Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

IEXPLORE.EXE........HELP!!!

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Re: IEXPLORE.EXE........HELP!!!

Messaggioda sondlive07 » mer giu 30, 2010 11:39 am

Pierodoctor ha scritto:come faccio a sapere se qualcosa lavora in background?


nella barra delle applicazioni sotto dove sta l'antivirus il volume ect ,cliccaci con il tasto destro, poi vai su gestione attivita nella finestra che si apre vai su processi e da lì puoi vedere se ce qualcosa che non sai usando ma che lavora in background, se cosi fosse, basta che vai su start, nel campo di ricerca digita mcconfig e da lì vai su avvio, ora devi togliere la spunta a quell elemento che lavora in background...
ma puoi fare anche diversamente....
fai la seconda procedura che ti ho detto io , lascia solo l'antivirus, l'audio, elementi intel , synaptic ect, tutti gli altri devi toglierli, riavvia e prova a vedere se funziona
Se fossi uno scultore ti scolpirei... Se fossi un cantautore ti canterei... Se fossi un pittore ti dipingerei... Ma sono solo un trombettista! [:)]
Avatar utente
sondlive07
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2446
Iscritto il: mar feb 02, 2010 8:52 pm
Località: casa mia

Re: IEXPLORE.EXE........HELP!!!

Messaggioda gio! » mer giu 30, 2010 12:29 pm

Un altro caso di problema simile al tuo http://forums.malwarebytes.org/index.ph ... opic=54910 è qualcosa che si sta diffondendo in questi giorni, ma nessuno riesce a quanto pare a risolvere. Leggiti un po' la discussione e vedi come evolve, io in tanto continuo a cercare in rete una possibile soluzione.
Avatar utente
gio!
Senior Member
Senior Member
 
Messaggi: 275
Iscritto il: sab gen 19, 2008 3:13 pm

Re: IEXPLORE.EXE........HELP!!!

Messaggioda niko95omejo » gio lug 01, 2010 9:12 am

prova con hitman pro 3.5 e fai una scansione ...lo trovi qui http://www.surfright.nl/en/hitmanpro , una volta scaricato e installato, vai su options e setta di fare una scansione normale, in modo da analizzare l'intero pc...pulisci tutto quello che trova e se ti chiede di riavviare fallo subito.
dopodichè effettua un'altra scan con combofix....sospetto dell'attività di un rootkit che nasconde un trojan...
con internet explorer o firefox, fai anche una scansione online con http://www.eset.com/online-scanner e posta quello che trova....hai preso una bestia bella tosta comunque!! [nonono]
Avatar utente
niko95omejo
Aficionado
Aficionado
 
Messaggi: 80
Iscritto il: sab feb 06, 2010 2:47 pm


Re: IEXPLORE.EXE........HELP!!!

Messaggioda niko95omejo » gio lug 01, 2010 9:16 am

quando hitman termina la scansione, per rimuovere le eventuali minacce clikka su "attiva licenza trial 30 giorni" [;)]
Avatar utente
niko95omejo
Aficionado
Aficionado
 
Messaggi: 80
Iscritto il: sab feb 06, 2010 2:47 pm

Re: IEXPLORE.EXE........HELP!!!

Messaggioda Pierodoctor » gio lug 01, 2010 9:50 am

ciao niko,
provero' anche questo sistema , ma qual;e versione devo scaricare di hitman, la 32 o ala 64 bit???
...sembra una brutta bestia davvero, infatti ho seguito alcune altre discussioni di gente col mio stesso problema....e alla fine hanno formattato.
il problema e' che io ho dei software installati per lavoro presi in america, e se formatto perdo tutto...NOOOOOOOOOOOOO!!!!!
Avatar utente
Pierodoctor
Aficionado
Aficionado
 
Messaggi: 33
Iscritto il: lun giu 28, 2010 1:39 pm

Re: IEXPLORE.EXE........HELP!!!

Messaggioda crazy.cat » gio lug 01, 2010 10:10 am

Pierodoctor ha scritto:ma qual;e versione devo scaricare di hitman, la 32 o ala 64 bit???!

Dipende dal sistema operativo che hai installato se a 32 o 64 bit.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: IEXPLORE.EXE........HELP!!!

Messaggioda Pierodoctor » gio lug 01, 2010 11:46 am

allora breve aggiornamento,
hitman mi ha trovato un file infetto, e lo ha quarantinato, poi ho fatto una scansione con combofix , dopodiche' ho fatto
una scansione con il software on line (ne ha trovati due di file infetti e rimossi), riavvio....ed e' ancora li'!!!!


log combofix:
ComboFix 10-06-27.06 - Owner 07/01/2010 5:40.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2093 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9D7C08000A00}
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((( Files Created from 2010-06-01 to 2010-07-01 )))))))))))))))))))))))))))))))
.

2010-07-01 09:23 . 2010-07-01 09:23 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-07-01 09:19 . 2010-07-01 09:37 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-01 09:19 . 2010-07-01 09:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-07-01 09:19 . 2010-07-01 09:19 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-06-29 16:13 . 2010-06-29 16:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AOL
2010-06-29 13:11 . 2009-10-22 17:54 37392 ----a-w- c:\windows\system32\drivers\25673062.sys
2010-06-29 13:11 . 2009-10-10 03:31 315408 ----a-w- c:\windows\system32\drivers\2567306.sys
2010-06-29 13:11 . 2009-09-25 21:59 128016 ----a-w- c:\windows\system32\drivers\25673061.sys
2010-06-28 20:28 . 2010-06-28 20:27 389120 ----a-w- c:\windows\system32\CF4604.exe
2010-06-28 15:51 . 2009-11-25 16:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-06-28 15:51 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-06-28 15:51 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-06-28 15:51 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-06-28 15:51 . 2010-06-28 15:51 -------- d-----w- c:\program files\Avira
2010-06-28 15:51 . 2010-06-28 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-06-28 13:37 . 2010-06-28 14:02 -------- d-----w- c:\documents and settings\Owner\Application Data\QuickScan
2010-06-28 13:37 . 2010-05-31 20:34 702120 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tjjbxy4y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-06-28 13:37 . 2010-05-31 20:34 868456 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tjjbxy4y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-06-28 11:53 . 2010-06-28 11:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AOL
2010-06-28 11:49 . 2010-06-28 11:49 -------- d-----w- c:\program files\Enigma Software Group
2010-06-28 11:49 . 2010-06-28 11:57 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2010-06-28 11:49 . 2010-06-28 11:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-28 11:30 . 2010-06-28 11:30 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-06-28 11:15 . 2010-06-28 11:15 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-28 11:13 . 2010-06-28 11:13 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-06-28 11:13 . 2010-06-28 11:13 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2010-06-28 08:48 . 2010-06-28 11:04 -------- d-----w- c:\program files\a-squared Free
2010-06-28 00:16 . 2010-06-28 12:29 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-28 00:16 . 2010-06-28 00:16 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-28 00:16 . 2010-06-28 12:29 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-28 00:15 . 2010-06-28 00:15 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-06-28 00:15 . 2010-06-28 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-28 00:15 . 2010-06-28 00:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-27 22:41 . 2010-06-28 11:04 -------- dc----w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-27 22:40 . 2010-06-27 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-27 22:40 . 2010-06-27 22:41 -------- d-----w- c:\program files\Lavasoft
2010-06-27 15:20 . 2010-06-27 15:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-06-27 15:20 . 2010-06-27 15:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-06-27 15:20 . 2010-06-27 15:20 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\AOL
2010-06-23 00:02 . 2010-06-28 11:06 -------- d-----w- c:\documents and settings\Owner\IlBurraco
2010-06-23 00:02 . 2010-06-23 00:02 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Tarma Installer
2010-06-11 07:39 . 2010-06-28 11:10 -------- d-----w- C:\d38c209fc4ec1c4346d17822
2010-06-06 12:51 . 2010-06-06 12:51 -------- d-----w- c:\documents and settings\Owner\Application Data\Media Player Classic
2010-06-04 15:06 . 2010-06-28 11:11 -------- d-----w- c:\program files\PokerStars.IT
2010-06-02 22:01 . 2010-06-02 22:01 -------- d-----w- c:\program files\Common Files\Macrovision Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-01 09:39 . 2009-09-11 18:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-07-01 08:56 . 2009-09-11 18:13 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2010-06-30 13:29 . 2009-11-04 06:40 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-29 17:26 . 2010-01-23 21:58 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2010-06-28 17:19 . 2010-04-24 22:16 -------- d-----w- c:\program files\Quick Poker
2010-06-28 15:14 . 2009-09-01 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-28 14:04 . 2010-04-11 15:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-28 11:14 . 2009-12-26 16:30 -------- d-----w- c:\program files\eMule
2010-06-28 11:13 . 2007-11-15 15:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-05 16:37 . 2010-05-20 10:04 -------- d-----w- c:\program files\Google
2010-06-03 16:02 . 2009-09-01 21:02 69232 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-02 22:17 . 2007-11-15 14:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-01 08:55 . 2010-02-17 15:31 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-06-01 08:55 . 2010-02-17 15:31 88 --sh--r- c:\windows\system32\60864B9DD0.sys
2010-05-27 00:36 . 2010-05-27 00:36 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-23fcb47e-n\msvcp71.dll
2010-05-27 00:36 . 2010-05-27 00:36 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-23fcb47e-n\jmc.dll
2010-05-27 00:36 . 2010-05-27 00:36 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-23fcb47e-n\msvcr71.dll
2010-05-16 16:40 . 2010-02-06 20:55 50354 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\uninstall.exe
2010-05-16 16:40 . 2010-02-06 20:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Facebook
2010-05-06 15:19 . 2010-05-06 15:19 -------- d-----w- c:\program files\Governor of Poker
2010-05-04 17:20 . 2007-11-15 11:30 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2009-09-02 00:22 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2007-11-15 11:30 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2007-11-15 11:30 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-04-11 15:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-04-11 15:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-24 23:37 . 2010-04-24 23:36 3085800 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2010-04-24 23:34 . 2010-04-24 23:34 249856 -c--a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\components\pfMultiplayer.dll
2010-04-24 23:34 . 2010-04-24 23:34 466944 -c--a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\pfHarness\pfHarness.dll
2010-04-20 05:30 . 2007-11-15 11:30 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-12 11:20 . 2010-04-12 11:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-12 11:19 . 2010-04-12 11:19 152576 -c--a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-04-12 11:17 . 2010-04-12 11:17 79488 -c--a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-06-28_20.44.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-01 09:35 . 2010-07-01 09:35 16384 c:\windows\Temp\Perflib_Perfdata_810.dat
+ 2007-11-15 11:30 . 2010-05-04 17:20 44544 c:\windows\system32\pngfilt.dll
- 2007-11-15 11:30 . 2009-06-29 16:12 44544 c:\windows\system32\pngfilt.dll
+ 2006-11-08 05:03 . 2010-05-04 17:20 52224 c:\windows\system32\msfeedsbs.dll
- 2006-11-08 05:03 . 2009-06-29 16:12 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-11-15 11:30 . 2010-05-04 17:20 27648 c:\windows\system32\jsproxy.dll
- 2007-11-15 11:30 . 2009-06-29 16:12 27648 c:\windows\system32\jsproxy.dll
- 2007-11-15 11:30 . 2009-06-29 16:12 44544 c:\windows\system32\iernonce.dll
+ 2007-11-15 11:30 . 2010-05-04 17:20 44544 c:\windows\system32\iernonce.dll
+ 2007-11-15 11:30 . 2010-05-04 12:39 70656 c:\windows\system32\ie4uinit.exe
- 2007-11-15 11:30 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe
- 2006-10-17 19:58 . 2009-06-29 16:12 63488 c:\windows\system32\icardie.dll
+ 2006-10-17 19:58 . 2010-05-04 17:20 63488 c:\windows\system32\icardie.dll
+ 2009-06-29 16:12 . 2010-05-04 17:20 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2009-06-29 16:12 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2009-06-29 16:12 . 2009-06-29 16:12 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-06-29 16:12 . 2010-05-04 17:20 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-06-29 16:12 . 2009-06-29 16:12 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-06-29 16:12 . 2010-05-04 17:20 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-06-29 11:07 . 2010-05-04 12:39 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2009-06-29 11:07 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2009-06-29 16:12 . 2010-05-04 17:20 44544 c:\windows\system32\dllcache\iernonce.dll
- 2009-06-29 16:12 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\iernonce.dll
- 2009-09-02 00:22 . 2009-06-29 16:12 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2009-09-02 00:22 . 2010-05-04 17:20 78336 c:\windows\system32\dllcache\ieencode.dll
- 2009-06-29 11:07 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-06-29 11:07 . 2010-05-04 12:39 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-06-29 16:12 . 2010-05-04 17:20 63488 c:\windows\system32\dllcache\icardie.dll
- 2009-06-29 16:12 . 2009-06-29 16:12 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-06-29 16:12 . 2010-05-04 17:20 17408 c:\windows\system32\dllcache\corpol.dll
- 2009-06-29 16:12 . 2009-06-29 16:12 17408 c:\windows\system32\dllcache\corpol.dll
- 2009-09-01 21:01 . 2010-06-28 20:33 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
+ 2009-09-01 21:01 . 2010-07-01 09:36 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
+ 2007-11-15 12:46 . 2010-07-01 09:39 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-11-15 12:46 . 2010-06-28 20:35 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-06-29 23:44 . 2009-06-29 16:12 44544 c:\windows\ie7updates\KB982381-IE7\pngfilt.dll
+ 2010-06-29 23:44 . 2009-06-29 16:12 52224 c:\windows\ie7updates\KB982381-IE7\msfeedsbs.dll
+ 2010-06-29 23:44 . 2009-06-29 16:12 27648 c:\windows\ie7updates\KB982381-IE7\jsproxy.dll
+ 2010-06-29 23:44 . 2009-06-29 11:07 13824 c:\windows\ie7updates\KB982381-IE7\ieudinit.exe
+ 2010-06-29 23:44 . 2009-06-29 16:12 44544 c:\windows\ie7updates\KB982381-IE7\iernonce.dll
+ 2010-06-29 23:44 . 2009-06-29 16:12 78336 c:\windows\ie7updates\KB982381-IE7\ieencode.dll
+ 2010-06-29 23:44 . 2009-06-29 11:07 70656 c:\windows\ie7updates\KB982381-IE7\ie4uinit.exe
+ 2010-06-29 23:44 . 2009-06-29 16:12 63488 c:\windows\ie7updates\KB982381-IE7\icardie.dll
+ 2010-06-29 23:44 . 2009-06-29 16:12 17408 c:\windows\ie7updates\KB982381-IE7\corpol.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
- 2007-11-15 11:30 . 2009-06-29 16:12 233472 c:\windows\system32\webcheck.dll
+ 2007-11-15 11:30 . 2010-05-04 17:20 233472 c:\windows\system32\webcheck.dll
+ 2007-11-15 11:30 . 2010-03-09 11:09 430080 c:\windows\system32\vbscript.dll
- 2007-11-15 11:30 . 2008-05-09 10:53 430080 c:\windows\system32\vbscript.dll
- 2007-11-15 11:30 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll
+ 2007-11-15 11:30 . 2010-05-04 17:20 105984 c:\windows\system32\url.dll
- 2007-11-15 11:30 . 2009-06-29 16:12 102912 c:\windows\system32\occache.dll
+ 2007-11-15 11:30 . 2010-05-04 17:20 102912 c:\windows\system32\occache.dll
+ 2007-11-15 11:30 . 2010-05-04 17:20 671232 c:\windows\system32\mstime.dll
- 2007-11-15 11:30 . 2009-06-29 16:12 671232 c:\windows\system32\mstime.dll
+ 2007-11-15 11:30 . 2010-05-04 17:20 193024 c:\windows\system32\msrating.dll
- 2007-11-15 11:30 . 2009-06-29 16:12 193024 c:\windows\system32\msrating.dll
- 2007-11-15 11:30 . 2009-06-29 16:12 477696 c:\windows\system32\mshtmled.dll
+ 2007-11-15 11:30 . 2010-05-04 17:20 477696 c:\windows\system32\mshtmled.dll
- 2006-11-08 05:03 . 2009-06-29 16:12 459264 c:\windows\system32\msfeeds.dll
+ 2006-11-08 05:03 . 2010-05-04 17:20 459264 c:\windows\system32\msfeeds.dll
+ 2007-11-15 11:30 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll
- 2007-11-15 11:30 . 2008-05-09 10:53 512000 c:\windows\system32\jscript.dll
+ 2006-10-17 19:57 . 2010-05-04 17:20 268288 c:\windows\system32\iertutil.dll
- 2006-10-17 19:57 . 2009-06-29 16:12 268288 c:\windows\system32\iertutil.dll
+ 2007-11-15 11:30 . 2010-05-04 17:20 192512 c:\windows\system32\iepeers.dll
- 2007-11-15 11:30 . 2009-06-29 16:12 385024 c:\windows\system32\iedkcs32.dll
+ 2007-11-15 11:30 . 2010-05-04 17:20 385024 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 19:27 . 2010-05-04 17:20 380928 c:\windows\system32\ieapfltr.dll
- 2006-10-17 19:27 . 2009-06-29 16:12 380928 c:\windows\system32\ieapfltr.dll
+ 2007-11-15 11:30 . 2010-04-16 11:43 161792 c:\windows\system32\ieakui.dll
- 2007-11-15 11:30 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll
+ 2007-11-15 11:30 . 2010-05-04 17:20 230400 c:\windows\system32\ieaksie.dll
- 2007-11-15 11:30 . 2009-06-29 16:12 230400 c:\windows\system32\ieaksie.dll
- 2007-11-15 11:30 . 2009-06-29 16:12 153088 c:\windows\system32\ieakeng.dll
+ 2007-11-15 11:30 . 2010-05-04 17:20 153088 c:\windows\system32\ieakeng.dll
- 2007-11-15 11:30 . 2009-06-29 16:12 133120 c:\windows\system32\extmgr.dll
+ 2007-11-15 11:30 . 2010-05-04 17:20 133120 c:\windows\system32\extmgr.dll
+ 2007-11-15 11:30 . 2010-05-04 17:20 214528 c:\windows\system32\dxtrans.dll
- 2007-11-15 11:30 . 2009-06-29 16:12 214528 c:\windows\system32\dxtrans.dll
- 2007-11-15 11:30 . 2009-06-29 16:12 347136 c:\windows\system32\dxtmsft.dll
+ 2007-11-15 11:30 . 2010-05-04 17:20 347136 c:\windows\system32\dxtmsft.dll
+ 2009-06-29 16:12 . 2010-05-04 17:20 832512 c:\windows\system32\dllcache\wininet.dll
- 2009-06-29 16:12 . 2009-06-29 16:12 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2009-06-29 16:12 . 2010-05-04 17:20 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2008-05-09 10:53 . 2010-03-09 11:09 430080 c:\windows\system32\dllcache\vbscript.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 430080 c:\windows\system32\dllcache\vbscript.dll
+ 2009-06-29 16:12 . 2010-05-04 17:20 105984 c:\windows\system32\dllcache\url.dll
- 2009-06-29 16:12 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll
- 2009-06-29 16:12 . 2009-06-29 16:12 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-06-29 16:12 . 2010-05-04 17:20 102912 c:\windows\system32\dllcache\occache.dll
- 2009-06-29 16:12 . 2009-06-29 16:12 671232 c:\windows\system32\dllcache\mstime.dll
+ 2009-06-29 16:12 . 2010-05-04 17:20 671232 c:\windows\system32\dllcache\mstime.dll
- 2009-06-29 16:12 . 2009-06-29 16:12 193024 c:\windows\system32\dllcache\msrating.dll
+ 2009-06-29 16:12 . 2010-05-04 17:20 193024 c:\windows\system32\dllcache\msrating.dll
+ 2009-06-29 16:12 . 2010-05-04 17:20 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2009-06-29 16:12 . 2009-06-29 16:12 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-06-29 16:12 . 2010-05-04 17:20 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2009-06-29 16:12 . 2009-06-29 16:12 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 512000 c:\windows\system32\dllcache\jscript.dll
+ 2008-05-09 10:53 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll
+ 2009-06-29 08:35 . 2010-04-16 11:43 634656 c:\windows\system32\dllcache\iexplore.exe
- 2009-06-29 16:12 . 2009-06-29 16:12 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2009-06-29 16:12 . 2010-05-04 17:20 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2010-05-04 17:20 . 2010-05-04 17:20 192512 c:\windows\system32\dllcache\iepeers.dll
- 2009-06-29 16:12 . 2009-06-29 16:12 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-06-29 16:12 . 2010-05-04 17:20 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-06-29 16:12 . 2010-05-04 17:20 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2009-06-29 16:12 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2009-06-29 08:33 . 2010-04-16 11:43 161792 c:\windows\system32\dllcache\ieakui.dll
- 2009-06-29 08:33 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2009-06-29 16:12 . 2010-05-04 17:20 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2009-06-29 16:12 . 2009-06-29 16:12 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2009-06-29 16:12 . 2009-06-29 16:12 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-06-29 16:12 . 2010-05-04 17:20 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-06-29 16:12 . 2010-05-04 17:20 133120 c:\windows\system32\dllcache\extmgr.dll
- 2009-06-29 16:12 . 2009-06-29 16:12 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2009-06-29 16:12 . 2010-05-04 17:20 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2009-06-29 16:12 . 2009-06-29 16:12 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2009-06-29 16:12 . 2010-05-04 17:20 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2009-06-29 16:12 . 2009-06-29 16:12 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-06-29 16:12 . 2010-05-04 17:20 124928 c:\windows\system32\dllcache\advpack.dll
- 2009-06-29 16:12 . 2009-06-29 16:12 124928 c:\windows\system32\dllcache\advpack.dll
+ 2007-11-15 12:46 . 2010-07-01 09:39 180224 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-15 11:30 . 2009-06-29 16:12 124928 c:\windows\system32\advpack.dll
+ 2007-11-15 11:30 . 2010-05-04 17:20 124928 c:\windows\system32\advpack.dll
+ 2010-06-29 23:44 . 2010-06-29 23:44 195584 c:\windows\Installer\1912705.msi
+ 2010-06-29 23:44 . 2009-06-29 16:12 827392 c:\windows\ie7updates\KB982381-IE7\wininet.dll
+ 2010-06-29 23:44 . 2009-06-29 16:12 233472 c:\windows\ie7updates\KB982381-IE7\webcheck.dll
+ 2010-06-29 23:44 . 2009-06-29 16:12 105984 c:\windows\ie7updates\KB982381-IE7\url.dll
+ 2010-06-29 23:44 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB982381-IE7\spuninst\updspapi.dll
+ 2010-06-29 23:44 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB982381-IE7\spuninst\spuninst.exe
+ 2010-06-29 23:44 . 2009-06-29 16:12 102912 c:\windows\ie7updates\KB982381-IE7\occache.dll
+ 2010-06-29 23:44 . 2009-06-29 16:12 671232 c:\windows\ie7updates\KB982381-IE7\mstime.dll
+ 2010-06-29 23:44 . 2009-06-29 16:12 193024 c:\windows\ie7updates\KB982381-IE7\msrating.dll
+ 2010-06-29 23:44 . 2009-06-29 16:12 477696 c:\windows\ie7updates\KB982381-IE7\mshtmled.dll
+ 2010-06-29 23:44 . 2009-06-29 16:12 459264 c:\windows\ie7updates\KB982381-IE7\msfeeds.dll
+ 2010-06-29 23:44 . 2009-06-29 08:35 634632 c:\windows\ie7updates\KB982381-IE7\iexplore.exe
+ 2010-06-29 23:44 . 2009-06-29 16:12 268288 c:\windows\ie7updates\KB982381-IE7\iertutil.dll
+ 2010-06-29 23:44 . 2006-11-08 05:03 191488 c:\windows\ie7updates\KB982381-IE7\iepeers.dll
+ 2010-06-29 23:44 . 2009-06-29 16:12 385024 c:\windows\ie7updates\KB982381-IE7\iedkcs32.dll
+ 2010-06-29 23:44 . 2009-06-29 16:12 380928 c:\windows\ie7updates\KB982381-IE7\ieapfltr.dll
+ 2010-06-29 23:44 . 2009-06-29 08:33 161792 c:\windows\ie7updates\KB982381-IE7\ieakui.dll
+ 2010-06-29 23:44 . 2009-06-29 16:12 230400 c:\windows\ie7updates\KB982381-IE7\ieaksie.dll
+ 2010-06-29 23:44 . 2009-06-29 16:12 153088 c:\windows\ie7updates\KB982381-IE7\ieakeng.dll
+ 2010-06-29 23:44 . 2009-06-29 16:12 133120 c:\windows\ie7updates\KB982381-IE7\extmgr.dll
+ 2010-06-29 23:44 . 2009-06-29 16:12 214528 c:\windows\ie7updates\KB982381-IE7\dxtrans.dll
+ 2010-06-29 23:44 . 2009-06-29 16:12 347136 c:\windows\ie7updates\KB982381-IE7\dxtmsft.dll
+ 2010-06-29 23:44 . 2009-06-29 16:12 124928 c:\windows\ie7updates\KB982381-IE7\advpack.dll
+ 2007-11-15 11:30 . 2010-05-04 17:20 1168384 c:\windows\system32\urlmon.dll
+ 2010-06-28 11:04 . 2010-06-30 13:30 2493952 c:\windows\system32\Restore\rstrlog.dat
+ 2007-11-15 11:30 . 2010-05-04 17:20 3600384 c:\windows\system32\mshtml.dll
+ 2006-11-08 05:03 . 2010-05-04 17:20 6067200 c:\windows\system32\ieframe.dll
- 2006-11-08 05:03 . 2009-07-19 13:32 6067200 c:\windows\system32\ieframe.dll
+ 2009-06-29 16:12 . 2010-05-04 17:20 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2009-07-19 13:33 . 2010-05-04 17:20 3600384 c:\windows\system32\dllcache\mshtml.dll
+ 2009-07-19 13:32 . 2010-05-04 17:20 6067200 c:\windows\system32\dllcache\ieframe.dll
- 2009-07-19 13:32 . 2009-07-19 13:32 6067200 c:\windows\system32\dllcache\ieframe.dll
- 2007-11-15 12:46 . 2010-06-28 20:35 4915200 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-15 12:46 . 2010-07-01 09:39 4915200 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-14 17:03 . 2010-06-28 21:24 3817472 c:\windows\Installer\d7ffab.msi
- 2009-09-14 17:03 . 2010-06-28 13:16 3817472 c:\windows\Installer\d7ffab.msi
+ 2010-06-29 23:44 . 2009-06-29 16:12 1159680 c:\windows\ie7updates\KB982381-IE7\urlmon.dll
+ 2010-06-29 23:44 . 2009-07-19 13:33 3597824 c:\windows\ie7updates\KB982381-IE7\mshtml.dll
+ 2010-06-29 23:44 . 2009-07-19 13:32 6067200 c:\windows\ie7updates\KB982381-IE7\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-06-06 07:16 2955264 ----a-w- c:\program files\Protector Suite quello\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-06-06 07:16 2955264 ----a-w- c:\program files\Protector Suite quello\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-10-06 2075384]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-07 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-12 8491008]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-09-06 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-12 149280]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2007-09-28 217088]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2007-01-24 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"PSQLLauncher"="c:\program files\Protector Suite quello\launcher.exe" [2007-06-06 49168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-17 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-17 137752]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-01-12 115560]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-13 1732608]
"VAIO Update 4"="c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-07-30 870240]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-07-01 6110528]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
setup_9.0.0.722_29.06.2010_15-52.lnk - c:\documents and settings\Owner\Desktop\Virus Removal Tool\setup_9.0.0.722_29.06.2010_15-52\startup.exe [2010-6-29 72208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-9-14 110592]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-8-3 572008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-06-06 07:03 90112 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-05-17 04:50 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 20:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 25673062;25673062 Boot Guard Driver;c:\windows\system32\drivers\25673062.sys [6/29/2010 9:11 AM 37392]
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [11/15/2007 7:31 AM 21408]
R1 25673061;25673061;c:\windows\system32\drivers\25673061.sys [6/29/2010 9:11 AM 128016]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R1 setup_9.0.0.722_29.06.2010_15-52drv;setup_9.0.0.722_29.06.2010_15-52drv;c:\windows\system32\drivers\2567306.sys [6/29/2010 9:11 AM 315408]
R3 5U870UVC;Sony Visual Communication Camera VGP-VCC7;c:\windows\system32\drivers\5U870.sys [9/11/2009 2:26 PM 90240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/27/2010 5:08 AM 102448]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [7/1/2010 5:19 AM 16968]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [11/15/2007 7:31 AM 41216]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [11/15/2007 7:31 AM 31104]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [11/15/2007 12:40 AM 37040]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [11/15/2007 7:31 AM 812544]
S2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/20/2010 6:04 AM 136176]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HITMANPRO35
.
Contents of the 'Scheduled Tasks' folder

2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 10:04]

2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 10:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tjjbxy4y.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tjjbxy4y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tjjbxy4y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,82,f7,2b,4b,39,7e,4d,b1,75,75,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,82,f7,2b,4b,39,7e,4d,b1,75,75,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite quello\homefus2.dll
c:\program files\Protector Suite quello\infra.dll
c:\program files\Protector Suite quello\homepass.dll
c:\program files\Protector Suite quello\bio.dll
c:\program files\Protector Suite quello\remote.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\Protector Suite quello\crypto.dll

- - - - - - - > 'lsass.exe'(992)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite quello\homefus2.dll
c:\program files\Protector Suite quello\infra.dll

- - - - - - - > 'explorer.exe'(2700)
c:\windows\system32\WININET.dll
c:\program files\Protector Suite quello\farchns.dll
c:\program files\Protector Suite quello\infra.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-01 05:50:48
ComboFix-quarantined-files.txt 2010-07-01 09:50
ComboFix2.txt 2010-06-28 20:46

Pre-Run: 207,030,468,608 bytes free
Post-Run: 207,256,600,576 bytes free

- - End Of File - - C8ED7649384C63BCF2FC6F13876215D5


non so piu' dove sbattere la testa....
Avatar utente
Pierodoctor
Aficionado
Aficionado
 
Messaggi: 33
Iscritto il: lun giu 28, 2010 1:39 pm

Re: IEXPLORE.EXE........HELP!!!

Messaggioda gio! » gio lug 01, 2010 12:06 pm

Qualcuno sa questi cosa sono?
c:\windows\system32\drivers\25673062.sys
c:\windows\system32\drivers\2567306.sys
c:\windows\system32\drivers\25673061.sys
c:\windows\system32\60864B9DD0.sys

Falli controllare su www.virustotal.com e postaci il link con i risultati.
Avatar utente
gio!
Senior Member
Senior Member
 
Messaggi: 275
Iscritto il: sab gen 19, 2008 3:13 pm

Re: IEXPLORE.EXE........HELP!!!

Messaggioda Pierodoctor » gio lug 01, 2010 12:14 pm

cioe'? devo uploadare il log di combofix???
scusate la mia immane ignoranza...
Avatar utente
Pierodoctor
Aficionado
Aficionado
 
Messaggi: 33
Iscritto il: lun giu 28, 2010 1:39 pm

Re: IEXPLORE.EXE........HELP!!!

Messaggioda crazy.cat » gio lug 01, 2010 12:28 pm

Pierodoctor ha scritto:cioe'? devo uploadare il log di combofix???
scusate la mia immane ignoranza...

No, devi caricare su quel sito i singoli file e aspettare che te li analizzino.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: IEXPLORE.EXE........HELP!!!

Messaggioda niko95omejo » gio lug 01, 2010 1:47 pm

sembra che nod riesca a trovare qualcosa...vai qui :http://www.eset.com/download/free-trial/international scegli la versione di NOD Antivirus in base al tuo computer ( 32 bit o 64) dopodichè scaricala e installa aggiornando il database delle firme...riavvia il computer ed effettua una scan completa del sistema, non so se ha questa opzione, ma cerca di programmare una scan all'avvio, in modo da pulire eventuali malware prima del caricamento del sistema
Avatar utente
niko95omejo
Aficionado
Aficionado
 
Messaggi: 80
Iscritto il: sab feb 06, 2010 2:47 pm

Re: IEXPLORE.EXE........HELP!!!

Messaggioda Pierodoctor » gio lug 01, 2010 4:07 pm

Appena installato NOD32 ha trovato questo file: win32/Mebroot trojan, ma quando gli ho detto di eliminarlo, non e' riuscito a farlo.
ho riavviato il PC e anche in questo caso, dopo la scan, ha segnalato lo stesso file (win32/Mebroot trojan), ma non l'ha tolto!!
SIGH SIGH!!!
Avatar utente
Pierodoctor
Aficionado
Aficionado
 
Messaggi: 33
Iscritto il: lun giu 28, 2010 1:39 pm

Re: IEXPLORE.EXE........HELP!!!

Messaggioda Uomo_Senza_Sonno » gio lug 01, 2010 4:30 pm

Scusa se mi intrometto, ma nei post precedenti hai detto che dalle scansioni online qualcosa è stato eliminato, ma al riavvio tutto si è ripresentato. Quello che mi viene da pensare è che non è stato disabilitato il ripristino configurazione sistema

Risorse del computer-->tasto dx mouse-->proprietà-->ripristino configurazione sistema
e togli la spunta; poi ripeti le scansioni online e vedi se poi si ripresenta qualcosa.

Pierodoctor ha scritto:win32/Mebroot trojan

non vorrei dire un'eresia, ma esegui anche questo controllo:

Scarica mbr.exe, salvalo in C:\ e poi da esegui digiti start mbr.exe e posti il log generato che troverai sempre in C:\
Grazie per tutto Zane

conosciamo l'1% delle leggi che governano l'universo, le altre non le abbiamo ancora comprese a fondo o addirittura nemmeno intuite
Avatar utente
Uomo_Senza_Sonno
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3255
Iscritto il: gio feb 07, 2008 9:00 am
Località: http://turbolab.it

Re: IEXPLORE.EXE........HELP!!!

Messaggioda Pierodoctor » gio lug 01, 2010 4:44 pm

fatto anche questo:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: MBR read successfully
Avatar utente
Pierodoctor
Aficionado
Aficionado
 
Messaggi: 33
Iscritto il: lun giu 28, 2010 1:39 pm

Re: IEXPLORE.EXE........HELP!!!

Messaggioda Uomo_Senza_Sonno » gio lug 01, 2010 5:01 pm

hai anche ripetuto le scansioni che ti avevano eliminato qualcosa precedentemente disabilitando il ripristino di configurazione sistema? Probabilmente il log non sarà differente da quelli già postati, ma fai una ulteriore scansione con combofix, nella speranza che adesso riesca a trovare il codice del trojan. Il fatto che mbr.exe non legga l'mbr è un campanello di allarme, ma in questo modo si restringe il campo di ricerca.
Grazie per tutto Zane

conosciamo l'1% delle leggi che governano l'universo, le altre non le abbiamo ancora comprese a fondo o addirittura nemmeno intuite
Avatar utente
Uomo_Senza_Sonno
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3255
Iscritto il: gio feb 07, 2008 9:00 am
Località: http://turbolab.it

Re: IEXPLORE.EXE........HELP!!!

Messaggioda Pierodoctor » gio lug 01, 2010 5:04 pm

scusa non ho capito, ma il rispristino di configurazione sistema deve essere attivo o no??? la spunta devo metterla (quindi disattivandolo) o toglierla???
Avatar utente
Pierodoctor
Aficionado
Aficionado
 
Messaggi: 33
Iscritto il: lun giu 28, 2010 1:39 pm

Re: IEXPLORE.EXE........HELP!!!

Messaggioda Uomo_Senza_Sonno » gio lug 01, 2010 5:09 pm

la devi togliere per disattivarla [std]
Grazie per tutto Zane

conosciamo l'1% delle leggi che governano l'universo, le altre non le abbiamo ancora comprese a fondo o addirittura nemmeno intuite
Avatar utente
Uomo_Senza_Sonno
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3255
Iscritto il: gio feb 07, 2008 9:00 am
Località: http://turbolab.it

Re: IEXPLORE.EXE........HELP!!!

Messaggioda Pierodoctor » gio lug 01, 2010 5:39 pm

allora, ecco l'ennesino log di combofix:
ComboFix 10-06-30.03 - Owner 07/01/2010 12:33:20.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2186 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9D7C08000A00}
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((( Files Created from 2010-06-01 to 2010-07-01 )))))))))))))))))))))))))))))))
.

2010-07-01 12:55 . 2010-07-01 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-07-01 09:52 . 2010-07-01 12:55 -------- d-----w- c:\program files\ESET
2010-07-01 09:23 . 2010-07-01 09:23 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-07-01 09:19 . 2010-07-01 10:46 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-01 09:19 . 2010-07-01 09:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-07-01 09:19 . 2010-07-01 09:19 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-06-29 16:13 . 2010-06-29 16:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AOL
2010-06-29 13:11 . 2009-10-22 17:54 37392 ----a-w- c:\windows\system32\drivers\25673062.sys
2010-06-29 13:11 . 2009-10-10 03:31 315408 ----a-w- c:\windows\system32\drivers\2567306.sys
2010-06-29 13:11 . 2009-09-25 21:59 128016 ----a-w- c:\windows\system32\drivers\25673061.sys
2010-06-29 13:01 . 2010-06-29 13:01 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-29 13:01 . 2010-06-29 13:01 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-29 13:01 . 2010-06-29 13:01 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-29 13:00 . 2010-06-29 13:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-06-29 12:56 . 2010-06-29 12:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-28 20:28 . 2010-06-28 20:27 389120 ----a-w- c:\windows\system32\CF4604.exe
2010-06-28 15:51 . 2009-11-25 16:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-06-28 15:51 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-06-28 15:51 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-06-28 15:51 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-06-28 15:51 . 2010-06-28 15:51 -------- d-----w- c:\program files\Avira
2010-06-28 15:51 . 2010-06-28 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-06-28 13:37 . 2010-06-28 14:02 -------- d-----w- c:\documents and settings\Owner\Application Data\QuickScan
2010-06-28 13:37 . 2010-05-31 20:34 702120 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tjjbxy4y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-06-28 13:37 . 2010-05-31 20:34 868456 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tjjbxy4y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-06-28 11:53 . 2010-06-28 11:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AOL
2010-06-28 11:49 . 2010-06-28 11:49 -------- d-----w- c:\program files\Enigma Software Group
2010-06-28 11:49 . 2010-06-28 11:57 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2010-06-28 11:49 . 2010-06-28 11:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-28 11:30 . 2010-06-28 11:30 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-06-28 11:15 . 2010-06-28 11:15 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-28 11:13 . 2010-06-28 11:13 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-06-28 11:13 . 2010-06-28 11:13 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2010-06-28 08:48 . 2010-06-28 11:04 -------- d-----w- c:\program files\a-squared Free
2010-06-28 00:16 . 2010-06-28 12:29 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-28 00:16 . 2010-06-28 00:16 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-28 00:16 . 2010-06-28 12:29 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-28 00:15 . 2010-06-28 00:15 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-06-28 00:15 . 2010-06-28 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-28 00:15 . 2010-06-28 00:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-27 22:41 . 2010-06-28 11:04 -------- dc----w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-27 22:40 . 2010-06-27 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-27 22:40 . 2010-06-27 22:41 -------- d-----w- c:\program files\Lavasoft
2010-06-27 15:20 . 2010-06-27 15:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-06-27 15:20 . 2010-06-27 15:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-06-23 00:02 . 2010-06-28 11:06 -------- d-----w- c:\documents and settings\Owner\IlBurraco
2010-06-23 00:02 . 2010-06-23 00:02 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Tarma Installer
2010-06-11 07:39 . 2010-06-28 11:10 -------- d-----w- C:\d38c209fc4ec1c4346d17822
2010-06-06 12:51 . 2010-06-06 12:51 -------- d-----w- c:\documents and settings\Owner\Application Data\Media Player Classic
2010-06-04 15:06 . 2010-06-28 11:11 -------- d-----w- c:\program files\PokerStars.IT
2010-06-02 22:01 . 2010-06-02 22:01 -------- d-----w- c:\program files\Common Files\Macrovision Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-01 16:37 . 2009-09-11 18:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-07-01 12:05 . 2009-09-11 18:13 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2010-06-30 13:29 . 2009-11-04 06:40 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-29 17:26 . 2010-01-23 21:58 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2010-06-28 17:19 . 2010-04-24 22:16 -------- d-----w- c:\program files\Quick Poker
2010-06-28 15:14 . 2009-09-01 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-28 14:04 . 2010-04-11 15:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-28 11:18 . 2007-11-16 12:31 69624 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-28 11:14 . 2009-12-26 16:30 -------- d-----w- c:\program files\eMule
2010-06-28 11:13 . 2007-11-15 15:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-05 16:37 . 2010-05-20 10:04 -------- d-----w- c:\program files\Google
2010-06-03 16:02 . 2009-09-01 21:02 69232 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-02 22:17 . 2007-11-15 14:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-01 08:55 . 2010-02-17 15:31 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-06-01 08:55 . 2010-02-17 15:31 88 --sh--r- c:\windows\system32\60864B9DD0.sys
2010-05-27 00:36 . 2010-05-27 00:36 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-23fcb47e-n\msvcp71.dll
2010-05-27 00:36 . 2010-05-27 00:36 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-23fcb47e-n\jmc.dll
2010-05-27 00:36 . 2010-05-27 00:36 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-23fcb47e-n\msvcr71.dll
2010-05-16 16:40 . 2010-02-06 20:55 50354 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\uninstall.exe
2010-05-16 16:40 . 2010-02-06 20:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Facebook
2010-05-06 15:19 . 2010-05-06 15:19 -------- d-----w- c:\program files\Governor of Poker
2010-05-04 17:20 . 2007-11-15 11:30 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2009-09-02 00:22 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2007-11-15 11:30 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2007-11-15 11:30 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-04-11 15:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-04-11 15:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-24 23:37 . 2010-04-24 23:36 3085800 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2010-04-24 23:34 . 2010-04-24 23:34 249856 -c--a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\components\pfMultiplayer.dll
2010-04-24 23:34 . 2010-04-24 23:34 466944 -c--a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\pfHarness\pfHarness.dll
2010-04-20 05:30 . 2007-11-15 11:30 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-12 11:20 . 2010-04-12 11:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-12 11:19 . 2010-04-12 11:19 152576 -c--a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-04-12 11:17 . 2010-04-12 11:17 79488 -c--a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-07-01_09.49.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-01 16:22 . 2010-07-01 16:22 16384 c:\windows\Temp\Perflib_Perfdata_784.dat
+ 2010-03-29 21:13 . 2010-03-29 21:13 95872 c:\windows\system32\drivers\epfwtdir.sys
+ 2009-09-01 21:01 . 2010-07-01 16:22 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
- 2009-09-01 21:01 . 2010-07-01 09:36 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
- 2007-11-15 12:46 . 2010-07-01 09:39 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-15 12:46 . 2010-07-01 16:31 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-07-01 12:56 . 2010-07-01 12:56 10134 c:\windows\Installer\{B91B4988-2671-4C7A-9B84-5FE9E38EDDE0}\callmsi.exe
+ 2010-03-29 21:12 . 2010-03-29 21:12 114984 c:\windows\system32\drivers\ehdrv.sys
+ 2010-03-29 21:07 . 2010-03-29 21:07 140216 c:\windows\system32\drivers\eamon.sys
- 2007-11-15 12:46 . 2010-07-01 09:39 180224 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-15 12:46 . 2010-07-01 16:31 180224 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-07-01 12:56 . 2010-07-01 12:56 950784 c:\windows\Installer\79ea37.msi
+ 2010-07-01 12:56 . 2010-07-01 12:56 101480 c:\windows\Installer\{B91B4988-2671-4C7A-9B84-5FE9E38EDDE0}\egui.exe
+ 2007-11-15 12:46 . 2010-07-01 16:31 4915200 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-11-15 12:46 . 2010-07-01 09:39 4915200 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-06-06 07:16 2955264 ----a-w- c:\program files\Protector Suite quello\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-06-06 07:16 2955264 ----a-w- c:\program files\Protector Suite quello\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-10-06 2075384]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-07 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-12 8491008]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-09-06 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-12 149280]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2007-09-28 217088]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2007-01-24 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"PSQLLauncher"="c:\program files\Protector Suite quello\launcher.exe" [2007-06-06 49168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-17 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-17 137752]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-01-12 115560]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-13 1732608]
"VAIO Update 4"="c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-07-30 870240]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-07-01 6110528]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-29 2145000]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
setup_9.0.0.722_29.06.2010_15-52.lnk - c:\documents and settings\Owner\Desktop\Virus Removal Tool\setup_9.0.0.722_29.06.2010_15-52\startup.exe [2010-6-29 72208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-9-14 110592]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-8-3 572008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-06-06 07:03 90112 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-05-17 04:50 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 20:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 25673062;25673062 Boot Guard Driver;c:\windows\system32\drivers\25673062.sys [6/29/2010 9:11 AM 37392]
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [11/15/2007 7:31 AM 21408]
R1 25673061;25673061;c:\windows\system32\drivers\25673061.sys [6/29/2010 9:11 AM 128016]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/29/2010 5:12 PM 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/29/2010 5:13 PM 95872]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R1 setup_9.0.0.722_29.06.2010_15-52drv;setup_9.0.0.722_29.06.2010_15-52drv;c:\windows\system32\drivers\2567306.sys [6/29/2010 9:11 AM 315408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [3/29/2010 5:12 PM 810120]
R3 5U870UVC;Sony Visual Communication Camera VGP-VCC7;c:\windows\system32\drivers\5U870.sys [9/11/2009 2:26 PM 90240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/27/2010 5:08 AM 102448]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [11/15/2007 7:31 AM 41216]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [11/15/2007 7:31 AM 31104]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [11/15/2007 12:40 AM 37040]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [11/15/2007 7:31 AM 812544]
S2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/20/2010 6:04 AM 136176]
.
Contents of the 'Scheduled Tasks' folder

2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 10:04]

2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 10:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tjjbxy4y.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tjjbxy4y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tjjbxy4y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-01 12:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,82,f7,2b,4b,39,7e,4d,b1,75,75,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,82,f7,2b,4b,39,7e,4d,b1,75,75,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite quello\homefus2.dll
c:\program files\Protector Suite quello\infra.dll
c:\program files\Protector Suite quello\homepass.dll
c:\program files\Protector Suite quello\bio.dll
c:\program files\Protector Suite quello\remote.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\Protector Suite quello\crypto.dll

- - - - - - - > 'lsass.exe'(972)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite quello\homefus2.dll
c:\program files\Protector Suite quello\infra.dll

- - - - - - - > 'explorer.exe'(4420)
c:\windows\system32\WININET.dll
c:\program files\Protector Suite quello\farchns.dll
c:\program files\Protector Suite quello\infra.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-01 12:40:25
ComboFix-quarantined-files.txt 2010-07-01 16:40
ComboFix2.txt 2010-07-01 09:50
ComboFix3.txt 2010-06-28 20:46

Pre-Run: 206,778,322,944 bytes free
Post-Run: 206,835,896,320 bytes free

- - End Of File - - 163898B3C25B5EAFA86B5DEB112B1C99

nel frattempo la mia fase depressiva sta aumentando....
Avatar utente
Pierodoctor
Aficionado
Aficionado
 
Messaggi: 33
Iscritto il: lun giu 28, 2010 1:39 pm

Re: IEXPLORE.EXE........HELP!!!

Messaggioda crazy.cat » gio lug 01, 2010 6:23 pm

Pierodoctor ha scritto:Appena installato NOD32 ha trovato questo file: win32/Mebroot trojan, ma quando gli ho detto di eliminarlo, non e' riuscito a farlo.
ho riavviato il PC e anche in questo caso, dopo la scan, ha segnalato lo stesso file (win32/Mebroot trojan), ma non l'ha tolto!!

Dove te lo ha trovato?
Perché è strano combofix non mostra niente riguardo a questa infezione.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: IEXPLORE.EXE........HELP!!!

Messaggioda Pierodoctor » gio lug 01, 2010 6:27 pm

non me lo dice....ogni volta che riavvio nod 32 mi segnala quel file, e mi chiede se eliminarlo, ma poi dice che non riesce....
Avatar utente
Pierodoctor
Aficionado
Aficionado
 
Messaggi: 33
Iscritto il: lun giu 28, 2010 1:39 pm

PrecedenteProssimo

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 22 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising