LoO
04-05-2011, 17:37
Buonasera.
Nod 32 4 mi segnala questa infezione senza potermela cancellare
Oggetto:
settore MBR disco fisico 1 (c:\)
Minaccia:
Win/Olmarik.AJL trojan horse
Oltretutto ho già reinstallato Seven 2 volte ma appena entro con il c: pulito e installo il nod mi compare questa infezione.
Non so più cosa fare.
Posto il log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:48:49, on 04/05/2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
H:\PROGRAMMI E UTILITY\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5753 bytes
Sto facendo girare Spybot per cercare qualcosa, ma brancolo nel buio.
EDIT:
Aggiungo anche log MBRCheck
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-MA790XT-UD4P
Logical Drives Mask: 0x000000fd
Kernel Drivers (total 194):
0x0280F000 \SystemRoot\system32\ntoskrnl.exe
0x02DF9000 \SystemRoot\system32\hal.dll
0x00B99000 \SystemRoot\system32\kdcom.dll
0x00C0D000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C1A000 \SystemRoot\system32\PSHED.dll
0x00C2E000 \SystemRoot\system32\CLFS.SYS
0x00C8C000 \SystemRoot\system32\CI.dll
0x00D4C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00DF0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E7C000 \SystemRoot\system32\drivers\ACPI.sys
0x00ED3000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00EDC000 \SystemRoot\system32\drivers\msisadrv.sys
0x00EE6000 \SystemRoot\system32\drivers\pci.sys
0x00F19000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F26000 \SystemRoot\System32\drivers\partmgr.sys
0x00F3B000 \SystemRoot\system32\drivers\volmgr.sys
0x00F50000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FAC000 \SystemRoot\system32\drivers\pciide.sys
0x00FB3000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00FC3000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FDD000 \SystemRoot\system32\drivers\atapi.sys
0x00E00000 \SystemRoot\system32\drivers\ataport.SYS
0x00E2A000 \SystemRoot\system32\drivers\amdxata.sys
0x010AB000 \SystemRoot\system32\drivers\fltmgr.sys
0x010F7000 \SystemRoot\system32\drivers\fileinfo.sys
0x01203000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0110B000 \SystemRoot\System32\Drivers\msrpc.sys
0x013A6000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01169000 \SystemRoot\System32\Drivers\cng.sys
0x013C1000 \SystemRoot\System32\drivers\pcw.sys
0x013D2000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0145F000 \SystemRoot\system32\drivers\ndis.sys
0x01552000 \SystemRoot\system32\drivers\NETIO.SYS
0x015B2000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01620000 \SystemRoot\System32\drivers\tcpip.sys
0x01824000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0186E000 \SystemRoot\system32\DRIVERS\timntr.sys
0x01953000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01963000 \SystemRoot\system32\drivers\volsnap.sys
0x01A7D000 \SystemRoot\system32\DRIVERS\tdrpm251.sys
0x01BE3000 \SystemRoot\System32\Drivers\spldr.sys
0x01A00000 \SystemRoot\system32\DRIVERS\snapman.sys
0x01A3F000 \SystemRoot\System32\drivers\rdyboost.sys
0x01BEB000 \SystemRoot\System32\Drivers\mup.sys
0x019AF000 \SystemRoot\System32\drivers\hwpolicy.sys
0x019B8000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01600000 \SystemRoot\system32\drivers\disk.sys
0x01400000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01000000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0144F000 \SystemRoot\System32\Drivers\Null.SYS
0x01458000 \SystemRoot\System32\Drivers\Beep.SYS
0x015DD000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x013DC000 \SystemRoot\System32\drivers\vga.sys
0x0102A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x013EA000 \SystemRoot\System32\drivers\watchdog.sys
0x0104F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01058000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01061000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0106A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01075000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01086000 \SystemRoot\system32\DRIVERS\tdx.sys
0x011DB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0409A000 \SystemRoot\system32\drivers\afd.sys
0x04123000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04168000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04171000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04197000 \SystemRoot\system32\DRIVERS\netbios.sys
0x041A6000 \SystemRoot\system32\DRIVERS\serial.sys
0x041C3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x041DE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x04000000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04051000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0405D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04068000 \SystemRoot\System32\drivers\discache.sys
0x02E90000 \SystemRoot\system32\drivers\csc.sys
0x02F13000 \SystemRoot\System32\Drivers\dfsc.sys
0x02F31000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02F42000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02F68000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x02F7D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04A60000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x044BA000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x045AE000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04400000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04432000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x0443D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04493000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x05568000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x044A4000 \SystemRoot\system32\DRIVERS\Rtnic64.sys
0x0558C000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x055CA000 \SystemRoot\system32\DRIVERS\fdc.sys
0x045F4000 \SystemRoot\system32\DRIVERS\serenum.sys
0x055D7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04A00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04A0F000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04A1F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04A35000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02F86000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02F92000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02FC1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02FDC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02E00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x055F5000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x02E1A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02E29000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x00E35000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x044B6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x046F1000 \SystemRoot\system32\DRIVERS\ks.sys
0x04734000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04746000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x047A0000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x047AB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04600000 \SystemRoot\system32\drivers\HdAudio.sys
0x0465C000 \SystemRoot\system32\drivers\portcls.sys
0x04699000 \SystemRoot\system32\drivers\drmk.sys
0x046BB000 \SystemRoot\system32\drivers\ksthunk.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x046C1000 \SystemRoot\System32\drivers\Dxapi.sys
0x046CD000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x046E8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x047C0000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x047CE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x047E7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x047F0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x02E66000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004E0000 \SystemRoot\System32\TSDDD.dll
0x007B0000 \SystemRoot\System32\cdd.dll
0x04077000 \SystemRoot\system32\drivers\luafv.sys
0x01430000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x02E74000 \SystemRoot\system32\drivers\usbaudio.sys
0x041F2000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x02C30000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x02C4D000 \SystemRoot\system32\DRIVERS\eamon.sys
0x02D1F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02D34000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x066DE000 \SystemRoot\system32\drivers\HTTP.sys
0x067A7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x067C5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06600000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0662D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0667A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0669E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x066AC000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x066B8000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x066C1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x02D4C000 \SystemRoot\system32\DRIVERS\afcdp.sys
0x067DD000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
0x07EEF000 \SystemRoot\system32\drivers\peauth.sys
0x07F95000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07FA0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07FD1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07E00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0821F000 \SystemRoot\System32\DRIVERS\srv.sys
0x082B8000 \SystemRoot\system32\drivers\spsys.sys
0x77910000 \Windows\System32\ntdll.dll
0x475D0000 \Windows\System32\smss.exe
0xFFC30000 \Windows\System32\apisetschema.dll
0xFF370000 \Windows\System32\autochk.exe
0xFFAF0000 \Windows\System32\wininet.dll
0xFF8E0000 \Windows\System32\ole32.dll
0xFF860000 \Windows\System32\difxapi.dll
0xFF840000 \Windows\System32\imagehlp.dll
0xFF660000 \Windows\System32\setupapi.dll
0x777F0000 \Windows\System32\kernel32.dll
0xFF640000 \Windows\System32\sechost.dll
0xFF510000 \Windows\System32\rpcrt4.dll
0xFF430000 \Windows\System32\oleaut32.dll
0xFF1D0000 \Windows\System32\iertutil.dll
0xFF130000 \Windows\System32\msvcrt.dll
0x77AE0000 \Windows\System32\normaliz.dll
0xFF050000 \Windows\System32\advapi32.dll
0xFF000000 \Windows\System32\ws2_32.dll
0xFEFF0000 \Windows\System32\lpk.dll
0xFEF50000 \Windows\System32\clbcatq.dll
0xFEF40000 \Windows\System32\nsi.dll
0xFE1B0000 \Windows\System32\shell32.dll
0xFE140000 \Windows\System32\gdi32.dll
0x776F0000 \Windows\System32\user32.dll
0xFE110000 \Windows\System32\imm32.dll
0xFE040000 \Windows\System32\usp10.dll
0x77AD0000 \Windows\System32\psapi.dll
0xFDFA0000 \Windows\System32\comdlg32.dll
0xFDF40000 \Windows\System32\Wldap32.dll
0xFDEC0000 \Windows\System32\shlwapi.dll
0xFDD40000 \Windows\System32\urlmon.dll
0xFDC30000 \Windows\System32\msctf.dll
0xFDBF0000 \Windows\System32\cfgmgr32.dll
0xFDBB0000 \Windows\System32\wintrust.dll
0xFDB40000 \Windows\System32\KernelBase.dll
0xFDB20000 \Windows\System32\devobj.dll
0xFDA80000 \Windows\System32\comctl32.dll
0xFD910000 \Windows\System32\crypt32.dll
0xFD900000 \Windows\System32\msasn1.dll
0x757A0000 \Windows\SysWOW64\normaliz.dll
Processes (total 46):
0 System Idle Process
4 System
420 C:\Windows\System32\smss.exe
572 csrss.exe
744 C:\Windows\System32\wininit.exe
800 csrss.exe
824 C:\Windows\System32\services.exe
848 C:\Windows\System32\lsass.exe
856 C:\Windows\System32\lsm.exe
972 C:\Windows\System32\svchost.exe
432 C:\Windows\System32\winlogon.exe
532 C:\Windows\System32\svchost.exe
852 C:\Windows\System32\svchost.exe
580 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\spoolsv.exe
1508 C:\Windows\System32\svchost.exe
1616 C:\Windows\System32\taskhost.exe
1712 C:\Windows\System32\dwm.exe
1808 C:\Windows\explorer.exe
1848 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
1932 C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
1940 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
1080 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1316 C:\Program Files (x86)\MagicDisc\MagicDisc.exe
1896 C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
1204 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
2724 C:\Windows\System32\SearchIndexer.exe
2828 C:\Program Files\Windows Media Player\wmpnetwk.exe
2908 C:\Windows\System32\svchost.exe
472 C:\Windows\System32\sppsvc.exe
1664 C:\Windows\System32\svchost.exe
1260 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4072 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2696 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3416 H:\PROGRAMMI E UTILITY\HiJackThis_v2.exe
3616 C:\Windows\System32\audiodg.exe
3928 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3160 C:\Windows\System32\SearchProtocolHost.exe
3092 C:\Windows\System32\taskhost.exe
1352 C:\Windows\System32\SearchFilterHost.exe
3404 C:\Users\lollo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGC7UB71\MBRCheck[1].exe
3176 C:\Windows\System32\conhost.exe
3284 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\G: --> \\.\PhysicalDrive4 at offset 0x00000001`f50cfc00 (NTFS)
\\.\H: --> \\.\PhysicalDrive3 at offset 0x00000000`007e0000 (NTFS)
PhysicalDrive1 Model Number: WDCWD1500HLFS-01G6U1, Rev: 04.04V02
PhysicalDrive2 Model Number: WD5000BMV External, Rev: 1.75
PhysicalDrive4 Model Number: WD3200BEV External, Rev: 1.75
PhysicalDrive3 Model Number: WDC WD2500JB-00FUA0, Rev: 15.0
Size Device Name MBR Status
--------------------------------------------
139 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 43D883454798828D348BD54C7A5CBDE0A9733364
465 GB \\.\PhysicalDrive2 RE: Unknown MBR code
SHA1: D90653CCC05EE39D4D44E1F67C33297D65F3ED4F
298 GB \\.\PhysicalDrive4 RE: Western Digital MBR code detected
SHA1: CCCF1B32EE08ECFB66B30883CFF6110F69219FEA
232 GB \\.\PhysicalDrive3 RE: Unknown MBR code
SHA1: E4308E48C8095176CAFFE1A738E147D22C136234
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
Qualcuno può aiutarmi?
Vorrei pulire tutto dal disco, reinstallare seven e tornare a respirare (oltretutto ci lavoro su questa macchina...)
Grazie a chiunque venga in mio aiuto.
Nod 32 4 mi segnala questa infezione senza potermela cancellare
Oggetto:
settore MBR disco fisico 1 (c:\)
Minaccia:
Win/Olmarik.AJL trojan horse
Oltretutto ho già reinstallato Seven 2 volte ma appena entro con il c: pulito e installo il nod mi compare questa infezione.
Non so più cosa fare.
Posto il log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:48:49, on 04/05/2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
H:\PROGRAMMI E UTILITY\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5753 bytes
Sto facendo girare Spybot per cercare qualcosa, ma brancolo nel buio.
EDIT:
Aggiungo anche log MBRCheck
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-MA790XT-UD4P
Logical Drives Mask: 0x000000fd
Kernel Drivers (total 194):
0x0280F000 \SystemRoot\system32\ntoskrnl.exe
0x02DF9000 \SystemRoot\system32\hal.dll
0x00B99000 \SystemRoot\system32\kdcom.dll
0x00C0D000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C1A000 \SystemRoot\system32\PSHED.dll
0x00C2E000 \SystemRoot\system32\CLFS.SYS
0x00C8C000 \SystemRoot\system32\CI.dll
0x00D4C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00DF0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E7C000 \SystemRoot\system32\drivers\ACPI.sys
0x00ED3000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00EDC000 \SystemRoot\system32\drivers\msisadrv.sys
0x00EE6000 \SystemRoot\system32\drivers\pci.sys
0x00F19000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F26000 \SystemRoot\System32\drivers\partmgr.sys
0x00F3B000 \SystemRoot\system32\drivers\volmgr.sys
0x00F50000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FAC000 \SystemRoot\system32\drivers\pciide.sys
0x00FB3000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00FC3000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FDD000 \SystemRoot\system32\drivers\atapi.sys
0x00E00000 \SystemRoot\system32\drivers\ataport.SYS
0x00E2A000 \SystemRoot\system32\drivers\amdxata.sys
0x010AB000 \SystemRoot\system32\drivers\fltmgr.sys
0x010F7000 \SystemRoot\system32\drivers\fileinfo.sys
0x01203000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0110B000 \SystemRoot\System32\Drivers\msrpc.sys
0x013A6000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01169000 \SystemRoot\System32\Drivers\cng.sys
0x013C1000 \SystemRoot\System32\drivers\pcw.sys
0x013D2000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0145F000 \SystemRoot\system32\drivers\ndis.sys
0x01552000 \SystemRoot\system32\drivers\NETIO.SYS
0x015B2000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01620000 \SystemRoot\System32\drivers\tcpip.sys
0x01824000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0186E000 \SystemRoot\system32\DRIVERS\timntr.sys
0x01953000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01963000 \SystemRoot\system32\drivers\volsnap.sys
0x01A7D000 \SystemRoot\system32\DRIVERS\tdrpm251.sys
0x01BE3000 \SystemRoot\System32\Drivers\spldr.sys
0x01A00000 \SystemRoot\system32\DRIVERS\snapman.sys
0x01A3F000 \SystemRoot\System32\drivers\rdyboost.sys
0x01BEB000 \SystemRoot\System32\Drivers\mup.sys
0x019AF000 \SystemRoot\System32\drivers\hwpolicy.sys
0x019B8000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01600000 \SystemRoot\system32\drivers\disk.sys
0x01400000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01000000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0144F000 \SystemRoot\System32\Drivers\Null.SYS
0x01458000 \SystemRoot\System32\Drivers\Beep.SYS
0x015DD000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x013DC000 \SystemRoot\System32\drivers\vga.sys
0x0102A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x013EA000 \SystemRoot\System32\drivers\watchdog.sys
0x0104F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01058000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01061000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0106A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01075000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01086000 \SystemRoot\system32\DRIVERS\tdx.sys
0x011DB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0409A000 \SystemRoot\system32\drivers\afd.sys
0x04123000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04168000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04171000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04197000 \SystemRoot\system32\DRIVERS\netbios.sys
0x041A6000 \SystemRoot\system32\DRIVERS\serial.sys
0x041C3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x041DE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x04000000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04051000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0405D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04068000 \SystemRoot\System32\drivers\discache.sys
0x02E90000 \SystemRoot\system32\drivers\csc.sys
0x02F13000 \SystemRoot\System32\Drivers\dfsc.sys
0x02F31000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02F42000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02F68000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x02F7D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04A60000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x044BA000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x045AE000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04400000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04432000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x0443D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04493000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x05568000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x044A4000 \SystemRoot\system32\DRIVERS\Rtnic64.sys
0x0558C000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x055CA000 \SystemRoot\system32\DRIVERS\fdc.sys
0x045F4000 \SystemRoot\system32\DRIVERS\serenum.sys
0x055D7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04A00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04A0F000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04A1F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04A35000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02F86000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02F92000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02FC1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02FDC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02E00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x055F5000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x02E1A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02E29000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x00E35000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x044B6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x046F1000 \SystemRoot\system32\DRIVERS\ks.sys
0x04734000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04746000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x047A0000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x047AB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04600000 \SystemRoot\system32\drivers\HdAudio.sys
0x0465C000 \SystemRoot\system32\drivers\portcls.sys
0x04699000 \SystemRoot\system32\drivers\drmk.sys
0x046BB000 \SystemRoot\system32\drivers\ksthunk.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x046C1000 \SystemRoot\System32\drivers\Dxapi.sys
0x046CD000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x046E8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x047C0000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x047CE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x047E7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x047F0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x02E66000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004E0000 \SystemRoot\System32\TSDDD.dll
0x007B0000 \SystemRoot\System32\cdd.dll
0x04077000 \SystemRoot\system32\drivers\luafv.sys
0x01430000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x02E74000 \SystemRoot\system32\drivers\usbaudio.sys
0x041F2000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x02C30000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x02C4D000 \SystemRoot\system32\DRIVERS\eamon.sys
0x02D1F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02D34000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x066DE000 \SystemRoot\system32\drivers\HTTP.sys
0x067A7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x067C5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06600000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0662D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0667A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0669E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x066AC000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x066B8000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x066C1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x02D4C000 \SystemRoot\system32\DRIVERS\afcdp.sys
0x067DD000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
0x07EEF000 \SystemRoot\system32\drivers\peauth.sys
0x07F95000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07FA0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07FD1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07E00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0821F000 \SystemRoot\System32\DRIVERS\srv.sys
0x082B8000 \SystemRoot\system32\drivers\spsys.sys
0x77910000 \Windows\System32\ntdll.dll
0x475D0000 \Windows\System32\smss.exe
0xFFC30000 \Windows\System32\apisetschema.dll
0xFF370000 \Windows\System32\autochk.exe
0xFFAF0000 \Windows\System32\wininet.dll
0xFF8E0000 \Windows\System32\ole32.dll
0xFF860000 \Windows\System32\difxapi.dll
0xFF840000 \Windows\System32\imagehlp.dll
0xFF660000 \Windows\System32\setupapi.dll
0x777F0000 \Windows\System32\kernel32.dll
0xFF640000 \Windows\System32\sechost.dll
0xFF510000 \Windows\System32\rpcrt4.dll
0xFF430000 \Windows\System32\oleaut32.dll
0xFF1D0000 \Windows\System32\iertutil.dll
0xFF130000 \Windows\System32\msvcrt.dll
0x77AE0000 \Windows\System32\normaliz.dll
0xFF050000 \Windows\System32\advapi32.dll
0xFF000000 \Windows\System32\ws2_32.dll
0xFEFF0000 \Windows\System32\lpk.dll
0xFEF50000 \Windows\System32\clbcatq.dll
0xFEF40000 \Windows\System32\nsi.dll
0xFE1B0000 \Windows\System32\shell32.dll
0xFE140000 \Windows\System32\gdi32.dll
0x776F0000 \Windows\System32\user32.dll
0xFE110000 \Windows\System32\imm32.dll
0xFE040000 \Windows\System32\usp10.dll
0x77AD0000 \Windows\System32\psapi.dll
0xFDFA0000 \Windows\System32\comdlg32.dll
0xFDF40000 \Windows\System32\Wldap32.dll
0xFDEC0000 \Windows\System32\shlwapi.dll
0xFDD40000 \Windows\System32\urlmon.dll
0xFDC30000 \Windows\System32\msctf.dll
0xFDBF0000 \Windows\System32\cfgmgr32.dll
0xFDBB0000 \Windows\System32\wintrust.dll
0xFDB40000 \Windows\System32\KernelBase.dll
0xFDB20000 \Windows\System32\devobj.dll
0xFDA80000 \Windows\System32\comctl32.dll
0xFD910000 \Windows\System32\crypt32.dll
0xFD900000 \Windows\System32\msasn1.dll
0x757A0000 \Windows\SysWOW64\normaliz.dll
Processes (total 46):
0 System Idle Process
4 System
420 C:\Windows\System32\smss.exe
572 csrss.exe
744 C:\Windows\System32\wininit.exe
800 csrss.exe
824 C:\Windows\System32\services.exe
848 C:\Windows\System32\lsass.exe
856 C:\Windows\System32\lsm.exe
972 C:\Windows\System32\svchost.exe
432 C:\Windows\System32\winlogon.exe
532 C:\Windows\System32\svchost.exe
852 C:\Windows\System32\svchost.exe
580 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\spoolsv.exe
1508 C:\Windows\System32\svchost.exe
1616 C:\Windows\System32\taskhost.exe
1712 C:\Windows\System32\dwm.exe
1808 C:\Windows\explorer.exe
1848 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
1932 C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
1940 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
1080 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1316 C:\Program Files (x86)\MagicDisc\MagicDisc.exe
1896 C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
1204 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
2724 C:\Windows\System32\SearchIndexer.exe
2828 C:\Program Files\Windows Media Player\wmpnetwk.exe
2908 C:\Windows\System32\svchost.exe
472 C:\Windows\System32\sppsvc.exe
1664 C:\Windows\System32\svchost.exe
1260 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4072 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2696 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3416 H:\PROGRAMMI E UTILITY\HiJackThis_v2.exe
3616 C:\Windows\System32\audiodg.exe
3928 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3160 C:\Windows\System32\SearchProtocolHost.exe
3092 C:\Windows\System32\taskhost.exe
1352 C:\Windows\System32\SearchFilterHost.exe
3404 C:\Users\lollo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGC7UB71\MBRCheck[1].exe
3176 C:\Windows\System32\conhost.exe
3284 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\G: --> \\.\PhysicalDrive4 at offset 0x00000001`f50cfc00 (NTFS)
\\.\H: --> \\.\PhysicalDrive3 at offset 0x00000000`007e0000 (NTFS)
PhysicalDrive1 Model Number: WDCWD1500HLFS-01G6U1, Rev: 04.04V02
PhysicalDrive2 Model Number: WD5000BMV External, Rev: 1.75
PhysicalDrive4 Model Number: WD3200BEV External, Rev: 1.75
PhysicalDrive3 Model Number: WDC WD2500JB-00FUA0, Rev: 15.0
Size Device Name MBR Status
--------------------------------------------
139 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 43D883454798828D348BD54C7A5CBDE0A9733364
465 GB \\.\PhysicalDrive2 RE: Unknown MBR code
SHA1: D90653CCC05EE39D4D44E1F67C33297D65F3ED4F
298 GB \\.\PhysicalDrive4 RE: Western Digital MBR code detected
SHA1: CCCF1B32EE08ECFB66B30883CFF6110F69219FEA
232 GB \\.\PhysicalDrive3 RE: Unknown MBR code
SHA1: E4308E48C8095176CAFFE1A738E147D22C136234
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
Qualcuno può aiutarmi?
Vorrei pulire tutto dal disco, reinstallare seven e tornare a respirare (oltretutto ci lavoro su questa macchina...)
Grazie a chiunque venga in mio aiuto.