Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

LOG ANTIVIRUS AVIRA, computer lento Opzioni
jkl
Inviato: Friday, April 30, 2010 6:25:26 PM
Rank: AiutAmico

Iscritto dal : 6/3/2005
Posts: 129
riscontro una lentezza inaudita sia su internet che nel PC.
vi posto il log di AVIRA, che mi ha riscontrato 2 file infetti ma lascio tutto a voi esperti!



Avira AntiVir Personal
Data del file di report: lunedì 5 aprile 2010 15:34

Ricerca di 1955003 virus e programmi indesiderati.

Concesso in licenza a : Avira AntiVir Personal - FREE Antivirus
Numero di serie : 0000149996-ADJIE-0000001
Piattaforma : Windows Vista
Versione di Windows : (Service Pack 1) [6.0.6001]
Modalità di avvio : Modalità provvisoria
Nome utente : Marco
Nome computer : PC-MARCO

Informazioni sulla versione:
BUILD.DAT : 9.0.0.22 21699 Bytes 23/01/2010 00:33:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 26/11/2009 18:05:13
AVSCAN.DLL : 9.0.3.0 47873 Bytes 03/03/2009 10:14:29
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:56
LUKERES.DLL : 9.0.2.0 12545 Bytes 03/03/2009 10:15:14
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 18:05:11
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 18:05:12
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 14:34:04
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 13:55:18
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 20:41:37
VBASE005.VDF : 7.10.4.204 2048 Bytes 05/03/2010 20:41:37
VBASE006.VDF : 7.10.4.205 2048 Bytes 05/03/2010 20:41:38
VBASE007.VDF : 7.10.4.206 2048 Bytes 05/03/2010 20:41:39
VBASE008.VDF : 7.10.4.207 2048 Bytes 05/03/2010 20:41:39
VBASE009.VDF : 7.10.4.208 2048 Bytes 05/03/2010 20:41:39
VBASE010.VDF : 7.10.4.209 2048 Bytes 05/03/2010 20:41:40
VBASE011.VDF : 7.10.4.210 2048 Bytes 05/03/2010 20:41:40
VBASE012.VDF : 7.10.4.211 2048 Bytes 05/03/2010 20:41:40
VBASE013.VDF : 7.10.4.242 153088 Bytes 08/03/2010 20:09:09
VBASE014.VDF : 7.10.5.17 99328 Bytes 10/03/2010 20:09:38
VBASE015.VDF : 7.10.5.44 107008 Bytes 11/03/2010 20:09:57
VBASE016.VDF : 7.10.5.69 92672 Bytes 12/03/2010 20:10:06
VBASE017.VDF : 7.10.5.91 119808 Bytes 15/03/2010 20:10:15
VBASE018.VDF : 7.10.5.121 112640 Bytes 18/03/2010 20:13:00
VBASE019.VDF : 7.10.5.138 139776 Bytes 18/03/2010 20:10:26
VBASE020.VDF : 7.10.5.164 113152 Bytes 22/03/2010 20:11:23
VBASE021.VDF : 7.10.5.182 108032 Bytes 23/03/2010 20:11:00
VBASE022.VDF : 7.10.5.199 123904 Bytes 24/03/2010 20:11:01
VBASE023.VDF : 7.10.5.217 279552 Bytes 25/03/2010 20:11:07
VBASE024.VDF : 7.10.5.234 202240 Bytes 26/03/2010 20:11:03
VBASE025.VDF : 7.10.5.254 187904 Bytes 30/03/2010 19:11:26
VBASE026.VDF : 7.10.6.18 130560 Bytes 01/04/2010 19:12:03
VBASE027.VDF : 7.10.6.19 2048 Bytes 01/04/2010 19:12:03
VBASE028.VDF : 7.10.6.20 2048 Bytes 01/04/2010 19:12:03
VBASE029.VDF : 7.10.6.21 2048 Bytes 01/04/2010 19:12:03
VBASE030.VDF : 7.10.6.22 2048 Bytes 01/04/2010 19:12:03
VBASE031.VDF : 7.10.6.24 27136 Bytes 03/04/2010 19:12:01
Motore : 8.2.1.210
AEVDF.DLL : 8.1.1.3 106868 Bytes 23/01/2010 13:49:14
AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 01/04/2010 19:12:00
AESCN.DLL : 8.1.5.0 127347 Bytes 26/02/2010 20:09:13
AESBX.DLL : 8.1.2.1 254323 Bytes 17/03/2010 20:44:06
AERDL.DLL : 8.1.4.3 541043 Bytes 17/03/2010 20:43:47
AEPACK.DLL : 8.2.1.1 426358 Bytes 19/03/2010 20:10:35
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 17/03/2010 20:43:39
AEHEUR.DLL : 8.1.1.16 2503031 Bytes 26/03/2010 20:11:08
AEHELP.DLL : 8.1.11.3 242039 Bytes 01/04/2010 19:11:59
AEGEN.DLL : 8.1.3.6 373108 Bytes 01/04/2010 19:11:59
AEEMU.DLL : 8.1.1.0 393587 Bytes 03/10/2009 18:05:18
AECORE.DLL : 8.1.13.1 188790 Bytes 01/04/2010 19:11:58
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:48:02
AVPREF.DLL : 9.0.3.0 44289 Bytes 26/09/2009 17:47:12
AVREP.DLL : 8.0.0.7 159784 Bytes 17/02/2010 17:57:29
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:25:10
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:45
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:12
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:38
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:41:28
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 13/07/2009 17:18:00
RCTEXT.DLL : 9.0.73.0 87809 Bytes 26/11/2009 18:05:11

Impostazioni di configurazione per la scansione attuale:
Nome del job................................: Scansione completa del sistema
File di configurazione......................: c:\program files\avira\antivir desktop\sysscan.avp
Report......................................: basso
Azione primaria.............................: interattivo
Azione secondaria...........................: ignora
Scansione dei record master di avvio........: Attivo
Scansiona record di avvio...................: Attivo
Record di avvio.............................: C:,
Scansione dei programmi attivi..............: Attivo
Scansiona la registrazione..................: Attivo
Cerca Rootkits..............................: Attivo
Controllo di integrità dei file di sistema..: Non attivo
Modalità di scansione file..................: Tutti i file
Scansione degli archivi.....................: Attivo
Limita la profondità di ricorsione..........: 20
Archivio estensioni Smart...................: Attivo
Macro euristico.............................: Attivo
File euristico..............................: medio

Avvio della scansione: lunedì 5 aprile 2010 15:34

È stata avviata la scansione per accertare la presenza di oggetti nascosti.
Non è stato possibile inizializzare il driver.

La scansione dei processi in esecuzione verrà avviata:
Scansione processo 'avscan.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'avcenter.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'WmiPrvSE.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'unsecapp.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'explorer.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'lsm.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'lsass.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'winlogon.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'services.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'csrss.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'wininit.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'csrss.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'smss.exe' - '1' modulo(i) scansionato(i)
19 processi scansionati con '19' Moduli

Avvio della scansione dei record master di avvio:
Record master di avvio dell'Hard Disk 0
[INFO] Nessun virus è stato trovato!

Avvio della scansione dei record di avvio:
Record di avvio 'C:\'
[INFO] Nessun virus è stato trovato!

Avvio della scansione dei file eseguibili (registro):
Il registro è stato scansionato ( 44 file ).


Avvio della scansione del file selezionati:

Inizia con la scansione di 'C:\' <OS_Install>
C:\pagefile.sys
[AVVISO] Impossibile aprire il file!
[NOTA] Questo è un file di sistema di Windows.
[NOTA] Impossibile aprire questo file per la scansione.
C:\Windows\System32\drivers\sptd.sys
[AVVISO] Impossibile aprire il file!


Fine della scansione: lunedì 5 aprile 2010 16:28
Tempo impiegato: 54:04 Minuto(i)

La scansione è stata completamente eseguita.

21772 Directory scansionate
387623 I file sono stati scansionati
0 Rilevati virus e/o programmi indesiderati
0 I file sono stati classificati come sospetti
0 I file sono stati eliminati
0 I virus o i programmi indesiderati sono stati riparati
0 File spostati in quarantena
0 File rinominati
2 Impossibile scansionare i file
387621 File non infetti
2687 Archivi scansionati
2 Avvisi
1 Note

Sponsor
Inviato: Friday, April 30, 2010 6:25:26 PM

 
paolopa
Inviato: Friday, April 30, 2010 6:35:11 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
ma quel log è del 5 aprile...un èpo datato direi,forse ne hai piu' di uno e hai sbagliato ad inviare.fai cosi':
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
se trova infezioni posta il log che ti rilascera'.
posta anche un log di hijack:
http://www.aiutamici.com/software?ID=11175
jkl
Inviato: Saturday, May 01, 2010 12:59:16 PM
Rank: AiutAmico

Iscritto dal : 6/3/2005
Posts: 129
ciao riguardo il log di avira avevi ragione lo avevo confuso con un altro, comunque ti posto il log di malwarebytes, e credo che sia un bel casino, credo eh, perchè ho letto della presenza di un trojan e di un malware.
(A proposito, aggiungo questa piccola cosa, nel centro sicurezza PC, dove diciamo c'è il firewall di windows, hai capito vero? mi da tutte le spunte verde, nel senso di idoneità a tutto tranne per una che dice che non mi trova un programma che mi protegga appunto da malware, consigli?)
ECCO IL LOG:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4056

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.18904

01/05/2010 12.50.08
mbam-log-2010-05-01 (12-50-08).txt

Tipo di scansione: Scansione completa (C:\|H:\|I:\|)
Elementi esaminati: 265739
Tempo trascorso: 53 minuti, 53 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 1
File infetti: 2

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetPumper (Adware.NetPumper) -> No action taken.

File infetti:
C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\monxga32.exe (Trojan.Downloader) -> No action taken.
C:\Users\Marco\AppData\Roaming\avdrn.dat (Malware.Trace) -> No action taken.
paolopa
Inviato: Saturday, May 01, 2010 1:05:50 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
ti avevo chiesto un log di hijack,e ti avevo postato il link per scaricare il programma(e la guida per usarlo).
elimina tutto cio' che ti ha trovato malwarebytes,poi:
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: dopo aver scaricato COMBOFIX chiudi la connessione disabilita il tuo antivirus e
chiudi TUTTI i programmi aperti,(Firewall compreso) e


Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix)
tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse)
e attendere pazientemente la fine delle operazioni.

Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
quando hai fatto tutto questo posta un log di hijack!
jkl
Inviato: Saturday, May 01, 2010 8:22:56 PM
Rank: AiutAmico

Iscritto dal : 6/3/2005
Posts: 129
TI POSTO SOLO IL LOG DI OCMBOFIX, purtroppo non mi fa installare hijack this, mi dice praticamente che per i criteri impostati dall'amministratore non è possibile installare....
cmq ecco il log:

ComboFix 10-04-30.03 - Marco 01/05/2010 19.45.24.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.1022.423 [GMT 2:00]
Eseguito da: c:\users\Marco\Documents\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\%appdata%

.
((((((((((((((((((((((((( Files Creati Da 2010-04-01 al 2010-05-01 )))))))))))))))))))))))))))))))))))
.

2010-05-01 17:54 . 2010-05-01 17:57 -------- d-----w- c:\users\Marco\AppData\Local\temp
2010-05-01 17:54 . 2010-05-01 17:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-01 17:54 . 2010-05-01 17:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-18 09:56 . 2010-04-18 09:56 -------- d-----w- c:\program files\Widget vodafone.it
2010-04-14 20:30 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 20:30 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 20:30 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 20:29 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 20:29 . 2010-02-18 14:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 20:29 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 20:29 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 20:29 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 20:29 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 11:42 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 11:42 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 17:50 . 2006-11-06 01:52 665464 ----a-w- c:\windows\system32\perfh010.dat
2010-05-01 17:50 . 2006-11-06 01:52 121096 ----a-w- c:\windows\system32\perfc010.dat
2010-05-01 17:40 . 2008-11-03 00:33 -------- d-----w- c:\users\Marco\AppData\Roaming\uTorrent
2010-05-01 09:46 . 2009-01-11 15:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-30 19:42 . 2008-01-10 08:58 -------- d-----w- c:\program files\eMule
2010-04-29 13:39 . 2009-01-11 15:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-01-11 15:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 23:04 . 2009-07-25 21:53 -------- d-----w- c:\program files\Burraconline
2010-04-20 14:17 . 2010-04-20 14:17 12 ----a-w- c:\users\Marco\AppData\Roaming\kcmdte.dat
2010-04-15 10:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-14 23:13 . 2007-10-31 18:36 -------- d-----w- c:\programdata\Microsoft Help
2010-03-03 18:14 . 2008-01-10 10:12 -------- d-----w- c:\program files\Windows Live
2010-03-03 18:01 . 2010-03-03 18:01 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-02-25 10:46 . 2008-01-10 08:55 100432 ----a-w- c:\users\Marco\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-03 09:53 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 11:44 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 11:44 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 11:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 11:44 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:39 . 2010-03-12 00:17 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-03-12 00:17 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-03-12 00:17 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-12 10:48 . 2010-03-12 00:20 293376 ----a-w- c:\windows\system32\browserchoice.exe
2007-08-29 09:07 . 2007-03-06 10:32 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-01-18 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FreePOPs.lnk - c:\program files\FreePOPs\freepopsd.exe [2007-11-17 49152]
Widget vodafone.lnk - c:\program files\Widget vodafone.it\Widget vodafone.it.exe [2010-4-18 95232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3461380361-3916217333-806040310-1003]
"EnableNotificationsRef"=dword:00000001

R3 digitran;Microsoft Input Tablet;c:\windows\system32\drivers\digitran.sys [2007-01-10 23528]
R3 gAGP440p;gAGP440p;c:\users\Marco\AppData\Local\Temp\gAGP440p.sys [x]
R4 smscir;SMSCIR Infrared Receiver;c:\windows\system32\drivers\smscir.sys [2007-01-09 62752]
R4 vhiddigi;Microsoft HID Digitizer Driver;c:\windows\system32\drivers\vhiddigi.sys [2007-01-10 23936]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-01 717296]

.
Contenuto della cartella 'Scheduled Tasks'

2010-05-01 c:\windows\Tasks\User_Feed_Synchronization-{D7B70733-77C3-4D66-8CEB-0CB058008DFB}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.facebook.it/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-01 19:57
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys xfilt.sys acpi.sys hal.dll >>UNKNOWN [0x8470B1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x863bc322
\Driver\ACPI -> acpi.sys @ 0x807c1d4c
\Driver\atapi -> 0x8470b1f8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.032"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ani"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (S-1-5-21-3461380361-3916217333-806040310-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.bay"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-3461380361-3916217333-806040310-1003)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Bitmap"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.bw"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (S-1-5-21-3461380361-3916217333-806040310-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (S-1-5-21-3461380361-3916217333-806040310-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.cs1"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.cur"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (S-1-5-21-3461380361-3916217333-806040310-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.dcx"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.dib"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.djv"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.djvu"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (S-1-5-21-3461380361-3916217333-806040310-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.emf"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.eps"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.erf"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.fff"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.fpx"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-3461380361-3916217333-806040310-1003)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Gif"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.hdr"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.icl"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.icn"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ico"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.iff"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ilbm"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.int"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.inta"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.iw4"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.j2c"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.j2k"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jfif"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jif"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jp2"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpc"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-3461380361-3916217333-806040310-1003)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Jpeg"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-3461380361-3916217333-806040310-1003)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Jpeg"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpk"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpx"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.lbm"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.mef"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.mos"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (S-1-5-21-3461380361-3916217333-806040310-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (S-1-5-21-3461380361-3916217333-806040310-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (S-1-5-21-3461380361-3916217333-806040310-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pbm"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pcd"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pct"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pcx"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (S-1-5-21-3461380361-3916217333-806040310-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pgm"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pic"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pict"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pix"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-3461380361-3916217333-806040310-1003)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Png"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ppm"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.psd"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.psp"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (S-1-5-21-3461380361-3916217333-806040310-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ras"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-3461380361-3916217333-806040310-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.rgb"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.rgba"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.rle"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.rsb"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.sgi"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (S-1-5-21-3461380361-3916217333-806040310-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (S-1-5-21-3461380361-3916217333-806040310-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.tga"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.thm"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-3461380361-3916217333-806040310-1003)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Tiff"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-3461380361-3916217333-806040310-1003)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Tiff"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ttc"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ttf"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.wbm"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.wbmp"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.wmf"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.xbm"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.xif"

[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.xpm"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\rundll32.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Ora fine scansione: 2010-05-01 20:08:17 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-05-01 18:08
ComboFix2.txt 2009-10-27 09:31
ComboFix3.txt 2009-10-25 16:38
ComboFix4.txt 2009-01-11 19:13

Pre-Run: 152.054.476.800 byte disponibili
Post-Run: 152.599.908.352 byte disponibili

- - End Of File - - 52D6161586D5CA4C3DB5A239E36818A0
paolopa
Inviato: Saturday, May 01, 2010 8:40:39 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
ascolta:non serve installare hijack,puoi anche metterlo su una pendrive,basta che clicchi(nella pagina che ti ho lincato)dove c è scritto USB.
hai un infezione all mbr,fai cosi':
Scarica MBR:EXE direttamente nella Directory C:\ (Devi scaricarlo obligatoriamente in C: )
http://www2.gmer.net/mbr/mbr.exe
Entra in Modalità provvisoria.
da Start - Esegui - digita C:\mbr.exe -f (fai il copia-incolla)e clicca su OK
La scansione dura pochi secondi.
Posta il log prodotto per il controllo. (lo trovi in C )
ps:quando esegui un programma con VISTA(colpa mia che non te l ho detto)ci clicchi sopra col dx e scegli"esegui come amministratore".
r16
Inviato: Saturday, May 01, 2010 10:39:16 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Quando hai eseguito le indicazioni di paolopa, esegui queste:

Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::
File::
c:\users\Marco\AppData\Local\Temp\gAGP440p.sys

Driver::
gAGP440p

RegLock::
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
[HKEY_USERS\S-1-5-21-3461380361-3916217333-806040310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Se il pc non si riavvia da solo, riavvialo tu.
Posta il log aggiornato di combofix.

Riferisci se ci sono miglioramenti.
jkl
Inviato: Sunday, May 02, 2010 1:44:38 AM
Rank: AiutAmico

Iscritto dal : 6/3/2005
Posts: 129


paolopa ha scritto:
b][/u]

r16 ha scritto:
[/u]

POSTO IN ORDINE il log hjiack, il log di MBR, e il log di combofix, che mi ha chiesto R16

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0.50.10, on 02/05/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\FreePOPs\freepopsd.exe
C:\Program Files\Widget vodafone.it\Widget vodafone.it.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Marco\Documents\Desktop\HiJackThis.exe
C:\Windows\system32\msfeedssync.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
O4 - Startup: FreePOPs.lnk = C:\Program Files\FreePOPs\freepopsd.exe
O4 - Startup: Widget vodafone.lnk = C:\Program Files\Widget vodafone.it\Widget vodafone.it.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 5149 bytes


quello di MBR
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

quello di combofix

ComboFix 10-05-01.02 - Marco 02/05/2010 1.14.03.7.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.1022.385 [GMT 2:00]
Eseguito da: c:\users\Marco\Documents\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Marco\Documents\Desktop\CFScript.txt

FILE ::
"c:\users\Marco\AppData\Local\Temp\gAGP440p.sys"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GAGP440P
-------\Service_gAGP440p


((((((((((((((((((((((((( Files Creati Da 2010-04-01 al 2010-05-01 )))))))))))))))))))))))))))))))))))
.

2010-05-01 23:23 . 2010-05-01 23:26 -------- d-----w- c:\users\Marco\AppData\Local\temp
2010-05-01 23:23 . 2010-05-01 23:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-01 23:23 . 2010-05-01 23:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-01 22:47 . 2010-05-01 22:47 77312 ----a-w- c:\users\Marco\mbr.exe
2010-04-18 09:56 . 2010-04-18 09:56 -------- d-----w- c:\program files\Widget vodafone.it
2010-04-14 20:30 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 20:30 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 20:30 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 20:29 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 20:29 . 2010-02-18 14:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 20:29 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 20:29 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 20:29 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 20:29 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 11:42 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 11:42 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 23:11 . 2006-11-06 01:52 665464 ----a-w- c:\windows\system32\perfh010.dat
2010-05-01 23:11 . 2006-11-06 01:52 121096 ----a-w- c:\windows\system32\perfc010.dat
2010-05-01 23:04 . 2008-11-03 00:33 -------- d-----w- c:\users\Marco\AppData\Roaming\uTorrent
2010-05-01 09:46 . 2009-01-11 15:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-01 09:43 . 2009-05-05 17:29 6153352 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-30 19:42 . 2008-01-10 08:58 -------- d-----w- c:\program files\eMule
2010-04-29 13:39 . 2009-01-11 15:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-01-11 15:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 23:04 . 2009-07-25 21:53 -------- d-----w- c:\program files\Burraconline
2010-04-20 14:17 . 2010-04-20 14:17 12 ----a-w- c:\users\Marco\AppData\Roaming\kcmdte.dat
2010-04-15 10:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-14 23:13 . 2007-10-31 18:36 -------- d-----w- c:\programdata\Microsoft Help
2010-03-03 18:14 . 2008-01-10 10:12 -------- d-----w- c:\program files\Windows Live
2010-03-03 18:01 . 2010-03-03 18:01 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-02-25 10:46 . 2008-01-10 08:55 100432 ----a-w- c:\users\Marco\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-03 09:53 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 11:44 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 11:44 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 11:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 11:44 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:39 . 2010-03-12 00:17 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-03-12 00:17 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-03-12 00:17 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-16 11:16 . 2009-12-18 13:44 38784 ----a-w- c:\users\Marco\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-16 11:16 . 2009-12-18 13:43 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-12 10:48 . 2010-03-12 00:20 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-11 18:45 . 2010-02-11 18:45 50354 ----a-w- c:\users\Marco\AppData\Roaming\Facebook\uninstall.exe
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\users\Marco\AppData\Roaming\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\users\Marco\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
2007-08-29 09:07 . 2007-03-06 10:32 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-01-18 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FreePOPs.lnk - c:\program files\FreePOPs\freepopsd.exe [2007-11-17 49152]
Widget vodafone.lnk - c:\program files\Widget vodafone.it\Widget vodafone.it.exe [2010-4-18 95232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3461380361-3916217333-806040310-1003]
"EnableNotificationsRef"=dword:00000001

R3 digitran;Microsoft Input Tablet;c:\windows\system32\drivers\digitran.sys [2007-01-10 23528]
R4 smscir;SMSCIR Infrared Receiver;c:\windows\system32\drivers\smscir.sys [2007-01-09 62752]
R4 vhiddigi;Microsoft HID Digitizer Driver;c:\windows\system32\drivers\vhiddigi.sys [2007-01-10 23936]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-01 717296]

.
Contenuto della cartella 'Scheduled Tasks'

2010-05-01 c:\windows\Tasks\User_Feed_Synchronization-{D7B70733-77C3-4D66-8CEB-0CB058008DFB}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.facebook.it/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.

**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Ora fine scansione: 2010-05-02 01:34:24 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-05-01 23:34
ComboFix2.txt 2010-05-01 18:08
ComboFix3.txt 2009-10-27 09:31
ComboFix4.txt 2009-10-25 16:38
ComboFix5.txt 2010-05-01 23:11

Pre-Run: 141.990.227.968 byte disponibili
Post-Run: 142.337.683.456 byte disponibili

- - End Of File - - FA83377726DC3B445BBA6D62F5C476BF



fdaccc
Inviato: Sunday, May 02, 2010 10:25:45 AM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
@r16:
tutte quelle chiavi erano bloccate?
r16
Inviato: Sunday, May 02, 2010 1:30:29 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Per eliminare i vari Tooll scaricati: (Combofix)
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.

Aggiorna il Sistema Operativo al SP2:
http://www.microsoft.com/downloads/details.aspx?displaylang=it&FamilyID=891ab806-2431-4d00-afa3-99ff6f22448d
fdaccc
Inviato: Sunday, May 02, 2010 2:00:56 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
grazie della risposta.
jkl
Inviato: Sunday, May 02, 2010 4:02:55 PM
Rank: AiutAmico

Iscritto dal : 6/3/2005
Posts: 129
r16 ha scritto:
Per eliminare i vari Tooll scaricati: (Combofix)
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.

Aggiorna il Sistema Operativo al SP2:
http://www.microsoft.com/downloads/details.aspx?displaylang=it&FamilyID=891ab806-2431-4d00-afa3-99ff6f22448d

ho eseguito tutto alla perfezione, devo fare altro?
paolopa
Inviato: Sunday, May 02, 2010 4:17:48 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
ci sarebbero tutte le pulizie da fare,ma vorrei essere certo che r16 non voglia farti fare qualche ulteriore operazione...purtroppo io non sono in grado,a questi punti,di valutarlo con certezza.






Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.