www.MegaLab.it

[LegioneFelix17]

Salve,
mia cugina qualche giorno fa ha cliccato su delle immagini in un sito web e adesso il mio computer si è riempito di virus e la mia connessione ad internet è bloccata.

Ho fatto la scansione con Avira antivir Personal ed ha rilevato 20 trojan horse tra cui Vuondo,a l termine della scansione ho eliminato dalla quarantena gli stessi.

Adesso quando vado ad aprire internet explorer mi compare:
1) Le impostazioni correnti non consentono ai siti web di utilizzare i controlli Activex installati.
2) Per facilitare la protezione è stato impedito a questo file di visualizzare il contenuto attivo che potrebbe accedere al computer.

[gioia271965]

Scarica e utilizza Firefox. Internet Explorer è troppo esposto, in quanto programma integrato col sistema operativo.

[gio!]

Sei sicura di aver ripulito per bene il pc? Posta qui un log hijackthis

[crazy.cat]

Posta qui un log hijackthis

Meglio quello di combofix, molto più dettagliato.

[LegioneFelix17]

ecco il risultato della scansione di hijackthis :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ecocho.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ataDaemon] C:\Program Files\AliceTiAiuta\McciTrayApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [tsphoxeuci] c:\users\augusto\appdata\local\tsphoxeuci.exe tsphoxeuci
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\IEXPLORE.EXE http://www.symantec.com/techsupp/servle ... 6.000001da
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{148E903E-C682-4054-845E-E9F145B47140}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{148E903E-C682-4054-845E-E9F145B47140}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{148E903E-C682-4054-845E-E9F145B47140}: NameServer = 192.168.0.1
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 11686 bytes

[gio!]

Ciao, da hijackthis seleziona queste voci e premi fix checked:
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

Poi scarica combofix sul desktop http://download.bleepingcomputer.com/sUBs/ComboFix.exe chiudi tutte le applicazioni,disconnettiti, disattiva l'antivirus che potrebbe erroneamente rilevarlo come infetto e inizia la scansione.
Al termine dopo il riavvio postaci il log che compare a video o si trova in C:\Combofix.txt
NB: potrebbe metterci del tempo, lascialo lavorare e non usare il pc.

[LegioneFelix17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"F.lux"="c:\users\Augusto\Local Settings\Apps\F.lux\flux.exe" [2009-02-25 962560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="c:\program files\Internet Explorer\IEXPLORE.EXE" [2009-03-08 638816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-19 151552]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-10 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-10 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-10 88608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2009-06-02 2336112]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-31 4702208]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-10-11 1826816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

c:\users\Augusto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wise-FTP Scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F1912712-ADC6-488E-9CC9-E06DF1A6E0F7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C3A99D7E-159C-48AB-ADEC-C2DF54DFF214}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0625CBA-A266-45E4-8F57-1508068603BD}"= UDP:c:\program files\Common Files\Sogou PXP\p2psvr.exe:Sogou P4P Service
"{549113BC-91BB-4C54-BFBF-467B3A90A1A6}"= TCP:c:\program files\Common Files\Sogou PXP\p2psvr.exe:Sogou P4P Service
"{19F10012-374B-44E3-85AC-F6A64C62B35D}"= UDP:7569:Emule_TCP
"{CB5E53AA-6F8C-4D4D-9C52-762760173966}"= TCP:49089:Emule_UDP
"TCP Query User{B34B6962-8081-4CB9-9830-76ED628105E3}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{DB8CD2F9-DD9C-4291-80B2-2FE60D694389}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{1E93DBA5-A29A-42F7-BC67-EDABD2CFF86B}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{D7F48C81-EC61-4A7B-A15A-13D4A7F787E6}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"{196DAD1D-F9AE-44F6-85D6-38DC8AFC994F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{C48E4462-4355-46A8-911F-F95EC2B7842F}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{E02ECBA6-7800-4214-9B1E-5A5049049C06}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"{DAFB6357-5DEB-4219-9A8C-75A4A0A428AD}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{6DF44DE5-A255-42F6-8B2B-5E8B375E1BED}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{49BF8873-9DF5-4C84-AD0B-6A95409FB30B}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{26DCD2C3-831C-41E9-A026-BA6D706C1BE2}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{6D2F0367-A6FC-4007-AADD-57C046756DDC}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{2DBFE5D4-3592-4E77-A7DD-6576B3D06F0F}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"TCP Query User{4727B4A5-F731-4046-8A8B-B43F7369D608}c:\\users\\augusto\\desktop\\emule+\\emule0.49b\\emule.exe"= UDP:c:\users\augusto\desktop\emule+\emule0.49b\emule.exe:emule.exe
"UDP Query User{1AD3B567-C29F-458F-93E1-876877621C89}c:\\users\\augusto\\desktop\\emule+\\emule0.49b\\emule.exe"= TCP:c:\users\augusto\desktop\emule+\emule0.49b\emule.exe:emule.exe
"TCP Query User{75AAA0B0-6088-4281-BAFF-1923C0077DB4}c:\\program files\\webmediaplayer\\webmediaplayer.exe"= UDP:c:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
"UDP Query User{CB689D59-FF94-4AD3-BFD6-8E1FE358AD8E}c:\\program files\\webmediaplayer\\webmediaplayer.exe"= TCP:c:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
"TCP Query User{2106236D-4997-4680-8F6A-B9243FF6BBAE}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{D5B055A4-E37C-41A0-9A70-2638CC4117EA}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"{443DA4B8-A974-40EB-980F-75223766DA2F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{4D2E5EC4-FBD1-4277-BB34-E05ED2BD9065}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\PPMate\\ppmate.exe"= c:\program files\PPMate\ppmate.exe:*:Enabled:PPMate
"c:\\Program Files\\PPMate\\ppamnet.exe"= c:\program files\PPMate\ppamnet.exe:*:Enabled:PPMate
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Users\\Augusto\\Desktop\\BitTorrent\\bittorrent.exe"= c:\users\Augusto\Desktop\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [02.06.2009 11:40 116080]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\System32\drivers\l260x86.sys [16.10.2008 16:17 29184]
S2 gupdate1c991bb98f96e2f;Servizio di Google Update (gupdate1c991bb98f96e2f);c:\program files\Google\Update\GoogleUpdate.exe [18.02.2009 13:25 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-18 10:28]

2009-06-15 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-18 11:25]

2009-06-15 c:\windows\Tasks\User_Feed_Synchronization-{A439724A-D80C-4E9F-8F57-B26F073CC29F}.job
- c:\windows\system32\msfeedssync.exe [2009-05-22 11:31]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-DesktopMechanic - (no file)


.
------- Scansione supplementare -------
.
uStart Page = hxxp://google.it/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-15 17:53
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

? [14692]
? [24136]
? [24160]
? [40324]
? [42656]
? [42784]
scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2009-06-15 17:54
ComboFix-quarantined-files.txt 2009-06-15 15:54

Pre-Run: 160'505'016'320 byte disponibili
Post-Run: 159'966'986'240 byte disponibili

209 --- E O F --- 2009-06-14 09:50

[gio!]

I log li devi mettere nel tag

Codice: Seleziona tutto

[LOG][/LOG]

[crazy.cat]

E andrebbero messi completi, li hai tagliati tutti e due.
Se combofix non lo ha già rimosso, disinstalla Webmedia player.

[LegioneFelix17]

Scusate l'ignoranza che devo fare...?

[Mikleman]

Scusate l'ignoranza che devo fare...?

cancellare o magari mettere in quarantena con il tuo antivirus questo file:
c:\program files\webmediaplayer\webmediaplayer.exe