AVVISI DI PROTEZIONE

[francois87]

ciao luke,non so se il problema dell'avviso di protezione si potrà risolvere;nel frattempo ti vorrei chiedere una cosa:sono convinto anzi sicuro che il virus che avevo..precisamente il Rootkit sia nella mia pendrive.se volessi eliminarlo...funzionerebbe inserendo la mia pendrive nel pc e avviando Combofix????pensi che lo potrebbe eliminare????

[Frate Aurelio]

@francois87
Ciao.

Non inserire assolutamente la pendrive.
Infetteresti nuovamente il PC !!
Attendi istruzioni.

Frate Aurelio

[Frate Aurelio]

Esegui per favore:
■ Pulizia Malaware
● Scarica MalwareBytes
http://www.malwarebytes.org/mbam.php
● aggiornalo
● Importante:
se non riesci ad aggiornarlo:
● Scarica Aggiornamento DataBase (mbanìm-rules.exe) da:
http://www.gt500.org/malwarebytes/database.jsp
- clicca sul programma scaricato
- esegui una scansione completa .
● Importante:
Al termine della scansione clicca sul pulsante:
- Mostra Risultati
- Seleziona tutti i file infetti eventualmente trovati ed eliminali.
- Postaci il log di fine scansione che crea


ATTENZIONE
All’inserimento della Pendrive si attiva il file autorun.inf della pendrive contaminando nuovamente il PC.
Il funzionamento della chiavetta si basa sulla funzionalità Autoplay di Windows.
Per poterla inserire nuovamente, senza infettare nuovamente il PC, è necessario disabilitare tale funzione utilizzando il programma:

■ Tweak UI
● Effettuate il download da:
http://www.microsoft.com/windowsxp/down ... rtoys.mspx
(Si trova nella colonna a destra del sito aperto)
● Terminata l’installazione, attivatelo:
Start►Tutti i programmi►Powertoys for Windows XP►Tweak UI.
● Nella parte destra della finestra principale del programma eseguite:
- My Computer►AutoPlay►Types
● Nella finestra a destra togliere la spunta a:
- Enable Autoplay for removable drives
- Apply►OK

A questo punto eseguire il backup e formattare tranquillamente la Pendrive.

● Ripristinare l’autoplay spuntando nella finestra a destra:
- Enable Autoplay for removable drives
- Apply►OK

Per ostacolare le infezioni nelle Pendrive formattate, eseguire questa procedura:

■ Abilitare la visualizzazione delle estensioni per tutti i file
Start►Risorse del computer►Strumenti►opzioni cartella►Visualizzazioni►
● Levare la spunta da:
- Nascondi le estensioni per i tipi di file conosciuti
■ Attivare Blocco Note
- Salvare il file vuoto nella pendrive con il nome autorun.inf

■ Modificare l’attributo del file salvato
● selezionare il file creato
- Tasto destro del mouse►Proprietà
● selezionare spuntando:
- Solo lettura
● Eseguire:
- Applica
- OK

■ Disabilitare la visualizzazione delle estensioni per tutti i file
Start►Risorse del computer►Strumenti►opzioni cartella►Visualizzazioni►
● Mettere la spunta a:
- Nascondi le estensioni per i tipi di file conosciuti

Frate Aurelio

[francois87]

frate aurelio ecco il log:

Malwarebytes' Anti-Malware 1.34
Versione del database: 1757
Windows 5.1.2600 Service Pack 2

2009-02-13 12:17:42
mbam-log-2009-02-13 (12-17-42).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 98575
Tempo trascorso: 33 minute(s), 5 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

[Frate Aurelio]

@francois85
ciao.

Il PC sembra pulito.
Hai fatto quelle procedure relative alla pendrive ?
Sono importanti.
Per quanto riguarda la continua comparsa dell'avviso di protezione, io non so proprio cosa consigliarti.
Aspettiamo Luke57, forse ha la soluzione nel cassetto...

Frate Aurelio

[francois87]

ciao frate aurelio,la procedura della pendrive ancora non l'ho fatto,ma oggi ci provo...dato che non ho impegni urgenti.appena finisco ti faccio sapere come è andata.per gli avvisi di protezione,spero che si trovi una soluzione,perchè credimi è un messaggio fastidiosissimo,oltre ad impedirmi di aggiornare il mio vecchio e caro avast 4.8....speriamo bene.

[francois87]

frate aurelio,ho fatto l'operazione che mi hai consigliato e pare che sia andata tutto apposto,apparte solo che all'inizio mi dava qualche problema sulla formattazione della pandrive e sulla succcessiva creazione del file "blocco notes" da salvare nella medesima pendrive.alla fine ci sono riuscito...ma facendo avviare di nuovo Combofix mi ha trovato alcuni virus..simili a quelli di prima.ps quando dovevo rimettere la spunta su Tweak UI l'ho trovata già messa...molto strano.
Ti posto il file di Combofix:


ComboFix 09-02-08.01 - User 2009-02-15 18:31:52.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.256.135 [GMT 1:00]
Eseguito da: c:\documents and settings\User\desktop\abc.exe
Opzioni usate :: /killall
AV: avast! antivirus 4.8.1229 [VPS 080723-1] *On-access scanning enabled* (Outdated)

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1utbfd.bat
C:\Autorun.inf
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
c:\windows\system32\olhrwef.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-01-15 al 2009-02-15 )))))))))))))))))))))))))))))))))))
.

2009-02-15 17:53 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2009-02-15 17:53 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2009-02-15 12:03 . 2009-02-15 17:58 106,803 -r-hs---- C:\qphdin.com
2009-02-14 19:46 . 2009-02-14 19:45 107,898 -r-hs---- C:\ur0.com
2009-02-14 12:15 . 2009-02-14 12:27 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Canon
2009-02-14 12:12 . 2001-05-17 14:25 339,968 -ra------ c:\windows\system32\N067UFW.dll
2009-02-14 12:12 . 2001-08-22 20:36 323,644 -ra------ c:\windows\system32\UCS32P.DLL
2009-02-14 12:12 . 2001-08-22 20:37 114,688 -ra------ c:\windows\system32\SG62UUD.DLL
2009-02-14 12:12 . 2001-08-22 20:37 28,720 -ra------ c:\windows\system32\SG62CPL.DLL
2009-02-14 12:12 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-02-14 12:12 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-02-13 15:56 . 2009-02-13 15:56 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\DivX
2009-02-13 15:56 . 2009-02-13 16:10 69 --a------ c:\windows\NeroDigital.ini
2009-02-13 11:30 . 2009-02-13 11:30 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-02-13 11:30 . 2009-02-13 11:30 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Malwarebytes
2009-02-13 11:30 . 2009-02-13 11:30 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-02-13 11:30 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-13 11:30 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-08 23:11 . 2009-02-08 23:11 <DIR> d-------- C:\SOPHTEMP
2009-02-08 18:43 . 2009-02-08 18:43 <DIR> d-------- c:\programmi\Sophos
2009-02-05 11:01 . 2009-02-05 11:01 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\EPSON
2009-02-05 11:01 . 2006-05-08 03:00 75,264 --a------ c:\windows\system32\E_FLBBOE.DLL
2009-02-05 11:01 . 2006-04-19 03:00 62,976 --a------ c:\windows\system32\E_FD4BBOE.DLL
2009-02-05 11:01 . 2004-09-10 21:12 49,152 --a------ c:\windows\system32\E_DCINST.DLL
2009-02-04 21:15 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-02-04 21:15 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-02-04 16:56 . 2009-02-14 12:35 32 --a------ c:\windows\album.ini
2009-02-04 16:43 . 2009-02-04 16:48 <DIR> d-------- c:\documents and settings\User\Contacts
2009-02-04 16:41 . 2009-02-04 16:41 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-02-04 16:41 . 2009-02-04 16:41 <DIR> d-------- c:\programmi\MSN Messenger
2009-02-03 19:24 . 2004-08-19 15:39 16,384 --a------ c:\windows\system32\ipsink.ax
2009-02-03 19:24 . 2004-08-03 23:10 15,360 --a------ c:\windows\system32\drivers\StreamIP.sys
2009-02-03 19:24 . 2004-08-03 23:10 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
2009-02-03 19:23 . 2004-08-03 23:10 85,376 --a------ c:\windows\system32\drivers\NABTSFEC.sys
2009-02-03 19:23 . 2004-08-03 23:10 85,376 --a--c--- c:\windows\system32\dllcache\nabtsfec.sys
2009-02-03 19:23 . 2004-08-03 23:07 59,264 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-02-03 19:23 . 2004-08-03 23:07 59,264 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2009-02-03 19:23 . 2004-08-03 23:10 19,328 --a------ c:\windows\system32\drivers\WSTCODEC.SYS
2009-02-03 19:23 . 2004-08-03 23:10 19,328 --a--c--- c:\windows\system32\dllcache\wstcodec.sys
2009-02-03 19:23 . 2004-08-03 23:10 17,024 --a------ c:\windows\system32\drivers\CCDECODE.sys
2009-02-03 19:23 . 2004-08-03 23:10 17,024 --a--c--- c:\windows\system32\dllcache\ccdecode.sys
2009-02-03 19:22 . 2009-02-03 19:22 <DIR> d-------- c:\programmi\File comuni\logishrd
2009-02-03 19:21 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-02-03 19:21 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-02-03 19:17 . 2009-02-03 19:17 <DIR> d-------- c:\programmi\Camfrog
2009-02-03 19:17 . 2009-02-03 19:17 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Camfrog
2009-02-03 17:50 . 2009-02-03 17:50 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\vlc
2009-02-03 17:16 . 2009-02-15 17:28 <DIR> d-------- c:\programmi\eMule
2009-02-03 16:54 . 2009-02-03 17:59 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-02-03 16:41 . 2009-02-03 16:41 <DIR> d-------- c:\programmi\Alwil Software
2009-02-03 16:13 . 2009-02-03 16:13 <DIR> d-------- c:\documents and settings\NetworkService\Menu Avvio
2009-02-03 16:02 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-03 15:29 . 2009-02-03 16:52 <DIR> d--h----- c:\windows\$hf_mig$
2009-02-02 22:48 . 2009-02-02 22:48 <DIR> d-------- c:\programmi\ArcSoft
2009-02-02 22:48 . 1998-10-06 18:57 327,168 --a------ c:\windows\IsUn0410.exe
2009-02-02 22:48 . 2001-06-20 09:59 21 --a------ c:\windows\PS_setup.ini
2009-02-02 22:46 . 2009-02-04 16:56 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\ArcSoft
2009-02-02 22:45 . 1999-05-26 09:46 212,480 --a------ c:\windows\pcdlib32.dll
2009-02-02 22:38 . 2009-02-02 22:38 <DIR> d-------- c:\programmi\VideoLAN
2009-02-02 21:40 . 2009-02-02 21:40 <DIR> d-------- c:\windows\Motive
2009-02-02 21:40 . 2009-02-02 21:40 <DIR> d-------- c:\programmi\Pirelli
2009-02-02 21:40 . 2009-02-02 21:40 <DIR> d-------- c:\programmi\Common Files
2009-02-02 21:40 . 2009-02-02 21:40 <DIR> d-------- c:\documents and settings\LocalService\Menu Avvio
2009-02-02 21:40 . 2004-10-05 17:41 52,864 --a------ c:\windows\system32\drivers\CnxTrUsb.sys
2009-02-02 21:40 . 2004-10-05 17:41 25,984 --a------ c:\windows\system32\drivers\CnxTrLan.sys
2009-02-02 21:39 . 2009-02-02 21:40 <DIR> d-------- c:\programmi\Motive
2009-02-02 21:39 . 2009-02-02 21:40 <DIR> d-------- c:\programmi\Alice ti aiuta
2009-02-02 21:38 . 2009-02-02 21:38 <DIR> d-------- c:\programmi\Telecom Italia
2009-02-02 21:38 . 2009-02-02 21:38 <DIR> d-------- c:\programmi\File comuni\InstallShield
2009-02-02 17:12 . 2009-02-02 17:12 <DIR> d-------- c:\programmi\DivX
2009-02-02 17:03 . 2009-02-02 17:03 <DIR> d-------- c:\programmi\Windows Media Connect 2
2009-02-02 17:01 . 2009-02-02 17:01 <DIR> d-------- c:\windows\system32\LogFiles
2009-02-02 17:01 . 2009-02-02 17:02 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-02-02 17:01 . 2006-09-25 17:58 23,856 --a------ c:\windows\system32\spupdsvc.exe
2009-02-02 16:59 . 2009-02-02 16:59 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-02-02 16:16 . 2009-02-02 16:16 25 --a------ c:\windows\mixerdef.ini
2009-01-31 13:22 . 2009-02-03 19:14 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-01-31 12:43 . 2009-01-31 12:44 <DIR> d-------- c:\programmi\File comuni\Adobe
2009-01-31 12:40 . 2009-01-31 12:40 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\CyberLink
2009-01-31 12:39 . 2009-02-02 22:45 <DIR> d--h----- c:\programmi\InstallShield Installation Information
2009-01-31 12:31 . 2009-02-06 17:45 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Ahead
2009-01-31 12:29 . 2009-01-31 12:29 <DIR> d-------- c:\programmi\Nero
2009-01-31 12:29 . 2009-01-31 12:32 <DIR> d-------- c:\programmi\File comuni\Ahead
2009-01-31 11:51 . 2009-01-31 11:52 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Vso
2009-01-31 11:51 . 2009-01-31 11:51 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2009-01-31 11:51 . 2009-01-31 11:52 47,360 --a------ c:\documents and settings\User\Dati applicazioni\pcouffin.sys
2009-01-31 11:23 . 2006-10-26 19:58 30,512 --a------ c:\windows\system32\mdimon.dll
2009-01-31 11:22 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-01-31 11:18 . 2009-01-31 11:18 <DIR> d-------- c:\programmi\Microsoft Works
2009-01-31 11:17 . 2009-01-31 11:17 <DIR> d-------- c:\programmi\MSBuild
2009-01-31 11:16 . 2009-01-31 11:16 <DIR> d-------- c:\programmi\Microsoft.NET
2009-01-31 11:06 . 2009-01-31 11:06 <DIR> d-------- c:\programmi\Microsoft Visual Studio 8
2009-01-31 11:06 . 2009-01-31 11:06 <DIR> d-------- C:\IDE
2009-01-31 11:05 . 2009-01-31 11:17 <DIR> d-------- c:\windows\SHELLNEW
2009-01-31 11:04 . 2009-01-31 11:04 <DIR> dr-h----- C:\MSOCache
2009-01-31 10:51 . 2009-01-31 11:23 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-01-31 09:39 . 2009-01-31 09:39 <DIR> d---s---- c:\documents and settings\User\UserData
2009-01-31 09:36 . 2007-10-15 15:57 182,784 --a------ c:\windows\system32\drivers\wg111v2.sys
2009-01-31 09:34 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 20:39 155,995 ----a-w c:\windows\java\Packages\7ZFHRFTJ.ZIP
2009-01-30 18:57 --------- d-----w c:\programmi\microsoft frontpage
2009-01-30 18:54 --------- d-----w c:\programmi\Servizi in linea
.

((((((((((((((((((((((((((((( SnapShot@2009-02-09_11.13.40.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-03 15:35:11 291,680 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-13 18:48:19 293,272 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-15 17:34:45 16,384 ----atw c:\windows\temp\Perflib_Perfdata_5a0.dat
+ 2001-08-22 19:36:58 45,056 ----a-r c:\windows\twain_32\N067U\CANOIT32.exe
+ 2001-08-22 19:37:00 991,272 ----a-r c:\windows\twain_32\N067U\CSUI.dll
+ 2001-08-22 19:37:00 180,268 ----a-r c:\windows\twain_32\N067U\DEVUI.dll
+ 2001-08-22 19:37:00 180,272 ----a-r c:\windows\twain_32\N067U\IMGENH.dll
+ 2001-08-22 19:37:02 2,551,852 ----a-r c:\windows\twain_32\N067U\IOP.dll
+ 2001-08-22 19:36:58 119,808 ----a-r c:\windows\twain_32\N067U\ITLIB32.dll
+ 2001-08-22 19:36:58 24,576 ----a-r c:\windows\twain_32\N067U\JDA_CIMG.DLL
+ 2001-08-22 19:36:58 24,576 ----a-r c:\windows\twain_32\N067U\JDA_MEM.DLL
+ 2001-05-25 11:38:58 393,264 ----a-r c:\windows\twain_32\N067U\N067U.DAT
+ 2001-08-22 19:36:58 36,864 ----a-r c:\windows\twain_32\N067U\NBS4MB.DLL
+ 2001-08-22 19:36:58 479,232 ----a-r c:\windows\twain_32\N067U\NBSCOR4M.DLL
+ 2001-08-22 19:36:58 73,728 ----a-r c:\windows\twain_32\N067U\RMSLANTC.DLL
+ 2001-08-22 19:37:02 909,362 ----a-r c:\windows\twain_32\N067U\SCANINTF.dll
+ 2001-05-25 14:35:18 527,968 ----a-r c:\windows\twain_32\N067U\SGIPPDEF.DAT
+ 2001-08-22 19:37:00 49,200 ----a-r c:\windows\twain_32\N067U\SYSERROR.exe
+ 2001-08-22 19:37:02 233,512 ----a-r c:\windows\twain_32\N067U\TPM.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"EPSON Stylus Photo R360 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE" [2006-05-29 139264]
"cdoosoft"="c:\windows\system32\olhrwef.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"C-Media Mixer"="Mixer.exe" [2002-06-12 c:\windows\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-02-02 212992]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-03 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-03 20560]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-01-31 182784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37409c04-f171-11dd-a288-000827dd3010}]
\Shell\AutoRun\command - G:\qphdin.com
\Shell\open\Command - G:\qphdin.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ab02d12-f2f8-11dd-a296-000827dd3010}]
\Shell\AutoRun\command - G:\m0vnonh.bat
\Shell\open\Command - G:\m0vnonh.bat
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 18:35:37
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5.tmp"
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\WgaTray.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
.
**************************************************************************
.
Ora fine scansione: 2009-02-15 18:39:01 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-02-15 17:38:56
ComboFix2.txt 2009-02-15 11:57:55
ComboFix3.txt 2009-02-10 10:01:35
ComboFix4.txt 2009-02-09 18:33:53
ComboFix5.txt 2009-02-15 17:31:12

Pre-Run: 47,519,899,648 byte disponibili
Post-Run: 47,517,704,192 byte disponibili

231 --- E O F --- 2009-02-03 17:16:25

[Luke57]

Ciao, adesso nel file CFScript.txt inserisci questo file di testo al posto dell'altro, salvando la modifica:

Codice: Seleziona tutto

File::
C:\qphdin.com
C:\ur0.com
G:\qphdin.com
G:\m0vnonh.bat

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdoosoft"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37409c04-f171-11dd-a288-000827dd3010}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ab02d12-f2f8-11dd-a296-000827dd3010}]

solito trascinamento sull'icona di combofix per una nuova scansione. Al termine di essa posta il nuovo report.

[francois87]

ciao luke ecco il log:

ComboFix 09-02-08.01 - User 2009-02-16 14:48:31.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.256.79 [GMT 1:00]
Eseguito da: c:\documents and settings\User\Desktop\abc.exe
Opzioni usate :: c:\documents and settings\User\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1229 [VPS 080723-1] *On-access scanning enabled* (Outdated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
C:\qphdin.com
C:\ur0.com
G:\m0vnonh.bat
G:\qphdin.com
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\qphdin.com
C:\ur0.com

.
((((((((((((((((((((((((( Files Creati Da 2009-01-16 al 2009-02-16 )))))))))))))))))))))))))))))))))))
.

2009-02-15 17:53 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2009-02-15 17:53 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2009-02-14 12:15 . 2009-02-14 12:27 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Canon
2009-02-14 12:12 . 2001-05-17 14:25 339,968 -ra------ c:\windows\system32\N067UFW.dll
2009-02-14 12:12 . 2001-08-22 20:36 323,644 -ra------ c:\windows\system32\UCS32P.DLL
2009-02-14 12:12 . 2001-08-22 20:37 114,688 -ra------ c:\windows\system32\SG62UUD.DLL
2009-02-14 12:12 . 2001-08-22 20:37 28,720 -ra------ c:\windows\system32\SG62CPL.DLL
2009-02-14 12:12 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-02-14 12:12 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-02-13 15:56 . 2009-02-13 15:56 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\DivX
2009-02-13 15:56 . 2009-02-13 16:10 69 --a------ c:\windows\NeroDigital.ini
2009-02-13 11:30 . 2009-02-13 11:30 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-02-13 11:30 . 2009-02-13 11:30 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Malwarebytes
2009-02-13 11:30 . 2009-02-13 11:30 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-02-13 11:30 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-13 11:30 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-08 23:11 . 2009-02-08 23:11 <DIR> d-------- C:\SOPHTEMP
2009-02-08 18:43 . 2009-02-08 18:43 <DIR> d-------- c:\programmi\Sophos
2009-02-05 11:01 . 2009-02-05 11:01 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\EPSON
2009-02-05 11:01 . 2006-05-08 03:00 75,264 --a------ c:\windows\system32\E_FLBBOE.DLL
2009-02-05 11:01 . 2006-04-19 03:00 62,976 --a------ c:\windows\system32\E_FD4BBOE.DLL
2009-02-05 11:01 . 2004-09-10 21:12 49,152 --a------ c:\windows\system32\E_DCINST.DLL
2009-02-04 21:15 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-02-04 21:15 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-02-04 16:56 . 2009-02-14 12:35 32 --a------ c:\windows\album.ini
2009-02-04 16:43 . 2009-02-04 16:48 <DIR> d-------- c:\documents and settings\User\Contacts
2009-02-04 16:41 . 2009-02-04 16:41 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-02-04 16:41 . 2009-02-04 16:41 <DIR> d-------- c:\programmi\MSN Messenger
2009-02-03 19:24 . 2004-08-19 15:39 16,384 --a------ c:\windows\system32\ipsink.ax
2009-02-03 19:24 . 2004-08-03 23:10 15,360 --a------ c:\windows\system32\drivers\StreamIP.sys
2009-02-03 19:24 . 2004-08-03 23:10 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
2009-02-03 19:23 . 2004-08-03 23:10 85,376 --a------ c:\windows\system32\drivers\NABTSFEC.sys
2009-02-03 19:23 . 2004-08-03 23:10 85,376 --a--c--- c:\windows\system32\dllcache\nabtsfec.sys
2009-02-03 19:23 . 2004-08-03 23:07 59,264 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-02-03 19:23 . 2004-08-03 23:07 59,264 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2009-02-03 19:23 . 2004-08-03 23:10 19,328 --a------ c:\windows\system32\drivers\WSTCODEC.SYS
2009-02-03 19:23 . 2004-08-03 23:10 19,328 --a--c--- c:\windows\system32\dllcache\wstcodec.sys
2009-02-03 19:23 . 2004-08-03 23:10 17,024 --a------ c:\windows\system32\drivers\CCDECODE.sys
2009-02-03 19:23 . 2004-08-03 23:10 17,024 --a--c--- c:\windows\system32\dllcache\ccdecode.sys
2009-02-03 19:22 . 2009-02-03 19:22 <DIR> d-------- c:\programmi\File comuni\logishrd
2009-02-03 19:21 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-02-03 19:21 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-02-03 19:17 . 2009-02-03 19:17 <DIR> d-------- c:\programmi\Camfrog
2009-02-03 19:17 . 2009-02-03 19:17 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Camfrog
2009-02-03 17:50 . 2009-02-03 17:50 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\vlc
2009-02-03 17:16 . 2009-02-16 14:45 <DIR> d-------- c:\programmi\eMule
2009-02-03 16:54 . 2009-02-03 17:59 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-02-03 16:41 . 2009-02-03 16:41 <DIR> d-------- c:\programmi\Alwil Software
2009-02-03 16:13 . 2009-02-03 16:13 <DIR> d-------- c:\documents and settings\NetworkService\Menu Avvio
2009-02-03 16:02 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-03 15:29 . 2009-02-03 16:52 <DIR> d--h----- c:\windows\$hf_mig$
2009-02-02 22:48 . 2009-02-02 22:48 <DIR> d-------- c:\programmi\ArcSoft
2009-02-02 22:48 . 1998-10-06 18:57 327,168 --a------ c:\windows\IsUn0410.exe
2009-02-02 22:48 . 2001-06-20 09:59 21 --a------ c:\windows\PS_setup.ini
2009-02-02 22:46 . 2009-02-04 16:56 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\ArcSoft
2009-02-02 22:45 . 1999-05-26 09:46 212,480 --a------ c:\windows\pcdlib32.dll
2009-02-02 22:38 . 2009-02-02 22:38 <DIR> d-------- c:\programmi\VideoLAN
2009-02-02 21:40 . 2009-02-02 21:40 <DIR> d-------- c:\windows\Motive
2009-02-02 21:40 . 2009-02-02 21:40 <DIR> d-------- c:\programmi\Pirelli
2009-02-02 21:40 . 2009-02-02 21:40 <DIR> d-------- c:\programmi\Common Files
2009-02-02 21:40 . 2009-02-02 21:40 <DIR> d-------- c:\documents and settings\LocalService\Menu Avvio
2009-02-02 21:40 . 2004-10-05 17:41 52,864 --a------ c:\windows\system32\drivers\CnxTrUsb.sys
2009-02-02 21:40 . 2004-10-05 17:41 25,984 --a------ c:\windows\system32\drivers\CnxTrLan.sys
2009-02-02 21:39 . 2009-02-02 21:40 <DIR> d-------- c:\programmi\Motive
2009-02-02 21:39 . 2009-02-02 21:40 <DIR> d-------- c:\programmi\Alice ti aiuta
2009-02-02 21:38 . 2009-02-02 21:38 <DIR> d-------- c:\programmi\Telecom Italia
2009-02-02 21:38 . 2009-02-02 21:38 <DIR> d-------- c:\programmi\File comuni\InstallShield
2009-02-02 17:12 . 2009-02-02 17:12 <DIR> d-------- c:\programmi\DivX
2009-02-02 17:03 . 2009-02-02 17:03 <DIR> d-------- c:\programmi\Windows Media Connect 2
2009-02-02 17:01 . 2009-02-02 17:01 <DIR> d-------- c:\windows\system32\LogFiles
2009-02-02 17:01 . 2009-02-02 17:02 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-02-02 17:01 . 2006-09-25 17:58 23,856 --a------ c:\windows\system32\spupdsvc.exe
2009-02-02 16:59 . 2009-02-02 16:59 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-02-02 16:16 . 2009-02-02 16:16 25 --a------ c:\windows\mixerdef.ini
2009-01-31 13:22 . 2009-02-03 19:14 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-01-31 12:43 . 2009-01-31 12:44 <DIR> d-------- c:\programmi\File comuni\Adobe
2009-01-31 12:40 . 2009-01-31 12:40 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\CyberLink
2009-01-31 12:39 . 2009-02-02 22:45 <DIR> d--h----- c:\programmi\InstallShield Installation Information
2009-01-31 12:31 . 2009-02-06 17:45 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Ahead
2009-01-31 12:29 . 2009-01-31 12:29 <DIR> d-------- c:\programmi\Nero
2009-01-31 12:29 . 2009-01-31 12:32 <DIR> d-------- c:\programmi\File comuni\Ahead
2009-01-31 11:51 . 2009-01-31 11:52 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Vso
2009-01-31 11:51 . 2009-01-31 11:51 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2009-01-31 11:51 . 2009-01-31 11:52 47,360 --a------ c:\documents and settings\User\Dati applicazioni\pcouffin.sys
2009-01-31 11:23 . 2006-10-26 19:58 30,512 --a------ c:\windows\system32\mdimon.dll
2009-01-31 11:22 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-01-31 11:18 . 2009-01-31 11:18 <DIR> d-------- c:\programmi\Microsoft Works
2009-01-31 11:17 . 2009-01-31 11:17 <DIR> d-------- c:\programmi\MSBuild
2009-01-31 11:16 . 2009-01-31 11:16 <DIR> d-------- c:\programmi\Microsoft.NET
2009-01-31 11:06 . 2009-01-31 11:06 <DIR> d-------- c:\programmi\Microsoft Visual Studio 8
2009-01-31 11:06 . 2009-01-31 11:06 <DIR> d-------- C:\IDE
2009-01-31 11:05 . 2009-01-31 11:17 <DIR> d-------- c:\windows\SHELLNEW
2009-01-31 11:04 . 2009-01-31 11:04 <DIR> dr-h----- C:\MSOCache
2009-01-31 10:51 . 2009-01-31 11:23 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-01-31 09:39 . 2009-01-31 09:39 <DIR> d---s---- c:\documents and settings\User\UserData
2009-01-31 09:36 . 2007-10-15 15:57 182,784 --a------ c:\windows\system32\drivers\wg111v2.sys
2009-01-31 09:34 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 20:39 155,995 ----a-w c:\windows\java\Packages\7ZFHRFTJ.ZIP
2009-01-30 18:57 --------- d-----w c:\programmi\microsoft frontpage
2009-01-30 18:54 --------- d-----w c:\programmi\Servizi in linea
.

((((((((((((((((((((((((((((( SnapShot@2009-02-09_11.13.40.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-03 15:35:11 291,680 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-13 18:48:19 293,272 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-16 10:03:34 16,384 ----atw c:\windows\temp\Perflib_Perfdata_54c.dat
+ 2001-08-22 19:36:58 45,056 ----a-r c:\windows\twain_32\N067U\CANOIT32.exe
+ 2001-08-22 19:37:00 991,272 ----a-r c:\windows\twain_32\N067U\CSUI.dll
+ 2001-08-22 19:37:00 180,268 ----a-r c:\windows\twain_32\N067U\DEVUI.dll
+ 2001-08-22 19:37:00 180,272 ----a-r c:\windows\twain_32\N067U\IMGENH.dll
+ 2001-08-22 19:37:02 2,551,852 ----a-r c:\windows\twain_32\N067U\IOP.dll
+ 2001-08-22 19:36:58 119,808 ----a-r c:\windows\twain_32\N067U\ITLIB32.dll
+ 2001-08-22 19:36:58 24,576 ----a-r c:\windows\twain_32\N067U\JDA_CIMG.DLL
+ 2001-08-22 19:36:58 24,576 ----a-r c:\windows\twain_32\N067U\JDA_MEM.DLL
+ 2001-05-25 11:38:58 393,264 ----a-r c:\windows\twain_32\N067U\N067U.DAT
+ 2001-08-22 19:36:58 36,864 ----a-r c:\windows\twain_32\N067U\NBS4MB.DLL
+ 2001-08-22 19:36:58 479,232 ----a-r c:\windows\twain_32\N067U\NBSCOR4M.DLL
+ 2001-08-22 19:36:58 73,728 ----a-r c:\windows\twain_32\N067U\RMSLANTC.DLL
+ 2001-08-22 19:37:02 909,362 ----a-r c:\windows\twain_32\N067U\SCANINTF.dll
+ 2001-05-25 14:35:18 527,968 ----a-r c:\windows\twain_32\N067U\SGIPPDEF.DAT
+ 2001-08-22 19:37:00 49,200 ----a-r c:\windows\twain_32\N067U\SYSERROR.exe
+ 2001-08-22 19:37:02 233,512 ----a-r c:\windows\twain_32\N067U\TPM.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"EPSON Stylus Photo R360 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE" [2006-05-29 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"C-Media Mixer"="Mixer.exe" [2002-06-12 c:\windows\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-02-02 212992]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-03 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-03 20560]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-01-31 182784]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 14:50:19
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5.tmp"
.
Ora fine scansione: 2009-02-16 14:52:22
ComboFix-quarantined-files.txt 2009-02-16 13:52:19
ComboFix2.txt 2009-02-15 17:39:05
ComboFix3.txt 2009-02-15 11:57:55
ComboFix4.txt 2009-02-10 10:01:35
ComboFix5.txt 2009-02-16 13:47:25

Pre-Run: 49,579,687,936 byte disponibili
Post-Run: 49,633,251,328 byte disponibili

211 --- E O F --- 2009-02-03 17:16:25

[francois87]

ciao luke,mi chiedevo in questi giorni se è possibile che il firewall mi blocchi l'aggiornamento del mio avast.che ne pensi??

[Luke57]

Ciao, nel report di combofix trasparivano alcune infezioni, elimina la versione che avevi installato di combofix (sia combofix.exe, sia la cartella C:\Qboox), poi riscaricalo nuovamente ai link già indicati, fai una nuova scansione e posta il report (C:\combofix.txt)

[francois87]

ciao luke,ma quando scarico di nuovo Combofix.exe,lo devo rinominare di nuovo in "abc" ed avviarlo con la chiave da inserire su esegui,oppure lo salvo così com'è e per avviarlo ci clikko due volte???

[francois87]

Ciao luke,ecco i risultati di Combofix.exe:


ComboFix 09-03-03.01 - User 2009-03-04 17:05:20.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.256.63 [GMT 1:00]
Eseguito da: c:\documents and settings\User\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 080723-1] *On-access scanning enabled* (Outdated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-02-04 al 2009-03-04 )))))))))))))))))))))))))))))))))))
.

2009-03-04 11:57 . 2009-03-04 11:57 <DIR> d-------- c:\programmi\Microsoft CAPICOM 2.1.0.2
2009-03-04 11:56 . 2009-03-04 11:56 <DIR> d-------- c:\programmi\MSXML 6.0
2009-03-03 11:30 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-03-03 11:30 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-03-03 11:30 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-03-01 15:24 . 2009-03-01 15:24 <DIR> d-------- c:\documents and settings\User\WINDOWS
2009-02-24 18:42 . 2009-01-30 20:39 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di stampa
2009-02-24 18:42 . 2009-01-30 20:39 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di rete
2009-02-24 18:42 . 2009-01-30 20:39 <DIR> d-------- c:\documents and settings\Administrator\Preferiti
2009-02-24 18:42 . 2009-01-30 19:51 <DIR> d--h----- c:\documents and settings\Administrator\Modelli
2009-02-24 18:42 . 2009-01-30 20:39 <DIR> dr------- c:\documents and settings\Administrator\Menu Avvio
2009-02-24 18:42 . 2009-03-04 17:07 <DIR> d--h----- c:\documents and settings\Administrator\Impostazioni locali
2009-02-24 18:42 . 2009-01-30 20:39 <DIR> d-------- c:\documents and settings\Administrator\Documenti
2009-02-24 18:42 . 2009-01-30 20:39 <DIR> dr-h----- c:\documents and settings\Administrator\Dati applicazioni
2009-02-24 18:42 . 2009-02-24 18:42 <DIR> d-------- c:\documents and settings\Administrator
2009-02-23 17:51 . 2009-02-23 17:51 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\CyberInstaller Studio 2008
2009-02-14 12:15 . 2009-02-14 12:27 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Canon
2009-02-14 12:12 . 2001-05-17 14:25 339,968 -ra------ c:\windows\system32\N067UFW.dll
2009-02-14 12:12 . 2001-08-22 20:36 323,644 -ra------ c:\windows\system32\UCS32P.DLL
2009-02-14 12:12 . 2001-08-22 20:37 114,688 -ra------ c:\windows\system32\SG62UUD.DLL
2009-02-14 12:12 . 2001-08-22 20:37 28,720 -ra------ c:\windows\system32\SG62CPL.DLL
2009-02-14 12:12 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-02-14 12:12 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-02-13 15:56 . 2009-02-13 15:56 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\DivX
2009-02-13 15:56 . 2009-03-01 15:57 69 --a------ c:\windows\NeroDigital.ini
2009-02-13 11:30 . 2009-02-13 11:30 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-02-13 11:30 . 2009-02-13 11:30 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Malwarebytes
2009-02-13 11:30 . 2009-02-13 11:30 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-02-13 11:30 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-13 11:30 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-08 23:11 . 2009-02-08 23:11 <DIR> d-------- C:\SOPHTEMP
2009-02-08 18:43 . 2009-02-08 18:43 <DIR> d-------- c:\programmi\Sophos
2009-02-05 11:01 . 2009-02-05 11:01 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\EPSON
2009-02-05 11:01 . 2006-05-08 03:00 75,264 --a------ c:\windows\system32\E_FLBBOE.DLL
2009-02-05 11:01 . 2006-04-19 03:00 62,976 --a------ c:\windows\system32\E_FD4BBOE.DLL
2009-02-05 11:01 . 2004-09-10 21:12 49,152 --a------ c:\windows\system32\E_DCINST.DLL
2009-02-04 21:15 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-02-04 21:15 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-02-04 16:56 . 2009-03-04 12:28 32 --a------ c:\windows\album.ini
2009-02-04 16:43 . 2009-02-04 16:48 <DIR> d-------- c:\documents and settings\User\Contacts
2009-02-04 16:41 . 2009-02-04 16:41 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-02-04 16:41 . 2009-02-04 16:41 <DIR> d-------- c:\programmi\MSN Messenger

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-04 12:56 --------- d-----w c:\programmi\eMule
2009-02-21 14:23 --------- d-----w c:\documents and settings\User\Dati applicazioni\Camfrog
2009-02-06 16:45 --------- d-----w c:\documents and settings\User\Dati applicazioni\Ahead
2009-02-04 15:56 --------- d-----w c:\documents and settings\User\Dati applicazioni\ArcSoft
2009-02-03 18:22 --------- d-----w c:\programmi\File comuni\logishrd
2009-02-03 18:17 --------- d-----w c:\programmi\Camfrog
2009-02-03 18:14 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avira
2009-02-03 16:50 --------- d-----w c:\documents and settings\User\Dati applicazioni\vlc
2009-02-03 15:41 --------- d-----w c:\programmi\Alwil Software
2009-02-02 21:48 --------- d-----w c:\programmi\ArcSoft
2009-02-02 21:45 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-02-02 21:38 --------- d-----w c:\programmi\VideoLAN
2009-02-02 20:40 --------- d-----w c:\programmi\Pirelli
2009-02-02 20:40 --------- d-----w c:\programmi\Motive
2009-02-02 20:40 --------- d-----w c:\programmi\Common Files
2009-02-02 20:40 --------- d-----w c:\programmi\Alice ti aiuta
2009-02-02 20:39 155,995 ----a-w c:\windows\java\Packages\7ZFHRFTJ.ZIP
2009-02-02 20:38 --------- d-----w c:\programmi\Telecom Italia
2009-02-02 20:38 --------- d-----w c:\programmi\File comuni\InstallShield
2009-02-02 16:12 --------- d-----w c:\programmi\DivX
2009-02-02 16:03 --------- d-----w c:\programmi\Windows Media Connect 2
2009-02-02 15:59 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-01-31 11:44 --------- d-----w c:\programmi\File comuni\Adobe
2009-01-31 11:40 --------- d-----w c:\documents and settings\User\Dati applicazioni\CyberLink
2009-01-31 11:32 --------- d-----w c:\programmi\File comuni\Ahead
2009-01-31 11:29 --------- d-----w c:\programmi\Nero
2009-01-31 10:52 47,360 ----a-w c:\documents and settings\User\Dati applicazioni\pcouffin.sys
2009-01-31 10:52 --------- d-----w c:\documents and settings\User\Dati applicazioni\Vso
2009-01-31 10:51 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-01-31 10:23 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-01-31 10:18 --------- d-----w c:\programmi\Microsoft Works
2009-01-31 10:17 --------- d-----w c:\programmi\MSBuild
2009-01-31 10:16 --------- d-----w c:\programmi\Microsoft.NET
2009-01-31 10:06 --------- d-----w c:\programmi\Microsoft Visual Studio 8
2009-01-30 18:57 --------- d-----w c:\programmi\microsoft frontpage
2009-01-30 18:54 --------- d-----w c:\programmi\Servizi in linea
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"EPSON Stylus Photo R360 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE" [2006-05-29 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"C-Media Mixer"="Mixer.exe" [2002-06-12 c:\windows\mixer.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-02-02 212992]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-03 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-03 20560]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-01-31 182784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ab02d12-f2f8-11dd-a296-000827dd3010}]
\Shell\AutoRun\command - m0vnonh.bat
\Shell\open\Command - m0vnonh.bat
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-04 17:08:08
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5.tmp"
.
Ora fine scansione: 2009-03-04 17:10:35
ComboFix-quarantined-files.txt 2009-03-04 16:10:30
ComboFix2.txt 2009-02-16 13:52:24

Pre-Run: 47,649,742,848 byte disponibili
Post-Run: 49,338,327,040 byte disponibili

157 --- E O F --- 2009-03-04 10:59:03


PS: nn so se può esserti di aiuto luke,ma qiando avvio combofix,mi compare il messaggio di avviso di protezione,che di solito compare solo quando accendo il PC.