Condividi:        

Problema Malware

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Problema Malware

Postdi jrc0001 » 26/04/11 12:31

Buongiorno a tutti,
Avira mi rileva un Malware in c:\Users\xxxx\Appdata\Local\Google\chrome\User Data\eccecc\Data_3 dice: è stato rilevato un virus o un programma indesiderato "Heur/Html. Malware"
L'accesso al file è stato negato.
Ho fatto uno scan è il mio log è il seguente:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:38:11, on 26/04/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Documents\PowerOffer\POService.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PowerOffer - {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Users\Public\Documents\PowerOffer\PowerOfferBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBEE.EXE /FU "C:\Windows\TEMP\E_SDB60.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE /FU "C:\Windows\TEMP\E_S4855.tmp" /EF "HKCU"
O8 - Extra context menu item: Add to &Evernote - res://C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll/2000
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {A26B402C-3CA9-4A67-809E-E8117BA1EAF4} (CAEWebReq.SystemRequirements) - http://www.simfinity.com/browserreq/WebRequirements.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SAMSUNG KiesAllShare Service (KiesAllShare) - Unknown owner - C:\Program Files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14934 bytes

Dimenticavo un problema che noto è che con choorme o explorer se apro una pagina per esempio della Tre mi si apre quella della vodafone in un altra scheda. Oppure se faccio una ricerca scrivendo sky mi si apre una scheda con mediaset premium e cosi via...

Infine questo malware potrebbe aver diffuso miei dati?

Grazie per le info.
P.s. nelle spiegazioni calcolate che non sono un esperto quindi potrei aver bisogno di voi...
A presto
JRC
jrc0001
Utente Junior
 
Post: 16
Iscritto il: 26/04/11 00:51

Sponsor
 

Re: Problema Malware

Postdi nippon » 26/04/11 12:48

Prima che te lo dica qualche moderatore, i log di hijack vanno inseriti dentro il tasto "code".

In pratica verrebbe così ;) :

Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:38:11, on 26/04/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Documents\PowerOffer\POService.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PowerOffer - {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Users\Public\Documents\PowerOffer\PowerOfferBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBEE.EXE /FU "C:\Windows\TEMP\E_SDB60.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE /FU "C:\Windows\TEMP\E_S4855.tmp" /EF "HKCU"
O8 - Extra context menu item: Add to &Evernote - res://C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll/2000
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {A26B402C-3CA9-4A67-809E-E8117BA1EAF4} (CAEWebReq.SystemRequirements) - http://www.simfinity.com/browserreq/WebRequirements.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SAMSUNG KiesAllShare Service (KiesAllShare) - Unknown owner - C:\Program Files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14934 bytes
CIAO A TUTTI E GRAZIE A TUTTI QUELLI CHE MI PRENDERANNO IN CONSIDERAZIONE! :)
Avatar utente
nippon
Utente Senior
 
Post: 832
Iscritto il: 22/04/07 15:19

Re: Problema Malware

Postdi Murdekai » 26/04/11 12:56

Scarica Malwarebytes' Anti-Malware Free Version: http://www.malwarebytes.org
● doppio click su mbam-setup per avviare il setup
● in fase di installazione, lascia la spunta a:
Aggiorna Malwarebytes' Anti-Malware
Avvia Malwarebytes' Anti-Malware

Una volta eseguiti i passaggi indicati sopra:
● collega tutte le periferiche esterne che possiedi ( Chiavette USB, HDD Esterni, Lettori MP3... )
● verrà mostrata la schermata principale del tool
● clicca sul pulsante Scansione completa, e conferma cliccando il pulsante Scansione
● verrà richiesto quali drive scansionare; selezionali tutti, e clicca nuovamente su Scansione
● attendi pazientemente il termine della scansione
● verrà rilasciato automaticamente un file di testo: salvalo sul Desktop ed allegalo
● se vengono rilevate infezioni: eliminale, cliccando su Rimuovi elementi selezionati
Murdekai
 

Re: Problema Malware

Postdi jrc0001 » 26/04/11 13:47

Grazie mille per l'info chiedo scusa.
Cmq ho già provato la tua risoluzione e niente il problema permane.
jrc0001
Utente Junior
 
Post: 16
Iscritto il: 26/04/11 00:51

Re: Problema Malware

Postdi Murdekai » 27/04/11 08:53

Ti avevo cortesemente chiesto di allegare il log, e te ne sei altamente fregato.

Poco male, proseguiamo:
Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● posiziona il file scaricato sul Desktop
disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un doppio click
● segui le istruzioni che verranno rilasciate per eseguire la scansione
● verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare
senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo tu
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo

Nota - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
Murdekai
 

Re: Problema Malware

Postdi Luke57 » 27/04/11 09:20

@Murdekai
ma sei ancora tu? FDAC ed altri?
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Problema Malware

Postdi Riverside » 27/04/11 09:26

Luke57 ha scritto:@Murdekai ma sei ancora tu? FDAC ed altri?

Naturalmente .... si, Luke ;)
Riverside
Utente Senior
 
Post: 2001
Iscritto il: 03/06/10 10:35
Località: "Riverside House" Italy

Re: Problema Malware

Postdi Murdekai » 27/04/11 10:06

SI, sono ancora io.

Naturalmente .... si, Luke ;)


Sei un mago, River.
Murdekai
 

Re: Problema Malware

Postdi jrc0001 » 29/04/11 03:09

Ecco il log.
Scusatemi se sbaglio a postare o a scrivere alcune cose....
Spero di aver fatto tutto giusto...
Codice: Seleziona tutto
ComboFix 11-04-28.01 - ALDO 29/04/2011   4:06.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.39.1040.18.4014.2379 [GMT 2:00]
Eseguito da: c:\users\ALDO\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Creato nuovo punto di ripristino
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\ALDO\AppData\Roaming\OfferBox
c:\users\ALDO\AppData\Roaming\OfferBox\config.dat
c:\users\ALDO\AppData\Roaming\OfferBox\config.xml
.
.
(((((((((((((((((((((((((   Files Creati Da 2011-03-28 al 2011-04-29  )))))))))))))))))))))))))))))))))))
.
.
2011-04-29 02:10 . 2011-04-29 02:10   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-04-26 09:07 . 2011-04-11 08:21   8802128   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{59D147B1-17FB-4B7D-9F33-6FF20C63293C}\mpengine.dll
2011-04-25 23:43 . 2011-04-25 23:43   388096   ----a-r-   c:\users\ALDO\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-25 23:43 . 2011-04-25 23:43   --------   d-----w-   c:\program files (x86)\Trend Micro
2011-04-25 23:31 . 2011-04-26 15:52   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2011-04-25 23:31 . 2011-04-25 23:44   --------   d-----w-   c:\program files (x86)\Spybot - Search & Destroy
2011-04-25 23:10 . 2011-04-25 23:10   --------   d-----w-   c:\users\ALDO\AppData\Roaming\Malwarebytes
2011-04-25 23:10 . 2010-12-20 16:09   38224   ----a-w-   c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-25 23:10 . 2011-04-25 23:10   --------   d-----w-   c:\programdata\Malwarebytes
2011-04-25 23:09 . 2011-04-25 23:10   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-25 23:09 . 2010-12-20 16:08   24152   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-04-21 19:53 . 2011-04-26 00:03   --------   d-----w-   c:\users\ALDO\AppData\Local\GamePlayLabs Plugin
2011-04-21 19:02 . 2011-04-21 19:10   --------   d-----w-   c:\program files\Tracker Software
2011-04-19 08:53 . 2011-04-19 08:54   --------   d-----w-   c:\users\ALDO\AppData\Local\{832F2008-BCAB-4BDF-9D96-1AEBAE4032E7}
2011-04-15 15:00 . 2011-03-03 06:17   182272   ----a-w-   c:\windows\system32\dnsrslvr.dll
2011-04-13 17:05 . 2011-04-13 17:05   --------   d-----w-   c:\users\ALDO\AppData\Local\AutoUpdate
2011-04-13 15:19 . 2011-04-13 15:20   --------   d-----w-   c:\users\ALDO\AppData\Local\{6B80552F-7CC3-4030-A283-F58B6E21B785}
2011-04-08 07:36 . 2011-04-08 07:36   --------   d-----w-   c:\program files (x86)\PerformanceCBT
2011-04-08 07:34 . 1997-01-15 21:00   29696   ----a-w-   c:\windows\SysWow64\VB5StKit.dll
2011-04-08 07:34 . 1997-01-15 21:00   71680   ----a-w-   c:\windows\ST5UNST.EXE
2011-04-08 07:34 . 1997-07-19 12:55   1347344   ----a-w-   c:\windows\SysWow64\MSVBVM50.dll
2011-04-06 13:53 . 2011-04-06 13:53   --------   d-----w-   c:\users\ALDO\AppData\Local\{0DBF2DF3-EC7D-4ED7-8AEF-9212C36E62D2}
2011-04-03 21:27 . 2011-04-03 21:27   --------   d-----w-   c:\programdata\Roxio
2011-04-03 21:27 . 2011-04-03 21:27   --------   d-----w-   c:\users\ALDO\AppData\Roaming\Roxio
2011-04-03 01:50 . 2011-04-03 01:50   --------   d-----w-   c:\users\ALDO\AppData\Roaming\Avira
.
.


A presto
jrc0001
Utente Junior
 
Post: 16
Iscritto il: 26/04/11 00:51

Re: Problema Malware

Postdi Murdekai » 29/04/11 15:25

Ciao, il log non è completo.
Il PC come va?
Murdekai
 

Re: Problema Malware

Postdi jrc0001 » 29/04/11 23:48

Cosa manca cosa devo fare di preciso?
Mi pare di aver seguito alla lettera le istruzioni.
Il pc va bene permane il problema solo con Choorme o Explorer.
Scrivo Vodafone ed apre vodafone e tim scrivo Volare e mi apre il sito di una compagnia aerea...e cosi via.
Ovviamente lo fa aprendo un altra scheda no la ricerca.
jrc0001
Utente Junior
 
Post: 16
Iscritto il: 26/04/11 00:51

Re: Problema Malware

Postdi Murdekai » 30/04/11 16:37

Devi allegare tutto il file di testo, non solo una parte.
Puoi disinstallare Spybot, è superato.
E posta un log aggiornato di Hijackthis.
Murdekai
 

Re: Problema Malware

Postdi jrc0001 » 30/04/11 17:14

Inoltre ogni tanto ho ancora il segnale dal mio antivirus:

C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3

Tipo di rilevamento:
Heur/Html.Malware

Help me è davvero snervante...
P.s. I popup gli ho bloccati ovviamente.

Ecco i log:
Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:08:42, on 30/04/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Documents\PowerOffer\POService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PowerOffer - {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Users\Public\Documents\PowerOffer\PowerOfferBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O8 - Extra context menu item: Add to &Evernote - res://C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll/2000
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {A26B402C-3CA9-4A67-809E-E8117BA1EAF4} (CAEWebReq.SystemRequirements) - http://www.simfinity.com/browserreq/WebRequirements.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SAMSUNG KiesAllShare Service (KiesAllShare) - Unknown owner - C:\Program Files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14185 bytes


Ecco quello di combofix:
Codice: Seleziona tutto
ComboFix 11-04-28.01 - ALDO 30/04/2011  18:11:28.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.39.1040.18.4014.2483 [GMT 2:00]
Eseguito da: c:\users\ALDO\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Creati Da 2011-03-28 al 2011-04-30  )))))))))))))))))))))))))))))))))))
.
.
2011-04-30 16:15 . 2011-04-30 16:15   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-04-29 22:58 . 2011-04-11 08:21   8802128   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{D5505229-DA8C-40FE-9440-85C178813349}\mpengine.dll
2011-04-29 01:19 . 2011-03-11 05:37   74240   ----a-w-   c:\windows\SysWow64\fsutil.exe
2011-04-29 01:19 . 2011-02-18 06:33   31232   ----a-w-   c:\windows\system32\prevhost.exe
2011-04-29 01:19 . 2011-02-18 05:33   31232   ----a-w-   c:\windows\SysWow64\prevhost.exe
2011-04-25 23:43 . 2011-04-25 23:43   388096   ----a-r-   c:\users\ALDO\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-25 23:43 . 2011-04-25 23:43   --------   d-----w-   c:\program files (x86)\Trend Micro
2011-04-25 23:31 . 2011-04-26 15:52   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2011-04-25 23:31 . 2011-04-25 23:44   --------   d-----w-   c:\program files (x86)\Spybot - Search & Destroy
2011-04-25 23:10 . 2011-04-25 23:10   --------   d-----w-   c:\users\ALDO\AppData\Roaming\Malwarebytes
2011-04-25 23:10 . 2010-12-20 16:09   38224   ----a-w-   c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-25 23:10 . 2011-04-25 23:10   --------   d-----w-   c:\programdata\Malwarebytes
2011-04-25 23:09 . 2011-04-25 23:10   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-25 23:09 . 2010-12-20 16:08   24152   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-04-21 19:53 . 2011-04-26 00:03   --------   d-----w-   c:\users\ALDO\AppData\Local\GamePlayLabs Plugin
2011-04-21 19:02 . 2011-04-21 19:10   --------   d-----w-   c:\program files\Tracker Software
2011-04-19 08:53 . 2011-04-19 08:54   --------   d-----w-   c:\users\ALDO\AppData\Local\{832F2008-BCAB-4BDF-9D96-1AEBAE4032E7}
2011-04-15 15:00 . 2011-03-03 06:17   182272   ----a-w-   c:\windows\system32\dnsrslvr.dll
2011-04-13 17:05 . 2011-04-13 17:05   --------   d-----w-   c:\users\ALDO\AppData\Local\AutoUpdate
2011-04-13 15:19 . 2011-04-13 15:20   --------   d-----w-   c:\users\ALDO\AppData\Local\{6B80552F-7CC3-4030-A283-F58B6E21B785}
2011-04-08 07:36 . 2011-04-08 07:36   --------   d-----w-   c:\program files (x86)\PerformanceCBT
2011-04-08 07:34 . 1997-01-15 21:00   29696   ----a-w-   c:\windows\SysWow64\VB5StKit.dll
2011-04-08 07:34 . 1997-01-15 21:00   71680   ----a-w-   c:\windows\ST5UNST.EXE
2011-04-08 07:34 . 1997-07-19 12:55   1347344   ----a-w-   c:\windows\SysWow64\MSVBVM50.dll
2011-04-06 13:53 . 2011-04-06 13:53   --------   d-----w-   c:\users\ALDO\AppData\Local\{0DBF2DF3-EC7D-4ED7-8AEF-9212C36E62D2}
2011-04-03 21:27 . 2011-04-03 21:27   --------   d-----w-   c:\programdata\Roxio
2011-04-03 21:27 . 2011-04-03 21:27   --------   d-----w-   c:\users\ALDO\AppData\Roaming\Roxio
2011-04-03 01:50 . 2011-04-03 01:50   --------   d-----w-   c:\users\ALDO\AppData\Roaming\Avira
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-25 22:13 . 2010-07-15 15:06   724992   ----a-w-   c:\windows\iun6002.exe
2011-03-28 09:34 . 2010-06-24 09:33   18328   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-23 21:42 . 2010-05-23 12:36   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2011-03-16 16:26 . 2011-03-16 16:26   335872   ----a-r-   c:\users\ALDO\AppData\Roaming\Microsoft\Installer\{DF0038DC-A9B7-4F52-8CA4-C79A3CA631FA}\ARPPRODUCTICON.exe
2011-03-04 06:17 . 2011-04-29 01:20   135168   ----a-w-   c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-29 01:20   347648   ----a-w-   c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-19 06:37 . 2011-03-09 10:28   1135104   ----a-w-   c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 10:28   1540608   ----a-w-   c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 10:28   902656   ----a-w-   c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 10:28   1074176   ----a-w-   c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 10:28   739840   ----a-w-   c:\windows\SysWow64\d2d1.dll
2011-02-02 16:11 . 2010-03-28 17:06   270720   ------w-   c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-04-29_02.10.07   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-04-30 13:12   32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-28 14:14   32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-30 13:12   49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-28 14:14   49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-30 13:12   32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-28 14:14   32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-19 20:02 . 2011-04-30 12:25   65890              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-04-30 12:25   37876              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-04-29 01:13   37876              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-03-28 14:13 . 2011-04-29 01:13   14602              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-309535300-2899031690-1086145306-1001_UserData.bin
+ 2010-03-28 14:13 . 2011-04-30 12:25   14602              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-309535300-2899031690-1086145306-1001_UserData.bin
+ 2011-04-29 01:20 . 2011-03-11 06:15   96768              c:\windows\system32\fsutil.exe
+ 2009-07-14 05:30 . 2011-04-29 22:51   86016              c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-04-07 11:59   86016              c:\windows\system32\DriverStore\infpub.dat
+ 2011-04-29 01:20 . 2011-03-11 04:31   91136              c:\windows\system32\DriverStore\FileRepository\usbstor.inf_amd64_neutral_dd8b7470ecdd8b8b\USBSTOR.SYS
+ 2011-04-29 01:20 . 2011-03-11 06:22   27008              c:\windows\system32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_66a166f5508d8f1c\amdxata.sys
+ 2011-04-29 01:20 . 2011-03-11 04:31   91136              c:\windows\system32\drivers\USBSTOR.SYS
+ 2011-04-29 01:20 . 2011-03-11 06:22   27008              c:\windows\system32\drivers\amdxata.sys
- 2010-03-12 07:47 . 2011-04-29 01:16   49152              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-12 07:47 . 2011-04-30 12:29   49152              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-30 12:29   16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-29 01:16   16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-28 16:43 . 2011-04-29 01:13   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-28 16:43 . 2011-04-30 12:24   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-04-29 22:53   80736              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-03-28 16:43 . 2011-04-30 12:24   32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-28 16:43 . 2011-04-29 01:13   32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-28 16:43 . 2011-04-29 01:13   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-28 16:43 . 2011-04-30 12:24   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-28 14:10 . 2011-04-29 02:04   16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-28 14:10 . 2011-04-30 16:06   16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-28 14:10 . 2011-04-29 02:04   16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-28 14:10 . 2011-04-30 16:06   16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-04-29 01:11 . 2011-04-29 01:11   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-04-30 12:23 . 2011-04-30 12:23   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-29 01:11 . 2011-04-29 01:11   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-30 12:23 . 2011-04-30 12:23   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-29 01:20 . 2011-03-12 11:31   442880              c:\windows\SysWOW64\XpsPrint.dll
- 2011-02-23 09:01 . 2011-01-07 07:31   442880              c:\windows\SysWOW64\XpsPrint.dll
+ 2011-04-29 01:20 . 2011-03-12 12:03   662528              c:\windows\system32\XpsPrint.dll
- 2011-02-23 09:01 . 2011-01-07 08:07   662528              c:\windows\system32\XpsPrint.dll
+ 2010-03-29 18:10 . 2011-04-30 16:06   372380              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 05:30 . 2011-04-07 11:59   239616              c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-04-29 22:51   239616              c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-04-29 22:51   143360              c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-04-07 11:59   143360              c:\windows\system32\DriverStore\infstor.dat
+ 2011-04-29 01:20 . 2011-03-11 06:23   166272              c:\windows\system32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
+ 2011-04-29 01:20 . 2011-03-11 06:23   148352              c:\windows\system32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvraid.sys
+ 2011-04-29 01:20 . 2011-03-11 06:23   410496              c:\windows\system32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
+ 2011-04-29 01:20 . 2011-03-11 06:22   107904              c:\windows\system32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_66a166f5508d8f1c\amdsata.sys
+ 2009-07-14 05:31 . 2011-04-29 22:51   399360              c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:31 . 2010-09-29 19:30   399360              c:\windows\system32\DriverStore\drvindex.dat
+ 2011-04-29 01:20 . 2011-03-11 06:23   187264              c:\windows\system32\drivers\storport.sys
+ 2011-04-29 01:20 . 2011-03-11 06:23   166272              c:\windows\system32\drivers\nvstor.sys
+ 2011-04-29 01:20 . 2011-03-11 06:23   148352              c:\windows\system32\drivers\nvraid.sys
+ 2011-04-29 01:20 . 2011-03-11 06:23   410496              c:\windows\system32\drivers\iaStorV.sys
+ 2011-04-29 01:20 . 2011-03-11 06:22   107904              c:\windows\system32\drivers\amdsata.sys
- 2010-03-12 07:47 . 2011-04-29 01:16   196608              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-12 07:47 . 2011-04-30 12:29   196608              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 05:01 . 2011-04-26 18:07   431968              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-04-30 00:12   431968              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-29 01:20 . 2011-02-26 05:33   2614784              c:\windows\SysWOW64\explorer.exe
+ 2011-04-29 01:20 . 2011-03-11 05:39   1686016              c:\windows\SysWOW64\esent.dll
+ 2011-04-29 01:20 . 2011-03-11 06:18   2566144              c:\windows\system32\esent.dll
+ 2011-04-29 01:20 . 2011-03-11 06:23   1657216              c:\windows\system32\drivers\ntfs.sys
- 2009-07-14 04:45 . 2011-04-24 15:35   3860045              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-04-29 22:53   3860045              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-04-29 01:20 . 2011-02-26 06:23   2870272              c:\windows\explorer.exe
- 2010-03-28 16:33 . 2009-10-31 06:34   2870272              c:\windows\explorer.exe
+ 2009-07-14 02:34 . 2011-04-29 23:08   10223616              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-04-29 01:22   10223616              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-03-28 16:36 . 2011-04-18 14:22   43802056              c:\windows\system32\MRT.exe
.
-- Snapshot per reimpostare la data corrente --
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PoService"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-01-21 597792]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-11-30 18:20   98304   ----a-w-   c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-12 133104]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-12 133104]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 KiesAllShare;SAMSUNG KiesAllShare Service;c:\program files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-09-27 303872]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2009-11-08 16392]
R3 TVICHW64;TVICHW64;c:\windows\system32\DRIVERS\TVICHW64.SYS [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-25 549168]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-25 101152]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-18 9216]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-04-09 1223024]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-12 07:44]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-12 07:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-18 11106408]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-12 171520]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 16397416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to &Evernote - c:\program files (x86)\Evernote\Evernote3.5\enbar.dll/2000
IE: E&sporta in Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {A26B402C-3CA9-4A67-809E-E8117BA1EAF4} - hxxp://www.simfinity.com/browserreq/WebRequirements.CAB
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2011-04-30  18:17:28
ComboFix-quarantined-files.txt  2011-04-30 16:17
ComboFix2.txt  2011-04-29 02:11
.
Pre-Run: 238.629.715.968 byte disponibili
Post-Run: 240.280.969.216 byte disponibili
.
- - End Of File - - FCC401C7AEBAAA57C2137A19CC5E5C02
jrc0001
Utente Junior
 
Post: 16
Iscritto il: 26/04/11 00:51

Re: Problema Malware

Postdi jrc0001 » 30/04/11 17:15

Questo quello che a salvato in c:combofix.txt

Codice: Seleziona tutto
ComboFix 11-04-28.01 - ALDO 30/04/2011  18:11:28.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.39.1040.18.4014.2483 [GMT 2:00]
Eseguito da: c:\users\ALDO\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Creati Da 2011-03-28 al 2011-04-30  )))))))))))))))))))))))))))))))))))
.
.
2011-04-30 16:15 . 2011-04-30 16:15   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-04-29 22:58 . 2011-04-11 08:21   8802128   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{D5505229-DA8C-40FE-9440-85C178813349}\mpengine.dll
2011-04-29 01:19 . 2011-03-11 05:37   74240   ----a-w-   c:\windows\SysWow64\fsutil.exe
2011-04-29 01:19 . 2011-02-18 06:33   31232   ----a-w-   c:\windows\system32\prevhost.exe
2011-04-29 01:19 . 2011-02-18 05:33   31232   ----a-w-   c:\windows\SysWow64\prevhost.exe
2011-04-25 23:43 . 2011-04-25 23:43   388096   ----a-r-   c:\users\ALDO\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-25 23:43 . 2011-04-25 23:43   --------   d-----w-   c:\program files (x86)\Trend Micro
2011-04-25 23:31 . 2011-04-26 15:52   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2011-04-25 23:31 . 2011-04-25 23:44   --------   d-----w-   c:\program files (x86)\Spybot - Search & Destroy
2011-04-25 23:10 . 2011-04-25 23:10   --------   d-----w-   c:\users\ALDO\AppData\Roaming\Malwarebytes
2011-04-25 23:10 . 2010-12-20 16:09   38224   ----a-w-   c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-25 23:10 . 2011-04-25 23:10   --------   d-----w-   c:\programdata\Malwarebytes
2011-04-25 23:09 . 2011-04-25 23:10   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-25 23:09 . 2010-12-20 16:08   24152   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-04-21 19:53 . 2011-04-26 00:03   --------   d-----w-   c:\users\ALDO\AppData\Local\GamePlayLabs Plugin
2011-04-21 19:02 . 2011-04-21 19:10   --------   d-----w-   c:\program files\Tracker Software
2011-04-19 08:53 . 2011-04-19 08:54   --------   d-----w-   c:\users\ALDO\AppData\Local\{832F2008-BCAB-4BDF-9D96-1AEBAE4032E7}
2011-04-15 15:00 . 2011-03-03 06:17   182272   ----a-w-   c:\windows\system32\dnsrslvr.dll
2011-04-13 17:05 . 2011-04-13 17:05   --------   d-----w-   c:\users\ALDO\AppData\Local\AutoUpdate
2011-04-13 15:19 . 2011-04-13 15:20   --------   d-----w-   c:\users\ALDO\AppData\Local\{6B80552F-7CC3-4030-A283-F58B6E21B785}
2011-04-08 07:36 . 2011-04-08 07:36   --------   d-----w-   c:\program files (x86)\PerformanceCBT
2011-04-08 07:34 . 1997-01-15 21:00   29696   ----a-w-   c:\windows\SysWow64\VB5StKit.dll
2011-04-08 07:34 . 1997-01-15 21:00   71680   ----a-w-   c:\windows\ST5UNST.EXE
2011-04-08 07:34 . 1997-07-19 12:55   1347344   ----a-w-   c:\windows\SysWow64\MSVBVM50.dll
2011-04-06 13:53 . 2011-04-06 13:53   --------   d-----w-   c:\users\ALDO\AppData\Local\{0DBF2DF3-EC7D-4ED7-8AEF-9212C36E62D2}
2011-04-03 21:27 . 2011-04-03 21:27   --------   d-----w-   c:\programdata\Roxio
2011-04-03 21:27 . 2011-04-03 21:27   --------   d-----w-   c:\users\ALDO\AppData\Roaming\Roxio
2011-04-03 01:50 . 2011-04-03 01:50   --------   d-----w-   c:\users\ALDO\AppData\Roaming\Avira
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-25 22:13 . 2010-07-15 15:06   724992   ----a-w-   c:\windows\iun6002.exe
2011-03-28 09:34 . 2010-06-24 09:33   18328   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-23 21:42 . 2010-05-23 12:36   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2011-03-16 16:26 . 2011-03-16 16:26   335872   ----a-r-   c:\users\ALDO\AppData\Roaming\Microsoft\Installer\{DF0038DC-A9B7-4F52-8CA4-C79A3CA631FA}\ARPPRODUCTICON.exe
2011-03-04 06:17 . 2011-04-29 01:20   135168   ----a-w-   c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-29 01:20   347648   ----a-w-   c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-19 06:37 . 2011-03-09 10:28   1135104   ----a-w-   c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 10:28   1540608   ----a-w-   c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 10:28   902656   ----a-w-   c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 10:28   1074176   ----a-w-   c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 10:28   739840   ----a-w-   c:\windows\SysWow64\d2d1.dll
2011-02-02 16:11 . 2010-03-28 17:06   270720   ------w-   c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-04-29_02.10.07   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-04-30 13:12   32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-28 14:14   32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-30 13:12   49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-28 14:14   49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-30 13:12   32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-28 14:14   32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-19 20:02 . 2011-04-30 12:25   65890              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-04-30 12:25   37876              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-04-29 01:13   37876              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-03-28 14:13 . 2011-04-29 01:13   14602              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-309535300-2899031690-1086145306-1001_UserData.bin
+ 2010-03-28 14:13 . 2011-04-30 12:25   14602              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-309535300-2899031690-1086145306-1001_UserData.bin
+ 2011-04-29 01:20 . 2011-03-11 06:15   96768              c:\windows\system32\fsutil.exe
+ 2009-07-14 05:30 . 2011-04-29 22:51   86016              c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-04-07 11:59   86016              c:\windows\system32\DriverStore\infpub.dat
+ 2011-04-29 01:20 . 2011-03-11 04:31   91136              c:\windows\system32\DriverStore\FileRepository\usbstor.inf_amd64_neutral_dd8b7470ecdd8b8b\USBSTOR.SYS
+ 2011-04-29 01:20 . 2011-03-11 06:22   27008              c:\windows\system32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_66a166f5508d8f1c\amdxata.sys
+ 2011-04-29 01:20 . 2011-03-11 04:31   91136              c:\windows\system32\drivers\USBSTOR.SYS
+ 2011-04-29 01:20 . 2011-03-11 06:22   27008              c:\windows\system32\drivers\amdxata.sys
- 2010-03-12 07:47 . 2011-04-29 01:16   49152              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-12 07:47 . 2011-04-30 12:29   49152              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-30 12:29   16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-29 01:16   16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-28 16:43 . 2011-04-29 01:13   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-28 16:43 . 2011-04-30 12:24   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-04-29 22:53   80736              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-03-28 16:43 . 2011-04-30 12:24   32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-28 16:43 . 2011-04-29 01:13   32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-28 16:43 . 2011-04-29 01:13   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-28 16:43 . 2011-04-30 12:24   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-28 14:10 . 2011-04-29 02:04   16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-28 14:10 . 2011-04-30 16:06   16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-28 14:10 . 2011-04-29 02:04   16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-28 14:10 . 2011-04-30 16:06   16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-04-29 01:11 . 2011-04-29 01:11   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-04-30 12:23 . 2011-04-30 12:23   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-29 01:11 . 2011-04-29 01:11   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-30 12:23 . 2011-04-30 12:23   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-29 01:20 . 2011-03-12 11:31   442880              c:\windows\SysWOW64\XpsPrint.dll
- 2011-02-23 09:01 . 2011-01-07 07:31   442880              c:\windows\SysWOW64\XpsPrint.dll
+ 2011-04-29 01:20 . 2011-03-12 12:03   662528              c:\windows\system32\XpsPrint.dll
- 2011-02-23 09:01 . 2011-01-07 08:07   662528              c:\windows\system32\XpsPrint.dll
+ 2010-03-29 18:10 . 2011-04-30 16:06   372380              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 05:30 . 2011-04-07 11:59   239616              c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-04-29 22:51   239616              c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-04-29 22:51   143360              c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-04-07 11:59   143360              c:\windows\system32\DriverStore\infstor.dat
+ 2011-04-29 01:20 . 2011-03-11 06:23   166272              c:\windows\system32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
+ 2011-04-29 01:20 . 2011-03-11 06:23   148352              c:\windows\system32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvraid.sys
+ 2011-04-29 01:20 . 2011-03-11 06:23   410496              c:\windows\system32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
+ 2011-04-29 01:20 . 2011-03-11 06:22   107904              c:\windows\system32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_66a166f5508d8f1c\amdsata.sys
+ 2009-07-14 05:31 . 2011-04-29 22:51   399360              c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:31 . 2010-09-29 19:30   399360              c:\windows\system32\DriverStore\drvindex.dat
+ 2011-04-29 01:20 . 2011-03-11 06:23   187264              c:\windows\system32\drivers\storport.sys
+ 2011-04-29 01:20 . 2011-03-11 06:23   166272              c:\windows\system32\drivers\nvstor.sys
+ 2011-04-29 01:20 . 2011-03-11 06:23   148352              c:\windows\system32\drivers\nvraid.sys
+ 2011-04-29 01:20 . 2011-03-11 06:23   410496              c:\windows\system32\drivers\iaStorV.sys
+ 2011-04-29 01:20 . 2011-03-11 06:22   107904              c:\windows\system32\drivers\amdsata.sys
- 2010-03-12 07:47 . 2011-04-29 01:16   196608              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-12 07:47 . 2011-04-30 12:29   196608              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 05:01 . 2011-04-26 18:07   431968              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-04-30 00:12   431968              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-29 01:20 . 2011-02-26 05:33   2614784              c:\windows\SysWOW64\explorer.exe
+ 2011-04-29 01:20 . 2011-03-11 05:39   1686016              c:\windows\SysWOW64\esent.dll
+ 2011-04-29 01:20 . 2011-03-11 06:18   2566144              c:\windows\system32\esent.dll
+ 2011-04-29 01:20 . 2011-03-11 06:23   1657216              c:\windows\system32\drivers\ntfs.sys
- 2009-07-14 04:45 . 2011-04-24 15:35   3860045              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-04-29 22:53   3860045              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-04-29 01:20 . 2011-02-26 06:23   2870272              c:\windows\explorer.exe
- 2010-03-28 16:33 . 2009-10-31 06:34   2870272              c:\windows\explorer.exe
+ 2009-07-14 02:34 . 2011-04-29 23:08   10223616              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-04-29 01:22   10223616              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-03-28 16:36 . 2011-04-18 14:22   43802056              c:\windows\system32\MRT.exe
.
-- Snapshot per reimpostare la data corrente --
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PoService"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-01-21 597792]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-11-30 18:20   98304   ----a-w-   c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-12 133104]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-12 133104]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 KiesAllShare;SAMSUNG KiesAllShare Service;c:\program files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-09-27 303872]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2009-11-08 16392]
R3 TVICHW64;TVICHW64;c:\windows\system32\DRIVERS\TVICHW64.SYS [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-25 549168]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-25 101152]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-18 9216]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-04-09 1223024]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-12 07:44]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-12 07:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-18 11106408]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-12 171520]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 16397416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to &Evernote - c:\program files (x86)\Evernote\Evernote3.5\enbar.dll/2000
IE: E&sporta in Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {A26B402C-3CA9-4A67-809E-E8117BA1EAF4} - hxxp://www.simfinity.com/browserreq/WebRequirements.CAB
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2011-04-30  18:17:28
ComboFix-quarantined-files.txt  2011-04-30 16:17
ComboFix2.txt  2011-04-29 02:11
.
Pre-Run: 238.629.715.968 byte disponibili
Post-Run: 240.280.969.216 byte disponibili
.
- - End Of File - - FCC401C7AEBAAA57C2137A19CC5E5C02


Piu di cosi non so fare se devo fare altro datemi istrurzioni
jrc0001
Utente Junior
 
Post: 16
Iscritto il: 26/04/11 00:51

Re: Problema Malware

Postdi Murdekai » 30/04/11 18:25

Ripeti una scansione completa con MalwareBytes aggiornato, e posta qui il risultato.
:)
Murdekai
 

Re: Problema Malware

Postdi jrc0001 » 30/04/11 18:57

ECCOLA:
Codice: Seleziona tutto
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Versione database: 6444

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

30/04/2011 20:04:15
mbam-log-2011-04-30 (20-04-15).txt

Tipo di scansione: Scansione completa (C:\|E:\|F:\|G:\|H:\|)
Elementi esaminati: 295391
Tempo trascorso: 26 minuti, 34 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)
jrc0001
Utente Junior
 
Post: 16
Iscritto il: 26/04/11 00:51

Re: Problema Malware

Postdi jrc0001 » 30/04/11 19:45

Ok eseguo la procedura..
Tale procedurà eliminerà il mio Malware?
Più o meno le cose descritte sono quelle che faccio sempre:
Non installare cose inutili e toolbar installare programmi solo da siti ufficiali ecc.

Cmq eseguo e loggo...
jrc0001
Utente Junior
 
Post: 16
Iscritto il: 26/04/11 00:51

Re: Problema Malware

Postdi jrc0001 » 30/04/11 22:06

Ecco il Log uso il pc e vi faccio sapere come va:

LOG:
Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:12:49, on 30/04/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O8 - Extra context menu item: Add to &Evernote - res://C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll/2000
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {A26B402C-3CA9-4A67-809E-E8117BA1EAF4} (CAEWebReq.SystemRequirements) - http://www.simfinity.com/browserreq/WebRequirements.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12752 bytes
jrc0001
Utente Junior
 
Post: 16
Iscritto il: 26/04/11 00:51

Re: Problema Malware

Postdi Luke57 » 30/04/11 22:47

Certo, hai ragione, quella lunga procedura, consigliata da Murdekai alias FDAC ed altri, nel caso specifico non serve a niente e la elimino.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Problema Malware

Postdi jrc0001 » 01/05/11 09:14

Infatti stavo per scriverlo!!!!
L'ho eseguita ma non serve a nulla...L'unica cosa che vi segnalo che per errore ho fatto il passaggio che per i sistemi a 64 era da saltare...Prima che finisse l'ho fermato! ma vi confermo che trovava diversi file Adv o come si chiamano loro...
Per il resto torno ad installare READER!!
PEr quanto riguarda il Malware continua a trovarlo, qualcuno può darmi una mano?
CIAO
jrc0001
Utente Junior
 
Post: 16
Iscritto il: 26/04/11 00:51

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "Problema Malware":

problema blocco note
Autore: carlin
Forum: Software Windows
Risposte: 7

Chi c’è in linea

Visitano il forum: Nessuno e 138 ospiti