Controllo Log - Sicurezza VIRUS

Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo Log

Controllo Log

Opzioni

Topic Precedente · Topic Sucessivo

linkin

Inviato: Monday, February 02, 2009 10:52:57 PM

Rank: AiutAmico

Iscritto dal : 1/4/2008
Posts: 427

Ciao ragazzi,
mi salta spesso la connessione e ogni tanto quando avvio windows carica 1-2 minuti poi parte il bios (tipo quando fai partire il pc in modalità provvisoria) e mi chiede se avviarlo normalmente se avviarlo in modalità provvisoria ecc... dopo riparte il caricamento windows e poi finalmente si avvia.
Comunque ho fatto varie scansioni. Spybot mi ha rilevato uno spyware ed ho corretto il problema, Nod32 non lo so Drool

, SuperAntiSpyware niente, Malwarebytes' 2 virus (tra cui il web player di veoh... come mai? visto che alla scansione precedente era gia installato e non ha detto niente). Poi ho avviato Combofix con il solito metodo e non so cosa abbia rilevato. Ecco i vari Log.

Combofix

Code:

ComboFix 09-02-02.03 - Fra 2009-02-02 22.37.22.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.511.175 [GMT 1:00]
Eseguito da: c:\documents and settings\Fra\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
FW: Outpost Firewall Pro *disabled*
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-01-02 al 2009-02-02 )))))))))))))))))))))))))))))))))))
.

2009-02-02 17:54 . 2009-02-02 17:54   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Dati applicazioni\SUPERAntiSpyware.com
2009-02-02 13:57 . 2009-02-02 13:58   <DIR>   d--------   c:\programmi\TeamViewer
2009-02-02 00:45 . 2009-02-02 00:45   <DIR>   d--------   c:\documents and settings\Fra\Dati applicazioni\ATI
2009-02-01 22:26 . 2009-02-01 22:26   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Dati applicazioni\ATI
2009-02-01 21:15 . 2009-02-02 14:01   <DIR>   d--------   c:\programmi\TeamViewer3
2009-01-31 17:11 . 2009-01-31 17:11   <DIR>   d--------   c:\documents and settings\Fra\Dati applicazioni\Thinstall
2009-01-31 16:47 . 2009-02-01 13:23   <DIR>   d--------   c:\documents and settings\Fra\Dati applicazioni\Orbit
2009-01-31 16:47 . 2009-01-31 16:47   <DIR>   d--------   c:\documents and settings\Fra\Dati applicazioni\GrabPro
2009-01-31 01:29 . 2009-01-31 01:29   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Nokia
2009-01-31 01:28 . 2008-09-15 07:29   1,112,288   --a------   c:\windows\system32\wdfcoinstaller01007.dll
2009-01-31 01:28 . 2008-09-15 07:56   659,968   --a------   c:\windows\system32\nmwcdcocls.dll
2009-01-31 01:28 . 2008-09-15 07:56   22,016   --a------   c:\windows\system32\drivers\ccdcmbo.sys
2009-01-31 01:28 . 2008-09-15 07:56   17,664   --a------   c:\windows\system32\drivers\ccdcmb.sys
2009-01-31 01:28 . 2008-09-15 07:56   8,064   --a------   c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-01-31 01:28 . 2008-09-15 07:56   8,064   --a------   c:\windows\system32\drivers\usbser_lowerflt.sys
2009-01-31 01:20 . 2009-01-31 01:20   <DIR>   d--------   c:\programmi\NSS
2009-01-31 00:50 . 2009-02-02 18:08   <DIR>   d-a------   c:\documents and settings\All Users.WINDOWS\Dati applicazioni\TEMP
2009-01-30 18:03 . 2009-01-30 18:03   <DIR>   d--------   c:\documents and settings\Fra\Dati applicazioni\vlc
2009-01-30 16:25 . 2009-02-02 18:08   <DIR>   d--------   c:\documents and settings\Fra\Dati applicazioni\Insofta Document Backup
2009-01-29 19:51 . 2009-02-01 21:16   <DIR>   d--------   c:\documents and settings\Fra\Dati applicazioni\TeamViewer
2009-01-29 15:09 . 2009-01-29 15:09   <DIR>   d--------   c:\documents and settings\Fra\Dati applicazioni\teamspeak2
2009-01-29 15:09 . 2009-01-29 15:09   34,064   --a------   c:\windows\system32\lhacm.acm
2009-01-29 14:38 . 2009-01-29 14:38   <DIR>   d--------   c:\programmi\CCleaner
2009-01-28 16:18 . 2009-02-02 16:19   <DIR>   d--------   c:\documents and settings\Fra\Dati applicazioni\dvdcss
2009-01-28 15:54 . 2001-08-30 20:41   12,160   --a------   c:\windows\system32\drivers\mouhid.sys
2009-01-28 15:54 . 2001-08-30 20:41   12,160   --a--c---   c:\windows\system32\dllcache\mouhid.sys
2009-01-28 14:59 . 2009-02-02 20:40   310   --a------   c:\windows\gtfctrl.INI
2009-01-28 14:54 . 2009-02-02 20:41   <DIR>   d--------   c:\programmi\Matinsoft
2009-01-28 14:54 . 2009-01-28 14:56   38,599   --a------   c:\windows\system32\drivers\tsmali.sys
2009-01-27 00:33 . 2009-02-02 21:01   43,418   --a------   c:\windows\system32\oodbs.lor
2009-01-27 00:27 . 2009-01-27 00:27   <DIR>   d--------   c:\programmi\SUPERAntiSpyware
2009-01-27 00:27 . 2009-01-27 00:27   <DIR>   d--------   c:\documents and settings\Fra\Dati applicazioni\SUPERAntiSpyware.com
2009-01-26 23:58 . 2009-01-26 23:58   <DIR>   d--------   c:\windows\system32\oodag
2009-01-26 23:41 . 2009-01-26 23:41   <DIR>   d--------   c:\programmi\OO Software
2009-01-26 17:15 . 2009-01-26 17:15   <DIR>   d--------   c:\programmi\FDRLab
2009-01-26 15:34 . 2009-01-26 15:36   <DIR>   d--------   c:\documents and settings\Fra\Dati applicazioni\fretsonfire
2009-01-26 15:25 . 2009-02-02 17:34   <DIR>   d--------   c:\programmi\PeerGuardian2
2009-01-26 14:52 . 2009-01-26 14:52   <DIR>   d--------   c:\documents and settings\Fra\Dati applicazioni\FDRLab
2009-01-25 19:06 . 2008-12-23 19:52   3,542   --a------   c:\windows\system32\oemlogo.gif
2009-01-25 19:05 . 2009-01-25 19:07   40,182   --a------   c:\windows\system32\oemlogo.bmp
2009-01-25 01:08 . 2005-02-11 04:14   4,624   --a------   c:\windows\system32\nvaudio.nvu
2009-01-25 01:07 . 2005-12-08 12:06   1,864   --a------   c:\windows\system32\nvsmb.nvu
2009-01-25 01:07 . 2006-02-20 13:00   1,570   ---------   c:\windows\system32\nvide.nvu
2009-01-25 01:06 . 2009-01-25 01:06   <DIR>   d--------   C:\NVIDIA
2009-01-25 01:05 . 2007-04-16 15:28   577,536   --a------   c:\windows\soun88a3.rra
2009-01-25 01:04 . 2009-01-25 01:15   <DIR>   d--------   c:\programmi\Realtek AC97
2009-01-25 00:52 . 2009-01-25 00:59   <DIR>   d--------   c:\documents and settings\Fra\Dati applicazioni\IObit
2009-01-24 01:19 . 2009-01-24 01:20   <DIR>   d--------   c:\programmi\Babylon
2009-01-21 23:44 . 2009-02-02 22:34   <DIR>   d--------   c:\documents and settings\Fra\Dati applicazioni\Babylon
2009-01-21 23:44 . 2009-02-02 22:19   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Babylon
2009-01-20 22:08 . 2009-01-21 15:58   <DIR>   d--------   c:\documents and settings\Fra\Dati applicazioni\Download Manager
2009-01-20 14:01 . 2009-01-24 01:04   <DIR>   d--------   c:\programmi\VS Revo Group
2009-01-19 19:49 . 2009-01-25 00:46   <DIR>   d--------   c:\programmi\ManyCam 2.3
2009-01-19 18:55 . 2009-01-19 18:55   <DIR>   d--------   c:\documents and settings\Fra\Dati applicazioni\Screaming Bee
2009-01-19 18:53 . 2009-01-19 18:53   <DIR>   d--------   c:\programmi\Screaming Bee
2009-01-19 17:55 . 2009-01-19 17:55   <DIR>   d--------   c:\programmi\File comuni\Screaming Bee
2009-01-19 00:47 . 2009-01-19 00:47   <DIR>   d--------   c:\documents and settings\Fra\Dati applicazioni\GlarySoft
2009-01-19 00:45 . 2009-01-19 00:45   <DIR>   d--------   c:\programmi\Glary Utilities
2009-01-17 21:56 . 2009-01-17 21:56   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Screaming Bee
2009-01-14 15:45 . 2009-01-14 15:45   <DIR>   d--------   c:\documents and settings\Fra\Dati applicazioni\DivX
2009-01-09 23:29 . 2009-01-09 23:29   <DIR>   d--------   c:\documents and settings\Fra\Dati applicazioni\Uniblue
2009-01-09 20:44 . 2009-01-27 00:25   <DIR>   d--------   c:\programmi\Spybot - Search & Destroy
2009-01-09 19:55 . 2009-01-09 20:07   <DIR>   d--------   c:\programmi\Windows Live
2009-01-09 19:55 . 2009-01-19 00:50   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Dati applicazioni\WindowsLiveInstaller
2009-01-08 22:06 . 2009-01-09 23:22   <DIR>   d--------   c:\documents and settings\Fra\Tracing
2009-01-08 22:03 . 2009-01-08 22:03   <DIR>   d--------   c:\programmi\Windows Live SkyDrive
2009-01-08 22:03 . 2009-01-08 22:03   <DIR>   d--------   c:\programmi\Microsoft
2009-01-08 21:57 . 2009-01-08 21:57   <DIR>   d--------   c:\programmi\File comuni\Windows Live
2009-01-08 18:14 . 2009-01-08 18:14   268   --ah-----   C:\sqmdata10.sqm
2009-01-08 18:14 . 2009-01-08 18:14   244   --ah-----   C:\sqmnoopt10.sqm
2009-01-08 18:01 . 2009-01-09 14:14   <DIR>   d--------   c:\programmi\Microsoft Works
2009-01-06 19:06 . 2009-02-02 14:00   <DIR>   d--------   c:\documents and settings\Fra\temp
2009-01-05 19:59 . 2009-01-09 23:22   <DIR>   d--------   c:\documents and settings\Fra\Dati applicazioni\Digital Support
2009-01-05 16:18 . 2009-01-05 16:18   90,112   --a------   c:\windows\system32\QuickTimeVR.qtx
2009-01-05 16:18 . 2009-01-05 16:18   57,344   --a------   c:\windows\system32\QuickTime.qts
2009-01-03 18:19 . 2009-01-03 22:39   112   --a------   c:\windows\MusicEditor.INI
2009-01-03 12:03 . 2009-01-04 15:59   28   --a------   c:\windows\Robota.INI
2009-01-03 12:02 . 2001-05-11 13:18   420,240   --a------   c:\windows\system32\mpg4c32.dll
2009-01-03 12:02 . 2001-05-16 17:54   309,616   --a------   c:\windows\system32\wmv8dmod.dll
2009-01-03 12:02 . 2001-03-26 04:41   245,760   --a------   c:\windows\system32\mp4sds32.ax
2009-01-03 11:59 . 2009-01-09 20:31   <DIR>   d--------   c:\windows\system32\MAGIX
2009-01-03 11:59 . 2009-01-09 20:31   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Dati applicazioni\MAGIX
2009-01-03 11:59 . 2008-04-15 16:14   700,416   --a------   c:\windows\system32\mgxoschk.dll
2009-01-03 11:59 . 2007-04-27 10:43   120,200   --a------   c:\windows\system32\DLLDEV32i.dll
2009-01-03 11:59 . 2009-01-03 23:31   5,937   --a------   c:\windows\mgxoschk.ini
2009-01-02 18:52 . 2009-01-02 18:52   <DIR>   d--------   c:\windows\Vbox
2009-01-02 18:09 . 2009-02-02 17:29   <DIR>   d--------   c:\documents and settings\Fra\Dati applicazioni\skypePM
2009-01-02 18:02 . 2009-01-02 18:02   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Dati applicazioni\HP Product Assistant
2009-01-02 18:01 . 2009-01-02 18:01   <DIR>   d--------   c:\documents and settings\Fra\Dati applicazioni\HP
2009-01-02 14:46 . 2009-01-02 14:46   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Dati applicazioni\TechSmith
2009-01-02 14:45 . 2009-01-02 14:45   <DIR>   d--------   c:\programmi\TechSmith
2009-01-02 14:45 . 2009-01-02 14:45   <DIR>   d--------   c:\programmi\File comuni\TechSmith Shared
2009-01-02 13:07 . 2009-01-02 13:07   <DIR>   d--------   c:\programmi\File comuni\xing shared
2009-01-02 13:06 . 2009-01-02 13:06   <DIR>   d--------   c:\programmi\Real
2009-01-02 13:06 . 2009-01-02 13:06   <DIR>   d--------   c:\programmi\File comuni\Real
2009-01-02 00:47 . 2008-10-14 01:03   20,992   --a------   c:\windows\system32\vncmirror.dll
2009-01-02 00:47 . 2008-10-14 01:03   4,608   --a------   c:\windows\system32\drivers\vncmirror.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 21:34   ---------   d-----w   c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Spybot - Search & Destroy
2009-02-02 20:17   ---------   d-----w   c:\programmi\PokerStars
2009-02-02 16:30   ---------   d-----w   c:\documents and settings\Fra\Dati applicazioni\Skype
2009-02-01 21:26   ---------   d-----w   c:\programmi\ATI Technologies
2009-02-01 17:54   ---------   d-----w   c:\programmi\Metin2_Italiano
2009-01-31 13:39   ---------   d-----w   c:\programmi\Nokia
2009-01-31 00:28   ---------   d-----w   c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Installations
2009-01-30 23:30   ---------   d-----w   c:\programmi\eMule AdunanzA
2009-01-30 17:17   ---------   d-----w   c:\programmi\QuickTime
2009-01-28 16:50   ---------   d-----w   c:\documents and settings\Fra\Dati applicazioni\LimeWire
2009-01-26 23:26   ---------   d-----w   c:\programmi\File comuni\Wise Installation Wizard
2009-01-26 12:53   ---------   d-----w   c:\programmi\Malwarebytes' Anti-Malware
2009-01-25 21:48   ---------   d-----w   c:\programmi\RegCleaner
2009-01-25 00:15   ---------   d--h--w   c:\programmi\InstallShield Installation Information
2009-01-24 23:46   ---------   d-----w   c:\programmi\PokerStars.IT
2009-01-24 23:46   ---------   d-----w   c:\programmi\DivX
2009-01-21 20:00   ---------   d-----w   c:\programmi\Java
2009-01-16 11:57   ---------   d-----w   c:\programmi\Google
2009-01-14 15:29   ---------   d-----w   c:\documents and settings\Fra\Dati applicazioni\Apple Computer
2009-01-14 15:11   38,496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11   15,504   ----a-w   c:\windows\system32\drivers\mbam.sys
2009-01-09 22:22   ---------   d-----w   c:\programmi\Messenger Plus! Live
2009-01-09 19:07   ---------   dcsh--w   c:\programmi\File comuni\WindowsLiveInstaller
2009-01-09 19:04   ---------   d-----w   c:\documents and settings\All Users.WINDOWS\Dati applicazioni\WLInstaller
2009-01-08 17:00   ---------   d-----w   c:\programmi\Microsoft.NET
2009-01-08 16:58   ---------   d-----w   c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Microsoft Help
2009-01-08 16:54   ---------   d-----w   c:\programmi\MSBuild
2009-01-02 17:03   ---------   d-----w   c:\programmi\HP
2009-01-02 12:06   499,712   ----a-w   c:\windows\system32\msvcp71.dll
2009-01-02 12:06   348,160   ----a-w   c:\windows\system32\msvcr71.dll
2009-01-01 19:54   ---------   d-----w   c:\documents and settings\Fra\Dati applicazioni\Greenshot
2008-12-31 16:21   ---------   d-----w   c:\programmi\File comuni\Adobe
2008-12-29 18:14   107,888   ----a-w   c:\windows\system32\CmdLineExt.dll
2008-12-26 13:38   ---------   d-----w   c:\documents and settings\Fra\Dati applicazioni\Winamp
2008-12-23 19:25   102,664   ----a-w   c:\windows\system32\drivers\tmcomm.sys
2008-12-23 17:58   ---------   d-----w   c:\programmi\Veoh Networks
2008-12-20 18:42   ---------   d-----w   c:\programmi\Microsoft Visual Studio 8
2008-12-20 18:42   ---------   d-----w   c:\documents and settings\All Users.WINDOWS\Dati applicazioni\avg8
2008-12-18 19:00   ---------   d-----w   c:\programmi\ESET
2008-12-18 12:53   ---------   d-----w   c:\documents and settings\All Users.WINDOWS\Dati applicazioni\MailFrontier
2008-12-14 22:22   0   ---ha-w   c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-12-14 22:22   0   ---ha-w   c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-12-14 18:05   ---------   d-----w   c:\programmi\iTunes
2008-12-14 18:05   ---------   d-----w   c:\programmi\iPod
2008-12-14 18:05   ---------   d-----w   c:\documents and settings\All Users.WINDOWS\Dati applicazioni\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-14 18:03   ---------   d-----w   c:\programmi\File comuni\Apple
2008-12-14 18:02   ---------   d-----w   c:\programmi\ATI
2008-12-11 11:57   333,184   ----a-w   c:\windows\system32\drivers\srv.sys
2008-12-11 00:33   86,016   ----a-w   c:\windows\system32\dpl100.dll
2008-12-11 00:33   200,704   ----a-w   c:\windows\system32\dtu100.dll
2008-12-10 21:30   ---------   d-----w   c:\documents and settings\All Users.WINDOWS\Dati applicazioni\ESET
2008-12-09 02:28   593,920   ----a-w   c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28   57,344   ----a-w   c:\windows\system32\dpv11.dll
2008-12-09 02:28   344,064   ----a-w   c:\windows\system32\dpus11.dll
2008-12-09 02:28   294,912   ----a-w   c:\windows\system32\dpu11.dll
2008-12-05 11:50   ---------   d-----w   c:\documents and settings\Fra\Dati applicazioni\Malwarebytes
2008-12-05 11:50   ---------   d-----w   c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Malwarebytes
2008-12-01 20:52   425,984   ----a-w   c:\windows\system32\ATIDEMGX.dll
2008-12-01 20:51   318,464   ----a-w   c:\windows\system32\ati2dvag.dll
2008-12-01 20:51   318,464   ----a-w   c:\windows\system32\ati2dvag(3).dll
2008-12-01 20:51   318,464   ----a-w   c:\windows\system32\ati2dvag(2).dll
2008-12-01 20:46   11,304,960   ----a-w   c:\windows\system32\atioglxx.dll
2008-12-01 20:41   188,416   ----a-w   c:\windows\system32\atipdlxx.dll
2008-12-01 20:41   188,416   ----a-w   c:\windows\system32\atipdlxx(3).dll
2008-12-01 20:41   188,416   ----a-w   c:\windows\system32\atipdlxx(2).dll
2008-12-01 20:40   43,520   ----a-w   c:\windows\system32\ati2edxx.dll
2008-12-01 20:40   43,520   ----a-w   c:\windows\system32\ati2edxx(3).dll
2008-12-01 20:40   43,520   ----a-w   c:\windows\system32\ati2edxx(2).dll
2008-12-01 20:40   26,112   ----a-w   c:\windows\system32\Ati2mdxx.exe
2008-12-01 20:40   147,456   ----a-w   c:\windows\system32\Oemdspif.dll
2008-12-01 20:40   143,360   ----a-w   c:\windows\system32\ati2evxx.dll
2008-12-01 20:40   143,360   ----a-w   c:\windows\system32\ati2evxx(3).dll
2008-12-01 20:40   143,360   ----a-w   c:\windows\system32\ati2evxx(2).dll
2008-12-01 20:38   598,016   ----a-w   c:\windows\system32\ati2evxx.exe
2008-12-01 20:38   598,016   ----a-w   c:\windows\system32\ati2evxx(3).exe
2008-12-01 20:38   598,016   ----a-w   c:\windows\system32\ati2evxx(2).exe
2008-12-01 20:37   53,248   ----a-w   c:\windows\system32\ATIDDC.DLL
2008-12-01 20:27   4,120,384   ----a-w   c:\windows\system32\ati3duag.dll
2008-12-01 20:27   4,120,384   ----a-w   c:\windows\system32\ati3duag(3).dll
2008-12-01 20:27   4,120,384   ----a-w   c:\windows\system32\ati3duag(2).dll
2008-12-01 20:19   307,200   ----a-w   c:\windows\system32\atiiiexx.dll
2008-12-01 20:11   2,495,360   ----a-w   c:\windows\system32\ativvaxx.dll
2008-12-01 20:11   2,495,360   ----a-w   c:\windows\system32\ativvaxx(3).dll
2008-12-01 20:11   2,495,360   ----a-w   c:\windows\system32\ativvaxx(2).dll
2008-12-01 19:57   48,640   ----a-w   c:\windows\system32\amdpcom32.dll
2008-12-01 19:53   45,056   ----a-w   c:\windows\system32\amdcalrt.dll
2008-12-01 19:53   45,056   ----a-w   c:\windows\system32\amdcalcl.dll
2008-12-01 19:53   401,408   ----a-w   c:\windows\system32\atikvmag.dll
2008-12-01 19:53   401,408   ----a-w   c:\windows\system32\atikvmag(3).dll
2008-12-01 19:53   401,408   ----a-w   c:\windows\system32\atikvmag(2).dll
2008-12-01 19:52   86,016   ----a-w   c:\windows\system32\atiadlxx.dll
2008-12-01 19:52   17,408   ----a-w   c:\windows\system32\atitvo32.dll
2008-12-01 19:50   3,252,224   ----a-w   c:\windows\system32\Amdcaldd.dll
2008-12-01 19:50   286,720   ----a-w   c:\windows\system32\atiok3x2.dll
2008-12-01 19:50   286,720   ----a-w   c:\windows\system32\atiok3x2(3).dll
2008-12-01 19:50   286,720   ----a-w   c:\windows\system32\atiok3x2(2).dll
2008-12-01 19:45   577,536   ----a-w   c:\windows\system32\ati2cqag.dll
2008-12-01 19:45   577,536   ----a-w   c:\windows\system32\ati2cqag(3).dll
2008-12-01 19:45   577,536   ----a-w   c:\windows\system32\ati2cqag(2).dll
2008-12-01 13:35   593,920   ------w   c:\windows\system32\ati2sgag.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-08 1451264]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\[u]0[/u]OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Controllo del Calendario di Ulead Photo Express.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Orbit.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Privoxy.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Fra^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Fra^Menu Avvio^Programmi^Esecuzione automatica^Styler.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSwitch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Service

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-06-12 02:38 34672 c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
--a--c--- 2007-10-04 17:38 307200 c:\programmi\ATI\ATICustomerCare\ATICustomerCare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305]
--a------ 2005-08-05 14:15 61440 c:\windows\VM305_STI.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2004-08-19 13:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 16:24 54840 c:\programmi\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2009-01-09 20:24 5724184 c:\programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2008-09-04 06:01 2524416 c:\windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2008-09-06 15:09 413696 c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra--c--- 2008-09-23 14:17 21755688 c:\programmi\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-08-29 17:11 61440 c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-10 05:43 136600 c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a--c--- 2008-05-02 05:15 15872 c:\programmi\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2008-12-01 21:40 26112 c:\windows\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"ose"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" -start

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:Porte Del Client
"4672:UDP"= 4672:UDP:Porte del client

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-10-08 34312]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R1 TsMali;TsMali;c:\windows\system32\drivers\tsmali.sys [2009-01-28 38599]
R2 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-10-08 468224]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-01-14 21632]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2006-09-26 21920]
R3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [2008-10-02 391099]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - USNJSVC

.
Contenuto della cartella 'Scheduled Tasks'

2009-02-02 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2009-01-10 17:02]

2009-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-879983540-682003330-1005.job
- c:\documents and settings\Fra\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe []
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

.
------- Scansione supplementare -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
FF - ProfilePath - c:\documents and settings\Fra\Dati applicazioni\Mozilla\Firefox\Profiles\rsa0eop5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npigl.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\programmi\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\programmi\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

---- FIREFOX POLICIES ----
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-02 22:39:26
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="B30CD397FB772E7571828B9FEAE7BD61963605F8EE89324A0C203540BCA01B6807AAB772F8F2968FE614D4D382DF06A6EA415B62940B092239BBC6E42B9A4F92B0AFBD774A7B3DC48E7B5539FCC2D6EFE2D8A98041910370540B489E25149D1D3721E83B508BD29FECCA75B8C865D5E69E39DEA88F6A5D23BC114DD492F4F4D4D6EE125663BF1E6D3B79F0B9473EBF7AF4013D36918368E78436BCF3D0445CC8FC6A63E54DDB79BDE560DA2AD067E25CED335A07C9720831F14751EA31AFECCDCFFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79338EDD5E5BE2F6E667A9C6AECB7A5D14074F6D002EA0F7AB6A58A4F991F43A87BC20AC73F3DECE443E730F680CBB1E2A0EA1EDE27A7B635A4064297D33607BE9B16CD7803EC480732D701102C0F8434F63CB851FDB2B06CBA8B5644457E38EFD8E8317811F11832147F8CA6F0F1CA104D8A9432B111B3B08227109558884852F3171E1AE8B01BDB9E4A195BDF8BC94D5647B8681C8DB72E0DEA01F3B416C872FA72784C56FF62AEE13E7A3F8F5168A98AEE207A02821306846AD7F877466CB70B6FA1E0727F8D73692297AB2710609DF1768CD8C45428DF472EA5ACB0864A02CD4A522B686B0E7485627F180C90FA5072EF7B9C9AEBB3623B00B32A1D1FBE65E2DC4D99CD1EB9122088838FBD15A8BACB8DF7BE4622EEAD10628DD24A165944720D9DE87431E9E8505584CC4D131F932B15318EB55DBFEA3A63E87F1B87CB26BC14AA2C6095A6CF65C0483F98381C53E44EAEBEFEEAD5B00FDAB2E304944DC12585F68AEC55DED40545E06C11660543BD5A1A10A0C307D912B38A405FEDFC748DF4747198F822AEEE29DD2462E042256F7D63D547C917248FE0A921D759835DC08122CE2EECD3BD2365D3835E0C6BD81F64C14EB832761D6032EF1A7BEDB8065B4B657E9E363CD02AF995CC03926CB74CE2CCE75D9E882B4ED9412585FBA15397C8CDA165F8E2755E1B7381D374802A83280EC952B70201DB11294E650E9F6F42CD29E4E47BC9AE996FA9705CD72ABDB85B9BEF818011C8E6E5FF08FFDC13978C1A9DF00F50093A04A909C36E310A911E229EACCB57C6ACCFC18F191CA3F06E7F1182D1BB90D119FAC06B9F1D42FED8C17876B44886B135E643DB6300B051B2B2406EB1554BFA4CFA2CBB9FD6F827EDA25EF8C9610F8328FE6B332B308D4C8EF73C1D1657C94F35D453B392375E1F949C1E2F17D3AF5F8ED75C2A9677D9975A32FFA6B8ADA2E3ABA618D28B01F488D69D5C110386CD5AA4EB596B89A1E60187DDB4918030E53459BF5E04C7718537C1100D43109FC30204783C1CEA10FD940732F258D55286BF77AB8373DCC7EC61E5C11C873B6B9C1C533EDB6AED368D98EC1"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-02-02 22.41.02
ComboFix-quarantined-files.txt 2009-02-02 21:40:52

Pre-Run: 212.802.641.920 byte disponibili
Post-Run: 212,794,650,624 byte disponibili

369   --- E O F ---   2009-01-14 13:06:15

HijackThis

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.52 Fra, on 02/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Fra\Desktop\Francesco\Varie\Portable\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programmi\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programmi\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5411 bytes

Per Malwarebytes' non so dove salvi i log.
Fatemi Sapere! Angel

Grazie!

EDIT:, HO TROVATO I LOG DI Malwarebytes'

Code:

Malwarebytes' Anti-Malware 1.33
Versione del database: 1715
Windows 5.1.2600 Service Pack 2

02/02/2009 20.28.12
mbam-log-2009-02-02 (20-28-12).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 113306
Tempo trascorso: 1 hour(s), 24 minute(s), 56 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5c255c8a-e604-49b4-9d64-90988571cecb} (Malware.Trace) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Programmi\Veoh Networks\VeohWebPlayer\uninst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Torna in alto

Sponsor

Inviato: Monday, February 02, 2009 10:52:57 PM

Torna in alto

linkin

Inviato: Wednesday, February 04, 2009 2:22:52 PM

Rank: AiutAmico

Iscritto dal : 1/4/2008
Posts: 427

Ragazzi, mi potete aiutare?

Torna in alto

Utenti presenti in questo topic

Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo Log

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded