Salve a tutti!
Il mio sistema operativo è Xp SP3.
Ad un certo punto è cominciato ad apparire il messaggio:
windows security alert
critical error can't find hard disk space. Hard drive error.
Il pc è bloccato, non trovo più la cartella documenti, l'antivirus mcafee non trova nulla.
Cosa posso fare?
Grazie
Prima parte
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.07.34, on 26/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\ABBYY\FineReader\10.00\Licensing\PE\Network LicenseServer.exe
C:\Programmi\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Programmi\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\ActiveXperts\SMS Messaging Server\Program\AxSmsSvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Maxtor\Sync\SyncServices.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\File comuni\McAfee\SystemCore\mfevtps.exe
C:\Programmi\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService. exe
C:\Programmi\File comuni\McAfee\SystemCore\mcshield.exe
C:\Programmi\File comuni\McAfee\SystemCore\mfefire.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programmi\McAfee.com\Agent\mcagent.exe
C:\Programmi\Microsoft IntelliType Pro\itype.exe
C:\PROGRA~1\SystemScheduler\WScheduler.exe
C:\Programmi\QuickTime\QTTask.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp325.exe
c:\Programmi\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\vsnp325.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\DOCUME~1\Sanyo\IMPOST~1\Temp\cpxqKdaCxD.exe
C:\Programmi\Messenger\msmsgs.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Documents and Settings\Sanyo\Menu Avvio\Programmi\Esecuzione automatica\Snippy.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\xcopy.exe
C:\Programmi\McAfee\VirusScan\mcods.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/webhp?hl=it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmi\File comuni\McAfee\SystemCore\ScriptSn.20101112082415.d ll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Recfree toolbar helper - {D286E828-E6B9-484d-A058-D7323666DE33} - C:\Programmi\RecFree.com\RecFreeToolbar\1.3.11.0\e scort.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingl eInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: RecFree Toolbar - {0508F8F1-08E3-43EE-AAA8-09AD09803084} -
Seconda parte
C:\Programmi\RecFree.com\RecFreeToolbar\1.3.11.0\e scorTlbr.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [mcui_exe] "C:\Programmi\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [itype] "c:\Programmi\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [WScheduler] C:\PROGRA~1\SystemScheduler\WScheduler.exe /LOGON
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sanyo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [nFFYWBMjCk.exe] C:\DOCUME~1\Sanyo\IMPOST~1\Temp\nFFYWBMjCk.exe
O4 - HKCU\..\Run: [cpxqKdaCxD.exe] C:\DOCUME~1\Sanyo\IMPOST~1\Temp\cpxqKdaCxD.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-682003330-484061587-1801674531-1013\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Collegamento a freepopsd.exe.lnk = C:\Programmi\FreePOPs\freepopsd.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Snippy.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Collegamento a freepopsd.exe.lnk = C:\Programmi\FreePOPs\freepopsd.exe (User 'Default user')
O4 - .DEFAULT Startup: Snippy.exe (User 'Default user')
O4 - Startup: Collegamento a freepopsd.exe.lnk = C:\Programmi\FreePOPs\freepopsd.exe
O4 - Startup: Snippy.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: SJphone 1.65.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &Search the web - http://toolbar.recfree.com/rcfr/ctxmnu.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Open with XmlPad - res://C:\Programmi\WMHelp Software\WMHelp XmlPad\WmhASPP.dll/101
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.http;
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.sitepoint.com
Terza parte
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2...nAxControl.CAB
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Rilevamento dispositivi) - http://www.logitech.com/devicedetect...etection32.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.it/s/v/56.11/uploader2.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.it/s/v/30.61/uploader2.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.myheritage.com/FP/ImageUp...eUploader5.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1183885971328
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E686E206-5A05-4CAF-B3AA-B6B10304A271} (VaxSIPUserAgentCAB Control) - https://www.messagenet.it/images/web...erAgentCAB.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wmh - {A1428E78-2D00-4590-A071-0CC9700A7768} - C:\Programmi\WMHelp Software\WMHelp XmlPad\WmhASPP.dll
O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Programmi\File comuni\ABBYY\FineReader\10.00\Licensing\PE\Network LicenseServer.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Programmi\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Programmi\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ActiveXperts SMS Messaging Server (AxSmsSvc) - Unknown owner - C:\Programmi\ActiveXperts\SMS Messaging Server\Program\AxSmsSvc.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Programmi\Maxtor\Sync\SyncServices.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Servizio Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Programmi\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Programmi\File comuni\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Programmi\File comuni\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Programmi\File comuni\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: MySQL - Unknown owner - C:\Programmi\MySQL\MySQL.exe (file missing)
O23 - Service: MySQL51 - Unknown owner - C:\Programmi\MySQL\MySQL.exe (file missing)
O23 - Service: OracleDBConsoleorcl - Oracle Corporation - C:\app\Sanyo\product\11.2.0\dbhome_1\bin\nmesrvc.e xe
O23 - Service: OracleJobSchedulerORCL - Unknown owner - c:\app\sanyo\product\11.2.0\dbhome_1\Bin\extjob.ex e
O23 - Service: OracleJobSchedulerSIDTEST - Unknown owner - c:\app\sanyo\product\11.2.0\dbhome_1\Bin\extjob.ex e
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\app\Sanyo\product\11.2.0\dbhome_1\bin\omtsreco. exe
O23 - Service: OracleOraDb11g_home1ClrAgent - Oracle Corporation - C:\app\Sanyo\product\11.2.0\dbhome_1\bin\OraClrAgn t.exe
O23 - Service: OracleOraDb11g_home1TNSListener - Oracle Corporation - C:\app\Sanyo\product\11.2.0\dbhome_1\BIN\TNSLSNR.e xe
O23 - Service: OracleServiceORCL - Oracle Corporation - c:\app\sanyo\product\11.2.0\dbhome_1\bin\ORACLE.EX E
O23 - Service: OracleServiceSIDTEST - Oracle Corporation - c:\app\sanyo\product\11.2.0\dbhome_1\bin\ORACLE.EX E
O23 - Service: postgresql-8.4 - PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Programmi/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Programmi\CheckPoint\SecuRemote\bin\SR_Service. exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Programmi\CheckPoint\SecuRemote\bin\SR_WatchDog .exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService. exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2
--
End of file - 18540 bytes
Meno male... ho fixato queste due voci ed è tornato tutto a posto:
Sarà sufficiente???O4 - HKCU\..\Run: [nFFYWBMjCk.exe] C:\DOCUME~1\Sanyo\IMPOST~1\Temp\nFFYWBMjCk.exe
O4 - HKCU\..\Run: [cpxqKdaCxD.exe] C:\DOCUME~1\Sanyo\IMPOST~1\Temp\cpxqKdaCxD.exe
Fixa anche questa voce:
Quest'altra dovreti già averla rimossa con il tuo fix, nel caso sia presente fixala:O8 - Extra context menu item: &Search the web - http://toolbar.recfree.com/rcfr/ctxmnu.html
C:\DOCUME~1\Sanyo\IMPOST~1\Temp\cpxqKdaCxD.exe
POI
Scarica e installa Malwarebytes . Aggiornalo e fai una scansione completa del computer. Posta il rapporto ottenuto. Per ora non rimuovere nessuna eventuale minaccia rilevata, aspetta nostre conferme.
La vita è fatta a scale, c'è chi scende e c'è chi cade.
Se avrei studiato, avessi imparato. [Cit. Leone di Lernia ]
Fatto! Ecco il log di Malwarebytes' Anti-Malware 1.46:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Versione database: 5194
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
27/11/2010 10.19.44
mbam-log-2010-11-27 (10-19-44).txt
Tipo di scansione: Scansione completa (C:\|E:\|F:\|)
Elementi esaminati: 693929
Tempo trascorso: 4 ore, 31 minuti, 26 secondi
Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 2
Valori di registro infetti: 0
Voci infette nei dati di registro: 2
Cartelle infette: 0
File infetti: 17
Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)
Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)
Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{3213a908-dd47-4ae2-ad09-8426d02506d1} (Password.Stealer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3213a908-dd47-4ae2-ad09-8426d02506d1} (Password.Stealer) -> No action taken.
Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)
Voci infette nei dati di registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Cartelle infette:
(Non sono stati rilevati elementi nocivi)
File infetti:
C:\Inetpub\wwwroot\GESTIN\mysql\php\Persists\cr-ap143.exe (Hacktool.Gen) -> No action taken.
C:\Inetpub\wwwroot\GESTIN\mysql_07-11-2008\php\Persists\cr-ap143.exe (Hacktool.Gen) -> No action taken.
E:\Vecchio D\acronis\CR-ACRONIS.exe (RiskWare.Tool.CK) -> No action taken.
E:\Vecchio D\Documents and Settings\riserva\Documenti\exe\ornlblnw.exe (Spyware.Passwords) -> No action taken.
F:\BackupVBS\Inetpub\wwwroot\GESTIN\mysql_07-11-2008\php\Persists\cr-ap143.exe (Hacktool.Gen) -> No action taken.
F:\System Volume Information\_restore{A41A6775-C909-4FBF-A990-AE5DAB733D67}\RP267\A0120648.exe (Hacktool.Gen) -> No action taken.
F:\System Volume Information\_restore{A41A6775-C909-4FBF-A990-AE5DAB733D67}\RP273\A0122701.exe (Hacktool.Gen) -> No action taken.
F:\System Volume Information\_restore{A41A6775-C909-4FBF-A990-AE5DAB733D67}\RP279\A0123883.exe (Hacktool.Gen) -> No action taken.
F:\System Volume Information\_restore{A41A6775-C909-4FBF-A990-AE5DAB733D67}\RP285\A0126996.exe (Hacktool.Gen) -> No action taken.
F:\System Volume Information\_restore{A41A6775-C909-4FBF-A990-AE5DAB733D67}\RP288\A0128046.exe (Hacktool.Gen) -> No action taken.
F:\System Volume Information\_restore{A41A6775-C909-4FBF-A990-AE5DAB733D67}\RP290\A0128752.exe (Hacktool.Gen) -> No action taken.
F:\System Volume Information\_restore{A41A6775-C909-4FBF-A990-AE5DAB733D67}\RP291\A0129156.exe (Hacktool.Gen) -> No action taken.
F:\System Volume Information\_restore{A41A6775-C909-4FBF-A990-AE5DAB733D67}\RP293\A0129979.exe (Hacktool.Gen) -> No action taken.
F:\System Volume Information\_restore{A41A6775-C909-4FBF-A990-AE5DAB733D67}\RP295\A0130726.exe (Hacktool.Gen) -> No action taken.
F:\System Volume Information\_restore{A41A6775-C909-4FBF-A990-AE5DAB733D67}\RP297\A0131279.exe (Hacktool.Gen) -> No action taken.
F:\System Volume Information\_restore{A41A6775-C909-4FBF-A990-AE5DAB733D67}\RP300\A0132037.exe (Hacktool.Gen) -> No action taken.
F:\System Volume Information\_restore{A41A6775-C909-4FBF-A990-AE5DAB733D67}\RP303\A0132951.exe (Hacktool.Gen) -> No action taken.
Cancella pure tutto quello che ha trovato, poi posta un nuovo log di hijack per controllo.
Fatto!Originariamente inviato da SkinBonno
Cancella pure tutto quello che ha trovato, poi posta un nuovo log di hijack per controllo.
Ecco il log di hijack: http://www.filedropper.com/hijackthis_3
Fixa questa voce:
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Snippy.exe lo conosci?
Per il resto il log è pulito, se conosci quel file direi che sei a posto. il pc come va?
Permessi di invio
Rispondi quotando