ciao a tutti,
quando navigo si aprono le pagine della publicita , ho provato con tutto anche con virus vari e vari anti ecc.ecc. ma niente allora vi scrivo il mio log per vedere se c'e' qualcosa di strano. Magari non è la sezione adatta, ma almeno spero di essere presa in considerazione :-(
grazie mille!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.25.06, on 02/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\Sara\AppData\Local\skesk.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\Windows\system32\WgaTray.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/webhp?sourceid=navclient&hl=it&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe InitApp
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\nnnkjkhF.dll,#1
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [funkyemoticons] C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [skesk] "c:\users\sara\appdata\local\skesk.exe" skesk
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{3666F866-5FE4-4B1E-AB3F-97BCD8A80470}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3666F866-5FE4-4B1E-AB3F-97BCD8A80470}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3666F866-5FE4-4B1E-AB3F-97BCD8A80470}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12801 bytes

1 Disattiva il Ripristino Configurazione Sistema:

Windows Vista

* Start
* Pannello di controllo
* seleziona Sistema e manutenzione
* seleziona l’icona Sistema
* nel menu a sinistra clicca su Protezione sistema
* togli la spunta alle voci che fanno riferimento ai dischi ai quali disattivare il Ripristino configurazione di sistema
* Confermare come da richiesta

Riattiva il Ripristino Configurazione Sistema solo a disinfezione terminata

2 Pulizia dei file temporanei:

ATF Cleaner Download (http://www.atribune.org/ccount/click.php?id=1) - Guida all'utilizzo (http://www.hwupgrade.it/forum/showpost.php?p=24033021&postcount=2)
Compatibile: Windows XP - Vista
Caratteristiche: non necessita di installazione

3 Fai girare questo tool

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Doppio click su combofix.exe e segui le istruzioni
Allegare il log C:\combofix.txt
N.B.: Durante la scansione verranno creati alcuni file sul desktop e poi eliminati - spariranno tutte le icone del desktop - il firewall potrebbe avvisare che verranno rimossi alcuni driver (consentire)
ComboFix deve essere eseguito a macchina dedicata - disconnessi dalla rete, disabilitando momentaneamente i realtime dei software di sicurezza

*** REGOLE di SEZIONE - obbligatoria la lettura!! *** (http://www.hwupgrade.it/forum/showthread.php?t=1751598) --> dove troverai le modalità per allegare i log

Riepilogo log da allegare:
Combofix
Nuovo log HJT

Ciao

Malwarebytes' Anti-Malware 1.34
Versione del database: 1783
Windows 6.0.6001 Service Pack 1

21/02/2009 15.45.02
mbam-log-2009-02-21 (15-45-02).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 59782
Tempo trascorso: 13 minute(s), 50 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 2
Valori di registro infetti: 2
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\CLSID\{b3102264-d09d-4322-b625-503fbf18dd7e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b3102264-d09d-4322-b625-503fbf18dd7e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Malware.Trace) -> Delete on reboot.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Users\Sara\AppData\Local\Temp\uRlkkkhI.dll_old (Trojan.Vundo) -> Delete on reboot.



Aspetto news

Non ti ho suggerito la scansione con MBAM bensì http://www.hwupgrade.it/forum/showpost.php?p=26521630&postcount=2

Allora dovrei esserci
ti posto il risultato di Combofix
ComboFix 09-03-04.01 - Sara 2009-03-05 12.36.37.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.3038.1776 [GMT 1:00]
Eseguito da: c:\users\Sara\Downloads\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Sara\AppData\Local\skesk.dat
c:\users\Sara\AppData\Local\skesk.exe
c:\users\Sara\AppData\Local\skesk_nav.dat
c:\users\Sara\AppData\Local\skesk_navps.dat

.
((((((((((((((((((((((((( Files Creati Da 2009-02-05 al 2009-03-05 )))))))))))))))))))))))))))))))))))
.

2009-03-02 17:18 . 2009-03-02 17:18 <DIR> d-------- c:\program files\Trend Micro
2009-02-28 14:03 . 2009-03-05 11:39 <DIR> d-------- c:\program files\FunkyEmoticons
2009-02-28 13:42 . 2009-02-28 13:43 <DIR> d-------- c:\program files\SecondLifeReleaseCandidate
2009-02-21 15:58 . 2009-02-21 15:58 <DIR> d-------- C:\VundoFix Backups
2009-02-21 15:29 . 2009-02-21 15:29 <DIR> d-------- c:\users\Sara\AppData\Roaming\Malwarebytes
2009-02-21 15:29 . 2009-02-21 15:29 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-21 15:29 . 2009-02-21 15:29 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-21 15:29 . 2009-02-21 15:29 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-21 15:29 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-21 15:29 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-21 11:04 . 2009-02-28 16:36 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-21 11:03 . 2009-03-05 07:29 <DIR> d-------- c:\windows\System32\drivers\Avg
2009-02-21 11:03 . 2009-02-21 11:15 <DIR> d-------- c:\users\All Users\avg8
2009-02-21 11:03 . 2009-02-21 11:15 <DIR> d-------- c:\programdata\avg8
2009-02-21 11:03 . 2009-02-21 11:03 <DIR> d-------- c:\program files\AVG
2009-02-21 11:03 . 2009-02-21 11:03 325,128 --a------ c:\windows\System32\drivers\avgldx86.sys
2009-02-21 11:03 . 2009-02-21 11:03 107,272 --a------ c:\windows\System32\drivers\avgtdix.sys
2009-02-21 11:03 . 2009-02-21 11:03 10,520 --a------ c:\windows\System32\avgrsstx.dll
2009-02-21 10:49 . 2009-02-21 10:49 30,880 --a------ c:\windows\System32\drivers\suvevxcu.sys
2009-02-21 10:37 . 2009-02-21 11:15 <DIR> d-------- c:\program files\Spyware Doctor
2009-02-16 08:57 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-16 08:57 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-16 08:56 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-16 08:56 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-16 08:56 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-16 08:56 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-16 08:56 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 12:12 --------- d-----w c:\users\Sara\AppData\Roaming\gtk-2.0
2009-02-23 16:21 --------- d-----w c:\programdata\Roxio
2009-02-22 07:31 --------- d-----w c:\program files\Common Files\Adobe
2009-02-21 14:47 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-21 14:32 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-02-21 10:13 --------- d---a-w c:\programdata\TEMP
2009-02-21 09:35 --------- d-----w c:\programdata\McAfee
2009-02-17 07:15 --------- d-----w c:\program files\Windows Mail
2009-02-16 07:46 --------- d-----w c:\programdata\FLEXnet
2009-02-04 11:43 --------- d-----w c:\users\Sara\AppData\Roaming\Skype
2009-02-04 11:42 --------- d-----w c:\users\Sara\AppData\Roaming\skypePM
2009-02-03 15:16 --------- d-----w c:\programdata\eMule
2009-02-03 15:15 --------- d-----w c:\program files\eMule
2009-01-29 23:45 --------- d-----w c:\users\Sara\AppData\Roaming\DivX
2009-01-29 23:25 --------- d-----w c:\programdata\Sony Corporation
2009-01-26 10:59 --------- d-----w c:\program files\Google
2009-01-17 08:51 --------- d-----w c:\programdata\Lavasoft
2009-01-12 07:57 --------- d-----w c:\users\Sara\AppData\Roaming\SecondLife
2009-01-11 08:33 --------- d-----w c:\program files\Yahoo!
2009-01-09 15:54 --------- d-----w c:\users\Sara\AppData\Roaming\Roxio
2009-01-05 22:33 3,751,995 ----a-w c:\windows\System32\GPhotos.scr
2008-12-27 17:19 48 ---ha-w c:\users\All Users\ezsidmv.dat
2008-12-27 17:19 48 ---ha-w c:\programdata\ezsidmv.dat
2008-12-17 21:06 0 ----a-w c:\users\Sara\AppData\Roaming\wklnhst.dat
2008-12-15 14:42 5,367,728 ----a-w c:\users\Sara\DriverDetective.exe
2008-12-15 09:39 1,030,653 ----a-w c:\users\Sara\Galaxy_Set___By_BLazteR.zip
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-07-30 262144]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-08-26 24576]
"AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2008-06-13 1097728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-21 1601304]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-18 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe [2008-08-06 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-07-01 768552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-15 17:04 98304 c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D162BD80-4082-4DE5-9ECF-1A67BF933956}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0E61A0B1-F210-47CC-990D-DE6E2C17EFFE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8A921C2A-2F53-4AFE-9AB0-0E9686738FAA}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{2D6D8243-ACE0-44D1-B98B-5FDDF147EC54}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{062C89FE-FCEE-4572-BB1A-187415B2D7E0}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{2AE98C58-E40F-4FD8-84D4-E6BADAFA9E0E}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{E93E2C62-E41C-472F-8605-3927834E6099}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{B59F30C2-D5A3-4A81-9E0B-263ACD1EE4B0}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{71FDA740-E158-4121-BB06-B49B4B406C59}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{0BB3B31A-8726-476B-BEA4-7F286ACE6024}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{CAD69975-A16E-43FB-B6EB-4C6E331F3553}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{7EB7B0E4-2214-4A78-930B-47D04D03AE33}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{51AB56A8-E89F-4FF5-BAFA-6AE382985309}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{952852D6-599E-40CF-B99D-86A66F086924}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{749EA409-6D9B-4D4F-9530-DDC084129ADA}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{B32DE7E3-EE11-440E-B576-2FF3773E2170}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{A27CB196-08AA-412A-A43C-BC4EDF60CA64}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{DB238F82-3048-4C8F-ACC8-64C022568D98}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{748B5F3D-3A54-4CB4-A71D-A02A899B3001}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{FA80B447-11C1-4149-BDD0-51C538727148}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{D610C38D-DCC0-4F63-987F-1D17F7890182}"= UDP:4662:emule
"{20C7D5FC-C50D-4F7D-9DAB-6F71791D6DFC}"= TCP:4672:eMULE
"{8D863F11-30BC-47E1-9C95-485D468EE9F8}"= TCP:11964:emul2
"{7D98DC95-1928-4F1F-A4BF-F0CE4282F33C}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{19B25B2C-3555-4BBD-A661-7C637FF4A142}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{9034B3A8-9372-445A-896D-3B98761AA79E}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{6B76EDB9-B2A4-4F7B-9E37-F439E9F78415}"= UDP:5353:Adobe CSI CS4
"{1DF15069-200B-45C5-9192-31C52C74B23B}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{319DA4FC-5688-43F6-B937-5724FB6DC748}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"TCP Query User{4EDEE57A-73E7-4D18-9B5E-B18DADCAFEE2}c:\\program files\\secondlifereleasecandidate\\slvoice.exe"= UDP:c:\program files\secondlifereleasecandidate\slvoice.exe:SLVoice
"UDP Query User{0F8AB211-8C23-4778-BDA1-6516CCE51A79}c:\\program files\\secondlifereleasecandidate\\slvoice.exe"= TCP:c:\program files\secondlifereleasecandidate\slvoice.exe:SLVoice

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-02-21 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-02-21 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-21 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-21 298264]
R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-08-26 299008]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-08-06 104992]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-08-06 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2008-08-06 29736]
R3 NETw5v32;Driver scheda Intel(R) Wireless WiFi Link per Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-04-28 3658752]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [2008-08-06 9344]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-08-26 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-08-26 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-08-26 62752]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-08-26 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-08-26 83232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - g:\autorun\Autorun.exe
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
HKCU-Run-skesk - c:\users\sara\appdata\local\skesk.exe
HKCU-Run-AdobeBridge - (no file)


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/webhp?sourceid=navclient&hl=it&ie=UTF-8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {3666F866-5FE4-4B1E-AB3F-97BCD8A80470} = 192.168.0.1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-05 12:40:05
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2009-03-05 12.42.19
ComboFix-quarantined-files.txt 2009-03-05 11:42:14

Pre-Run: 258.419.970.048 byte disponibili
Post-Run: 258,383,257,600 byte disponibili

202 --- E O F --- 2009-02-24 08:47:28


Porta pazienza eh..

Per cortesia allega i log su i Server Remoti indicati nelle Regole di sezione, grazie.

http://www.hwupgrade.it/forum/showthread.php?t=1751598

http://www.mediafire.com/download.php?ziltdzyqz20

lo devo postare da qualche altra parte forse?

http://www.mediafire.com/download.php?ziltdzyqz20

lo devo postare da qualche altra parte forse?

Procedi con le seguenti scansioni indicate ai Punti 4 - 7 - 9 della presente Guida
http://www.hwupgrade.it/forum/showthread.php?t=1599737

Riepilogo log da allegare
F-Secure
HiJackThis
PrevxCSI