Una questione per
shel -
ho avuto un problema come Giorgiz, trovato questo trojan e fatto quello che hai consigliato a lui con ComboFix. L'antecedente è che, pur avendo abbonamento di due anni a Norton, questo improvvisamente ha smesso di andare, non si apriva più all'avvio. Dopo tentativi vari di riscaricarlo con le chiavi e tutto, ho installato un nod32 che avevo da parte e mi ha trovato questo Olmarik trojan, che non riesce a eliminare. Ho già fatto tutto il procedimento con ComboFix. Ma che faccio adesso? Intanto posto il report salvato.
ComboFix 10-01-11.04 - Barbara 12/01/2010 17.32.19.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.703.449 [GMT 1:00]
Eseguito da: c:\documents and settings\Barbara\Desktop\123.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\$NtUninstallKB922582$
c:\windows\$NtUninstallKB922582$\fltlib.dll
c:\windows\$NtUninstallKB922582$\fltmc.exe
c:\windows\$NtUninstallKB922582$\fltmgr.sys
c:\windows\$NtUninstallKB922582$\spuninst\spuninst.exe
c:\windows\$NtUninstallKB922582$\spuninst\spuninst.inf
c:\windows\$NtUninstallKB922582$\spuninst\spuninst.txt
c:\windows\$NtUninstallKB922582$\spuninst\updspapi.dll
c:\windows\system32\drivers\H8SRTovymxewxnm.sys
c:\windows\system32\H8SRTbrmntjcfml.dll
c:\windows\system32\H8SRTeypmehwhxv.dll
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\H8SRTlpajrnwuya.dat
c:\windows\system32\H8SRTrjxldkpbss.dll
c:\windows\system32\H8SRTsbfxmoqoob.dll
c:\windows\system32\h8srtshsyst.dll
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys
((((((((((((((((((((((((( Files Creati Da 2009-12-12 al 2010-01-12 )))))))))))))))))))))))))))))))))))
.
2010-01-12 10:05 . 2010-01-12 10:05 -------- d-----w- c:\documents and settings\Barbara\Impostazioni locali\Dati applicazioni\Mozilla
2010-01-12 09:57 . 2010-01-12 09:57 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\ESET
2010-01-12 09:55 . 2010-01-12 09:55 -------- d-----w- c:\documents and settings\Barbara\Impostazioni locali\Dati applicazioni\ESET
2010-01-12 09:37 . 2010-01-12 09:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ESET
2010-01-11 21:14 . 2010-01-11 21:15 -------- d-----w- c:\documents and settings\Barbara\Impostazioni locali\Dati applicazioni\Tific
2010-01-11 21:11 . 2010-01-11 21:11 -------- d-----w- c:\documents and settings\Barbara\Dati applicazioni\Tific
2010-01-11 20:42 . 2010-01-11 20:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-11 18:26 . 2010-01-11 18:26 -------- d-----w- c:\documents and settings\Barbara\Impostazioni locali\Dati applicazioni\Symantec
2010-01-06 23:27 . 2010-01-06 23:30 -------- d-----w- c:\programmi\Il Pranzo è Servito
2010-01-05 17:06 . 2010-01-05 17:06 -------- d-----w- c:\programmi\Eidos Interactive
2010-01-05 16:56 . 2010-01-12 08:38 -------- d-----w- c:\programmi\DAEMON Tools Pro
2009-12-23 15:16 . 2008-11-20 19:19 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-12-23 15:16 . 2008-11-20 19:19 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-12-23 15:16 . 2009-12-23 15:17 -------- d-----w- c:\documents and settings\Barbara\Impostazioni locali\Dati applicazioni\Google
2009-12-23 15:15 . 2009-12-23 15:15 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-12-20 20:46 . 2009-12-20 20:46 -------- d-----w- c:\programmi\Youdagames
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-12 12:11 . 2008-05-24 19:40 -------- d-----w- c:\documents and settings\Barbara\Dati applicazioni\uTorrent
2010-01-12 09:42 . 2008-03-20 17:14 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2010-01-12 09:42 . 2009-03-17 21:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Norton
2010-01-12 09:42 . 2008-03-20 17:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2010-01-12 09:37 . 2006-11-13 10:51 -------- d-----w- c:\programmi\Eset
2010-01-10 14:29 . 2008-10-04 14:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Soulseek
2010-01-09 09:03 . 2009-11-22 18:54 -------- d-----w- c:\programmi\Alice ti aiuta
2010-01-09 09:03 . 2009-11-24 18:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Motive
2010-01-08 12:47 . 2009-11-22 18:52 -------- d-----w- c:\programmi\Alice Messenger
2010-01-08 12:42 . 2006-11-13 10:04 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-08 12:41 . 2009-11-22 18:50 -------- d-----w- c:\programmi\Telecom Italia
2010-01-07 12:17 . 2008-09-09 07:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2010-01-06 23:21 . 2010-01-06 23:21 1956528 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-01-05 16:58 . 2009-12-07 19:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Pro
2010-01-04 14:47 . 2009-11-23 09:25 -------- d-----w- c:\programmi\uTorrent
2009-12-23 15:51 . 2006-11-13 18:27 69224 -c--a-w- c:\documents and settings\Barbara\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-23 15:15 . 2007-12-15 10:23 -------- d-----w- c:\programmi\Google
2009-12-22 19:03 . 2009-11-26 18:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-12-12 14:26 . 2009-11-26 17:20 -------- d-----w- c:\programmi\TuneUp Utilities 2008
2009-12-12 13:42 . 2009-12-12 13:42 -------- d-----w- c:\programmi\File comuni\Adobe AIR
2009-12-12 13:42 . 2009-12-12 13:42 38784 ----a-w- c:\documents and settings\Barbara\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-12 13:42 . 2009-12-12 13:42 38784 ----a-w- c:\documents and settings\Default User\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-09 11:12 . 2001-08-31 12:00 48766 ----a-w- c:\windows\system32\perfc010.dat
2009-12-09 11:12 . 2001-08-31 12:00 348104 ----a-w- c:\windows\system32\perfh010.dat
2009-12-07 20:39 . 2009-12-07 20:09 -------- d-----w- c:\programmi\THE SIMS 2 - COLLECTOR
2009-12-07 19:59 . 2009-12-07 19:59 -------- d-----w- c:\programmi\GUT
2009-12-07 19:38 . 2009-12-07 17:13 -------- d-----w- c:\documents and settings\Barbara\Dati applicazioni\DAEMON Tools Pro
2009-12-07 19:25 . 2009-12-07 17:02 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-07 17:01 . 2009-12-07 15:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WinZip
2009-11-28 10:47 . 2006-11-26 10:45 -------- d-----w- c:\programmi\QuickTime
2009-11-28 10:46 . 2009-11-27 17:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-11-28 10:43 . 2009-11-28 10:43 -------- d-----w- c:\programmi\File comuni\Apple
2009-11-28 10:42 . 2009-11-28 10:42 -------- d-----w- c:\programmi\Apple Software Update
2009-11-28 10:42 . 2009-11-28 10:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2009-11-28 09:19 . 2008-02-22 20:48 -------- d-----w- c:\documents and settings\Barbara\Dati applicazioni\Skype
2009-11-28 09:19 . 2008-02-22 20:51 -------- d-----w- c:\documents and settings\Barbara\Dati applicazioni\skypePM
2009-11-26 20:57 . 2009-11-24 19:54 -------- d-----w- c:\programmi\DivX
2009-11-26 20:47 . 2009-11-26 20:47 -------- d-----w- c:\programmi\File comuni\DivX Shared
2009-11-26 17:20 . 2009-11-26 17:20 306432 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-11-26 17:19 . 2009-11-26 17:19 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-11-26 16:15 . 2009-11-23 09:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2009-11-24 18:17 . 2009-11-24 18:17 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\CanonBJ
2009-11-24 18:09 . 2009-11-24 18:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Bluetooth
2009-11-24 17:45 . 2006-11-25 17:25 -------- d-----w- c:\programmi\Soulseek
2009-11-24 17:41 . 2006-11-15 11:13 -------- d-----w- c:\programmi\Canon
2009-11-24 17:15 . 2009-11-24 15:44 32 ----a-w- c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2009-11-24 15:14 . 2006-11-13 11:05 -------- d-----w- c:\programmi\Microsoft Works
2009-11-23 10:00 . 2009-11-23 10:00 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\TuneUp Software
2009-11-23 09:32 . 2009-11-23 09:32 -------- d-----w- c:\documents and settings\Barbara\Dati applicazioni\TuneUp Software
2009-11-23 09:31 . 2009-11-23 09:31 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-11-22 19:44 . 2009-11-22 19:44 -------- d-----w- c:\programmi\Microsoft Office Outlook Connector
2009-11-22 19:43 . 2008-03-19 19:54 -------- d-----w- c:\programmi\Windows Live
2009-11-22 19:08 . 2009-11-22 19:08 -------- d-----w- c:\documents and settings\Barbara\Dati applicazioni\Motive
2009-11-22 18:56 . 2009-11-22 18:56 -------- d-----w- c:\programmi\File comuni\Motive
2009-11-22 18:56 . 2009-11-22 18:56 -------- d-----w- c:\programmi\Common Files
2009-11-22 18:53 . 2009-11-22 18:53 2232 ----a-w- c:\windows\java\Packages\Data\T31BRVPV.DAT
2009-11-22 18:53 . 2009-11-22 18:53 155995 ----a-w- c:\windows\java\Packages\BVX7VXJR.ZIP
2009-11-22 18:53 . 2009-11-22 18:53 2678 ----a-w- c:\windows\java\Packages\Data\X73BRFNP.DAT
2009-11-22 18:53 . 2009-11-22 18:53 2678 ----a-w- c:\windows\java\Packages\Data\D3JNJ9FX.DAT
2009-11-22 18:53 . 2009-11-22 18:53 2678 ----a-w- c:\windows\java\Packages\Data\EBTBF53J.DAT
2009-11-22 18:53 . 2009-11-22 18:53 2678 ----a-w- c:\windows\java\Packages\Data\WUQYL3DZ.DAT
2009-11-22 18:53 . 2009-11-22 18:53 2678 ----a-w- c:\windows\java\Packages\Data\0G4GPBRP.DAT
2009-10-29 07:40 . 2004-08-19 13:39 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-19 13:39 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-19 13:39 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 21:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2008-01-26 21:36 . 2008-01-26 21:33 2293848 ----a-w- c:\programmi\FLV PlayerFCSetup.exe
2008-01-26 21:33 . 2008-01-26 21:30 3955352 ----a-w- c:\programmi\FLV PlayerRCATSetup.exe
2008-01-26 21:13 . 2008-01-26 21:12 411248 ----a-w- c:\programmi\FLV PlayerRCSetup.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-11-13 10:11 . 2004-05-15 20:10 339968 c:\programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
2006-11-15 11:15 . 2004-01-14 01:10 409600 c:\programmi\Canon\Easy-PrintToolBox\bak\BJPSMAIN.EXE
2006-11-13 10:35 . 2005-12-07 21:57 30208 c:\programmi\CyberLink\PowerDVD\bak\PDVDServ.exe
2006-11-13 10:36 . 2006-04-13 10:09 49152 c:\programmi\CyberLink\PowerDVD\Language\bak\Language.exe
2006-11-13 10:51 . 2006-11-13 10:51 917504 c:\programmi\Eset\bak\nod32kui.exe
2003-09-29 22:14 . 2003-09-29 22:14 155648 c:\programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe
2007-10-09 15:26 . 2007-09-24 23:11 132496 c:\programmi\Java\jre1.6.0_03\bin\bak\jusched.exe
2006-12-25 11:35 . 2005-12-07 09:26 489472 c:\programmi\Logitech\Video\bak\CameraAssistant.exe
2006-12-25 11:35 . 2005-12-07 09:33 73728 c:\programmi\Logitech\Video\bak\InstallHelper.exe
2006-11-13 10:06 . 2003-03-18 16:39 184320 c:\programmi\ltmoh\bak\Ltmoh.exe
2006-09-01 14:57 . 2006-12-06 09:25 282624 c:\programmi\QuickTime\bak\qttask.exe
2009-11-10 22:08 . 2009-11-10 22:08 417792 c:\programmi\QuickTime\QTTask.exe
2006-03-21 11:19 . 2006-03-21 11:19 69632 c:\programmi\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe
2006-11-13 10:07 . 2004-05-07 02:49 536576 c:\programmi\Synaptics\SynTP\bak\SynTPEnh.exe
2006-11-13 10:07 . 2004-05-07 02:49 98304 c:\programmi\Synaptics\SynTP\bak\SynTPLpr.exe
2006-11-13 18:16 . 2006-11-13 18:16 462848 c:\programmi\Trust\Trust MD3100 USB ADSL MODEM\bak\CnxDslTb.exe
2004-08-19 13:39 . 2004-08-19 13:39 15360 c:\windows\system32\bak\ctfmon.exe
2004-08-19 13:39 . 2008-04-14 02:14 15360 c:\windows\system32\ctfmon.exe
2006-12-25 11:35 . 2004-11-01 16:22 262144 c:\windows\system32\bak\ElkCtrl.exe
2005-12-09 14:32 . 2005-12-09 14:32 225280 c:\windows\system32\bak\LVCOMSX.EXE
2006-11-13 10:38 . 2001-07-09 10:50 155648 c:\windows\system32\bak\NeroCheck.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools Pro Agent"="c:\programmi\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 133576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 67584]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-07 88363]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-11-10 417792]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"uTorrent"="c:\programmi\uTorrent\uTorrent.exe"
"AliceMessenger"="c:\programmi\Alice Messenger\alicemessenger.exe"
"Skype"="c:\programmi\Skype\Phone\Skype.exe" /nosplash /minimized
"DAEMON Tools Pro Agent"="c:\programmi\DAEMON Tools Pro\DTProAgent.exe" -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AliceRE_McciTrayApp"=c:\progra~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmi\\Last.fm\\LastFM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [13/11/2006 11.03.35 5632]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 14.23.18 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06/02/2009 14.24.24 93336]
R2 ekrn;ESET Service;c:\programmi\Eset\ESET NOD32 Antivirus\ekrn.exe [06/02/2009 14.23.36 727720]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [22/11/2009 19.51.52 8192]
R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [13/11/2006 11.27.45 140288]
S3 CnxEtP;Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [13/11/2006 19.16.59 60288]
S3 CnxEtU;Trust MD3100 USB ADSL MODEM Loader;c:\windows\system32\drivers\CnxEtU.sys [13/11/2006 19.16.59 646400]
S3 CnxTgN;Trust MD3100 USB ADSL MODEM LAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [13/11/2006 19.17.00 108771]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07/12/2009 18.02.56 722416]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
2010-01-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmi\TuneUp Utilities 2008\OneClick.exe [2008-01-08 12:31]
2009-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-01-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.blackr.it/uSearchMigratedDefaultURL =
hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) =
hxxp://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBRIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/windows/Java/classes/xmldso.cab
DPF: {FFC1EBAA-5AEC-44AC-A937-B65D8D3ECBE2} -
hxxp://aiuto.alice.it/ata/static/instal ... _4-1-5.cabFF - ProfilePath - c:\documents and settings\Barbara\Dati applicazioni\Mozilla\Firefox\Profiles\mcxhtohz.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.blackr.it/FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-01-12 17:41
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(6692)
c:\windows\system32\WININET.dll
c:\programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
c:\programmi\IVT Corporation\BlueSoleil\BTNtService.exe
c:\windows\system32\CTsvcCDA.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\programmi\CyberLink\Shared files\RichVideo.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SOUNDMAN.EXE
c:\windows\AGRSMMSG.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-12 17:50:21 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-12 16:50
Pre-Run: 17.563.881.472 byte disponibili
Post-Run: 18.318.749.696 byte disponibili
- - End Of File - - 06CD162A49616779A5671F30A160B2DD
Se riesci a darmi una mano... GRAZIE!