Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

un occhiata da parte degli esperti per favore...

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

un occhiata da parte degli esperti per favore...

Messaggioda erick ortiz » mar nov 03, 2009 8:44 pm

ragazzi il mio pc non va piu bene e mi esce una finestra di [ error zip] purtroppo non mi intendo di questo aiuto.. di seguito metto i log fatto con 2 programmi.. ragzzi confido in voi..sembrate bravi..

1-

ComboFix 09-11-02.05 - studio recording 03/11/2009 19.36.05.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.511.264 [GMT 1:00]
Eseguito da: c:\documents and settings\studio recording\Documenti\Downloads\ortiz.exe
AV: avast! antivirus 4.7.1029 [VPS 000761-2] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\windows\AhnRpta.exe
c:\windows\system32\Data
c:\windows\system32\java2.exe
c:\windows\system32\mssrv32.exe
c:\windows\system32\msvcsv60.dll
c:\windows\system32\svvhost2.exe
c:\windows\system32\swinlogin.exe
c:\windows\system32\systemlog.exe
c:\windows\system32\winlogin2.exe
E:\j39y2.bat

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSUPDATE


((((((((((((((((((((((((( Files Creati Da 2009-10-03 al 2009-11-03 )))))))))))))))))))))))))))))))))))
.

2009-11-03 18:28 . 2009-11-03 18:28 -------- d-----w- c:\programmi\Trend Micro
2009-11-03 14:36 . 2009-11-03 14:36 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\ESET
2009-11-03 13:26 . 2009-11-03 15:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-11-03 13:26 . 2009-11-03 13:26 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-11-03 04:24 . 2009-11-03 04:24 -------- d-----w- c:\documents and settings\studio recording\Impostazioni locali\Dati applicazioni\ESET
2009-11-03 04:19 . 2009-11-03 04:19 -------- d-----w- c:\programmi\ESET
2009-11-03 04:19 . 2009-11-03 04:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ESET
2009-11-02 12:23 . 2009-11-02 12:23 -------- d-----w- c:\windows\SHELLNEW
2009-11-02 12:23 . 2009-11-02 12:23 -------- d-----w- c:\programmi\Microsoft.NET
2009-11-02 00:30 . 2009-11-03 18:48 -------- d-----w- c:\documents and settings\studio recording\Dati applicazioni\Free Download Manager
2009-11-02 00:30 . 2009-11-02 00:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FreeDownloadManager.ORG
2009-11-02 00:30 . 2009-11-02 00:30 -------- d-----w- c:\programmi\Free Download Manager
2009-11-01 18:18 . 2009-11-01 18:18 -------- d-----w- c:\programmi\Tensons
2009-11-01 04:00 . 2009-11-02 15:48 -------- d-----w- C:\Downloads
2009-11-01 03:59 . 2009-11-01 03:59 -------- d-----w- c:\programmi\Software Informer
2009-10-31 23:58 . 2009-11-01 00:21 -------- d-----w- c:\programmi\Internet Download Manager
2009-10-31 21:39 . 2008-07-29 21:59 1324544 ----a-w- c:\windows\system32\SYNSOACC.dll
2009-10-31 21:36 . 2009-10-31 21:36 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\{2373B11D-DEC4-4D14-AE62-03F9FBAE52BC}
2009-10-31 21:32 . 2009-10-31 21:32 -------- d-----w- C:\Program Files
2009-10-31 21:31 . 2009-10-31 21:31 -------- d-----w- c:\programmi\VST
2009-10-31 21:28 . 2003-03-18 18:04 765952 ----a-w- c:\windows\system32\msvcp71d.dll
2009-10-31 21:28 . 2003-03-18 18:03 544768 ----a-w- c:\windows\system32\msvcr71d.dll
2009-10-31 21:28 . 2009-11-01 16:41 -------- d-----w- c:\programmi\Nomad Factory
2009-10-28 22:09 . 2009-10-28 22:09 -------- d-----w- c:\documents and settings\studio recording\Impostazioni locali\Dati applicazioni\ONSPEED
2009-10-27 19:55 . 2009-11-03 17:52 -------- d-----w- c:\windows\system32\NtmsData
2009-10-27 18:56 . 2003-06-19 00:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-10-26 23:57 . 2004-08-19 13:39 280576 -c--a-w- c:\windows\system32\dllcache\mstask.dll
2009-10-26 23:57 . 2004-08-19 13:39 280576 ----a-w- c:\windows\system32\mstask.dll
2009-10-26 19:28 . 2001-08-31 11:00 139264 -c--a-w- c:\windows\system32\dllcache\sndvol32.exe
2009-10-26 14:53 . 2009-10-26 14:55 -------- d-----w- c:\programmi\SPL Plug-Ins
2009-10-26 14:31 . 2009-10-26 14:31 -------- d-----w- c:\programmi\File comuni\VST3
2009-10-26 11:43 . 2009-10-29 15:44 217680 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-26 00:57 . 2009-10-26 00:57 -------- d-sh--w- c:\documents and settings\studio recording\PrivacIE
2009-10-26 00:57 . 2009-10-26 00:57 -------- d-sh--w- c:\documents and settings\studio recording\IECompatCache
2009-10-26 00:55 . 2009-10-26 00:55 -------- d-sh--w- c:\documents and settings\studio recording\IETldCache
2009-10-25 23:35 . 2009-10-26 01:21 -------- dc----w- c:\windows\ie8
2009-10-25 23:21 . 2009-10-27 12:00 -------- d-----w- c:\documents and settings\studio recording\Dati applicazioni\uTorrent
2009-10-25 23:08 . 2009-10-25 23:10 -------- d-----w- c:\documents and settings\studio recording\torrent
2009-10-25 18:48 . 2009-10-25 18:48 -------- d-----w- c:\programmi\FXpansion
2009-10-25 18:48 . 2009-10-25 18:49 -------- d-----w- c:\documents and settings\studio recording\Dati applicazioni\FXpansion
2009-10-17 18:58 . 2009-10-17 18:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ableton
2009-10-17 18:56 . 2009-03-31 12:47 368640 ----a-w- c:\windows\system32\ReWire.dll
2009-10-17 18:52 . 2009-10-17 18:52 -------- d-----w- c:\programmi\Ableton
2009-10-13 21:45 . 2009-10-30 16:56 176 ----a-w- c:\windows\msocreg32.dat
2009-10-13 21:30 . 2009-10-13 21:30 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A}
2009-10-13 21:30 . 2009-10-13 21:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Native Instruments
2009-10-13 21:30 . 2009-10-13 21:30 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
2009-10-13 21:10 . 2009-10-13 21:10 -------- d-----w- c:\programmi\Apple Software Update
2009-10-13 21:09 . 2009-10-13 21:09 -------- d-----w- c:\programmi\IK Multimedia
2009-10-13 21:09 . 2009-10-13 21:09 -------- d-----w- c:\documents and settings\studio recording\Dati applicazioni\InstallShield
2009-10-13 21:03 . 2009-10-13 21:03 -------- d-----w- c:\documents and settings\studio recording\Dati applicazioni\iZotope
2009-10-13 21:03 . 2009-10-26 14:31 -------- d-----w- c:\programmi\iZotope
2009-10-13 21:01 . 2009-10-26 14:53 -------- d-----w- c:\programmi\Steinberg
2009-10-13 19:07 . 2009-10-13 19:07 -------- d-----w- c:\programmi\File comuni\Adobe AIR
2009-10-13 19:03 . 2009-10-13 19:03 -------- d-----w- c:\programmi\Streamworks Audio
2009-10-10 21:26 . 2009-10-10 21:27 -------- d-----w- c:\programmi\MeowCdMp3
2009-10-10 21:24 . 2006-09-20 13:14 163840 ----a-w- c:\windows\system32\ArtFfct.dll
2009-10-10 21:24 . 2009-10-31 21:39 -------- d-----w- c:\programmi\Arturia
2009-10-08 21:46 . 2009-10-08 21:46 -------- d-----w- C:\Archivos de programa
2009-10-08 21:45 . 2009-10-08 21:45 -------- d-----w- c:\programmi\Spectrasonics
2009-10-07 21:36 . 2009-10-07 21:36 -------- d-sh--w- c:\documents and settings\studio recording\UserData
2009-10-06 17:30 . 2009-10-06 17:30 -------- d-----w- c:\documents and settings\studio recording\Dati applicazioni\LinPlug
2009-10-05 20:38 . 2009-10-05 20:38 -------- d-----w- c:\programmi\File comuni\Everstrike Software
2009-10-05 20:38 . 2009-10-05 20:38 -------- d-----w- c:\programmi\Everstrike Software
2009-10-05 20:26 . 2009-10-05 20:29 -------- d-----w- c:\programmi\Styler
2009-10-05 20:26 . 2009-10-05 20:35 -------- d-----w- c:\programmi\Vista Sidebar
2009-10-05 20:26 . 2009-10-05 20:26 -------- d-----w- c:\programmi\Blaero Start Orb
2009-10-05 20:26 . 2009-10-05 20:26 -------- d-----w- c:\programmi\VisualTooltip
2009-10-05 20:26 . 2006-12-10 23:29 7287808 ----a-w- c:\windows\system32\vistaui.exe
2009-10-05 20:26 . 2009-10-05 20:26 -------- d-----w- c:\programmi\LClock
2009-10-05 20:23 . 2009-10-05 20:26 -------- d-----w- c:\windows\system32\VITrans
2009-10-05 20:18 . 2009-10-05 20:18 -------- d-----w- c:\documents and settings\studio recording\Dati applicazioni\IconTweaker
2009-10-05 20:18 . 2009-10-05 20:18 -------- d-----w- c:\programmi\IconTweaker
2009-10-05 20:18 . 2009-10-05 20:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IconTweaker
2009-10-05 20:13 . 2009-10-05 20:13 -------- d-----w- c:\windows\system32\VIRepair

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-03 17:35 . 2009-09-18 04:22 134 ----a-w- c:\windows\system32\_WDYSZYG.sys
2009-11-02 12:34 . 2009-09-12 02:06 414640 ----a-w- c:\documents and settings\studio recording\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-02 12:29 . 2009-09-12 02:09 -------- d-----w- c:\documents and settings\studio recording\Dati applicazioni\OpenOffice.org2
2009-11-01 16:42 . 2009-09-19 18:40 -------- d-----w- c:\programmi\VSTPlugins
2009-11-01 00:21 . 2009-09-12 23:52 -------- d-----w- c:\documents and settings\studio recording\Dati applicazioni\DMCache
2009-10-31 02:23 . 2009-09-19 18:40 -------- d-----w- c:\programmi\Native Instruments
2009-10-30 17:40 . 2009-09-14 20:42 2404 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-30 16:55 . 2009-09-23 19:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PACE Anti-Piracy
2009-10-30 16:55 . 2009-09-23 19:25 -------- d-----w- c:\documents and settings\studio recording\Dati applicazioni\PACE Anti-Piracy
2009-10-28 18:28 . 2009-09-14 20:17 -------- d-----w- c:\documents and settings\studio recording\Dati applicazioni\Apple Computer
2009-10-27 19:46 . 2001-08-31 11:00 80268 ----a-w- c:\windows\system32\perfc010.dat
2009-10-27 19:46 . 2001-08-31 11:00 481664 ----a-w- c:\windows\system32\perfh010.dat
2009-10-27 00:43 . 2009-09-12 02:19 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-10-26 14:16 . 2009-09-14 20:16 -------- d-----w- c:\programmi\Bonjour
2009-10-26 14:03 . 2009-09-11 22:32 -------- d-----w- c:\programmi\Servizi in linea
2009-10-26 08:17 . 2009-09-12 02:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2009-10-25 18:48 . 2009-09-19 17:18 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2009-10-25 18:48 . 2006-12-08 12:58 69632 ----a-w- c:\windows\system32\FxShared.dll
2009-10-25 18:48 . 2006-12-08 01:52 69632 ----a-w- c:\windows\system32\com.fxpansion.fxshared.dll
2009-10-17 18:58 . 2009-09-19 17:18 -------- d-----w- c:\documents and settings\studio recording\Dati applicazioni\Ableton
2009-10-13 21:12 . 2009-09-14 20:15 -------- d-----w- c:\programmi\QuickTime
2009-10-13 21:11 . 2009-09-14 20:13 -------- d-----w- c:\programmi\File comuni\Apple
2009-10-13 21:09 . 2009-09-11 22:40 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-08 18:27 . 2007-09-26 22:07 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-06 12:00 . 2009-09-23 11:23 -------- d-----w- c:\documents and settings\studio recording\Dati applicazioni\Datalayer
2009-10-05 20:09 . 2009-09-18 04:22 -------- d-----w- c:\programmi\WinUtilities
2009-09-29 12:05 . 2009-09-29 12:05 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-09-29 12:02 . 2009-09-29 12:02 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-09-29 11:56 . 2009-09-29 11:56 116008 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-09-25 20:16 . 2009-09-25 20:16 21 ----a-w- c:\documents and settings\studio recording\Dati applicazioni\iasna_C92E1371-3DF5-4322-9729-82CC0DD90EC5.dll
2009-09-25 20:16 . 2009-09-25 20:16 21 ----a-w- c:\documents and settings\studio recording\Dati applicazioni\iasna_FB9AECF7-F56E-4c47-A862-8892AA545109.dll
2009-09-25 20:16 . 2009-09-25 20:16 21 ----a-w- c:\documents and settings\studio recording\Dati applicazioni\iasna_496F4C99-60CC-4b9e-AC1B-FA060E643C30.dll
2009-09-25 20:16 . 2009-09-25 20:16 20 ----a-w- c:\documents and settings\studio recording\Dati applicazioni\iasna_D9C6A609-15A1-4768-8E98-6FA00C2547A4.dll
2009-09-25 20:16 . 2009-09-25 20:16 13 ----a-w- c:\documents and settings\studio recording\Dati applicazioni\iasna_72024697-2626-4a12-8347-7CAC1834AC37.dll
2009-09-25 20:16 . 2009-09-25 20:16 21 ----a-w- c:\documents and settings\studio recording\Dati applicazioni\iasna_F4F01109-B336-401f-BDE2-7C1926744120.dll
2009-09-25 19:00 . 2009-09-25 19:00 -------- d-----w- c:\programmi\Ninja
2009-09-25 18:55 . 2009-09-25 18:55 4872 ----a-w- c:\programmi\uninstal.log
2009-09-25 18:53 . 2009-09-25 18:53 -------- d-----w- c:\programmi\MachFive Files
2009-09-25 18:45 . 2009-09-25 18:45 -------- d-----w- c:\programmi\LUXONIX
2009-09-25 18:36 . 2009-09-25 18:36 -------- d-----w- c:\programmi\FAW
2009-09-25 18:34 . 2009-09-25 18:34 -------- d-----w- c:\programmi\discoDSP
2009-09-25 18:18 . 2009-09-25 18:16 -------- d-----w- c:\documents and settings\studio recording\Dati applicazioni\Applied Acoustics Systems
2009-09-25 18:18 . 2009-09-25 18:16 -------- d-----w- c:\programmi\AAS
2009-09-25 18:15 . 2009-09-25 18:15 -------- d-----w- c:\programmi\Digidesign
2009-09-25 18:08 . 2009-09-25 16:03 -------- d-----w- c:\programmi\NuGen Audio
2009-09-23 19:25 . 2009-09-23 19:25 -------- d-----w- c:\programmi\File comuni\PACE Anti-Piracy
2009-09-23 18:14 . 2009-09-23 18:14 -------- d-----w- c:\programmi\InterLok
2009-09-23 18:13 . 2009-09-23 18:13 -------- d-----w- c:\programmi\SoundToys
2009-09-23 18:13 . 2009-09-23 18:13 -------- d-----w- c:\programmi\File comuni\SoundToys
2009-09-23 18:13 . 2009-09-23 18:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\VST3 Presets
2009-09-21 23:22 . 2009-09-21 23:20 -------- d-----w- c:\programmi\Drumagog40
2009-09-21 23:20 . 2009-09-21 23:20 -------- d-----w- c:\programmi\Common Files
2009-09-21 22:12 . 2009-09-21 22:12 0 ---ha-w- c:\documents and settings\studio recording\Dati applicazioni\.A853F16628CEB20A.sys
2009-09-21 20:09 . 2009-09-21 20:09 -------- d-----w- c:\documents and settings\studio recording\Dati applicazioni\Waves Audio
2009-09-21 20:08 . 2009-09-21 20:07 -------- d-----w- c:\programmi\Waves
2009-09-21 09:03 . 2009-09-21 09:03 -------- d-----w- c:\programmi\Gadwin Systems
2009-09-20 10:19 . 2009-09-20 10:19 -------- d-----w- c:\programmi\VistaCodecPack
2009-09-20 10:19 . 2009-09-13 02:24 -------- d-----w- c:\programmi\K-Lite Codec Pack
2009-09-20 10:19 . 2009-09-20 10:19 -------- d-----w- c:\documents and settings\studio recording\Dati applicazioni\Media Player Classic
2009-09-19 19:48 . 2009-09-19 19:47 -------- d-----w- c:\programmi\LiquidInstrument
2009-09-19 19:47 . 2009-09-11 22:40 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-09-19 19:13 . 2009-09-19 19:13 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{C2686527-0D57-4F0B-ADAB-EE203CA30FC6}
2009-09-19 19:13 . 2009-09-19 18:40 -------- d-----w- c:\programmi\File comuni\Native Instruments
2009-09-19 19:08 . 2009-09-19 19:08 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{235C56CA-353F-4166-9F03-DC83C5C57131}
2009-09-19 19:02 . 2009-09-19 19:02 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{B2E750D8-6229-4554-B170-E8C77EDC1596}
2009-09-19 18:40 . 2009-09-19 18:40 -------- d-----w- c:\programmi\File comuni\Digidesign
2009-09-19 18:38 . 2009-09-19 18:38 -------- d-----w- c:\programmi\ASIO4ALL v2
2009-09-19 17:13 . 2009-09-19 17:09 -------- d-----w- c:\documents and settings\studio recording\Dati applicazioni\DAEMON Tools Lite
2009-09-19 17:12 . 2009-09-19 17:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2009-09-19 17:12 . 2009-09-19 17:12 -------- d-----w- c:\programmi\DAEMON Tools Toolbar
2009-09-19 17:12 . 2009-09-19 17:12 -------- d-----w- c:\programmi\DAEMON Tools Lite
2009-09-19 17:09 . 2009-09-19 17:09 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-19 00:35 . 2009-09-18 17:10 -------- d-----w- c:\programmi\Web Publish
2009-09-18 22:05 . 2009-09-18 22:05 663640 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-09-18 22:04 . 2009-09-18 22:04 -------- d-----w- c:\programmi\MSBuild
2009-09-18 22:04 . 2009-09-18 22:04 -------- d-----w- c:\programmi\Reference Assemblies
2009-09-18 22:01 . 2009-09-18 22:01 -------- d-----w- c:\programmi\MSXML 6.0
2009-09-18 16:48 . 2009-09-12 22:35 -------- d-----w- c:\programmi\Opera
2009-09-17 23:13 . 2009-09-17 23:13 -------- d-----w- c:\programmi\GdViewer ActiveX
2009-09-17 21:35 . 2009-09-17 21:35 -------- d-----w- c:\programmi\Application Compatibility Toolkit
2009-09-17 19:42 . 2009-09-14 20:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-09-16 20:23 . 2009-09-16 20:23 -------- d-----w- c:\documents and settings\studio recording\Dati applicazioni\AdobeUM
2009-09-16 20:21 . 2009-09-16 12:15 -------- d-----w- c:\programmi\File comuni\Adobe
2009-09-16 12:40 . 2009-09-16 12:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2009-09-16 12:20 . 2009-09-16 12:20 -------- d-----w- c:\programmi\File comuni\Macrovision Shared
2009-09-15 02:11 . 2009-09-15 02:11 1772288 ----a-w- c:\documents and settings\studio recording\Dati applicazioni\Integrator.exe
2009-09-14 20:17 . 2009-09-14 20:17 -------- d-----w- c:\programmi\iTunes
2009-09-14 20:17 . 2009-09-14 20:17 -------- d-----w- c:\programmi\iPod
2009-09-14 20:13 . 2009-09-14 20:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2009-09-14 10:57 . 2009-09-14 10:57 -------- d-----w- c:\programmi\DAMN NFO Viewer
2009-09-12 20:52 . 2009-09-12 20:52 -------- d-----w- c:\programmi\7-Zip
2009-09-12 19:10 . 2009-09-12 19:10 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-09-12 19:02 . 2009-09-11 22:40 -------- d-----w- c:\programmi\Java
2009-09-12 02:42 . 2009-09-12 02:42 -------- d-----w- c:\programmi\Alwil Software
2009-09-12 02:39 . 2009-09-12 02:39 -------- d-----w- c:\programmi\TuneUp Utilities 2007
2009-09-12 02:39 . 2009-09-12 02:39 -------- d-----w- c:\documents and settings\studio recording\Dati applicazioni\TuneUp Software
2009-09-12 02:35 . 2009-09-12 02:26 -------- d-----w- c:\documents and settings\studio recording\Dati applicazioni\Creative
2009-09-12 02:30 . 2009-09-12 02:23 -------- d-----w- c:\programmi\Creative
2009-09-12 02:14 . 2009-09-12 02:14 0 ----a-w- c:\windows\nsreg.dat
2009-09-12 02:06 . 2009-09-12 02:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Martau
.

------- Sigcheck -------

[-] 2004-08-03 . 6A603809F598332DBEDD535BDBCE313E . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys

[-] 2004-08-19 . 88C519A928CA962FDC996BD2B38FF48A . 2194176 . . [5.1.2600.2180] . . c:\windows\system32\ntoskrnl.exe
[-] 2004-08-19 . 88C519A928CA962FDC996BD2B38FF48A . 2194176 . . [5.1.2600.2180] . . c:\windows\system32\VITrans\ntoskrnl.exe

[-] 2004-08-19 . 02814EFADD5E2C60F736D2448546D2F0 . 1425408 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-19 . 02814EFADD5E2C60F736D2448546D2F0 . 1425408 . . [6.00.2900.2180] . . c:\windows\system32\VITrans\explorer.exe

[-] 2004-08-19 . CBDFECBC0E560C4D822576E6C0EC3909 . 2070016 . . [5.1.2600.2180] . . c:\windows\system32\ntkrnlpa.exe
[-] 2004-08-19 . CBDFECBC0E560C4D822576E6C0EC3909 . 2070016 . . [5.1.2600.2180] . . c:\windows\system32\VITrans\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative MediaSource Go"="c:\programmi\Creative\MediaSource\Go\CTCMSGo.exe" [2003-08-12 131072]
"RemoteCenter"="c:\programmi\Creative\MediaSource\RemoteControl\RCMan.EXE" [2004-06-25 147456]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\programmi\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"LClock"="c:\programmi\LClock\LClock.exe" [2004-09-19 65536]
"Styler"="c:\programmi\Styler\Styler.exe" [2006-05-03 307200]
"Vista Sidebar"="c:\programmi\Vista Sidebar\sidebar.exe" [2006-12-25 6083072]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
"SbUsb AudCtrl"="sbusbdll.dll" - c:\windows\system32\sbusbdll.dll [2004-07-09 119296]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Java SATARaid.lnk - c:\programmi\Silicon Image\Java SATARaid\siicfg.jar [2009-9-11 1750703]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PcSync"=c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" /background
"fsm"=
"INetBooster"=c:\programmi\AudioShareware.com\Internet Speed Booster\ISB.exe
"SYTIEM"=c:\windows\fonts\winlgoon.exe
"systemlog"=c:\windows\system32\systemlog.exe
"swinlogin"=c:\windows\system32\swinlogin.exe
"svvhost2"=c:\windows\system32\svvhost2.exe
"java2"=c:\windows\system32\java2.exe
"Free Download Manager"=c:\progra~1\FREEDO~1\fdm.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PCSuiteTrayApplication"=c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0\bin\jusched.exe"
"Styler"=c:\programmi\Styler\Styler.exe
"VisualTooltip"=c:\programmi\VisualTooltip\VisualToolTip.exe
"LClock"=c:\programmi\LClock\LClock.exe
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"Blaero Start Orb"=c:\programmi\Blaero Start Orb\Blaero Start Orb.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\Java\\jre1.6.0\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Java\\jre1.5.0_05\\bin\\javaw.exe"=
"c:\\Programmi\\Silicon Image\\Java SATARaid\\SiITray.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=

R0 si3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\si3112r.sys [11/09/2009 23.36.42 102528]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [11/09/2009 23.36.31 10368]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29/09/2009 13.02.58 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [29/09/2009 13.05.54 96408]
R2 ekrn;ESET Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [29/09/2009 13.03.46 735960]
R2 LF30FS;LF30FS;c:\programmi\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [19/11/2004 17.07.00 101488]
R3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [12/09/2009 3.25.24 1643648]
S2 SATARaid5 Config Service;SATARaid5 Configuration Service;c:\programmi\Silicon Image\3124-W-I32-R SATARAID5\SATARaid5ConfigService.exe [05/10/2005 16.19.00 131072]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - MBR
*Deregistered* - mbr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233807B5-2H70-13D0-A31Q-00BB00B32C03}]
c:\windows\fonts\winlgoon.exe

[HKEY_CURRENT_USER\software\microsoft\active setup\installed components\{233807B5-2H70-13D0-A31Q-00BB00B32C03}]
c:\windows\fonts\winlgoon.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-10-23 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmi\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 19:51]

2009-11-03 c:\windows\Tasks\User_Feed_Synchronization-{CEEEF94E-2467-42F6-9DB4-9A7D11428F8F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = 10.128.201.76:80
IE: Scarica con Free Download Manager - file://c:\programmi\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\programmi\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\programmi\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://c:\programmi\Free Download Manager\dlall.htm
TCP: {089F7B37-AF3F-464E-AF3C-827BBE98814B} = 83.224.65.134
FF - ProfilePath - c:\documents and settings\studio recording\Dati applicazioni\Mozilla\Firefox\Profiles\ta0porm8.default\
FF - prefs.js: network.proxy.ftp - 10.128.201.76
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 10.128.201.76
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 10.128.201.76
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 10.128.201.76
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 10.128.201.76
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 1
FF - component: c:\programmi\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\programmi\Java\jre1.6.0\bin\npoji610.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-03 19:50
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\docume~1\STUDIO~1\IMPOST~1\Temp\hsperfdata_studio recording\1940 65536 bytes

Scansione completata con successo
Files nascosti: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x823DF1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x823df1f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(1676)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\LClock\LC.dll
c:\programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\programmi\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\Microsoft Office\OFFICE11\msohev.dll
c:\programmi\File comuni\Microsoft Shared\OFFICE11\MSOXEV.DLL
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\windows\system32\RunDll32.exe
c:\programmi\Creative\MediaSource\RemoteControl\OSDMenu.EXE
c:\windows\system32\wscntfy.exe
c:\programmi\Silicon Image\Java SATARaid\SiITray.exe
.
**************************************************************************
.
Ora fine scansione: 2009-11-03 19.55.14 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-03 18:55

Pre-Run: 206.913.486.848 byte disponibili
Post-Run: 206.813.966.336 byte disponibili


il secondo
2-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.28.38, on 03/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmi\Silicon Image\3124-W-I32-R SATARAID5\SATARaid5ConfigService.exe
C:\Programmi\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\Programmi\LClock\LClock.exe
C:\Programmi\Styler\Styler.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmi\Creative\MediaSource\Go\CTCMSGo.exe
C:\Programmi\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Creative\MediaSource\RemoteControl\OSDMenu.EXE
C:\DOCUME~1\STUDIO~1\IMPOST~1\Temp\{940A0496-DB2D-4FE0-9A56-5EBF0BEE6E2A}\sidebar.exe
C:\Programmi\Silicon Image\Java SATARaid\SiITray.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.128.201.76:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 56.43.234.1 inwarez.com
O1 - Hosts: 56.43.234.1 http://www.inwarez.com
O1 - Hosts: 56.43.234.1 inwarez.net
O1 - Hosts: 56.43.234.1 http://www.inwarez.net
O1 - Hosts: 56.43.234.1 inwarez.org
O1 - Hosts: 56.43.234.1 http://www.inwarez.org
O1 - Hosts: 56.43.234.1 93.174.93.193
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programmi\Free Download Manager\iefdm2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programmi\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LClock] C:\Programmi\LClock\LClock.exe
O4 - HKLM\..\Run: [Styler] C:\Programmi\Styler\Styler.exe
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [Vista Sidebar] C:\Programmi\Vista Sidebar\sidebar.exe
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Programmi\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [RemoteCenter] C:\Programmi\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SYTIEM] C:\windows\fonts\winlgoon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [WiDUpdate] C:\windows\fonts\winlgoon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Java SATARaid.lnk = C:\Programmi\Silicon Image\Java SATARaid\siicfg.jar
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con Free Download Manager - file://C:\Programmi\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{089F7B37-AF3F-464E-AF3C-827BBE98814B}: NameServer = 83.224.65.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{089F7B37-AF3F-464E-AF3C-827BBE98814B}: NameServer = 83.224.65.134
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Condivisione desktop remoto di NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe (file missing)
O23 - Service: SATARaid5 Configuration Service (SATARaid5 Config Service) - Unknown owner - C:\Programmi\Silicon Image\3124-W-I32-R SATARAID5\SATARaid5ConfigService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe

--
End of file - 7947 bytes
Avatar utente
erick ortiz
Aficionado
Aficionado
 
Messaggi: 25
Iscritto il: mar nov 03, 2009 7:24 pm

Re: un occhiata da parte degli esperti per favore...

Messaggioda Amantide » mar nov 03, 2009 9:11 pm

Un po' di schifezze ha rimosso Combofix.

Ora scarica mbr.exe e salvalo nella directory C:\
Dopo vai su Start>> Esegui e digita mbr.exe -f
Mbr.exe metterà qualche secondo a fare la scansione. Fatto ciò postami qui il contenuto del log creato che troverai in c:\mbr.log

Fai anche la scansione completa con Malwarebytes Antimalware dalla modalità provvisoria e posta qui anche il suo log.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: un occhiata da parte degli esperti per favore...

Messaggioda Amantide » mar nov 03, 2009 10:36 pm

Per favole la prossima volta scrivi direttamente nel thread aperto e non tramite MP.

Hai controllato se c 'è un nuovo log in c:\mbr.log?
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo


Re: un occhiata da parte degli esperti per favore...

Messaggioda erick ortiz » sab nov 07, 2009 2:07 pm

scusa, se rispondo adesso, ma ho il pc che non mi fa andare piu niente, comunque ho controllato e di quel programma mbr ho trovato solo questo:
Codice: Seleziona tutto
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Avatar utente
erick ortiz
Aficionado
Aficionado
 
Messaggi: 25
Iscritto il: mar nov 03, 2009 7:24 pm

Re: un occhiata da parte degli esperti per favore...

Messaggioda Amantide » sab nov 07, 2009 2:26 pm

Almeno per quanto riguarda il rootkit nel MBR siamo riusciti a rimuoverlo.
Prova a dare una passata con Kaspersky Virus Removal Tool - http://www.MegaLab.it/2894/kaspersky-virus-removal-tool
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: un occhiata da parte degli esperti per favore...

Messaggioda erick ortiz » sab nov 07, 2009 7:39 pm

ok, scusa la mia ignoranza, ma cos'e il rootkit?? poi e normale la finestra che esce a volte che mi dice error zip??.. ultima domanda.. tengo gia un antivirus demo della nod aggiornato.. lo devo togliere per quello che mi hai consigliato??? [sbav] [sbav] [sbav] [sbav]

ti ringrazio per la tua disponibilita [^]

[grazie]
Avatar utente
erick ortiz
Aficionado
Aficionado
 
Messaggi: 25
Iscritto il: mar nov 03, 2009 7:24 pm

Re: un occhiata da parte degli esperti per favore...

Messaggioda Amantide » sab nov 07, 2009 7:49 pm

erick ortiz ha scritto:ok, scusa la mia ignoranza, ma cos'e il rootkit??


Leggi qui http://www.MegaLab.it/3915/mbr-rootkit- ... diffusione

erick ortiz ha scritto: ultima domanda.. tengo gia un antivirus demo della nod aggiornato.. lo devo togliere per quello che mi hai consigliato???

Quello che ti ho consigliato, non è un antivirus vero e proprio, è un strumento di rimozione di virus. Come antivirus ti suggerisco Avira Antivir, tra l'altro c'è anche la versione gratuita.

erick ortiz ha scritto:poi e normale la finestra che esce a volte che mi dice error zip??.

Fai prima la scansione con tool di Kaspersky e poi vediamo se ci sarà da fare dell'altro.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 2 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising