www.MegaLab.it

[coolman]

ciao a tutti .
da tempo ho il seguente problema, premettendo che ho AVIRA ANTIVIR PERSONAL - FREE ANTIVIRUS:
il mio antivirus mi segnala ogni tanto che ho un tentativo di accesso di CAVALLO DI TROIA tr/rootki.gen.
lo sposto in quarantena.fin qui tutto ok,poi lo cancello e dopo alcuni giorni di nuovo da capo.
qualcuno mi puo dare una mano.

il mio pc sta' rallentando sempre di piu....
grazie

[crazy.cat]

Posta un qualche log di hijackthis o meglio quello di combofix e dicci dove viene trovato il virus (in quale file).

[coolman]

come faccio per combo fix?

[coolman]

eccco il log di combo fix.



ComboFix 10-05-31.03 - sony-pc 01/06/2010 16.58.39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.477 [GMT 2:00]
Eseguito da: c:\documents and settings\sony-pc\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {00000000-F020-0013-5D5C-927C00000000}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-F020-0012-5D5C-927C00000000}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\sony-pc\Impostazioni locali\Dati applicazioni\akeqjcwa.dat
c:\documents and settings\sony-pc\Impostazioni locali\Dati applicazioni\akeqjcwa_nav.dat
c:\documents and settings\sony-pc\Impostazioni locali\Dati applicazioni\akeqjcwa_navps.dat
c:\documents and settings\sony-pc\Impostazioni locali\Dati applicazioni\isnpatv.exe
c:\programmi\Search Settings
c:\programmi\Search Settings\FF\chrome.manifest
c:\programmi\Search Settings\FF\chrome\content\plugin.js
c:\programmi\Search Settings\FF\chrome\content\plugin.xul
c:\programmi\Search Settings\FF\chrome\content\protection.js
c:\programmi\Search Settings\FF\chrome\content\utils.js
c:\programmi\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\programmi\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\programmi\Search Settings\FF\components\IFBHOSearch.xpt
c:\programmi\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\programmi\Search Settings\FF\components\IFHelperPreferences.xpt
c:\programmi\Search Settings\FF\components\SearchSettingsFF.dll
c:\programmi\Search Settings\FF\install.rdf
c:\programmi\Search Settings\SeARchsettings.dll
c:\programmi\Search Settings\SearchSettings.exe
c:\programmi\Search Settings\SearchSettingsRes409.dll

.
original MBR restored successfully !
.
((((((((((((((((((((((((( Files Creati Da 2010-05-01 al 2010-06-01 )))))))))))))))))))))))))))))))))))
.

2010-06-01 14:43 . 2010-06-01 14:43 398336 ----a-w- c:\windows\system32\CF19779.exe
2010-05-27 15:04 . 2010-05-27 15:04 57344 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-27 15:02 . 2010-05-27 14:57 754984 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Setup\Resource.dll
2010-05-27 15:02 . 2010-05-27 14:56 1180952 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Setup\DivXSetup.exe
2010-05-27 15:02 . 2010-05-27 15:02 56766 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-27 15:02 . 2009-11-24 19:17 530625 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
2010-05-27 15:02 . 2009-11-24 19:17 530625 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-05-27 15:02 . 2010-05-27 15:02 56978 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\WebPlayer\Uninstaller.exe
2010-05-27 15:02 . 2010-05-27 15:02 53600 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Update\Uninstaller.exe
2010-05-27 15:02 . 2010-05-27 15:02 57679 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Player\Uninstaller.exe
2010-05-27 15:01 . 2010-05-27 15:01 84040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\TransferWizard\Uninstaller.exe
2010-05-27 15:00 . 2010-05-27 15:00 57054 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-27 15:00 . 2010-05-27 15:00 54166 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-27 15:00 . 2010-05-27 15:00 57532 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DSASPDecoder\Uninstaller.exe
2010-05-27 15:00 . 2010-05-27 15:00 56458 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-27 15:00 . 2010-05-27 15:00 54174 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DSAACDecoder\Uninstaller.exe
2010-05-27 15:00 . 2010-05-27 15:00 54153 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DFXPlugin\Uninstaller.exe
2010-05-27 15:00 . 2010-05-27 15:00 54128 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Converter\Uninstaller.exe
2010-05-27 15:00 . 2010-05-27 15:00 54629 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\TranscodeEngine\Uninstaller.exe
2010-05-27 15:00 . 2010-05-27 15:00 57409 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\ControlPanel\Uninstaller.exe
2010-05-27 15:00 . 2010-05-27 15:00 54101 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\MPEG2Plugin\Uninstaller.exe
2010-05-27 15:00 . 2010-05-27 15:00 52963 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-27 14:59 . 2010-05-27 14:59 54073 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Qt4.5\Uninstaller.exe
2010-05-27 14:59 . 2010-05-27 14:59 56969 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\ASPEncoder\Uninstaller.exe
2010-05-27 14:57 . 2010-05-27 14:57 144696 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-27 14:56 . 2010-05-27 15:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DivX
2010-05-27 14:50 . 2010-05-27 14:50 -------- d-----w- c:\programmi\ConvertHelper
2010-05-16 12:51 . 2010-05-16 12:51 -------- d-----w- c:\programmi\TVAnts
2010-05-09 21:26 . 2010-05-09 21:27 21284336 ----a-w- c:\documents and settings\sony-pc\Dati applicazioni\Real\Update\setup3.10\rp\RealPlayerSPGold_it.exe
2010-05-05 11:02 . 2010-05-05 11:02 471040 ----a-w- c:\documents and settings\sony-pc\Impostazioni locali\Dati applicazioni\ucjxefd.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-01 14:57 . 2009-05-06 01:33 -------- d-----w- c:\programmi\DNA
2010-06-01 14:57 . 2009-05-06 01:33 -------- d-----w- c:\documents and settings\sony-pc\Dati applicazioni\DNA
2010-06-01 14:41 . 2007-08-30 16:56 -------- d-----w- c:\documents and settings\sony-pc\Dati applicazioni\Skype
2010-06-01 14:07 . 2008-04-28 11:14 -------- d-----w- c:\documents and settings\sony-pc\Dati applicazioni\skypePM
2010-06-01 13:45 . 2008-01-14 15:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-06-01 12:47 . 2007-08-30 18:01 -------- d-----w- c:\programmi\Mozilla Thunderbird
2010-05-31 16:18 . 2007-08-28 06:01 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-05-30 21:48 . 2007-08-31 18:45 -------- d-----w- c:\documents and settings\sony-pc\Dati applicazioni\DivX
2010-05-30 20:30 . 2008-01-14 16:59 -------- d-----w- c:\programmi\Recycle
2010-05-30 18:57 . 2007-08-30 18:21 -------- d-----w- c:\documents and settings\sony-pc\Dati applicazioni\foobar2000
2010-05-30 18:20 . 2008-10-29 17:20 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-05-30 17:04 . 2006-08-01 08:15 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2010-05-30 16:55 . 2008-01-14 15:27 -------- d-----w- c:\programmi\Norton Security Scan
2010-05-27 22:24 . 2010-03-03 10:06 443912 ----a-w- c:\documents and settings\sony-pc\Dati applicazioni\Real\Update\setup3.10\setup.exe
2010-05-27 15:02 . 2007-08-31 18:44 -------- d-----w- c:\programmi\DivX
2010-05-27 14:59 . 2009-09-12 10:45 -------- d-----w- c:\programmi\File comuni\DivX Shared
2010-05-17 22:36 . 2007-09-01 17:25 9004 ----a-w- c:\documents and settings\sony-pc\Dati applicazioni\wklnhst.dat
2010-05-16 12:15 . 2006-08-01 08:13 -------- d-----w- c:\programmi\Google
2010-05-12 09:21 . 2009-10-03 23:38 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-03 18:44 . 2007-09-09 16:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2010-04-29 13:39 . 2008-10-29 17:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2008-10-29 17:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 18:56 . 2009-12-21 23:49 -------- d-----w- c:\documents and settings\sony-pc\Dati applicazioni\BitTorrent
2010-04-13 10:49 . 2010-04-13 10:49 446464 ----a-w- c:\documents and settings\sony-pc\Impostazioni locali\Dati applicazioni\koagcosp.exe
2010-04-06 16:03 . 2010-04-06 16:02 -------- d-----w- c:\programmi\Veetle
2010-04-06 13:52 . 2008-08-13 15:24 -------- d-----w- c:\programmi\QuickTime
2010-04-02 13:10 . 2010-01-09 15:59 38784 ----a-w- c:\documents and settings\sony-pc\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-31 21:55 . 2006-07-31 03:37 73958 ----a-w- c:\windows\system32\perfc010.dat
2010-03-31 21:55 . 2006-07-31 03:37 449782 ----a-w- c:\windows\system32\perfh010.dat
2010-03-31 21:54 . 2010-03-31 21:54 79488 ----a-w- c:\documents and settings\sony-pc\Dati applicazioni\Sun\Java\jre1.6.0_19\gtapi.dll
2010-03-31 01:58 . 2008-11-20 19:19 44944 ----a-w- c:\windows\system32\drivers\pxhelp20.sys
2010-03-31 01:58 . 2007-08-31 18:44 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2006-08-01 08:03 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2006-08-01 08:03 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-26 08:33 . 2010-04-08 11:35 1496064 ----a-w- c:\documents and settings\sony-pc\Dati applicazioni\Mozilla\Firefox\Profiles\4braiout.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 08:33 . 2010-04-08 11:35 43008 ----a-w- c:\documents and settings\sony-pc\Dati applicazioni\Mozilla\Firefox\Profiles\4braiout.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 08:33 . 2010-04-08 11:35 339456 ----a-w- c:\documents and settings\sony-pc\Dati applicazioni\Mozilla\Firefox\Profiles\4braiout.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 08:32 . 2010-04-08 11:35 346112 ----a-w- c:\documents and settings\sony-pc\Dati applicazioni\Mozilla\Firefox\Profiles\4braiout.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-11 18:07 . 2010-03-11 18:07 8405312 ----a-w- c:\documents and settings\sony-pc\Dati applicazioni\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-11 18:07 . 2010-03-11 18:07 149000 ----a-w- c:\documents and settings\sony-pc\Dati applicazioni\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-11 18:07 . 2010-03-11 18:07 10309448 ----a-w- c:\documents and settings\sony-pc\Dati applicazioni\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-11 18:07 . 2010-03-11 18:07 79368 ----a-w- c:\documents and settings\sony-pc\Dati applicazioni\Real\Update\setup3.10\RUP\vista.exe
2010-03-11 18:07 . 2010-03-11 18:07 64000 ----a-w- c:\documents and settings\sony-pc\Dati applicazioni\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-11 18:07 . 2010-03-11 18:07 52288 ----a-w- c:\documents and settings\sony-pc\Dati applicazioni\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-11 18:07 . 2010-03-11 18:07 50688 ----a-w- c:\documents and settings\sony-pc\Dati applicazioni\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-11 18:07 . 2010-03-11 18:07 49152 ----a-w- c:\documents and settings\sony-pc\Dati applicazioni\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-11 18:07 . 2010-03-11 18:07 118784 ----a-w- c:\documents and settings\sony-pc\Dati applicazioni\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-10 06:15 . 2006-07-31 03:37 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 02:28 . 2010-01-02 16:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2008-01-16 17:17 . 2008-01-16 17:17 21504 ----a-w- c:\programmi\FLV PlayerRCATSetup.exe
2008-01-16 17:15 . 2008-01-16 17:10 411248 ----a-w- c:\programmi\FLV PlayerRCSetup.exe
2008-04-28 13:24 . 2007-10-06 13:56 122880 ----a-w- c:\programmi\mozilla firefox\components\GoogleDesktopMozilla.dll
2004-05-07 13:31 . 2007-08-30 18:01 348160 ----a-w- c:\programmi\mozilla firefox\components\MSVCR71.DLL
2006-11-07 10:58 . 2007-08-30 18:01 139264 ----a-r- c:\programmi\mozilla firefox\components\SABFF20.DLL
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 ----a-w- c:\programmi\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\programmi\DNA\btdna.exe" [2009-11-09 323392]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-05 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-08 7561216]
"Apoint"="c:\programmi\Apoint\Apoint.exe" [2004-11-17 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
"VAIOCameraUtility"="c:\programmi\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 217088]
"ISBMgr.exe"="c:\programmi\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\programmi\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 483328]
"vsc32cnf.exe"="c:\programmi\Roland\VSC32\vsc32cnf.exe" [2000-02-07 36864]
"vscvol.exe"="c:\programmi\Roland\VSC32\vscvol.exe" [2000-02-08 36864]
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-28 29744]
"H2O"="c:\programmi\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-11-04 413696]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"VAIO Update 5"="c:\programmi\Sony\VAIO Update 5\VAIOUpdt.exe" [2009-12-08 1324400]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-02-02 198160]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"DivXUpdate"="c:\programmi\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"MySpaceIM"="c:\programmi\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
"Picasa Media Detector"="c:\programmi\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\programmi\File comuni\Real\Update_OB\upgrdhlp.exe" [2010-02-02 136744]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Audio Filter.lnk - c:\programmi\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2007-8-28 5649408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 12:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI3"=vscapi.dll
"WAVE3"=vscapi.dll
"wave8"=fireface_mme.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Sony\\VAIO Media 5.0\\Vc.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Program Files\\Microprose\\Grand Prix 3\\gp3.exe"=
"c:\\Programmi\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\TVAnts\\Tvants.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [31/08/2007 22.34.03 11264]
R2 Application Updater;Application Updater;c:\programmi\Application Updater\ApplicationUpdater.exe [16/12/2009 18.38.20 375296]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB
R2 RVIEGVST;VSC VST Engine;c:\programmi\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [27/09/2007 14.12.48 188276]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [31/08/2007 22.42.00 33792]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [31/07/2006 5.38.12 30080]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [31/07/2006 5.38.10 808448]
R3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\drivers\vsc.sys [27/09/2007 14.05.38 951284]
S2 gupdate1ca33964ea13d42;Servizio di Google Update (gupdate1ca33964ea13d42);c:\programmi\Google\Update\GoogleUpdate.exe [12/09/2009 12.46.19 133104]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [17/10/2009 22.18.19 352256]
S3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [17/10/2009 22.18.21 33792]
S3 cc5f4ad3-754d-4552-8b24-413359a0fd24;cc5f4ad3-754d-4552-8b24-413359a0fd24;\??\f:\player\cds300.dll f:\player\cds300.dll
S3 fireface;Service for Fireface (WDM);c:\windows\system32\drivers\fireface.sys c:\windows\system32\drivers\fireface.sys
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [31/08/2007 20.36.57 29744]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB
S3 VUAgent;VUAgent;c:\programmi\Sony\VAIO Update 5\VUAgent.exe [02/01/2010 18.01.00 673136]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/11/2009 15.10.06 691696]
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]

2010-06-01 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-30 18:41]

2010-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-09-12 10:45]

2010-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-09-12 10:45]

2010-06-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2010-05-21 c:\windows\Tasks\Norton Security Scan.job
- c:\programmi\Norton Security Scan\Nss.exe [2007-09-18 22:42]

2010-05-27 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-06-01 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-06-01 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2010-02-04 15:50]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it.ask.com?o=15003&l=dis
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = proxone:8080
uInternet Settings,ProxyOverride = hotspot;192;168;192;254;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Aggiungi sito di supporto RSS a VAIO Information FLOW - c:\programmi\Sony\VAIO Information FLOW\aiesc.html
IE: Apri in nuova scheda in primo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?a71d97f80d544702a9200ca75133c563
IE: Apri in nuova scheda in secondo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?a71d97f80d544702a9200ca75133c563
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Trasferimento tramite Image Converter 2 Plus - c:\programmi\Sony\Image Converter 2\menu.htm
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
FF - ProfilePath - c:\documents and settings\sony-pc\Dati applicazioni\Mozilla\Firefox\Profiles\4braiout.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/List_of_Hi ... and_saints
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... e=en_IT&q=
FF - component: c:\documents and settings\sony-pc\Dati applicazioni\Mozilla\Firefox\Profiles\4braiout.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\sony-pc\Dati applicazioni\Mozilla\Firefox\Profiles\4braiout.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\sony-pc\Dati applicazioni\Mozilla\Firefox\Profiles\4braiout.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - component: c:\programmi\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Picasa2\npPicasa3.dll
FF - plugin: c:\programmi\Veetle\Player\npvlc.dll
FF - plugin: c:\programmi\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programmi\Veetle\VLCBroadcast\npvbp.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-SunJavaUpdateSched - c:\programmi\Java\jre6\bin\jusched.exe
HKLM-Run-SearchSettings - c:\programmi\Search Settings\SearchSettings.exe
AddRemove-akeqjcwa - c:\documents and settings\sony-pc\impostazioni locali\dati applicazioni\akeqjcwa.exe
AddRemove-DivX Content Uploader - c:\programmi\DivX\DivXContentUploaderUninstall.exe
AddRemove-FriendBot Suite - c:\programmi\FriendBot\FriendBot Suite\uninstall.exe
AddRemove-ReCycle v2.1 - c:\progra~1\Recycle\UNWISE.EXE
AddRemove-Steinberg Cubase SX v3.0.2.623 - c:\progra~1\STEINB~1\CUBASE~1\UNWISE.EXE
AddRemove-TC Native Bundle v3.1 - c:\progra~1\TCWorks\UNINST~1\UNWISE.EXE
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\programmi\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-01 17:05
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\VESWinlogon.dll
.
Ora fine scansione: 2010-06-01 17:08:16
ComboFix-quarantined-files.txt 2010-06-01 15:08
ComboFix2.txt 2009-04-14 19:33
ComboFix3.txt 2009-04-14 17:18

Pre-Run: 9.393.319.936 byte disponibili
Post-Run: 11.568.230.400 byte disponibili

- - End Of File - - F61862E5A01110680D497024681DF02B

[coolman]

qualcuno riesce a darmi una mano?
a presto e grazie

[coolman]

questo il log di hick jack this.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.23.10, on 01/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Application Updater\ApplicationUpdater.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Programmi\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ICO.EXE
C:\Programmi\Sony\VAIO Camera Utility\VCUServe.exe
C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Sony\ISB Utility\ISBMgr.exe
C:\Programmi\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\Roland\VSC32\vsc32cnf.exe
C:\Programmi\Roland\VSC32\vscvol.exe
C:\Programmi\Apoint\Apntex.exe
C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.ask.com?o=15003&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxone:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = hotspot;192;168;192;254;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programmi\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Sopcast Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Programmi\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Programmi\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programmi\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Programmi\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [vsc32cnf.exe] C:\Programmi\Roland\VSC32\vsc32cnf.exe
O4 - HKLM\..\Run: [vscvol.exe] C:\Programmi\Roland\VSC32\vscvol.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [H2O] C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [VAIO Update 5] "C:\Programmi\Sony\VAIO Update 5\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programmi\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Programmi\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Programmi\File comuni\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|12.0" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Programmi\File comuni\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|12.0" (User 'Default user')
O4 - Global Startup: Audio Filter.lnk = C:\Programmi\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Aggiungi sito di supporto RSS a VAIO Information FLOW - C:\Programmi\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?a71d97f80d544702a9200ca75133c563
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?a71d97f80d544702a9200ca75133c563
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O8 - Extra context menu item: Trasferimento tramite Image Converter 2 Plus - C:\Programmi\Sony\Image Converter 2\menu.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.alice.it
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 1163997640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1163938718
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - F:\Player\__CDS2.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Programmi\Application Updater\ApplicationUpdater.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Servizio di Google Update (gupdate1ca33964ea13d42) (gupdate1ca33964ea13d42) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Programmi\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Programmi\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VUAgent - Sony Corporation - C:\Programmi\Sony\VAIO Update 5\VUAgent.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 14822 bytes

[stevens]

vai QUI e analizza questi file

c:\documents and settings\sony-pc\Impostazioni locali\Dati applicazioni\ucjxefd.exe

c:\documents and settings\sony-pc\Impostazioni locali\Dati applicazioni\koagcosp.exe

falli controllare anche qui

[markinson]

Dopo aver seguito i suggerimenti sopra riportati, puoi anche fare un controllo con Sophos Anti-Rootkit (tool freeware) e vedere cosa ti viene segnalato.

Per il log di HijackThis (oltre al fatto che utilizzi la versione 2.0.2, mentre attualmente è in circolazione la 2.0.4), potresti fixare le seguenti voci (possibilmente in modalità provvisoria: F8 all'avvio del sistema):

• R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll
• O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
• O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
• O3 - Toolbar: Sopcast Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll.

Da VirusTotal, fai analizzare anche:

• C:\Programmi\Application Updater\ApplicationUpdater.exe (è un programma sviluppato da Spigot Inc., su Google indicato in più punti come un malware; dovrebbe partire addirittura come servizio di sistema ).

[crazy.cat]

e dicci dove viene trovato il virus (in quale file).

Non hai risposto a questa domanda.

[coolman]

grazie per le risposte ragazzi
dopo che ho fatto la scansione con combofix il virus non e' piu venuto fuori quindi non so dov'e' il suo percorso..
provo ancora a fare una scansione con avira per vedere se effettivamente non ce piu poi vi diro'.
grazie mille.

[coolman]

questa e' l'analisi di virus total del seguente file:

C:\Programmi\Application Updater\ApplicationUpdater.exe

Virus Total
Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
File ApplicationUpdater.exe received on 2010.05.29 01:13:47 (UTC)
Current status: finished
Result: 0/41 (0.00%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.28.01 2010.05.28 -
AntiVir 8.2.1.242 2010.05.28 -
Antiy-AVL 2.0.3.7 2010.05.26 -
Authentium 5.2.0.5 2010.05.29 -
Avast 4.8.1351.0 2010.05.29 -
Avast5 5.0.332.0 2010.05.29 -
AVG 9.0.0.787 2010.05.29 -
BitDefender 7.2 2010.05.29 -
CAT-QuickHeal 10.00 2010.05.28 -
ClamAV 0.96.0.3-git 2010.05.29 -
Comodo 4942 2010.05.25 -
DrWeb 5.0.2.03300 2010.05.29 -
eSafe 7.0.17.0 2010.05.27 -
eTrust-Vet 35.2.7519 2010.05.29 -
F-Prot 4.6.0.103 2010.05.29 -
F-Secure 9.0.15370.0 2010.05.28 -
Fortinet 4.1.133.0 2010.05.28 -
GData 21 2010.05.29 -
Ikarus T3.1.1.84.0 2010.05.28 -
Jiangmin 13.0.900 2010.05.28 -
Kaspersky 7.0.0.125 2010.05.29 -
McAfee 5.400.0.1158 2010.05.29 -
McAfee-GW-Edition 2010.1 2010.05.28 -
Microsoft 1.5802 2010.05.28 -
NOD32 5154 2010.05.28 -
Norman 6.04.12 2010.05.28 -
nProtect 2010-05-28.01 2010.05.28 -
Panda 10.0.2.7 2010.05.28 -
PCTools 7.0.3.5 2010.05.28 -
Prevx 3.0 2010.05.29 -
Rising 22.49.04.04 2010.05.28 -
Sophos 4.53.0 2010.05.28 -
Sunbelt 6371 2010.05.29 -
Symantec 20101.1.0.89 2010.05.28 -
TheHacker 6.5.2.0.288 2010.05.27 -
TrendMicro 9.120.0.1004 2010.05.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.29 -
VBA32 3.12.12.5 2010.05.28 -
ViRobot 2010.5.20.2326 2010.05.28 -
VirusBuster 5.0.27.0 2010.05.28 -
Additional information
File size: 375296 bytes
MD5 : 70a5f4951487a9c8d2ea47718ad64ee4
SHA1 : 20f7e80d0bb4ebca5291cabfe4c46a68b938f033
SHA256: e751945d2576c90267e123bfd862eb0429e609358af0d7df215254f6af917da0
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x25776
timedatestamp.....: 0x4B28FEE9 (Wed Dec 16 16:38:17 2009)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3BAD0 0x3BC00 6.59 3061ae8dcc6425702aab092b4059f389
.rdata 0x3D000 0xD1F6 0xD200 4.43 7b7abec5acd426ce48fdb59119d1c25b
.data 0x4B000 0x3CD8 0x2000 3.92 3a5795b0fa22f4258dea4693529eba5e
.rsrc 0x4F000 0xC0B4 0xC200 4.37 bf8f5dfc9a8e5d0e11920a4fdff2141d
.reloc 0x5C000 0x45CA 0x4600 5.45 0392691fdb0c29d73b3531c241be811e

( 9 imports )

> advapi32.dll: RegCreateKeyExW, ConvertStringSecurityDescriptorToSecurityDescriptorW, GetSecurityDescriptorLength, MakeSelfRelativeSD, GetSecurityDescriptorControl, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, RegDeleteValueW, RegSetValueExW, RegQueryValueExW, RegEnumKeyExW, RegOpenKeyExW, RegCloseKey, CreateProcessAsUserW, OpenProcessToken, DuplicateTokenEx, GetTokenInformation, LookupAccountSidW, IsValidSid, GetLengthSid, ConvertSidToStringSidW, CopySid, DeleteService, OpenServiceW, DeregisterEventSource, ReportEventW, RegisterEventSourceW, SetServiceStatus, RegisterServiceCtrlHandlerW, CloseServiceHandle, CreateServiceW, OpenSCManagerW, StartServiceCtrlDispatcherW
> kernel32.dll: CreateDirectoryW, MoveFileExW, DeleteFileW, CopyFileW, GetTempFileNameW, FindFirstFileW, FindNextFileW, FindClose, GetFileAttributesW, GetVersionExW, TerminateProcess, GetModuleHandleA, GetProcAddress, GetVersion, LoadLibraryW, OutputDebugStringA, GetTempPathW, CreateMutexW, GetPrivateProfileStringW, CreateThread, MultiByteToWideChar, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, SetErrorMode, FreeLibrary, SetEnvironmentVariableA, CompareStringW, CompareStringA, FlushFileBuffers, CreateFileA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, GetLocaleInfoA, GetConsoleMode, GetConsoleCP, InitializeCriticalSectionAndSpinCount, LoadLibraryA, ExpandEnvironmentStringsW, ReadFile, WideCharToMultiByte, GetCurrentProcessId, GetCurrentThreadId, FindResourceExW, FindResourceW, LoadResource, LockResource, SizeofResource, SetFilePointer, CreateFileW, WriteFile, HeapAlloc, FormatMessageW, HeapFree, GetProcessHeap, InterlockedIncrement, lstrlenA, OutputDebugStringW, DebugBreak, InterlockedDecrement, lstrlenW, OpenProcess, Process32NextW, Process32FirstW, CreateToolhelp32Snapshot, GetModuleHandleW, ReleaseMutex, OpenMutexW, Sleep, SetLastError, CloseHandle, LocalFree, RaiseException, SetEvent, WaitForSingleObject, CreateEventW, GetLastError, GetModuleFileNameW, InitializeCriticalSection, GetTimeZoneInformation, GetDateFormatA, GetTimeFormatA, GetTickCount, QueryPerformanceCounter, GetStartupInfoA, GetFileType, SetHandleCount, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, VirtualFree, HeapCreate, GetModuleFileNameA, GetStdHandle, ExitProcess, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, RtlUnwind, VirtualQuery, GetSystemInfo, VirtualAlloc, VirtualProtect, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetSystemTimeAsFileTime, HeapSize, HeapReAlloc, HeapDestroy
> ole32.dll: CoCreateInstance, CoTaskMemFree, OleRun
> oleaut32.dll: -, -, -, -, -, -, -
> shell32.dll: ShellExecuteW, SHGetFolderPathW
> shlwapi.dll: PathAppendW, PathAddBackslashW, PathFileExistsW, PathIsDirectoryW
> user32.dll: RealGetWindowClassW, LoadStringW, ModifyMenuW, CharNextW, IsWindow, IsMenu, SetWindowTextW, wvsprintfW, LoadImageW, SendMessageW, LoadBitmapW, GetSystemMetrics
> userenv.dll: LoadUserProfileW, CreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile
> wininet.dll: HttpOpenRequestW, InternetGetConnectedState, InternetQueryOptionW, HttpQueryInfoW, InternetCrackUrlW, InternetCloseHandle, InternetReadFile, HttpSendRequestW, InternetConnectW, InternetOpenW

( 0 exports )
TrID : File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
ssdeep: 6144:PCi4SRDgqC9cQspcp6rAfm4bDJXLXAfhiMTjXLv3AAbpWJe:ai4SRD85fmcDJX7ikMHX0pY
sigcheck: publisher....: Spigot, Inc.
copyright....: Copyright (c) 2005-2009 Spigot, Inc.
product......: Application Updater
description..: Application Updater
original name: ApplicationUpdater.exe
internal name: ApplicationUpdater.exe
file version.: 1, 0, 3, 12
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
RDS : NSRL Reference Data Set
-

[coolman]

jotti mi ha rilevato che 9 scanner su 19 mi danno malware per questo file:

koagcosp.exe

qualcuno mi puo spiegare meglio come e' il procedimento per fissare le voci con hick jack this.scusate ma non vorrei fare casini..

[markinson]

[MLI] Guida di crazy.cat su HijackThis

Qual è l'esito della scansione di Avira?
Hai provato a far girare Sophos Anti-Rootkit?