inviato: Thursday, March 04, 2010 7:49:48 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ok.
Scarica MBR:EXE direttamente nella Directory C:\ (Devi scaricarlo obligatoriamente in C: )

http://www2.gmer.net/mbr/mbr.exe

Clicca Start

Clicca Esegui...

Digita: cmd e poi ok.
si apre la finestra DOS, digita: CD \
premi invio

digita: mbr -f (fai il Copia-Incolla)
premi invio

Poi digita: exit
premi invio

Riavvia il pc

Posta qui il contenuto del log C:\mbr.log

Ti consiglio di cambiare antivirus. (non mi sembra che ti abbia aiutato molto)
Se non riscontri problemi finiamo con le pulizie.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllereste anche questo log di un altro pc grazie ancora per il vostro lavoro


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.