Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

infezione worm roron.50

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

infezione worm roron.50

Messaggioda mario1982 » sab dic 06, 2008 1:25 am

salve a tutti, ho un problema e mi chiedo se qualcuno qui possa aiutarmi. da un po' di tempo, per quanto non si riscontrino problemi evidenti, il mio antivirus avira antivir segnala ad ogni scansione la presenza del worm roron.50 in file come Britneysucks.exe o PamelaAnderson.exe. Ho provato a fare scansioni con tutto: Avira antivir, spybot, spyware terminator, superantispyware: niente. Ho provato anche con un apposito tool scaricato da internet per il Roron Worm, fatto girare anche in modalità provvisoria, ma nulla di fatto. Su internet sono disponibili diverse descrizioni del virus, tra cui questa http://www.avira.com/it/threats/section/fulldetails/id_vir/356/worm_roron.50.html, che descrive in modo dettagliato anche il modo in cui il worm si inserisce nel registro, eccetera. Il problema è che io, nel registro, non saprei come metterci le mani, e mi chiedevo se qualcuno possa suggerirmi, anche alla luce delle informazioni fornite dal sito Avira, come sbarazzarmi di questo worm. Il sistema è Windows XP SP2. Allego inoltre un log di hijackthis. Ringrazio di cuore chiunque abbia voglia e tempo di aiutarmi.

Logfile of HijackThis v1.99.1
Scan saved at 01:21:04, on 06/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Programmi\Power Translator 11\LogoMedia TranslateDotNet Server.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Programmi\TOSHIBA\Accessibility\FnKeyHook.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\QuickTime\qttask.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmi\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Documents and Settings\LILIANA\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator 11\Applications\LEC IE Translation Extension.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [HWSetup] C:\Programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Programmi\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Programmi\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: LG SyncManager.lnk = C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator 11\LogoMedia TranslateDotNet Server.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
Avatar utente
mario1982
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: gio giu 14, 2007 11:26 pm

Re: infezione worm roron.50

Messaggioda crazy.cat » sab dic 06, 2008 9:16 am

Sembra che il worm assuma dei nomi casuali e si copi al posto di altri file di sistema.
Nel log non si vede niente, prova a scaricare questo tool http://www.MegaLab.it/2894 e fare una scansione completa con lui e vedere se trova qualcosa.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: infezione worm roron.50

Messaggioda mario1982 » mer dic 10, 2008 2:23 pm

[cry+] Ho fatto una scansione con il tool di Kaspersky, ha trovato lo stesso worm Roron.50, gliel'ho fatto eliminare, ho riavviato, alla prima scansione con Avira non ha trovato nulla, ma dopo un ulteriore riavvio, ad una successiva scansione il virus si è ripresentato, l'ho eliminato di nuovo ma non credo serva a molto. Ho provato anche a fare una scansione con Panda antirootkit, ma nulla di fatto. RIproverò con un altro antirootkit, ma a questo punto non ho un'idea precisa di cosa fare... [cry+]
Avatar utente
mario1982
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: gio giu 14, 2007 11:26 pm


Re: infezione worm roron.50

Messaggioda crazy.cat » mer dic 10, 2008 2:57 pm

prova gmer antirootkit e posta il log della scansione se ti segnala delle voci in rosso
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: infezione worm roron.50

Messaggioda mario1982 » mer dic 10, 2008 4:28 pm

Ho effettuato scansioni con: Mcafee Antirootkit, Combofix e Gmer. Non ne sono sicuro, ma mi sembra che Combofix abbia in effetti eliminato qualcosa, mentre con Gmer non ho trovato valori in rosso. Allego log di Gmer, sperando sia utile. Grazie.

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-10 16:21:54
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT F8DCFE9C ZwCreateThread
SSDT F8DCFE88 ZwOpenProcess
SSDT F8DCFE8D ZwOpenThread
SSDT F8DCFE97 ZwTerminateProcess
SSDT F8DCFE92 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Impossibile trovare il file specificato. !
? C:\ComboFix\catchme.sys Impossibile trovare il percorso specificato. !

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Programmi\Apoint2K\Apntex.exe[220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00972F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Apoint2K\Apntex.exe[220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00972CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Apoint2K\Apntex.exe[220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00972D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Apoint2K\Apntex.exe[220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00972CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Java\jre6\bin\jusched.exe[292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Java\jre6\bin\jusched.exe[292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Java\jre6\bin\jusched.exe[292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Java\jre6\bin\jusched.exe[292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009C2D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe[680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00992F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe[680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00992CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe[680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00992D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe[680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00992CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\TPSBattM.exe[2224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A32F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\TPSBattM.exe[2224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A32CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\TPSBattM.exe[2224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A32D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\TPSBattM.exe[2224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A32CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C12F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C12CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C12D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C12CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2576] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B72F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2576] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B72CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2576] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B72D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2576] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B72CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008C2F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008C2CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008C2D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008C2CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Apoint2K\Apoint.exe[3100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A32F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Apoint2K\Apoint.exe[3100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A32CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Apoint2K\Apoint.exe[3100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A32D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Apoint2K\Apoint.exe[3100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A32CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe[3124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe[3124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe[3124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe[3124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\AGRSMMSG.exe[3144] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A12F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\AGRSMMSG.exe[3144] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A12CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\AGRSMMSG.exe[3144] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A12D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\AGRSMMSG.exe[3144] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A12CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe[3164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AB2F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe[3164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AB2CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe[3164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AB2D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe[3164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AB2CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\TOSHIBA\TouchPad\TPTray.exe[3208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A12F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\TOSHIBA\TouchPad\TPTray.exe[3208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A12CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\TOSHIBA\TouchPad\TPTray.exe[3208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A12D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\TOSHIBA\TouchPad\TPTray.exe[3208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A12CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\TPSMain.exe[3240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B32F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\TPSMain.exe[3240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B32CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\TPSMain.exe[3240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B32D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\TPSMain.exe[3240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B32CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00DC2F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00DC2CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00DC2D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00DC2CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\TCtrlIOHook.exe[3264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A12F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\TCtrlIOHook.exe[3264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A12CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\TCtrlIOHook.exe[3264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A12D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\TCtrlIOHook.exe[3264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A12CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ZoomingHook.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009F2F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ZoomingHook.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009F2CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ZoomingHook.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009F2D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ZoomingHook.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009F2CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[3332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[3332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[3332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[3332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\TOSHIBA\Accessibility\FnKeyHook.exe[3376] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009F2F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\TOSHIBA\Accessibility\FnKeyHook.exe[3376] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009F2CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\TOSHIBA\Accessibility\FnKeyHook.exe[3376] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009F2D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\TOSHIBA\Accessibility\FnKeyHook.exe[3376] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009F2CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A72F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A72CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A72D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A72CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe[3540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00982F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe[3540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00982CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe[3540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00982D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe[3540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00982CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\QuickTime\qttask.exe[3576] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00992F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\QuickTime\qttask.exe[3576] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00992CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\QuickTime\qttask.exe[3576] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00992D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\QuickTime\qttask.exe[3576] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00992CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe[3652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe[3652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe[3652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe[3652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe[3656] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AC2F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe[3656] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AC2CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe[3656] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AC2D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe[3656] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AC2CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\File comuni\Real\Update_OB\realsched.exe[3692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\File comuni\Real\Update_OB\realsched.exe[3692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\File comuni\Real\Update_OB\realsched.exe[3692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009C2D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\File comuni\Real\Update_OB\realsched.exe[3692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe[3728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A92F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe[3728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A92CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe[3728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A92D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe[3728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A92CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Logitech\QuickCam\Quickcam.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C42F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Logitech\QuickCam\Quickcam.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C42CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Logitech\QuickCam\Quickcam.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C42D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Logitech\QuickCam\Quickcam.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C42CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008D2F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008D2CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008D2D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008D2CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RAMASST.exe[4092] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009B2F30] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RAMASST.exe[4092] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009B2CA0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RAMASST.exe[4092] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009B2D00] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RAMASST.exe[4092] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009B2CD0] C:\Programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Udfs \UdfsCdRom tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}@FriendlyName Windows Media Files
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}@ComponentGUID {077ACEC7-979C-40AB-9835-435BA1511E0D}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}@Version 655360
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}@Sub-Version 3646
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}@ExceptionInfName C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\MPPRE10.inf
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}@ExceptionCatalogName C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\mppre10.cat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}@FriendlyName Windows Media Files
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}@ComponentGUID {30C7234B-6482-4A55-A11D-ECD9030313F2}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}@Version 655360
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}@Sub-Version 3646
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}@ExceptionInfName C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDM10.inf
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}@ExceptionCatalogName C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\wmdm10.cat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}@FriendlyName Windows Media Files
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}@ComponentGUID {3FDF25EE-E592-4495-8391-6E9C504DAC2B}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}@Version 655360
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}@Sub-Version 3646
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}@ExceptionInfName C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\WMSET10.inf
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}@ExceptionCatalogName C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\wmset10.cat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{60204BB3-7078-4F70-8F69-68297621941C}@FriendlyName Windows Media Files
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{60204BB3-7078-4F70-8F69-68297621941C}@ComponentGUID {60204BB3-7078-4F70-8F69-68297621941C}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{60204BB3-7078-4F70-8F69-68297621941C}@Version 655360
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{60204BB3-7078-4F70-8F69-68297621941C}@Sub-Version 3646
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{60204BB3-7078-4F70-8F69-68297621941C}@ExceptionInfName C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\MPSTUB10.inf
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{60204BB3-7078-4F70-8F69-68297621941C}@ExceptionCatalogName C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\mpstub10.cat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}@FriendlyName Windows Media Files
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}@ComponentGUID {981FB688-E76B-4246-987B-92083185B90A}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}@Version 655360
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}@Sub-Version 3646
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}@ExceptionInfName C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\WPD10.inf
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}@ExceptionCatalogName C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd10.cat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}@FriendlyName Windows Media Files
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}@ComponentGUID {A47B3654-48EE-48A5-B629-97D70175E58F}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}@Version 655360
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}@Sub-Version 3646
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}@ExceptionInfName C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\codecs10.inf
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}@ExceptionCatalogName C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\codecs10.cat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}@FriendlyName Windows Media Files
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}@ComponentGUID {AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}@Version 655360
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}@Sub-Version 3646
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}@ExceptionInfName C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMFSDK10.inf
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}@ExceptionCatalogName C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmfsdk10.cat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}@FriendlyName Windows Media Files
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}@ComponentGUID {C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}@Version 655360
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}@Sub-Version 3646
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}@ExceptionInfName C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\DRM10.inf
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}@ExceptionCatalogName C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drm10.cat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}@FriendlyName Windows Media Files
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}@ComponentGUID {CFB4B314-0328-45E1-94AF-45A3F5F48E0B}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}@Version 655360
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}@Sub-Version 3646
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}@ExceptionInfName C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\MPCD10.inf
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}@ExceptionCatalogName C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\mpcd10.cat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{DD90D410-1823-43EB-9A16-A2331BF08799}@FriendlyName Windows Media Files
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{DD90D410-1823-43EB-9A16-A2331BF08799}@ComponentGUID {DD90D410-1823-43EB-9A16-A2331BF08799}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{DD90D410-1823-43EB-9A16-A2331BF08799}@Version 655360
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{DD90D410-1823-43EB-9A16-A2331BF08799}@Sub-Version 3646
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{DD90D410-1823-43EB-9A16-A2331BF08799}@ExceptionInfName C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\WMP10.inf
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{DD90D410-1823-43EB-9A16-A2331BF08799}@ExceptionCatalogName C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmp10.cat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwFlash@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS@ProgID MsScp.SCPTRANS.1

---- EOF - GMER 1.0.14 ----
Avatar utente
mario1982
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: gio giu 14, 2007 11:26 pm

Re: infezione worm roron.50

Messaggioda Amantide » mer dic 10, 2008 4:31 pm

Allega anche il log di Combofix che è più utile di quello di Gmer.
Tutti i log vanno inseriti tra i tag [log][/log], correggi per favore il tuo post precedente e segui la stessa regola per inserire i nuovi log.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: infezione worm roron.50

Messaggioda mario1982 » mer dic 10, 2008 5:08 pm

ecco il log di combofix, postato come dovuto, spero sia d'aiuto... grazie e ciao
p.s.
avevo postato il presente log anche su un ulteriore forum sul quale avevo già in precedenza avviato una conversazione. ma d'accordo con uno dei moderatori, si è deciso di proseguire questa discussione unicamente qui. per correttezza. grazie

ComboFix 08-12-09.02 - LILIANA 2008-12-10 16.04.29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.234 [GMT 1:00]
Eseguito da: c:\documents and settings\LILIANA\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((( Files Creati Da 2008-11-10 al 2008-12-10 )))))))))))))))))))))))))))))))))))
.

2008-12-10 15:48 . 2008-12-10 15:48 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2008-12-10 14:38 . 2008-12-10 14:38 <DIR> d-------- C:\BackUpMSNCleaner
2008-12-09 16:44 . 2008-12-10 15:10 9,162,784 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-12-09 16:44 . 2008-12-10 15:10 108,452 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-12-09 15:53 . 2008-12-09 15:52 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-09 15:53 . 2008-12-09 15:52 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-05 22:58 . 2008-12-05 23:44 <DIR> d-------- c:\programmi\Spyware Terminator
2008-12-05 22:58 . 2008-12-05 23:44 <DIR> d-------- c:\documents and settings\LILIANA\Dati applicazioni\Spyware Terminator
2008-12-05 22:58 . 2008-12-05 23:40 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2008-12-05 22:58 . 2008-12-05 22:58 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2008-11-19 23:12 . 2008-11-19 23:12 <DIR> d-------- c:\windows\Internet Logs
2008-11-19 23:11 . 2008-03-29 17:36 125,328 --a------ c:\windows\system32\drivers\dne2000.sys
2008-11-19 23:11 . 2008-03-29 17:36 106,768 --a------ c:\windows\system32\dneinobj.dll
2008-11-19 23:10 . 2008-11-19 23:10 <DIR> d-------- c:\programmi\File comuni\Deterministic Networks
2008-11-19 23:10 . 2008-11-19 23:10 <DIR> d-------- c:\programmi\Cisco Systems
2008-11-19 23:10 . 2008-11-19 23:12 1,594 --a------ c:\windows\VPNInstall.MIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 14:53 --------- d-----w c:\documents and settings\LILIANA\Dati applicazioni\Skype
2008-12-10 14:51 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2008-12-10 14:51 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2008-12-10 14:49 --------- d-----w c:\programmi\File comuni\Symantec Shared
2008-12-10 14:24 21,036 ----atw c:\windows\system32\SIntfNT.dll
2008-12-10 14:24 15,132 ----atw c:\windows\system32\SIntf32.dll
2008-12-10 14:24 12,067 ----atw c:\windows\system32\SIntf16.dll
2008-12-09 19:59 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\AntiVir PersonalEdition Classic
2008-12-09 14:52 --------- d-----w c:\programmi\Java
2008-12-09 14:38 --------- d-----w c:\programmi\File comuni\Adobe
2008-12-05 23:14 --------- d-----w c:\programmi\Softwin
2008-12-05 22:42 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-12-05 21:45 --------- d-----w c:\programmi\Enigma Software Group
2008-12-05 21:45 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-11-02 01:37 --------- d-----w c:\documents and settings\LILIANA\Dati applicazioni\uTorrent
2008-10-31 14:53 --------- d-----w c:\programmi\eMule
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-13 17:48 --------- d-----w c:\documents and settings\LILIANA\Dati applicazioni\Livestation
2008-10-13 17:47 413,696 ----a-w c:\windows\system32\wrap_oal.dll
2008-10-13 17:47 110,592 ----a-w c:\windows\system32\OpenAL32.dll
2008-10-13 17:47 --------- d-----w c:\programmi\OpenAL
2008-10-13 17:47 --------- d-----w c:\programmi\Livestation
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:38 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-03-10 14:47 32 ----a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2007-09-03 15:44 55,832 ----a-w c:\documents and settings\LILIANA\Dati applicazioni\GDIPFONTCACHEV1.DAT
2005-11-03 23:29 72,832 ----a-r c:\windows\inf\CamAvb.sys
2008-05-13 15:04 86,070 ----a-w c:\programmi\mozilla firefox\plugins\pthreadVC2.dll
2008-05-13 15:04 1,561,336 ----a-w c:\programmi\mozilla firefox\plugins\RineraProxy.dll
2008-09-07 14:35 2 --shatr c:\windows\winstart.bat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"TOSCDSPD"="c:\programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 65536]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-08-11 21741864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-24 5419008]
"Apoint"="c:\programmi\Apoint2K\Apoint.exe" [2004-03-23 196608]
"PadTouch"="c:\programmi\TOSHIBA\Touch and Launch\PadExe.exe" [2004-06-29 1077326]
"CeEKEY"="c:\programmi\TOSHIBA\E-KEY\CeEKey.exe" [2004-11-29 667648]
"TPNF"="c:\programmi\TOSHIBA\TouchPad\TPTray.exe" [2004-11-29 53248]
"SmoothView"="c:\programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-12-21 118784]
"HWSetup"="c:\programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-23 28672]
"TOSHIBA Accessibility"="c:\programmi\TOSHIBA\Accessibility\FnKeyHook.exe" [2005-01-14 24576]
"SVPWUTIL"="c:\programmi\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-12-27 61440]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-30 127035]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2005-04-16 98304]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-06-03 81920]
"avgnt"="c:\programmi\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-01-18 185896]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
"nwiz"="nwiz.exe" [2004-11-24 c:\windows\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 c:\windows\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2004-12-23 c:\windows\system32\TPSMain.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-01-24 c:\windows\system32\TCtrlIOHook.exe]
"Zooming"="ZoomingHook.exe" [2004-07-14 c:\windows\system32\ZoomingHook.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\LILIANA\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056]
LG SyncManager.lnk - c:\programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe [2007-01-02 299008]
Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-09-05 66864]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-04-06 155648]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2008-11-19 6144]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-07-23 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-09-04 09:33 352256 c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;\??\c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [2008-02-29 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [2008-02-29 55024]
R2 acedrv10;acedrv10;\??\c:\windows\system32\drivers\acedrv10.sys [2007-07-24 328824]
R2 acehlp10;acehlp10;\??\c:\windows\system32\drivers\acehlp10.sys [2007-07-11 201848]
R2 NwSapAgent;Agente SAP;c:\windows\system32\svchost.exe -k netsvcs [2005-02-02 14336]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\DRIVERS\k600bus.sys [2006-12-24 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\DRIVERS\k600mdfl.sys [2006-12-24 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\DRIVERS\k600mdm.sys [2006-12-24 87456]
S3 RegGuard;RegGuard;\??\c:\windows\system32\Drivers\regguard.sys [2007-01-11 25837]
S3 SASENUM;SASENUM;\??\c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 Tosrfpcc;Bluetooth PC Card Controller from Toshiba;c:\windows\system32\Drivers\tosrfpcc.sys [2002-08-01 160672]
S3 utm5nzgw;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\utm5nzgw.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2bc65f2-411d-11dd-9ca1-000e35fe8dd8}]
\Shell\AutoRun\command - f:\wd_windows_tools\WDSetup.exe

*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'

2005-04-13 c:\windows\Tasks\Promemoria registrazione 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-19 12:00]

2005-04-20 c:\windows\Tasks\Promemoria registrazione 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-19 12:00]

2005-04-06 c:\windows\Tasks\Promemoria registrazione 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-19 12:00]
.
- - - - ORFÃOS REMOVIDOS - - - -

WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FireFox -: Profile - c:\documents and settings\LILIANA\Dati applicazioni\Mozilla\Firefox\Profiles\8sntm5zs.default\
FF -: plugin - c:\programmi\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\programmi\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\programmi\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\programmi\Mozilla Firefox\plugins\nprinera-1.4.5.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 16:06:27
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(1688)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
.
Ora fine scansione: 2008-12-10 16.08.00
ComboFix-quarantined-files.txt 2008-12-10 15:07:29

Pre-Run: 8.879.112.192 byte disponibili
Post-Run: 8,961,462,272 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

207 --- E O F --- 2008-11-24 15:36:31
Avatar utente
mario1982
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: gio giu 14, 2007 11:26 pm

Re: infezione worm roron.50

Messaggioda Amantide » gio dic 11, 2008 12:50 pm

Anche nel log di Combofix non si vede nulla di particolare.

Fai lo scan completo del disco C:\ con Kaspersky online e posta qui il report della scansione.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: infezione worm roron.50

Messaggioda mario1982 » sab dic 13, 2008 12:09 am

ho eseguito la scansione con Kaspersky online scan e ha trovato diverse infezioni. I primi quattro .exe sono del genere che ha già più volte trovato avira antivir. li elimino per poi ritrovarmeli nel computer al successivo riavvio. Spero possiate aiutarmi... grazie ancora. Posto qui di seguito:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, December 13, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, December 12, 2008 14:32:44
Records in database: 1454842
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
H:\

Scan statistics:
Files scanned: 77253
Threat name: 2
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 02:14:44


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Documenti\BritneyUltimatev4.5.exe Infected: Email-Worm.Win32.Roron.50.b 1
C:\Documents and Settings\All Users\Documenti\Hot Blondies3.0.exe Infected: Email-Worm.Win32.Roron.50.b 1
C:\Documents and Settings\All Users\Documenti\Pam Anderson Theme (Eng).exe Infected: Email-Worm.Win32.Roron.50.b 1
C:\Documents and Settings\All Users\Documenti\Teen Sex Cam 3.0.exe Infected: Email-Worm.Win32.Roron.50.b 1
C:\Documents and Settings\LILIANA\Impostazioni locali\Dati applicazioniKiweeToolbar1.2.114.msi Infected: Trojan-Downloader.Win32.Zlob.meq 1

The selected area was scanned.
Avatar utente
mario1982
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: gio giu 14, 2007 11:26 pm

Re: infezione worm roron.50

Messaggioda Amantide » sab dic 13, 2008 4:30 pm

Scarica OtMoveIt3, avvialo ed assicurati che la voce Unregister Dll's and Ocx's sia spuntata.
Nello spazio bianco sotto alla voce Paste Instructions for items to be Moved incolla il seguente script e clicca su MoveIt!:

Codice: Seleziona tutto
:files
C:\Documents and Settings\All Users\Documenti\BritneyUltimatev4.5.exe
C:\Documents and Settings\All Users\Documenti\Hot Blondies3.0.exe
C:\Documents and Settings\All Users\Documenti\Pam Anderson Theme (Eng).exe
C:\Documents and Settings\All Users\Documenti\Teen Sex Cam 3.0.exe
C:\Documents and Settings\LILIANA\Impostazioni locali\Dati applicazioniKiweeToolbar1.2.114.msi
C:\Documents and Settings\LILIANA\Impostazioni locali\Dati applicazioni\KiweeToolbar1.2.114.msi

:commands
[purity]
[emptytemp]
[Reboot]


Il log dell'operazione verrà salvato nella cartella C:\_OtMoveIt\MovedFiles sotto la forma del file [nome_e_data].LOG
Copia il suo contenuto ed inseriscilo qui.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: infezione worm roron.50

Messaggioda mario1982 » sab dic 13, 2008 6:35 pm

Operazione effettuata, di seguito il log. Una curiosità: già in precedenza questi file sono stati eliminati da avira, ma, come raccontavo, sono poi ricomparsi al seguente riavvio. Quale operazione in più è stata effettuata con questo programma? Farò un'altra scansione online con Kaspersky e posterò i risultati, per verificare che il problema sia risolto. Grazie ancora, ciao!

========== FILES ==========
C:\Documents and Settings\All Users\Documenti\BritneyUltimatev4.5.exe moved successfully.
File/Folder C:\Documents and Settings\All Users\Documenti\Hot Blondies3.0.exe not found.
File/Folder C:\Documents and Settings\All Users\Documenti\Pam Anderson Theme (Eng).exe not found.
File/Folder C:\Documents and Settings\All Users\Documenti\Teen Sex Cam 3.0.exe not found.
File/Folder C:\Documents and Settings\LILIANA\Impostazioni locali\Dati applicazioniKiweeToolbar1.2.114.msi not found.
File/Folder C:\Documents and Settings\LILIANA\Impostazioni locali\Dati applicazioni\KiweeToolbar1.2.114.msi not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\LILIANA\IMPOST~1\Temp\etilqs_6dJSNcAHXfUlJgesx67W scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_634.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\LILIANA\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\8sntm5zs.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LILIANA\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\8sntm5zs.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LILIANA\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\8sntm5zs.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LILIANA\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\8sntm5zs.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LILIANA\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\8sntm5zs.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LILIANA\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\8sntm5zs.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12132008_182615

Files moved on Reboot...
File C:\DOCUME~1\LILIANA\IMPOST~1\Temp\etilqs_6dJSNcAHXfUlJgesx67W not found!
File C:\WINDOWS\temp\Perflib_Perfdata_634.dat not found!
C:\Documents and Settings\LILIANA\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\8sntm5zs.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\LILIANA\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\8sntm5zs.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\LILIANA\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\8sntm5zs.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\LILIANA\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\8sntm5zs.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\LILIANA\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\8sntm5zs.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\LILIANA\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\8sntm5zs.default\XUL.mfl moved successfully.
Avatar utente
mario1982
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: gio giu 14, 2007 11:26 pm

Re: infezione worm roron.50

Messaggioda Amantide » sab dic 13, 2008 7:19 pm

mario1982 ha scritto: Una curiosità: già in precedenza questi file sono stati eliminati da avira, ma, come raccontavo, sono poi ricomparsi al seguente riavvio. Quale operazione in più è stata effettuata con questo programma?

Grazie a questi 2 comandi ...
Codice: Seleziona tutto
:commands
[purity]
[emptytemp]

... sono state svuotate le cartelle con i file temporanei e quella della cache del browser, dove spesso si nidificano i file infetti che a sua volta generano altri file malefici.
Prova anche a fare la scansione con i programmi come Malwarebytes Anti-malware e SuperAntiSpyware.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: infezione worm roron.50

Messaggioda mario1982 » dom dic 14, 2008 12:28 pm

dunque... con superantispyware avevo già provato, ma nulla da fare. malwarebytes non ha trovato nulla, e così anche il kaspersy tool di oggi che ho scaricato e fatto girare... niente. intanto avira continua a trovare file infetti come quegli .exe, e il computer rallenta vistosamente... confesso che non saprei cos'altro fare... avrei pensato ad altre tre possibilità, non so se possiate darmi un consiglio a proposito:
1) scaricare la versione evaluate di trojan remover: me ne hanno parlato, ma non so se sia in effetti molto più efficace dei freeware
2) installare comodo firewall e verificare se c'è qualche applicazione sconosciuta che fa partire una connessione verso l'esterno, come un backdoor o cose del genere
3) ultima e possibilità che vorrei evitare: formattare il pc...
cosa ne pensate?
vi ringrazio ancora per il supporto... buona domenica
Avatar utente
mario1982
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: gio giu 14, 2007 11:26 pm

Re: infezione worm roron.50

Messaggioda Amantide » dom dic 14, 2008 12:36 pm

mario1982 ha scritto:2) installare comodo firewall e verificare se c'è qualche applicazione sconosciuta che fa partire una connessione verso l'esterno, come un backdoor o cose del genere

Ottima idea [^]
Intanto prova a fare questo e poi si vedrà.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: infezione worm roron.50

Messaggioda mario1982 » dom dic 14, 2008 5:32 pm

ti ringrazio per il consiglio... nei prossimi giorni non potrò metterlo in pratica, poiché sarò fuori: lo farò tra circa una settimana, e ne posterò qui i risultati. grazie ancora per l'assistenza, e buon inizio settimana. a risentirci tra qualche giorno, ciao!
Avatar utente
mario1982
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: gio giu 14, 2007 11:26 pm

Re: infezione worm roron.50

Messaggioda mario1982 » gio dic 25, 2008 7:27 pm

ciao... ho finalmente provveduto a dotare il computer del comodo firewall, per monitorare il traffico, così come ti accennavo. allo stato, oltre a firefox, ci sono solo altri 4 processi che utilizzano le porte del computer:
cvpnd.exe, che è un Vpn Client della Cisco, verificato e conosciuto;
un non meglio identificato processo "system", TCP listening: 139;
svchost.exe TCP listening: 135 (system32)
alg.exe TCP listening:1038 (system32)
firefox (è in esecuzione), TCP listening:1467, 1470; TCP OUT 192.168.0.100:1545 destination 74.125.97.25:80
a vostro parere, c'è qualcosa di strano in corso o è tutto ok? al momento non si riscontrano rallentamenti di rilievo...

grazie e buon natale!
Avatar utente
mario1982
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: gio giu 14, 2007 11:26 pm

Re: infezione worm roron.50

Messaggioda Amantide » sab dic 27, 2008 2:01 pm

Sembrano essere le connessioni regolari [uhm] ... nulla di sospetto [boh]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: infezione worm roron.50

Messaggioda mario1982 » sab dic 27, 2008 4:35 pm

non so... solo una volta ha bloccato un msmsgs.exe che ho letto essere potenziale portatore di infezioni... ma una scansione su virustotal.com ha dissipato questo sospetto. non so, per ora il computer va bene, posterò qui eventuali aggiornamenti. ti ringrazio ancora per la costante assistenza, buone feste!
Avatar utente
mario1982
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: gio giu 14, 2007 11:26 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising