Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Chiavi di registro infette Opzioni
cris57
Inviato: Wednesday, December 02, 2009 9:10:01 PM
Rank: Newbie

Iscritto dal : 12/2/2009
Posts: 3
Ciao a tutti,
allego qui log di hijackthis + log di Malwarebyte. Trovate chiavi di registro infette e valori di registro infetti. Devo eliminarle, cosa devo fare? Si sarà infettato anche il disco rigido esterno?

Grazie mille Speak to the hand

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.19.37, on 02/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\lxdvcoms.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\stunnel\stunnel.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
C:\Programmi\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Lexmark X5400 Series\lxdvmon.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\Lexmark X5400 Series\lxdvamon.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Documents and Settings\tutti\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\system32\SISCMon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\tutti\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.unibo.it/exchweb/bin/auth/owalogon.asp?url=https://mail.unibo.it/exchange&reason=0&replaceCurrent=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8095
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{4edd5c14-2d22-4d7a-9748-c975a7fd933b} - (no file)
R3 - URLSearchHook: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Programmi\Softonic_Italia\tbSof0.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Programmi\myBabylon\tbmyB1.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Programmi\Softonic_Italia\tbSof0.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmi\myBabylon_English\tbmyB1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Programmi\myBabylon\tbmyB1.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmi\myBabylon_English\tbmyB1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Programmi\Softonic_Italia\tbSof0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Programmi\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Programmi\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [lxdvmon.exe] "C:\Programmi\Lexmark X5400 Series\lxdvmon.exe"
O4 - HKLM\..\Run: [lxdvamon] "C:\Programmi\Lexmark X5400 Series\lxdvamon.exe"
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Programmi\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HWSetup] C:\Programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\tutti\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [eewhhiyj] "c:\documents and settings\tutti\impostazioni locali\dati applicazioni\eewhhiyj.exe" eewhhiyj
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: SCMon.lnk = C:\WINDOWS\system32\SISCMon.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Translate with &Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Programmi\iMacros\imacros.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.it/SnapfishActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
O16 - DPF: {60E33102-59F1-44DA-BA3D-494BB9A80514} (Iphona) - http://www.inps.it/Servizi/ParlaConNoi/VoipFiles/IPhona.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214049451042
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O18 - Protocol: x-owacid - {0215258F-F0A8-49DE-BF1B-0FF02EDA8807} - C:\Programmi\Microsoft\Outlook Web Access SMIME Client\mimectl.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: lxdvCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdvserv.exe
O23 - Service: lxdv_device - - C:\WINDOWS\system32\lxdvcoms.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: stunnel - Unknown owner - C:\Programmi\stunnel\stunnel.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe-
End of file - 14596 bytes

Malwarebytes' Anti-Malware 1.41
Versione del database: 3275
Windows 5.1.2600 Service Pack 3
02/12/2009 14.30.38
mbam-log-2009-12-02 (14-30-36).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 124883
Tempo trascorso: 10 minute(s), 0 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 2
Valori di registro infetti: 1
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.
Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eewhhiyj (Trojan.Agent.H) -> No action taken.
Sponsor
Inviato: Wednesday, December 02, 2009 9:10:01 PM

 
r16
Inviato: Wednesday, December 02, 2009 10:07:07 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Elimina quello che ha trovato MBAM.
Poi:
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
cris57
Inviato: Thursday, December 03, 2009 1:41:10 AM
Rank: Newbie

Iscritto dal : 12/2/2009
Posts: 3
Ciao,
grazie, ho fatto come hai detto ed ecco qua i risultati di ComboFix

ComboFix 09-12-02.05 - tutti 03/12/2009 1.24.51.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.3062.2317 [GMT 1:00]
Eseguito da: c:\documents and settings\tutti\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\tutti\Impostazioni locali\Dati applicazioni\eewhhiyj.dat
c:\documents and settings\tutti\Impostazioni locali\Dati applicazioni\eewhhiyj_nav.dat
c:\documents and settings\tutti\Impostazioni locali\Dati applicazioni\eewhhiyj_navps.dat
c:\windows\system32\lsprst7.dll
c:\windows\system32\mswins.sys
c:\windows\system32\nsprs.dll
c:\windows\system32\ssprs.dll
c:\windows\winhelp.ini
F:\autorun.inf

.
((((((((((((((((((((((((( Files Creati Da 2009-11-03 al 2009-12-03 )))))))))))))))))))))))))))))))))))
.

2009-12-02 08:01 . 2009-12-02 08:01 -------- d-----w- c:\documents and settings\tutti\Dati applicazioni\Malwarebytes
2009-12-02 08:01 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-02 08:01 . 2009-12-02 08:01 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-12-02 08:01 . 2009-12-02 08:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-12-02 08:01 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 07:50 . 2009-11-30 19:42 497944 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgchjwx.dll
2009-12-01 07:50 . 2009-11-30 19:42 3963648 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcorex.dll
2009-12-01 07:49 . 2009-11-30 19:42 877848 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.exe
2009-12-01 07:49 . 2009-11-30 19:42 1657112 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2009-11-30 19:43 . 2009-11-30 19:45 -------- d-----w- C:\$AVG
2009-11-30 19:42 . 2009-12-03 00:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2009-11-30 17:19 . 2009-11-30 17:22 -------- d-----w- c:\programmi\Outlook Express Quick Backup
2009-11-30 17:18 . 2009-11-30 17:18 249856 ------w- c:\windows\Setup1.exe
2009-11-30 17:18 . 2009-11-30 17:18 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-11-30 15:20 . 2009-11-30 15:20 40960 ----a-r- c:\documents and settings\tutti\Dati applicazioni\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
2009-11-30 15:20 . 2009-11-30 15:20 8854 ----a-r- c:\documents and settings\tutti\Dati applicazioni\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe
2009-11-30 15:20 . 2009-11-30 15:20 10134 ----a-r- c:\documents and settings\tutti\Dati applicazioni\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe
2009-11-30 15:20 . 2009-11-30 15:20 -------- d-----w- c:\programmi\Western Digital Technologies
2009-11-25 13:18 . 2009-11-25 13:18 -------- d-----w- c:\programmi\MSXML 4.0
2009-11-20 14:27 . 2009-11-25 13:47 471005 --sha-w- c:\windows\system32\mswins.DLL
2009-11-15 20:50 . 2009-11-15 20:50 79488 ----a-w- c:\documents and settings\tutti\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-03 00:13 . 2008-06-21 12:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-12-02 07:46 . 2009-02-18 13:07 -------- d-----w- c:\documents and settings\tutti\Dati applicazioni\uTorrent
2009-12-02 07:46 . 2009-08-17 08:49 -------- d-----w- c:\programmi\Project64
2009-12-01 18:29 . 2008-06-23 14:39 -------- d-----w- c:\programmi\SPSS
2009-12-01 17:15 . 2008-06-21 19:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Babylon
2009-11-30 19:42 . 2008-06-22 11:31 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-30 19:42 . 2008-06-22 11:30 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-30 19:42 . 2008-06-22 11:30 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-30 19:42 . 2008-06-22 11:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-30 19:42 . 2008-06-22 11:30 -------- d-----w- c:\programmi\AVG
2009-11-26 10:21 . 2009-02-19 21:40 187 ----a-w- c:\documents and settings\All Users\Dati applicazioni\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2009-11-11 14:33 . 2008-12-12 15:59 1 ----a-w- c:\documents and settings\tutti\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-08 19:09 . 2009-09-04 16:53 -------- d-----w- c:\programmi\Softonic_Italia
2009-10-29 10:16 . 2009-10-29 09:44 -------- d-----w- c:\documents and settings\tutti\Dati applicazioni\U3
2009-10-26 07:23 . 2006-05-26 10:27 85678 ----a-w- c:\windows\system32\perfc010.dat
2009-10-26 07:23 . 2006-05-26 10:27 492836 ----a-w- c:\windows\system32\perfh010.dat
2009-10-24 14:25 . 2009-10-23 21:11 -------- d-----w- c:\documents and settings\tutti\Dati applicazioni\WhiteSmoke
2009-10-23 22:20 . 2009-10-23 22:20 -------- d-----w- c:\documents and settings\tutti\Dati applicazioni\Grammatica
2009-10-23 22:20 . 2009-10-23 22:20 -------- d-----w- c:\programmi\Grammatica 7
2009-10-23 21:09 . 2008-06-21 14:18 -------- d-----w- c:\programmi\WhiteSmoke
2009-10-23 21:09 . 2006-05-26 11:56 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-11 19:58 . 2008-12-20 11:25 -------- d-----w- c:\documents and settings\tutti\Dati applicazioni\Publish or Perish
2009-10-11 19:58 . 2009-10-11 19:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Tarma Installer
2009-10-11 19:58 . 2009-01-10 20:19 -------- d-----w- c:\programmi\Harzing's Publish or Perish
2009-10-11 14:32 . 2008-06-21 12:30 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-05 17:36 . 2008-12-27 16:11 -------- d-----w- c:\documents and settings\tutti\Dati applicazioni\gtk-2.0
2009-10-04 14:23 . 2008-06-21 22:13 84192 ----a-w- c:\documents and settings\tutti\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-09-11 14:17 . 2006-05-26 10:27 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-05-26 10:27 58880 ----a-w- c:\windows\system32\msasn1.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]
"{4edd5c14-2d22-4d7a-9748-c975a7fd933b}"= "c:\programmi\Softonic_Italia\tbSof0.dll" [2009-11-08 2166296]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
2008-07-07 20:14 1569304 ------w- c:\programmi\myBabylon\tbmyB1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]
2009-11-08 19:09 2166296 ----a-w- c:\programmi\Softonic_Italia\tbSof0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 11:12 1119488 ----a-w- c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2009-11-02 20:29 2166296 ----a-w- c:\programmi\myBabylon_English\tbmyB1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "c:\programmi\myBabylon\tbmyB1.dll" [2008-07-07 1569304]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\programmi\myBabylon_English\tbmyB1.dll" [2009-11-02 2166296]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]
"{4edd5c14-2d22-4d7a-9748-c975a7fd933b}"= "c:\programmi\Softonic_Italia\tbSof0.dll" [2009-11-08 2166296]

[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{34EA1C70-42CC-42C5-AA29-EC58B95A343E}"= "c:\programmi\myBabylon\tbmyB1.dll" [2008-07-07 1569304]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\programmi\myBabylon_English\tbmyB1.dll" [2009-11-02 2166296]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]
"{4EDD5C14-2D22-4D7A-9748-C975A7FD933B}"= "c:\programmi\Softonic_Italia\tbSof0.dll" [2009-11-08 2166296]

[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eewhhiyj"="c:\documents and settings\tutti\impostazioni locali\dati applicazioni\eewhhiyj.exe eewhhiyj" [X]
"TOSCDSPD"="c:\programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-23 68856]
"Google Update"="c:\documents and settings\tutti\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-10-11 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\programmi\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL" [X]
"HWSetup"="c:\programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP" [X]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"Apoint"="c:\programmi\Apoint2K\Apoint.exe" [2004-03-24 196608]
"PadTouch"="c:\programmi\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-22 1077330]
"CeEKEY"="c:\programmi\TOSHIBA\E-KEY\CeEKey.exe" [2006-04-12 638976]
"TPNF"="c:\programmi\TOSHIBA\TouchPad\TPTray.exe" [2006-04-04 53248]
"SmoothView"="c:\programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
"Tvs"="c:\programmi\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728]
"DDWMon"="c:\programmi\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-28 262144]
"IntelZeroConfig"="c:\programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"Babylon Client"="c:\programmi\Babylon\Babylon-Pro\Babylon.exe" [2009-03-17 3959696]
"lxdvmon.exe"="c:\programmi\Lexmark X5400 Series\lxdvmon.exe" [2007-11-02 455336]
"lxdvamon"="c:\programmi\Lexmark X5400 Series\lxdvamon.exe" [2007-11-02 25256]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2008-11-04 413696]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-30 2020120]
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-17 16143872]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-08-12 266240]
"TCtryIOHook"="TCtrlIOHook.exe" - c:\windows\system32\TCtrlIOHook.exe [2006-01-03 28672]
"TFncKy"="TFncKy.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2006-03-04 88204]
"Zooming"="ZoomingHook.exe" - c:\windows\system32\ZoomingHook.exe [2005-06-06 24576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acrobat Assistant.lnk - c:\programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
SCMon.lnk - c:\windows\system32\SISCMon.exe [2008-7-11 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-30 19:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"f:\\AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Lexmark X5400 Series\\frun.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\lxdvcoms.exe"=
"c:\\Programmi\\Lexmark X5400 Series\\lxdvmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdvpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdvtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdvwbgw.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdvjswx.exe"=
"c:\\Programmi\\Gimp-2.0\\lib\\gimp\\2.0\\plug-ins\\twain.exe"=
"c:\\Programmi\\Adobe\\Acrobat 6.0\\Acrobat\\Acrobat.exe"=
"c:\\Programmi\\Amos 4\\AmosBasicCLI.exe"=
"c:\\Programmi\\Amos 4\\AmosGraphicsCLI.exe"=
"c:\\Programmi\\Gimp-2.0\\bin\\gimp-2.6.exe"=
"c:\\Documents and Settings\\tutti\\Impostazioni locali\\Dati applicazioni\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Programmi\\Outlook Express\\msimn.exe"=
"c:\\Programmi\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Programmi\\SPSSInc\\Statistics17\\statistics.com"=
"c:\\Programmi\\SPSSInc\\Statistics17\\statistics.exe"=
"c:\\Programmi\\SPSS\\spsswin.exe"=
"c:\\Programmi\\Babylon\\Babylon-Pro\\Babylon.exe"=
"c:\\Programmi\\SPSS\\spssprod.exe"=
"c:\\Programmi\\WinZip\\WINZIP32.EXE"=
"c:\\Programmi\\TOSHIBA\\Accessibility\\TAccessibility.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [22/06/2008 12.30.59 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [22/06/2008 12.31.02 360584]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [30/11/2009 20.42.21 285392]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [03/09/2009 18.36.47 54752]
R2 lxdv_device;lxdv_device;c:\windows\system32\lxdvcoms.exe -service --> c:\windows\system32\lxdvcoms.exe -service [?]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [18/04/2006 14.12.00 98816]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 lxdvCATSCustConnectService;lxdvCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdvserv.exe [06/03/2009 16.38.10 98984]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21.48.42 704864]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [17/10/2007 22.11.00 56448]
.
Contenuto della cartella 'Scheduled Tasks'

2009-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-669348737-3939427100-3409020273-1006Core.job
- c:\documents and settings\tutti\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-10-11 09:45]

2009-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-669348737-3939427100-3409020273-1006UA.job
- c:\documents and settings\tutti\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-10-11 09:45]
.
.
------- Scansione supplementare -------
.
uStart Page = https://mail.unibo.it/exchweb/bin/auth/owalogon.asp?url=https://mail.unibo.it/exchange&reason=0&replaceCurrent=1
uInternet Settings,ProxyServer = localhost:8095
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Translate with &Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
Trusted Zone: unibo.it\uniwex
Trusted Zone: unibo.it\uniwex-prova
DPF: {60E33102-59F1-44DA-BA3D-494BB9A80514} - hxxp://www.inps.it/Servizi/ParlaConNoi/VoipFiles/IPhona.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

URLSearchHooks-*{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
URLSearchHooks-*{4edd5c14-2d22-4d7a-9748-c975a7fd933b} - (no file)
AddRemove-eewhhiyj - c:\documents and settings\tutti\impostazioni locali\dati applicazioni\eewhhiyj.exe
AddRemove-Mozilla Firefox (3.0.8) - c:\documents and settings\tutti\Desktop\programmi\FirefoxPortableUnibo-2.0.0.5\App\firefox\uninstall\helper.exe
AddRemove-{2FCE4FC5-6930-40E7-A4F1-F862207424EF} - c:\programmi\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe REMOVEALL
AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} - c:\programmi\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe REMOVEALL



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-03 01:32
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2009-12-03 01:34
ComboFix-quarantined-files.txt 2009-12-03 00:34

Pre-Run: 26.805.874.688 byte disponibili
Post-Run: 26.815.340.544 byte disponibili

- - End Of File - - 55221A8A8F43326FDFF4C18F32B4B3AB
r16
Inviato: Thursday, December 03, 2009 2:36:48 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe\ Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
File::
c:\documents and settings\tutti\impostazioni locali\dati applicazioni\eewhhiyj.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eewhhiyj"=-

Driver::
Lbd

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix.
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.