Pc rallentato ed antivirus disabilitato

**fraude** · 31-12-2010, 12:32

Ciao a tutti.

Improvvisamente il mio pc è notevolmente rallentato e in automatico si disattiva l'antivirus mcafee. Come da regolamento posto il logo di Trend Micro HijackThis v2.0.2.

Buon anno a tutti.

codice:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.27.18, on 31/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosearch.com/?useie5=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Tango - {3BDA15CD-EDD9-440A-B689-42DB8CD24B94} - C:\WINDOWS\system32\e178.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmi\File comuni\McAfee\SystemCore\ScriptSn.20101106104529.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcui_exe] "C:\Programmi\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Programmi\File comuni\Nero\Lib\NMFirstStart.exe"
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/Messen....cab109791.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messen.../GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Programmi\File comuni\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programmi\File comuni\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Servizio Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Programmi\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Programmi\File comuni\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Programmi\File comuni\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Programmi\File comuni\McAfee\SystemCore\mfevtps.exe
O23 - Service: 1% (MOBKbackup) - McAfee, Inc. - C:\Programmi\McAfee Online Backup\MOBKbackup.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: @C:\Programmi\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Programmi\Nero\Update\NASvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe

--
End of file - 7434 bytes

**TDL3 Rootkit** · 31-12-2010, 15:43

Ciao fraude.

Rilancia Hijackthis:
● Do a System Scan Only
● spunta la casellina fianco di ogni singola voce che ti indicherò sotto
● una volta spuntate le voci:
● chiudi tutte le applicazioni aperte
● chiudi tutte le pagine del browser aperte
● in Hijackthis fixa le voci cliccando su Fix checked
Queste le voci da fixare:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosearch.com/?useie5=1&q=
R3 - Default URLSearchHook is missing
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Programmi\File comuni\Nero\Lib\NMFirstStart.exe"
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binar...kr.cab56986.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/Messe...S.cab109791.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messe...1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...er.cab56986.cab

Cerca ed elimina questo file:
C:\WINDOWS\system32\e178.dll

Infine:
Scarica Combofix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Nota:
● il programma devi scaricarlo preferibilmente con Internet Explorer

Posiziona Combofix sul Desktop ed esegui queste operazioni preliminari:
● disconnettiti da Internet
● sconnetti, fisicamente, il modem/router dal Computer

E' assolutamente necessario, se attivo:
● disattivare l'Antivirus in uso, dall'icona presente sulla traybar (accanto all'orologio di Windows)
● disattivare il Firewall eventualmente installato, dall'icona presente sulla traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un account con privilegi di Amministratore e segui le istruzioni che verranno rilasciate per eseguire la scansione
● verrà richiesta la installazione della Console di ripristino di emergenza: non la installare
● senza eseguire nessuna altra operazione, lascia che il tool completi la scansione e la fase di creazione del log

Note - durante la scansione:
● verranno creati alcuni file sul Desktop e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall, se attivo, potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer, qualora già non ci fosse

Quando Combofix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente (in caso contrario, riavvialo tu)
● ricollega, fisicamente, il modem/router al Computer
● connettiti a Internet
● vai in Disco Locale C:, cerca il log dal nome combofix.txt ed allegalo

**fraude** · 31-12-2010, 20:35

Grazie, ecco qui il log:

codice:

ComboFix 10-12-30.03 - PC_Personale 31/12/2010  18.02.27.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.1015.631 [GMT 1:00]
Eseguito da: C:\Documents and Settings\PC_Personale\Desktop\ComboFix.exe
AV: McAfee Antivirus e Antispyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Dati applicazioni\OfferBox
C:\Documents and Settings\Administrator\Dati applicazioni\OfferBox\config.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\OfferBox
C:\Documents and Settings\PC_Personale\Dati applicazioni\OfferBox\config.dat
C:\Documents and Settings\PC_Personale\Dati applicazioni\OfferBox\config.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\1.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\a.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\b.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\c.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\d.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\e.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\f.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\g.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\h.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\i.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\J.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\k.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\l.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\m.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\mru.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\n.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\o.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\p.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\q.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\r.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\s.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\t.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\u.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\v.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\w.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\x.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\y.xml
C:\Documents and Settings\PC_Personale\Dati applicazioni\PriceGong\Data\z.xml
C:\Programmi\Search Settings
C:\Programmi\Search Settings\SearchSettings.exe

.
(((((((((((((((((((((((((   Files Creati Da 2010-11-28 al 2010-12-31  )))))))))))))))))))))))))))))))))))
.

Ma il pc è sempre estremamente lento...

**TDL3 Rootkit** · 02-01-2011, 12:09

Ciao Fraude. Eri infetto abbastanza.
Purtroppo pero', non hai caricato interamente il log di Combofix.
Provvedi a farlo, con un normale copia ed incolla, senza tag Code.
Allega anche un log di Hijackthis.

**fraude** · 03-01-2011, 13:39

Combofix (1a parte):

ComboFix 10-12-30.03 - Administrator 02/01/2011 14.26.59.2.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1015.765 [GMT 1:00]
Eseguito da: e:\_drivers_non_cancellare\ComboFix.exe
AV: McAfee Antivirus e Antispyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
---- Esecuzione precedente -------
.
c:\documents and settings\Administrator\Dati applicazioni\OfferBox
c:\documents and settings\Administrator\Dati applicazioni\OfferBox\config.xml
c:\documents and settings\pc_personale\Dati applicazioni\OfferBox
c:\documents and settings\pc_personale\Dati applicazioni\OfferBox\config.dat
c:\documents and settings\pc_personale\Dati applicazioni\OfferBox\config.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\1.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\a.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\b.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\c.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\d.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\e.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\f.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\g.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\h.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\i.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\J.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\k.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\l.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\m.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\mru.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\n.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\o.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\p.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\q.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\r.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\s.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\t.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\u.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\v.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\w.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\x.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\y.xml
c:\documents and settings\pc_personale\Dati applicazioni\PriceGong\Data\z.xml
c:\programmi\Search Settings
c:\programmi\Search Settings\SearchSettings.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-12-02 al 2011-01-02 )))))))))))))))))))))))))))))))))))
.

2011-01-02 13:13 . 2011-01-02 13:13 -------- d-----w- c:\windows\LastGood.Tmp
2011-01-02 12:56 . 2011-01-02 13:09 -------- d-----w- C:\93464e3eea819ae07e6c3dd4
2011-01-01 20:00 . 2011-01-01 20:00 -------- d-----w- C:\254504c78e8d629e9e0a959cbf4d
2011-01-01 14:30 . 2011-01-01 14:30 -------- d-----w- C:\fb7c1cd2ce3264825589ec63
2010-12-31 18:37 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-12-31 16:18 . 2010-09-10 05:49 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-12-31 15:51 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-31 15:22 . 2010-12-31 15:22 -------- d-----w- c:\documents and settings\pc_personale\Dati applicazioni\Malwarebytes
2010-12-31 15:22 . 2010-12-31 15:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-12-31 15:09 . 2010-12-31 15:09 -------- d-----w- c:\documents and settings\pc_personale\Dati applicazioni\Malwarebytes-BackupByMalwarebytesPortable
2010-12-31 12:43 . 2010-12-31 12:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes-BackupByMalwarebytesPortable
2010-12-31 12:42 . 2010-12-20 19:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-31 10:14 . 2010-12-31 10:14 -------- d-----w- c:\programmi\Trend Micro
2010-12-30 18:37 . 2010-12-31 11:10 -------- d-----w- c:\documents and settings\Administrator
2010-12-22 17:45 . 2008-04-13 18:14 20992 ----a-w- c:\windows\system32\dshowext.ax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2010-12-20 19:09 . 2010-12-31 12:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys.bak
2010-10-26 14:05 . 2006-03-02 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 21:28 . 2010-04-18 13:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-10-13 21:28 . 2010-04-18 13:38 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-10-13 21:28 . 2010-04-18 13:38 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-10-13 21:28 . 2010-04-18 13:38 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-10-13 21:28 . 2010-04-18 13:38 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-10-13 21:28 . 2010-04-18 13:38 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-10-13 21:28 . 2010-04-18 13:38 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-10-13 21:28 . 2010-04-18 13:38 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-10-13 21:28 . 2010-01-05 16:04 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-10-13 21:28 . 2010-01-05 16:04 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\MO BK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-02-05 19:14 2871608 ----a-w- c:\programmi\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\MO BK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-02-05 19:14 2871608 ----a-w- c:\programmi\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\MO BK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-02-05 19:14 2871608 ----a-w- c:\programmi\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"mcui_exe"="c:\programmi\McAfee.com\Agent\mcagent. exe" [2010-09-30 1193848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\pc_personale\Menu Avvio\Programmi\Esecuzione automatica\
Collegamento a mcagent.exe.lnk - c:\programmi\McAfee.com\Agent\mcagent.exe [2010-4-18 1193848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-08-03 10:51 202024 ----a-w- c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 17:14 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
2007-03-01 06:01 180736 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIC AE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-09-07 08:22 166424 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-09-07 08:22 141848 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-26 08:52 1234216 ----a-w- c:\programmi\Nero\Nero 10\Nero BackItUp\NBAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-08-08 07:25 1828136 ----a-w- c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\programmi\File comuni\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-09-07 08:22 137752 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-06-13 12:50 16871936 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
2003-11-20 15:01 525824 ----a-w- c:\programmi\COMPAQ\SetRefresh\SetRefresh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-06 00:27 26102056 ----a-r- c:\programmi\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\File comuni\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

**fraude** · 03-01-2011, 13:40

Combofix (2a parte):

S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [18/04/2010 14.38.02 84072]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\ MOBK.sys [18/04/2010 14.40.05 54776]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [18/04/2010 14.37.49 271480]
S2 McMPFSvc;McAfee Servizio Personal Firewall;"c:\programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [18/04/2010 14.37.49 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [18/04/2010 14.37.49 271480]
S2 mfefire;McAfee Firewall Core Service;c:\programmi\File comuni\Mcafee\SystemCore\mfefire.exe [18/04/2010 14.38.39 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\programmi\File comuni\Mcafee\SystemCore\mfevtps.exe [18/04/2010 14.38.07 141792]
S2 MOBKbackup;1%;c:\programmi\McAfee Online Backup\MOBKbackup.exe [05/02/2010 20.14.42 229688]
S2 NAUpdate;@c:\programmi\Nero\Update\NASvc.exe,-200;c:\programmi\Nero\Update\NASvc.exe [25/03/2010 13.39.22 490280]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [18/04/2010 14.38.00 55840]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [18/04/2010 14.38.01 313288]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [18/04/2010 14.38.02 88544]
S3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\ mfendisk.sys [18/04/2010 14.38.02 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [18/04/2010 14.38.01 84264]
S4 Application Updater;Application Updater;c:\programmi\Application Updater\ApplicationUpdater.exe [07/01/2010 23.51.02 380928]
.
.
------- Scansione supplementare -------
.
mSearch Bar = hxxp://www.google.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-ares - c:\programmi\Ares\Ares.exe
MSConfigStartUp-GabPath - c:\documents and settings\pc_personale\Dati applicazioni\GabPath\GabPath.exe
MSConfigStartUp-SearchSettings - c:\programmi\Search Settings\SearchSettings.exe
MSConfigStartUp-SfKg6wIPuSp - c:\documents and settings\pc_personale\Dati applicazioni\Microsoft\Windows\jnipmo.exe
MSConfigStartUp-swg - c:\programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
MSConfigStartUp-TrayServer - c:\programmi\MAGIX\Video_deluxe_16_Plus_Download-Version\TrayServer.exe

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-02 14:37
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

************************************************** ************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-2052111302-1214440339-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,93,fd ,8c,4a,22,61,41,bd,89,37,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,93,fd ,8c,4a,22,61,41,bd,89,37,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\System*]
"OOSAFEERASE04.00.00.01MSWINDOWS"="887E49B463BB1EB 18273281603D227179CF7A12F7849FE13796841D4D046CA74E 92C56A988B1AE27AEE345961322A41C4CF8721A7680707EEEF 1B6E276919935D71B673ECF42FEB866816A517C48F1B8A4B95 F2A9994E40EEE775596C6922B81A37A0FD728B7C7E06340DB1 9EAE6486068117F3CE49CB851E7D7A4FA3EF49DA7804C65CFA 67505C942E663322A35243C3DABEBA47EC4070F26C42F117A7 8CC28086807F28670F65385124C582DFBC7A7AE0B412BB24C3 5C05F43824B41F25D3B357891022331A01012B168B90A1AB8B 42A8322096F06E5932AAC33937ACAB64BEA7BA933FBD4CB483 1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CF EBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D5 75E7D6A3B9808A2D97226D213B5559DB7CE019D40AA5C9DB7C E019D40AA5CDD65947BC7F99D5498E66A9F66A1AEBA7129FA1 E9BA71AC97E45EB4DA01FD5838712B1DB3B4D5AB9ECE942C84 D71B152DE870F6E32AE601DE8E3D3A0F1EE95B04A342E51C2E 733E3996A10CF552820C8C350F690FAB56E444EABFA0A0FBBC BB077762D9C3F4ACC8B16A1410E16A4FBBDD96F0A95DE9D416 B4EDA47F3548812553487412023387DCCADCF3700B58AF8383 4589833DB8A8920DC3294ED361BB5D67B9AF26576B6CEA8FE3 AC6C6F343FB20B37BE34306E52AD344F7AF2B3CFBB85019663 E18D7137F837CA53927A0F923C21155A24403DD3FDE21F55F8 281FBCF42B1A41287F5DB81256CE0C98B211F3DD2D8E0FDD78 BE2917A63F8576D34ABE50EB814532815E1FCB9E9B8ABFD70E 6CD65699D93436F2A244551D2C40C1AE1967C78F85A920E40C B536403043199490C7378127671112D2A41815B45A108B7B43 98F98F2804D4F7BE39E96697A3F82E35A0C47AC70E5280DD5E 168EB936A0C46536FBCDD53D22FCF462FCDEAD0161373DB80C 7AFF0F79DE74CB3DAC0EEBF02823DDCB5CC8F32C2BEB57F8A8 AD3E63F119D06A56D4966D18D548B123E619C7E59507355E95 B15B1F252D02FB942118EC12820F44974644E80FED1F553BCA 6AB6B461F725183B6664B20B3A3E40183CDC2E8274F970E36D EF94344EEE2F99AF78E3FA26811786690580910D3679AC40C0 2B2C4CF23DA3696E6FB7169C4334716CB3D14942F4E0B2364D 89FAE933B6D9E2439FA182ABDD44AE666405943A6107BE02AD BDA24BA1C5566BF73A82D332C9C01179CCDDDC391914FA568B 31E386C61BECFB9A0D81C24A20FD1EBB8EC77BF6322485297E 41906CB2841F77187ED66C80CDEBDD13071C449BF08C05C01A 18013493017A2D98F59192E224D90A6731E7022E84EDB7D5E3 2CD0FBE7D100AED558EE912B921C91D4A5ED2162092961747E 18E6625B2092B35F548B600D91DBDBCFDA999DF4537DAAC443 8D1F6FDE64C29E41232CF4C0EC228CDE9"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(1220)
c:\windows\system32\WININET.dll
c:\programmi\McAfee Online Backup\MOBKshell.dll
c:\windows\system32\msi.dll
c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\File comuni\Nero\Lib\NeroDigitalExt.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
.
Ora fine scansione: 2011-01-02 14:41:27
ComboFix-quarantined-files.txt 2011-01-02 13:41

Pre-Run: 142.244.429.824 byte disponibili
Post-Run: 142.723.145.728 byte disponibili

- - End Of File - - C0C6BC9B2BD90A6B4A9166494026F962

**fraude** · 03-01-2011, 13:40

Log di hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.44.52, on 02/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmi\File comuni\McAfee\SystemCore\ScriptSn.20101106104529.d ll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcui_exe] "C:\Programmi\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Servizio Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Programmi\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Programmi\File comuni\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Programmi\File comuni\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Programmi\File comuni\McAfee\SystemCore\mfevtps.exe
O23 - Service: 1% (MOBKbackup) - McAfee, Inc. - C:\Programmi\McAfee Online Backup\MOBKbackup.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: @C:\Programmi\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Programmi\Nero\Update\NASvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe

--
End of file - 5716 bytes

**TDL3 Rootkit** · 03-01-2011, 15:21

Scarica ed installa Malwarebytes' Anti-Malware Free Version: http://www.malwarebytes.org
Nota - durante l'installazione:
● ti verrà richiesto di aggiornare le definizioni virali di Malwarebytes, e di avviarlo una volta installato: consenti, lasciando la spunta a:
Aggiorna Malwarebytes' Anti-Malware
Avvia Malwarebytes' Anti-Malware

Una volta installato:
● verrà mostrata la schermata principale del tool
● clicca sul pulsante Scansione completa
● ti verrà richiesto quali drive vuoi scansionare; selezionali tutti, e clicca su Scansione
● attendi pazientemente la fine della stessa
● se vengono rilevate infezioni, eliminale cliccando su Rimuovi elementi selezionati
● al termine della scansione verrà rilasciato automaticamente un log: salvalo sul Desktop perché lo dovrai allegare

Discussione: Pc rallentato ed antivirus disabilitato

Strumenti discussione

Ricerca discussione

Visualizza

Pc rallentato ed antivirus disabilitato

Permessi di invio