Olimpo Informatico

maxaldi · Mortale pio Registrato: 26/05/08 11:31 Messaggi: 21

Ho un Pc infestato da Vundo, gni volta che faccio la scansione con Spyware Doctor trova decine di minacce e lo stesso MacAfee. Ho provato tutti i tools ma senza risultati. Chiedo aiuto!!!!

chemicalbit · Dio maturo Registrato: 01/04/05 18:59 Messaggi: 18597 Residenza: Milano

maxaldi · Mortale pio Registrato: 26/05/08 11:31 Messaggi: 21

Sicuramente Fixvundo, ma anche molti altri che ho trovato come consigliati in vari forum. Dimenticavo che il sistema operativo è Vista e questo è il log di Hijack, anche se durante la scansione è apparso un messaggio che diceva che il sistema impediva l'accesso al File Hosts, e non so se questo è un problema......

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.36.23, on 26/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Users\Max\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Ciao Jo\Ciao Jo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ycomp/defaults/sp/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {D4070176-F144-22CD-0D5C-71B49B46FF19} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Max\AppData\Local\Temp\opnkjJyW.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Max\AppData\Local\Temp\byXRIBSL.dll,c
O4 - HKCU\..\Run: [08e630f5] rundll32.exe "C:\Users\Max\AppData\Local\Temp\kcbjbqts.dll",b
O4 - HKCU\..\Run: [BM0bd50369] Rundll32.exe "C:\Users\Max\AppData\Local\Temp\gnivncdu.dll",s
O4 - Startup: Orion.lnk = C:\Convesoft\Orion\Messenger.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: SETAUDIO.EXE
O4 - Global Startup: SetRes.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab?AuthParam=1211292286_64733e7f61093926d9225e16ddd74752&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab&File=jinstall-6u6-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-SPAM Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Servizio SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11595 bytes

maxaldi · Mortale pio Registrato: 26/05/08 11:31 Messaggi: 21

Scusatemi, ma non sono pratico. Ho seguito le istruzioni per Vista e il risultato è questo:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.43.27, on 26/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Users\Max\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Ciao Jo\Ciao Jo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ycomp/defaults/sp/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {D4070176-F144-22CD-0D5C-71B49B46FF19} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Max\AppData\Local\Temp\opnkjJyW.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Max\AppData\Local\Temp\byXRIBSL.dll,c
O4 - HKCU\..\Run: [08e630f5] rundll32.exe "C:\Users\Max\AppData\Local\Temp\kcbjbqts.dll",b
O4 - HKCU\..\Run: [BM0bd50369] Rundll32.exe "C:\Users\Max\AppData\Local\Temp\gnivncdu.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Startup: Orion.lnk = C:\Convesoft\Orion\Messenger.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: SETAUDIO.EXE
O4 - Global Startup: SetRes.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab?AuthParam=1211292286_64733e7f61093926d9225e16ddd74752&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab&File=jinstall-6u6-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-SPAM Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Servizio SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14189 bytes

bdoriano

Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
Segui le istruzioni di questo topic per usare vundofix.
Segui le istruzioni di questo topic per usare Norman Malware Cleaner.
Segui le istruzioni di questo topic per postare il log di combofix.

maxaldi · Mortale pio Registrato: 26/05/08 11:31 Messaggi: 21

Ho fatto quello che mi avevi suggerito e per ora sembra essere tutto ok. Comunque questi sono il Log.
Grazie

Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/05/12 19:08:33

Norman Scanner Engine Version: 5.92.04
Nvcbin.def Version: 5.92.00, Date: 2008/05/12 19:08:33, Variants: 1631317

Running pre-scan cleanup routine:
Operating System: Microsoft Windows Vista 6.0.6001(Safe mode) Service Pack 1
Logged on user: PC-Max\Max

Scan started: 27/05/2008 14:24:15

Scanning running processes and process memory...

Number of processes/threads found: 1129
Number of processes/threads scanned: 1129
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 17s

Scanning file system...

Scanning: C:\*.*

C:\Users\Max\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7NKXQXR0\install_en[1].cab/unknown0 (Error whilst scanning file: I/O Error)

C:\Users\Max\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q0OBF2PY\install_it[1].cab/unknown0 (Error whilst scanning file: I/O Error)

C:\Users\Max\AppData\Local\Temp\byXRIBSL.dll (Infected with Vundo.gen148)
Removed registry value: HKCU\Software\Microsoft\Windows\CurrentVersion\Run -> cmds = "rundll32.exe C:\Users\Max\AppData\Local\Temp\byXRIBSL.dll,c"
Deleted file

C:\Users\Max\AppData\Local\Temp\removalfile.bat (Infected with BAT/Virtumonde.QP)
Deleted file

C:\Users\Max\AppData\Local\Temp\tmp0000e629 (Infected with Vundo.gen167)
Deleted file

C:\Users\Max\AppData\Local\Temp\tmp0000eacb (Infected with Vundo.gen167)
Deleted file

C:\Users\Max\AppData\Local\Temp\tmp00010b55 (Infected with Vundo.gen167)
Deleted file

C:\Users\Max\AppData\Local\Temp\tmp00011515 (Infected with Vundo.gen167)
Deleted file

C:\Users\Max\AppData\Local\Temp\tmp000115f0 (Infected with Vundo.gen167)
Deleted file

C:\Users\Max\AppData\Local\Temp\tmp00011ef4 (Infected with Vundo.gen167)
Deleted file

C:\Users\Max\AppData\Local\Temp\tmp000122fa (Infected with Vundo.gen167)
Deleted file

C:\Users\Max\AppData\Local\Temp\tmp00012847 (Infected with Vundo.gen167)
Deleted file

C:\Users\Max\AppData\Local\Temp\tmp00012ebd (Infected with Vundo.gen167)
Deleted file

C:\Users\Max\AppData\Local\Temp\tmp00013301 (Infected with Vundo.gen167)
Deleted file

C:\Users\Max\AppData\Local\Temp\tmp0001337e (Infected with Vundo.gen167)
Deleted file

C:\Users\Max\AppData\Local\Temp\tmp0001388c (Infected with Vundo.gen167)
Deleted file

C:\Users\Max\AppData\Local\Temp\tmp0001447e (Infected with Vundo.gen167)
Deleted file

C:\Users\Max\AppData\Local\Temp\tmp000162f6 (Infected with Vundo.gen167)
Deleted file

C:\Users\Max\AppData\Local\Temp\tmp00016f93 (Infected with Vundo.gen167)
Deleted file

C:\Users\Max\AppData\Local\Temp\tmp00019e03 (Infected with Vundo.gen167)
Deleted file

C:\Users\Max\AppData\Local\Temp\tmp0001ec03 (Infected with Vundo.gen167)
Deleted file

C:\Users\Max\AppData\Local\Temp\tmp0001f4aa (Infected with Vundo.gen167)
Deleted file

C:\Users\Max\AppData\Local\Temp\tmp00024f47 (Infected with Vundo.gen167)
Deleted file

C:\Users\Max\AppData\Local\Temp\tmp000d07ec (Infected with Vundo.gen167)
Deleted file

C:\Users\Max\AppData\Local\Temp\yayyWqQJ.dll (Infected with Vundo.gen167)
Removed registry value: HKCU\Software\Microsoft\Windows\CurrentVersion\Run -> MSServer = "rundll32.exe C:\Users\Max\AppData\Local\Temp\yayyWqQJ.dll,#1"
Deleted file

C:\Users\Max\Documents\LimeWire\Incomplete\Preview-T-95927-office home student 2007 crack.zip/Setup.exe (Error whilst scanning file: I/O Error)

C:\Users\Max\Documents\LimeWire\Incomplete\T-56320-Microsoft-office-home-&-student-2007_crack.exe (Infected with Vundo.gen166)
Deleted file

Scanning: D:\*.*

Scanning: c:\System Volume Information\*.*

Running post-scan cleanup routine:

Number of files found: 153906
Number of archives unpacked: 1145
Number of files scanned: 153853
Number of files not scanned: 53
Number of files skipped due to exclude list: 0
Number of infected files found: 24
Number of infected files repaired/deleted: 24
Number of infections removed: 24
Total scanning time: 37m 58s

ComboFix 08-05-26.2 - Max 2008-05-27 15.12.04.1 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6001.1.1252.1.1040.18.1935 [GMT 2:00]
Eseguito da: C:\Users\Max\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Max\AppData\Roaming\.#
C:\Windows\system32\ACER.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-04-27 al 2008-05-27 )))))))))))))))))))))))))))))))))))
.

2008-05-27 13:38 . 2008-05-27 13:38 <DIR> d-------- C:\VundoFix Backups
2008-05-27 13:36 . 2008-05-27 13:36 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-26 16:45 . 2008-05-26 16:45 <DIR> d-------- C:\PerfLogs
2008-05-26 16:04 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-05-26 16:03 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-26 16:02 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-05-26 16:01 . 2008-01-19 09:32 5,714,432 --a------ C:\Windows\System32\logon.scr
2008-05-26 16:00 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-05-26 15:59 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-26 15:57 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-26 15:57 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-05-26 15:57 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-26 15:56 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-26 15:56 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-26 15:54 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-26 15:54 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-26 15:54 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-26 15:54 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-05-26 15:53 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll
2008-05-26 14:34 . 2008-05-26 14:43 <DIR> d-------- C:\Ciao Jo
2008-05-23 18:36 . 2008-05-23 18:36 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-23 17:12 . 2008-05-23 17:12 <DIR> d-------- C:\Users\Max\AppData\Roaming\Antispyware
2008-05-23 13:00 . 2008-05-25 18:04 <DIR> d-------- C:\Program Files\Panda Security
2008-05-21 17:43 . 2008-05-21 17:51 <DIR> d-------- C:\Program Files\PacificPoker4
2008-05-21 16:18 . 2008-05-21 16:18 <DIR> d-------- C:\Users\All Users\Office Genuine Advantage
2008-05-21 16:18 . 2008-05-21 16:18 <DIR> d-------- C:\ProgramData\Office Genuine Advantage
2008-05-20 17:29 . 2008-05-20 17:30 <DIR> d-------- C:\Program Files\SurfingSoftware
2008-05-20 16:04 . 2008-05-20 18:49 <DIR> d-------- C:\Users\Max\AppData\Roaming\LimeWire
2008-05-20 16:04 . 2008-05-20 16:04 <DIR> d-------- C:\Program Files\Java
2008-05-20 16:03 . 2008-05-20 16:03 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-20 12:53 . 2008-05-22 14:44 382,663,233 --a------ C:\Windows\MEMORY.DMP
2008-05-13 12:24 . 2008-05-13 12:24 <DIR> d-------- C:\Program Files\Magentic
2008-05-13 12:24 . 2008-03-09 11:00 751,016 --a------ C:\Windows\System32\Magentic Screensaver.scr
2008-05-13 12:21 . 2008-05-13 12:21 27,649 --a------ C:\Users\Max\AppData\Roaming\nvModes.dat
2008-05-12 17:22 . 2006-09-19 16:47 80,744 --a------ C:\Windows\System32\drivers\WSVD.sys
2008-05-12 13:07 . 2008-05-12 13:07 <DIR> d-------- C:\Users\Max\AppData\Roaming\Genie-Soft
2008-05-12 13:03 . 2008-05-12 13:03 <DIR> d-------- C:\Program Files\Outlook Express Backup V6.5
2008-05-12 12:08 . 2008-05-12 12:08 <DIR> d-------- C:\Program Files\Telecom Italia
2008-05-11 00:40 . 2008-05-11 00:40 <DIR> d-------- C:\Users\Max\AppData\Roaming\CyberLink
2008-05-09 19:43 . 2008-05-21 17:35 <DIR> d-------- C:\Program Files\PokerStars.NET
2008-05-09 19:27 . 2008-05-09 19:27 988,216 --a------ C:\Windows\System32\winload.exe
2008-05-09 19:27 . 2008-05-09 19:27 927,288 --a------ C:\Windows\System32\winresume.exe
2008-05-09 19:27 . 2008-05-09 19:27 615,992 --a------ C:\Windows\System32\ci.dll
2008-05-09 19:27 . 2008-05-09 19:27 378,368 --a------ C:\Windows\System32\srcore.dll
2008-05-09 19:27 . 2008-05-09 19:27 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-05-09 19:27 . 2008-05-09 19:27 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-05-09 19:27 . 2008-05-09 19:27 40,960 --a------ C:\Windows\System32\srclient.dll
2008-05-09 19:27 . 2008-05-09 19:27 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-05-09 19:27 . 2008-05-09 19:27 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-05-09 19:27 . 2008-05-09 19:27 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-05-09 19:26 . 2008-05-09 19:26 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-05-09 19:25 . 2008-05-09 19:25 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-05-09 19:18 . 2008-05-09 19:18 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-05-09 19:18 . 2008-05-09 19:18 826,880 --a------ C:\Windows\System32\wininet.dll
2008-05-09 18:04 . 2008-05-09 19:04 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-09 18:03 . 2008-05-09 18:56 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-05-09 18:03 . 2008-05-09 18:56 <DIR> d-------- C:\ProgramData\WLInstaller
2008-05-09 18:03 . 2008-05-09 19:04 <DIR> d-------- C:\Program Files\Windows Live
2008-05-09 17:59 . 2008-05-27 13:21 <DIR> d-------- C:\Users\Max\AppData\Roaming\skypePM
2008-05-09 17:59 . 2008-05-09 17:59 32 --a------ C:\Users\All Users\ezsid.dat
2008-05-09 17:59 . 2008-05-09 17:59 32 --a------ C:\ProgramData\ezsid.dat
2008-05-09 17:58 . 2008-05-27 15:10 <DIR> d-------- C:\Users\Max\AppData\Roaming\Skype
2008-05-09 17:55 . 2008-05-09 17:55 <DIR> d-------- C:\Users\All Users\Skype
2008-05-09 17:55 . 2008-05-09 17:55 <DIR> d-------- C:\ProgramData\Skype
2008-05-09 17:55 . 2008-05-09 17:55 <DIR> d-------- C:\Program Files\Skype
2008-05-09 17:55 . 2008-05-09 17:55 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-09 17:54 . 2008-05-09 17:54 <DIR> d-------- C:\Users\Max\AppData\Roaming\PC Tools
2008-05-09 17:54 . 2008-05-27 15:07 <DIR> d-a------ C:\Users\All Users\TEMP
2008-05-09 17:54 . 2008-05-27 15:07 <DIR> d-a------ C:\ProgramData\TEMP
2008-05-09 17:54 . 2008-05-27 13:38 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-09 17:54 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-05-09 17:54 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-05-09 17:54 . 2008-02-01 12:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-05-09 17:54 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-05-09 17:50 . 2008-05-09 17:50 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-05-09 17:50 . 2008-05-27 13:26 <DIR> d-------- C:\Users\All Users\Google Updater
2008-05-09 17:50 . 2008-05-09 17:50 <DIR> d-------- C:\Users\All Users\Google
2008-05-09 17:50 . 2008-05-09 17:50 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-05-09 17:50 . 2008-05-27 13:26 <DIR> d-------- C:\ProgramData\Google Updater
2008-05-09 17:50 . 2008-05-09 17:54 <DIR> d-------- C:\Program Files\Google
2008-05-09 17:29 . 2008-05-09 17:29 <DIR> dr------- C:\Users\Max\Searches
2008-05-09 17:29 . 2008-05-26 10:27 <DIR> dr------- C:\Users\Max\Contacts
2008-05-09 17:29 . 2008-05-13 12:38 <DIR> d-------- C:\Users\Max\AppData\Roaming\SiteAdvisor
2008-05-09 17:28 . 2008-05-09 17:29 <DIR> dr------- C:\Users\Max\Videos
2008-05-09 17:28 . 2008-05-09 17:29 <DIR> dr------- C:\Users\Max\Saved Games
2008-05-09 17:28 . 2008-05-11 15:15 <DIR> dr------- C:\Users\Max\Pictures
2008-05-09 17:28 . 2008-05-09 17:29 <DIR> dr------- C:\Users\Max\Music
2008-05-09 17:28 . 2008-05-09 17:29 <DIR> dr------- C:\Users\Max\Links
2008-05-09 17:28 . 2008-05-09 19:42 <DIR> dr------- C:\Users\Max\Downloads
2008-05-09 17:28 . 2008-05-22 14:26 <DIR> dr------- C:\Users\Max\Documents
2008-05-09 17:28 . 2006-11-02 14:37 <DIR> d-------- C:\Users\Max\AppData\Roaming\Media Center Programs
2008-05-09 17:28 . 2008-03-15 07:50 <DIR> d-------- C:\Users\Max\AppData\Roaming\Acer GameZone Console
2008-05-09 17:28 . 2008-05-09 17:29 <DIR> d--h----- C:\Users\Max\AppData
2008-05-09 17:28 . 2008-05-21 17:44 <DIR> d-------- C:\Users\Max
2008-05-09 17:28 . 2008-05-09 17:28 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-09 17:09 . 2008-05-09 17:09 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 14:57 174 --sha-w C:\Program Files\desktop.ini
2008-05-26 14:48 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-26 14:48 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-26 14:48 --------- d-----w C:\Program Files\Windows Mail
2008-05-26 14:48 --------- d-----w C:\Program Files\Windows Journal
2008-05-26 14:48 --------- d-----w C:\Program Files\Windows Defender
2008-05-26 14:48 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-26 14:48 --------- d-----w C:\Program Files\Windows Calendar
2008-05-26 14:40 --------- d-----w C:\ProgramData\NVIDIA
2008-05-26 14:23 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-26 14:23 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-22 12:45 --------- d-----w C:\Program Files\SiteAdvisor
2008-05-22 12:28 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-19 07:34 --------- d-----w C:\Program Files\McAfee
2008-05-12 10:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 15:09 --------- d-sh--w C:\ProgramData\Preferiti
2008-05-09 15:09 --------- d-sh--w C:\ProgramData\Modelli
2008-05-09 15:09 --------- d-sh--w C:\ProgramData\Menu Avvio
2008-05-09 15:09 --------- d-sh--w C:\ProgramData\Documenti
2008-05-09 15:09 --------- d-sh--w C:\ProgramData\Dati applicazioni
2008-05-09 15:09 --------- d-sh--w C:\Program Files\File comuni
2008-04-23 15:17 693,792 ----a-w C:\Windows\System32\OGACheckControl.dll
2008-04-23 15:17 504,864 ----a-w C:\Windows\System32\OGAVerify.exe
2008-04-23 15:17 504,352 ----a-w C:\Windows\System32\OGAAddin.dll
2008-04-09 08:13 1,715 ----a-w C:\Windows\CLEANUP.CMD
2008-04-08 23:39 --------- d-----w C:\Program Files\Acer Inc
2008-04-08 23:36 --------- d-----w C:\Program Files\SUYIN
2008-04-08 23:36 --------- d-----w C:\Program Files\ACER CrystalEye webcam
2008-04-08 23:35 --------- d-----w C:\Program Files\Common Files\snp2uvc
2008-04-08 23:26 --------- d-----w C:\ProgramData\CyberLink
2008-04-08 23:26 --------- d-----w C:\Program Files\Acer Arcade Deluxe
2008-04-08 23:24 --------- d-----w C:\Program Files\Launch Manager
2008-04-08 23:19 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-04-08 23:19 315,392 ----a-w C:\Windows\HideWin.exe
2008-04-08 23:19 --------- d-----w C:\Program Files\Realtek
2008-04-08 23:19 --------- d-----w C:\Program Files\Intel
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4070176-F144-22CD-0D5C-71B49B46FF19}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-09 17:50 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-12 20:10 21898024]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2008-03-09 11:00 480648]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALaunch"="C:\Acer\ALaunch\AlaunchClient.exe" [ ]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-12-14 10:55 102400]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 05:38 40048]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 17:33 457216]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-12 02:50 1286144]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 23:57 36640]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 10:01 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-14 10:56 4702208 C:\Windows\RtHDVCpl.exe]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 15:17 707080]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 11:14 200704]
"PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 13:47 45056]
"eRecoveryService"="" []
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Skytel"="Skytel.exe" [2007-12-14 10:56 1826816 C:\Windows\SkyTel.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-03-11 04:11 92704]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-03-11 04:11 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-03-11 04:11 88608]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2008-03-15 08:15:49 535336]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-09 17:50:27 124400]
SETAUDIO.EXE [2008-04-04 04:37:22 20480]
SetRes.exe [2008-04-04 04:38:47 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{467BD4D3-45B4-4638-8117-3204F97DD6D0}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{8DE8F842-EAFC-444A-A56E-7A9D288D4510}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{EC090954-58B8-4D6A-A13B-1059D0B85902}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{79105C7E-0218-4A60-8CCC-FBFEDAC17209}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{918586BB-EADD-4C8C-B96F-FCB8911A2A43}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4F14F409-4AEC-4670-AADE-2261F75126C0}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8C568C6A-6985-4348-B245-BC7027D42BD8}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{AD3A5CC5-7CEE-42F5-BDC3-EF390A5278DA}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{9F4CE0E6-C257-4244-B41E-3FA80A435098}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{55EAF4B1-592E-4C2B-BC4E-F91B2335FE3E}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{9DA7C3F2-6D68-4A4F-986F-7039BD0BB98F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{D91D44D6-049F-48A7-9F5E-57C0987CA8A3}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{EFB50B47-A3FB-454D-AE9B-1913D218477E}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{D1FF9CFE-181B-4DBF-8233-622D3D86AA46}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{8D217A22-A9ED-4322-8802-288FC1F63CDC}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{2B88630A-1B3F-497B-8712-713B6AD23C46}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
"{9BD98817-4E64-4340-A03C-3CAEEE6E285E}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
"{2C873F8B-829C-4B9C-BB77-DA7D5A0749F0}"= Disabled:UDP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
"{F1051E9E-DE6A-45B4-93D0-563F2E55CE4A}"= Disabled:TCP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
"{77E5CF53-032D-4329-A4C5-7EA53031FC41}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
"{BB6E11E8-AF56-4E19-B3B3-B55680A1E45B}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
"TCP Query User{F95BFA48-E26B-4C0D-8A33-C5492D8158FF}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{59562788-30CB-44E8-A327-EF692ECE7858}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 17:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 17:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 17:34]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-04 17:15]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 15:24]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 17:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-08-28 15:21]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-10 11:23]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 13:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-10-30 18:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-12-14 10:56]
R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-12-14 10:56]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-12-14 10:56]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47]

*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-25 15:29:14 C:\Windows\Tasks\Antispyware Scheduled Scan.job"
- C:\Program Files\AntiSpywareApp\AntiSpyware.ex
- C:\Program Files\AntiSpywareApp
"2008-03-15 06:44:21 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-15 06:44:21 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-27 15:14:23
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-05-27 15.15.54
ComboFix-quarantined-files.txt 2008-05-27 13:15:17

15 Directory 91,848,736,768 byte disponibili
22 Directory 92,134,649,856 byte disponibili

259 --- E O F --- 2008-05-26 14:26:52

bdoriano

Mi sembra di vedere anche un'altra infezione. Think

Disabilita il tuo antivirus
Collegati a BitDefender (con IE) e fai la scansione completa.
Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su WikiSend e posta qui il link che ti viene assegnato.
Fai questa scansione con VirIT
Segui le istruzioni di questo topic per postare un nuovo log di combofix.