Condividi:        

AIUTO!!! STO VIRUS NON SE NE VUOLE ANDARE!!!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Re: AIUTO!!! STO VIRUS NON SE NE VUOLE ANDARE!!!

Postdi Luke57 » 21/06/09 15:15

Ciao, alla faccia dell'infezione :( adesso apri un file di testo, al suo interno copiaci il seguente testo.

Codice: Seleziona tutto
Driver::
cvjser5usjfyigsfhjhswybn4wgss80
dfgdjhse5rjfmkfsderhkldtd576ogd80;
ns6r4w84w35i4hq3h4jhq4wj64wqnasd80;
cvjser5usjfyigsfhjhswybn4wgss81
dfgdjhse5rjfmkfsderhkldtd576ogd81
ns6r4w84w35i4hq3h4jhq4wj64wqnasd81

File::
c:\windows\dfgdjhse5rjfmkfsderhkldtd576ogd81.exe
c:\windows\soc_1248896819.exe
c:\windows\[u]0[/u]10112010146118114.dat
c:\windows\ld10.exe
c:\windows\ns6r4w84w35i4hq3h4jhq4wj64wqnasd81.exe
c:\documents and settings\Administrator\system.exe
c:\windows\system32\xfpyalez.dll
c:\windows\system32\pbvcselg.dll
C:\lbpywwp.exe
c:\windows\system32\tsqsldkw.dat
c:\windows\system32\nmquddsw.dat
c:\windows\system32\ouxzaqin.dat
c:\windows\system32\jznytkcp.dat
C:\yjpyso.exe
C:\gbcjdrqu.exe
c:\windows\dfgdjhse5rjfmkfsderhkldtd576ogd81.exe
c:\windows\cvjser5usjfyigsfhjhswybn4wgss81.exe
c:\windows\system32\a247286bcfaf320fd2296054b4f5693b.sys
c:\windows\system32\_a247286bcfaf320fd2296054b4f5693b.sys_.vir
c:\windows\system32\48d27777c461b296554c5a7ec0d2d834.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{000eb29f-90dd-41df-bca5-614124613bc6}]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"kell"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4af18a94-59d9-11de-abcb-00196638e0ce}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e57e710e-5b13-11de-abd5-00196638e0ce}]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a247286bcfaf320fd2296054b4f5693b]
"ImagePath"=-



salvalo sul desktop con il nome obbligatorio di CFScript.txt

trascina con il puntatore del mouse sull'icona di combofix ; il programma avvierà una nuova scansione. Al termine di essa, riavvia e posta il nuovo report.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Sponsor
 

Re: AIUTO!!! STO VIRUS NON SE NE VUOLE ANDARE!!!

Postdi mat90 » 21/06/09 22:04

ecco il log:

Codice: Seleziona tutto
ComboFix 09-06-20.04 - Administrator 21/06/2009 22.49.12.3 - NTFSx86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.1023.846 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\documents and settings\Administrator\system.exe"
"C:\gbcjdrqu.exe"
"C:\lbpywwp.exe"
"c:\windows\[u]0[/u]10112010146118114.dat"
"c:\windows\cvjser5usjfyigsfhjhswybn4wgss81.exe"
"c:\windows\dfgdjhse5rjfmkfsderhkldtd576ogd81.exe"
"c:\windows\ld10.exe"
"c:\windows\ns6r4w84w35i4hq3h4jhq4wj64wqnasd81.exe"
"c:\windows\soc_1248896819.exe"
"c:\windows\system32\_a247286bcfaf320fd2296054b4f5693b.sys_.vir"
"c:\windows\system32\48d27777c461b296554c5a7ec0d2d834.exe"
"c:\windows\system32\a247286bcfaf320fd2296054b4f5693b.sys"
"c:\windows\system32\jznytkcp.dat"
"c:\windows\system32\nmquddsw.dat"
"c:\windows\system32\ouxzaqin.dat"
"c:\windows\system32\pbvcselg.dll"
"c:\windows\system32\tsqsldkw.dat"
"c:\windows\system32\xfpyalez.dll"
"C:\yjpyso.exe"
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Matteo\Impostazioni locali\temp\559.exe
c:\documents and settings\Matteo\Impostazioni locali\temp\SKYNETobvnesmusi.tmp
c:\documents and settings\Matteo\Impostazioni locali\temp\systemp.exe
c:\recycler\S-1-5-21-0401711360-1006769114-670012001-1680
c:\recycler\S-1-5-21-9030369247-9660177804-646831928-5382
c:\recycler\S-1-5-21-9499893965-5217713961-344135481-4273
c:\documents and settings\Administrator\system.exe
C:\gbcjdrqu.exe
C:\lbpywwp.exe
c:\recycler\S-1-5-21-0401711360-1006769114-670012001-1680\Desktop.ini
c:\recycler\S-1-5-21-9030369247-9660177804-646831928-5382\Desktop.ini
c:\recycler\S-1-5-21-9499893965-5217713961-344135481-4273\Desktop.ini
c:\recycler\S-1-5-21-9499893965-5217713961-344135481-4273\nissan.exe
c:\windows\cvjser5usjfyigsfhjhswybn4wgss81.exe
c:\windows\dfgdjhse5rjfmkfsderhkldtd576ogd81.exe
c:\windows\ld10.exe
c:\windows\ns6r4w84w35i4hq3h4jhq4wj64wqnasd81.exe
c:\windows\soc_1248896819.exe
c:\windows\system32\drivers\SKYNETgplxtlwx.sys
c:\windows\system32\jznytkcp.dat
c:\windows\system32\kdpini.dll
c:\windows\system32\nmquddsw.dat
c:\windows\system32\ouxzaqin.dat
c:\windows\system32\pbvcselg.dll
c:\windows\system32\SKYNETlvrhooev.dat
c:\windows\system32\SKYNETprnfvmep.dll
c:\windows\system32\SKYNETyuypdqxe.dll
c:\windows\system32\tsqsldkw.dat
c:\windows\system32\xfpyalez.dll
C:\yjpyso.exe

c:\windows\system32\drivers\null.sys . . . is missing!!

.
(((((((((((((((((((((((((((((((((((((((   Driver/Servizi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_cvjser5usjfyigsfhjhswybn4wgss80
-------\Legacy_dhcpsrv
-------\Legacy_driver
-------\Legacy_driverdrv
-------\Legacy_isadisk
-------\Legacy_msncache
-------\Legacy_sopidkc
-------\Service_cvjser5usjfyigsfhjhswybn4wgss80
-------\Legacy_dfgdjhse5rjfmkfsderhkldtd576ogd80
-------\Legacy_ns6r4w84w35i4hq3h4jhq4wj64wqnasd80
-------\Service_dfgdjhse5rjfmkfsderhkldtd576ogd80
-------\Service_ns6r4w84w35i4hq3h4jhq4wj64wqnasd80


(((((((((((((((((((((((((   Files Creati Da 2009-05-21 al 2009-06-21  )))))))))))))))))))))))))))))))))))
.

2009-07-29 19:56 . 2009-07-29 19:56   --------   d-----w-   c:\windows\Motive
2009-07-29 19:55 . 2009-07-29 19:55   --------   d-----w-   c:\programmi\File comuni\Motive
2009-07-29 19:55 . 2009-07-29 19:55   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Motive
2009-07-29 19:54 . 2009-07-29 19:54   --------   d-----w-   c:\programmi\Common Files
2009-07-29 19:53 . 2009-06-21 20:49   39936   ----a-w-   c:\windows\system32\a247286bcfaf320fd2296054b4f5693b.sys
2009-07-29 19:53 . 2009-07-29 19:54   --------   d-----w-   c:\programmi\Motive
2009-07-29 19:53 . 2009-07-29 19:56   --------   d-----w-   c:\programmi\Alice ti aiuta
2009-07-29 19:50 . 2009-07-29 19:50   --------   d-----w-   c:\programmi\Telecom Italia
2009-07-29 19:46 . 2009-07-29 19:46   2   ----a-w-   c:\windows\[u]0[/u]10112010146118114.dat
2009-07-29 19:46 . 2009-06-15 19:25   641304   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgupd.exe
2009-07-29 19:46 . 2009-06-15 19:25   1082624   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgupd.dll
2009-07-29 19:46 . 2009-06-15 19:25   583960   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avginet.dll
2009-07-29 19:46 . 2009-06-15 19:25   443672   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgiproxy.exe
2009-07-29 15:51 . 2009-07-29 15:51   --------   d-----w-   c:\programmi\Activision
2009-07-29 15:49 . 2009-07-29 15:49   --------   d-sh--w-   c:\windows\ftpcache
2009-06-21 11:42 . 2009-06-21 11:42   --------   d-----w-   c:\windows\system32\xircom
2009-06-21 11:42 . 2009-06-21 11:42   --------   d-----w-   c:\windows\system32\wbem\snmp
2009-06-21 11:42 . 2009-06-21 11:42   --------   d-----w-   c:\programmi\microsoft frontpage
2009-06-21 11:34 . 2009-06-21 20:51   39936   ----a-w-   c:\windows\system32\_a247286bcfaf320fd2296054b4f5693b.sys_.vir
2009-06-21 10:01 . 2009-06-21 10:04   --------   d--h--w-   C:\$AVG8.VAULT$
2009-06-20 19:45 . 2009-06-20 19:43   233   ----a-w-   C:\fix.reg
2009-06-20 16:58 . 2009-06-20 16:58   --------   d-----w-   c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Ahead
2009-06-20 14:52 . 2009-06-21 09:31   --------   d-----w-   C:\VEXPLITE
2009-06-19 13:45 . 2009-06-15 19:25   97928   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgldx86.sys
2009-06-19 13:45 . 2009-06-15 19:25   76040   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgtdix.sys
2009-06-19 13:45 . 2009-06-15 19:25   10520   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgrsstx.dll
2009-06-19 13:45 . 2009-06-15 19:25   287000   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgrsx.exe
2009-06-19 13:45 . 2009-06-15 19:25   26824   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgmfx86.sys
2009-06-18 23:08 . 2009-06-18 23:08   --------   d-----r-   c:\documents and settings\LocalService\Preferiti
2009-06-16 16:59 . 2009-06-16 17:00   --------   d-----w-   c:\documents and settings\Matteo\Impostazioni locali\Dati applicazioni\Adobe
2009-06-16 16:21 . 2009-06-16 16:21   --------   d-----w-   c:\documents and settings\Matteo\Dati applicazioni\Apple Computer
2009-06-16 16:21 . 2009-03-19 14:32   23400   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-16 16:21 . 2008-04-17 10:12   107368   ----a-w-   c:\windows\system32\GEARAspi.dll
2009-06-16 16:21 . 2009-06-16 16:21   --------   d-----w-   c:\programmi\iPod
2009-06-15 20:33 . 2009-06-15 20:33   17848   ----a-w-   c:\documents and settings\Matteo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-15 20:31 . 2009-06-15 20:32   --------   d-----w-   c:\documents and settings\Matteo\Dati applicazioni\Xfire
2009-06-15 20:30 . 2009-06-15 20:31   --------   d-----w-   c:\programmi\Xfire
2009-06-15 20:30 . 2009-06-15 20:30   --------   d-----w-   c:\windows\system32\LogFiles
2009-06-15 20:30 . 2009-06-15 20:30   --------   d-----w-   c:\windows\system32\drivers\umdf
2009-06-15 20:30 . 2006-05-09 18:00   22752   ----a-w-   c:\windows\system32\spupdsvc.exe
2009-06-15 20:28 . 2009-06-15 20:28   --------   d-----w-   c:\programmi\WinAVI MP4 Converter
2009-06-15 20:27 . 2009-06-15 20:27   0   ----a-w-   c:\windows\nsreg.dat
2009-06-15 20:27 . 2009-06-15 20:27   --------   d-----w-   c:\documents and settings\Matteo\Impostazioni locali\Dati applicazioni\Mozilla
2009-06-15 20:26 . 2009-06-15 20:26   --------   d-----w-   c:\programmi\FreePOPs
2009-06-15 20:25 . 2009-06-15 20:25   --------   d-----w-   c:\programmi\CCleaner
2009-06-15 20:25 . 2009-06-15 20:25   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\SlySoft
2009-06-15 20:24 . 2009-06-15 20:24   --------   d-----w-   c:\programmi\SlySoft
2009-06-15 20:23 . 2009-06-15 20:23   --------   d-----w-   c:\programmi\File comuni\Adobe
2009-06-15 20:21 . 2009-06-15 20:21   --------   d-----w-   c:\programmi\Elaborate Bytes
2009-06-15 20:21 . 2009-06-15 20:21   --------   d-----w-   c:\programmi\Real Alternative
2009-06-15 20:20 . 2009-06-15 20:20   --------   d-----w-   c:\documents and settings\Matteo\Impostazioni locali\Dati applicazioni\Ahead
2009-06-15 20:20 . 2003-06-18 23:31   17920   ----a-w-   c:\windows\system32\mdimon.dll
2009-06-15 20:19 . 2009-06-15 20:19   --------   d-----w-   c:\programmi\Microsoft.NET
2009-06-15 20:19 . 2009-06-15 20:19   --------   d-----w-   c:\windows\SHELLNEW
2009-06-15 20:08 . 2008-04-30 15:27   442368   ----a-w-   c:\windows\system32\NVUNINST.EXE
2009-06-15 20:07 . 2009-06-15 20:07   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2009-06-15 20:04 . 2009-06-15 20:04   --------   d-----w-   c:\documents and settings\Matteo\Dati applicazioni\Ahead
2009-06-15 20:03 . 2009-06-15 20:03   --------   d-----w-   c:\programmi\Nero
2009-06-15 20:03 . 2009-06-15 20:03   --------   d-----w-   c:\programmi\File comuni\Ahead
2009-06-15 19:41 . 2009-06-15 19:41   619   ----a-w-   c:\windows\unins000.dat
2009-06-15 19:33 . 2009-06-15 20:09   --------   d-----w-   c:\windows\nvidia icons
2009-06-15 19:32 . 2009-06-15 20:14   --------   d-----w-   c:\windows\nview
2009-06-15 19:31 . 2009-06-15 19:31   --------   d-----w-   C:\NVIDIA
2009-06-15 19:25 . 2009-06-19 13:44   11952   ----a-w-   c:\windows\system32\avgrsstx.dll
2009-06-15 19:25 . 2009-06-19 13:44   108552   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2009-06-15 19:25 . 2009-06-19 13:44   325896   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2009-06-15 19:25 . 2009-06-19 13:44   27784   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2009-06-15 19:25 . 2009-06-21 11:52   --------   d-----w-   c:\windows\system32\drivers\Avg
2009-06-15 19:25 . 2009-06-15 19:25   --------   d-----w-   c:\programmi\AVG
2009-06-15 19:25 . 2009-06-21 11:43   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\avg8

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 19:53 . 2009-07-29 19:53   2232   ----a-w-   c:\windows\java\Packages\Data\1VZHRHFH.DAT
2009-07-29 19:53 . 2009-07-29 19:53   155995   ----a-w-   c:\windows\java\Packages\YZRDNDBV.ZIP
2009-07-29 19:53 . 2009-07-29 19:53   2678   ----a-w-   c:\windows\java\Packages\Data\AHVZB75Z.DAT
2009-07-29 19:52 . 2009-07-29 19:52   2678   ----a-w-   c:\windows\java\Packages\Data\37333ZPN.DAT
2009-07-29 19:52 . 2009-07-29 19:52   2678   ----a-w-   c:\windows\java\Packages\Data\3VZLRBXV.DAT
2009-07-29 19:52 . 2009-07-29 19:52   2678   ----a-w-   c:\windows\java\Packages\Data\2HJ7NTJT.DAT
2009-07-29 19:52 . 2009-07-29 19:52   2678   ----a-w-   c:\windows\java\Packages\Data\RJ7TFH7F.DAT
2009-07-29 19:51 . 2009-06-15 17:55   --------   d--h--w-   c:\programmi\InstallShield Installation Information
2009-06-21 11:29 . 2001-08-31 15:00   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2009-06-21 11:29 . 2001-08-31 15:00   196608   ----a-w-   c:\windows\system32\libssl32.dll
2009-06-21 11:29 . 2001-08-31 15:00   1015808   ----a-w-   c:\windows\system32\libeay32.dll
2009-06-21 11:29 . 2001-08-31 15:00   --------   d-----w-   c:\programmi\File comuni\Mozilla Shared
2009-06-16 16:21 . 2009-06-16 16:21   --------   d-----w-   c:\programmi\iTunes
2009-06-16 16:21 . 2009-06-16 16:21   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-16 16:21 . 2009-06-16 16:21   --------   d-----w-   c:\programmi\Bonjour
2009-06-16 16:21 . 2009-06-16 16:20   --------   d-----w-   c:\programmi\QuickTime
2009-06-16 16:20 . 2009-06-16 16:20   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-06-16 16:20 . 2009-06-16 16:20   --------   d-----w-   c:\programmi\Apple Software Update
2009-06-16 16:19 . 2009-06-16 16:19   --------   d-----w-   c:\programmi\File comuni\Apple
2009-06-16 16:19 . 2009-06-16 16:19   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Apple
2009-06-15 18:17 . 2009-06-15 18:17   --------   d-----w-   c:\programmi\File comuni\Ulead Systems
2009-06-15 18:15 . 2009-06-15 18:15   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Ulead Systems
2009-06-15 18:15 . 2009-06-15 18:15   --------   d-----w-   c:\programmi\WinFast
2009-06-15 18:05 . 2009-06-15 17:55   --------   d-----w-   c:\programmi\File comuni\InstallShield
2009-06-15 18:04 . 2009-06-15 18:04   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\UDL
2009-06-15 18:03 . 2009-06-15 18:01   --------   d-----w-   c:\programmi\EPSON
2009-06-15 17:57 . 2009-06-15 17:57   --------   d-----w-   c:\programmi\C-Media 3D Audio
2009-06-15 17:52 . 2009-06-15 17:52   --------   d-----w-   c:\programmi\Intel
2009-06-15 17:08 . 2009-06-15 16:32   86327   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-15 16:40 . 2001-08-31 15:00   47592   ----a-w-   c:\windows\system32\perfc010.dat
2009-06-15 16:40 . 2001-08-31 15:00   345010   ----a-w-   c:\windows\system32\perfh010.dat
2009-06-15 16:31 . 2009-06-15 16:31   --------   d-----w-   c:\programmi\Servizi in linea
2009-06-15 16:29 . 2009-06-15 16:29   21840   ----a-w-   c:\windows\system32\emptyregdb.dat
2009-06-05 11:57 . 2009-06-05 11:57   75048   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 09:42 . 2009-06-16 16:20   39424   ----a-w-   c:\windows\system32\drivers\usbaapl.sys
2009-06-05 09:42 . 2009-06-16 16:20   2060288   ----a-w-   c:\windows\system32\usbaaplrc.dll
2009-07-29 19:54 . 2009-07-29 19:54   66576   ----a-w-   c:\programmi\mozilla firefox\components\edfbafcd.dll
.

------- Sigcheck -------

[-] 2008-05-12 18:59   361344   ACCF5A9A1FFAA490F33DBA1C632B95E1   c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((   SnapShot@2009-06-21_11.44.50   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-15 16:34 . 2009-06-21 12:07   32768              c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-15 16:34 . 2009-06-21 11:27   32768              c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-15 16:34 . 2009-06-21 12:07   32768              c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2009-06-15 16:34 . 2009-06-21 11:27   32768              c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2009-06-15 16:34 . 2009-06-21 12:07   16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-06-15 16:34 . 2009-06-21 11:27   16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-13 101888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R240 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE" [2005-04-25 98304]
"WinFast Schedule"="c:\programmi\WinFast\WFTVFM\WFWIZ.exe" [2005-09-30 319488]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-19 1947928]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"VirtualCloneDrive"="c:\programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2009-06-20 262144]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-03 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-13 101888]

c:\documents and settings\Matteo\Menu Avvio\Programmi\Esecuzione automatica\
FreePOPs.lnk - c:\programmi\FreePOPs\freepopsd.exe [2008-6-11 49152]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\edfbafcd]
2005-06-19 07:29   312847   ----a-w-   c:\windows\system32\edfbafcd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-19 13:44   11952   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"f:\\Programmi\\eMule Extreme\\emule.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list]
"8085:TCP"= 8085:TCP:driver

S0 a247286bcfaf320fd2296054b4f5693b;a247286bcfaf320fd2296054b4f5693b; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/06/2009 21.25.29 325896]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15/06/2009 21.25.34 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [15/06/2009 21.25.08 908568]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [15/06/2009 21.25.07 298776]
S3 WFIOCTL;WFIOCTL;c:\programmi\WinFast\WFTVFM\WFIOCTL.sys [15/06/2009 20.15.30 9446]
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{000eb29f-90dd-41df-bca5-614124613bc6} - (no file)
BHO-{0010131b-384c-469f-9243-80430e69c14a} - (no file)


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.malwarelist.org/
TCP: {9ea652ab-c2dc-4f79-9ae2-dca36fe50b54} = 85.37.17.12 85.38.28.79
DPF: microsoft xml parser for java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-21 22:56
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(300)
c:\windows\system32\edfbafcd.dll
.
Ora fine scansione: 2009-06-21 22.59.02 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2009-06-21 20:58
ComboFix2.txt  2009-06-21 11:48

Pre-Run: 11.192.279.040 byte disponibili
Post-Run: 11.182.473.216 byte disponibili

294


potete spiegarmi come mai tutti questi virus appena formattato il pc? al primo collegamento a internet? :mmmh: :?:

sto usando combofix in modalità provvisoria, va bene lo stesso?
grazie x il grande aiuto... ;)
mat90
Utente Senior
 
Post: 181
Iscritto il: 11/08/07 13:33

Re: AIUTO!!! STO VIRUS NON SE NE VUOLE ANDARE!!!

Postdi shel » 21/06/09 22:27

la simpatia che i virus hanno per il tuo pc potrebbe dipendere anche dal fatto che il tuo S.O. non abbia installata la versione aggiornata del service pack 3 ....l'hai installata?


apri il registro start\esegui\regedit

segui questo percorso

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

quando sei su Winlogon tasto destro e scegli esporta

salva il file sul desktop come win.reg - tutti i file e caricalo qui ====> www.wikisend.com
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: AIUTO!!! STO VIRUS NON SE NE VUOLE ANDARE!!!

Postdi Luke57 » 22/06/09 07:54

Ciao, adesso ritorna a un post già inserito da Shel, scarica malwarebytes e segui le istruzioni del post medesimo.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: AIUTO!!! STO VIRUS NON SE NE VUOLE ANDARE!!!

Postdi mat90 » 22/06/09 12:38

si si ho il service pack 3,
ho paura che sia colpa dei miei documenti che però sono sull'altro hard disk (F) che non è mai stato il percorso dei virus che mi sono apparsi o dei vari errori che riguardano tutti le cartelle C:\WINDOWS, C:\WINDOWS\system32, C:\, ecc...

Questo mi fa sperare che non siano infetti, però è strano perchè il pc era formattato, come nuovo... :?: :?:
Ho pensato pure di riformattare tutto, e collegare internet prima di rispostare i miei file sul pc (che sono salvati anche sull'hard disk esterno di un mio amico), che ne dite :?:

Comunque ora faccio come mi avete detto, non ho però capito che cosa intende Luke57,

grazie a tutti!!!!!
mat90
Utente Senior
 
Post: 181
Iscritto il: 11/08/07 13:33

Re: AIUTO!!! STO VIRUS NON SE NE VUOLE ANDARE!!!

Postdi Luke57 » 22/06/09 12:49

Intendevo questo, già suggerito da Shel:
Scarica e installa
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Aggiornalo e fai una scansione completa del computer. Posta il rapporto ottenuto. Per ora non rimuovere nessuna eventuale minaccia rilevata
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: AIUTO!!! STO VIRUS NON SE NE VUOLE ANDARE!!!

Postdi shel » 22/06/09 12:51

Comunque ora faccio come mi avete detto, non ho però capito che cosa intende Luke57,


Luke 57 ti ha chiesto di eseguire la scansione con malwarebytes

esportami anche quel winlogon, e' un'operazione che richiede due minuti scarsi
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: AIUTO!!! STO VIRUS NON SE NE VUOLE ANDARE!!!

Postdi mat90 » 22/06/09 13:25

il winlogon lo trovate qui: http://wikisend.com/download/578708/win.reg

invece mbam non me lo installa, come l'altra volta, il virus chiude la finestra di installazione.
che ne dite della prova che vi ho descritto prima?
di formattare di nuovo senza mettere i miei documenti finchè non collego internet, questo perchè non mi è chiaro come mai questo benedetto virus sia entrano appena formattato il pc...

grazie...
mat90
Utente Senior
 
Post: 181
Iscritto il: 11/08/07 13:33

Re: AIUTO!!! STO VIRUS NON SE NE VUOLE ANDARE!!!

Postdi shel » 22/06/09 13:56

sei sicuro di non averlo gia' installato nel pc? guarda bene nel pannello di controllo
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: AIUTO!!! STO VIRUS NON SE NE VUOLE ANDARE!!!

Postdi mat90 » 22/06/09 14:00

sicuro, guarda tra le prime risposte, già mi avevi detto di usare questo programma e ti ho detto che non me lo faceva installare... :aaah :aaah non so cosa fare.

Per favore, mi dici cosa ne pensi di quella prova che avevo in mente io descritta nelle risposte precedenti???

grazie
mat90
Utente Senior
 
Post: 181
Iscritto il: 11/08/07 13:33

Re: AIUTO!!! STO VIRUS NON SE NE VUOLE ANDARE!!!

Postdi shel » 22/06/09 14:04

prova ad usare questo programma, non ha bisogno di installazione

ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
Doppio click su cureit.exe e clicca sull'opzione "Avvia" ti chiederà se vuoi effettuare un controllo rapido rispondi SI(Ok)
Finita la scansione, metti il puntino nella casella "completa scansione" clicca sul tasto "Play" per far partire la scansione, se trova qualcosa di infetto hai la possibilità di rimuoverlo subito oppure a fine scansione, finita la scansione fai rimuovere gli elementi infetti, salva il report di fine scansione clicca su File>Salva lista report, poi posta il report che hai salvato
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: AIUTO!!! STO VIRUS NON SE NE VUOLE ANDARE!!!

Postdi mat90 » 22/06/09 16:42

qui trovate il report: http://wikisend.com/download/573534/DrWeb.csv

Grazie :!: ;) :!:
mat90
Utente Senior
 
Post: 181
Iscritto il: 11/08/07 13:33

Re: AIUTO!!! STO VIRUS NON SE NE VUOLE ANDARE!!!

Postdi Luke57 » 22/06/09 17:35

Ciao, nel file CFScript.txt, salvando le modifiche, sovrascrivi questo script:

Codice: Seleziona tutto
Driver::
a247286bcfaf320fd2296054b4f5693b;a247286bcfaf320fd2296054b4f5693b

File::
c:\windows\system32\a247286bcfaf320fd2296054b4f5693b.sys
c:\windows\system32\_a247286bcfaf320fd2296054b4f5693b.sys_.vir
c:\programmi\mozilla firefox\components\edfbafcd.dll
c:\windows\system32\edfbafcd.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\edfbafcd]


solito trascinamento e scansione sull'icona di combofix.Fatto ciò guarda se riesci a installare nalwarebytes e a fare la scansione.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: AIUTO!!! STO VIRUS NON SE NE VUOLE ANDARE!!!

Postdi mat90 » 22/06/09 20:28

sono riuscito ad installare mbam :D :D :D GRAZIE :!: :!: , allora:

ecco il report di ComboFix:
Codice: Seleziona tutto
ComboFix 09-06-20.04 - Administrator 22/06/2009 20.00.15.4 - NTFSx86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.1023.832 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\programmi\mozilla firefox\components\edfbafcd.dll"
"c:\windows\system32\_a247286bcfaf320fd2296054b4f5693b.sys_.vir"
"c:\windows\system32\a247286bcfaf320fd2296054b4f5693b.sys"
"c:\windows\system32\edfbafcd.dll"
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\edfbafcd.dll
c:\programmi\mozilla firefox\components\edfbafcd.dll
c:\windows\system32\_a247286bcfaf320fd2296054b4f5693b.sys_.vir
c:\windows\system32\a247286bcfaf320fd2296054b4f5693b.sys

c:\windows\system32\drivers\null.sys . . . is missing!!

.
(((((((((((((((((((((((((   Files Creati Da 2009-05-22 al 2009-06-22  )))))))))))))))))))))))))))))))))))
.

2009-07-29 19:56 . 2009-07-29 19:56   --------   d-----w-   c:\windows\Motive
2009-07-29 19:55 . 2009-07-29 19:55   --------   d-----w-   c:\programmi\File comuni\Motive
2009-07-29 19:55 . 2009-07-29 19:55   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Motive
2009-07-29 19:54 . 2009-07-29 19:54   --------   d-----w-   c:\programmi\Common Files
2009-07-29 19:53 . 2009-07-29 19:54   --------   d-----w-   c:\programmi\Motive
2009-07-29 19:53 . 2009-07-29 19:56   --------   d-----w-   c:\programmi\Alice ti aiuta
2009-07-29 19:50 . 2009-07-29 19:50   --------   d-----w-   c:\programmi\Telecom Italia
2009-07-29 19:46 . 2009-07-29 19:46   2   ----a-w-   c:\windows\[u]0[/u]10112010146118114.dat
2009-07-29 19:46 . 2009-06-15 19:25   641304   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgupd.exe
2009-07-29 19:46 . 2009-06-15 19:25   1082624   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgupd.dll
2009-07-29 19:46 . 2009-06-15 19:25   583960   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avginet.dll
2009-07-29 19:46 . 2009-06-15 19:25   443672   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgiproxy.exe
2009-07-29 15:51 . 2009-07-29 15:51   --------   d-----w-   c:\programmi\Activision
2009-07-29 15:49 . 2009-07-29 15:49   --------   d-sh--w-   c:\windows\ftpcache
2009-06-22 13:28 . 2009-06-22 13:28   --------   d-----w-   c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Mozilla
2009-06-22 13:25 . 2009-06-22 13:31   --------   d-----w-   c:\documents and settings\Administrator\DoctorWeb
2009-06-21 11:42 . 2009-06-21 11:42   --------   d-----w-   c:\windows\system32\xircom
2009-06-21 11:42 . 2009-06-21 11:42   --------   d-----w-   c:\windows\system32\wbem\snmp
2009-06-21 11:42 . 2009-06-21 11:42   --------   d-----w-   c:\programmi\microsoft frontpage
2009-06-21 10:01 . 2009-06-21 10:04   --------   d--h--w-   C:\$AVG8.VAULT$
2009-06-20 19:45 . 2009-06-20 19:43   233   ----a-w-   C:\fix.reg
2009-06-20 16:58 . 2009-06-20 16:58   --------   d-----w-   c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Ahead
2009-06-20 14:52 . 2009-06-21 09:31   --------   d-----w-   C:\VEXPLITE
2009-06-19 13:45 . 2009-06-15 19:25   97928   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgldx86.sys
2009-06-19 13:45 . 2009-06-15 19:25   76040   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgtdix.sys
2009-06-19 13:45 . 2009-06-15 19:25   10520   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgrsstx.dll
2009-06-19 13:45 . 2009-06-15 19:25   287000   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgrsx.exe
2009-06-19 13:45 . 2009-06-15 19:25   26824   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgmfx86.sys
2009-06-18 23:08 . 2009-06-18 23:08   --------   d-----r-   c:\documents and settings\LocalService\Preferiti
2009-06-16 16:59 . 2009-06-16 17:00   --------   d-----w-   c:\documents and settings\Matteo\Impostazioni locali\Dati applicazioni\Adobe
2009-06-16 16:21 . 2009-06-16 16:21   --------   d-----w-   c:\documents and settings\Matteo\Dati applicazioni\Apple Computer
2009-06-16 16:21 . 2009-03-19 14:32   23400   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-16 16:21 . 2008-04-17 10:12   107368   ----a-w-   c:\windows\system32\GEARAspi.dll
2009-06-16 16:21 . 2009-06-16 16:21   --------   d-----w-   c:\programmi\iPod
2009-06-15 20:33 . 2009-06-15 20:33   17848   ----a-w-   c:\documents and settings\Matteo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-15 20:31 . 2009-06-15 20:32   --------   d-----w-   c:\documents and settings\Matteo\Dati applicazioni\Xfire
2009-06-15 20:30 . 2009-06-15 20:31   --------   d-----w-   c:\programmi\Xfire
2009-06-15 20:30 . 2009-06-15 20:30   --------   d-----w-   c:\windows\system32\LogFiles
2009-06-15 20:30 . 2009-06-15 20:30   --------   d-----w-   c:\windows\system32\drivers\umdf
2009-06-15 20:30 . 2006-05-09 18:00   22752   ----a-w-   c:\windows\system32\spupdsvc.exe
2009-06-15 20:28 . 2009-06-15 20:28   --------   d-----w-   c:\programmi\WinAVI MP4 Converter
2009-06-15 20:27 . 2009-06-15 20:27   0   ----a-w-   c:\windows\nsreg.dat
2009-06-15 20:27 . 2009-06-15 20:27   --------   d-----w-   c:\documents and settings\Matteo\Impostazioni locali\Dati applicazioni\Mozilla
2009-06-15 20:26 . 2009-06-15 20:26   --------   d-----w-   c:\programmi\FreePOPs
2009-06-15 20:25 . 2009-06-15 20:25   --------   d-----w-   c:\programmi\CCleaner
2009-06-15 20:25 . 2009-06-15 20:25   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\SlySoft
2009-06-15 20:24 . 2009-06-15 20:24   --------   d-----w-   c:\programmi\SlySoft
2009-06-15 20:23 . 2009-06-15 20:23   --------   d-----w-   c:\programmi\File comuni\Adobe
2009-06-15 20:21 . 2009-06-15 20:21   --------   d-----w-   c:\programmi\Elaborate Bytes
2009-06-15 20:21 . 2009-06-15 20:21   --------   d-----w-   c:\programmi\Real Alternative
2009-06-15 20:20 . 2009-06-15 20:20   --------   d-----w-   c:\documents and settings\Matteo\Impostazioni locali\Dati applicazioni\Ahead
2009-06-15 20:20 . 2003-06-18 23:31   17920   ----a-w-   c:\windows\system32\mdimon.dll
2009-06-15 20:19 . 2009-06-15 20:19   --------   d-----w-   c:\programmi\Microsoft.NET
2009-06-15 20:19 . 2009-06-15 20:19   --------   d-----w-   c:\windows\SHELLNEW
2009-06-15 20:08 . 2008-04-30 15:27   442368   ----a-w-   c:\windows\system32\NVUNINST.EXE
2009-06-15 20:07 . 2009-06-15 20:07   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2009-06-15 20:04 . 2009-06-15 20:04   --------   d-----w-   c:\documents and settings\Matteo\Dati applicazioni\Ahead
2009-06-15 20:03 . 2009-06-15 20:03   --------   d-----w-   c:\programmi\Nero
2009-06-15 20:03 . 2009-06-15 20:03   --------   d-----w-   c:\programmi\File comuni\Ahead
2009-06-15 19:41 . 2009-06-15 19:41   619   ----a-w-   c:\windows\unins000.dat
2009-06-15 19:33 . 2009-06-15 20:09   --------   d-----w-   c:\windows\nvidia icons
2009-06-15 19:32 . 2009-06-15 20:14   --------   d-----w-   c:\windows\nview
2009-06-15 19:31 . 2009-06-15 19:31   --------   d-----w-   C:\NVIDIA
2009-06-15 19:25 . 2009-06-19 13:44   11952   ----a-w-   c:\windows\system32\avgrsstx.dll
2009-06-15 19:25 . 2009-06-19 13:44   108552   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2009-06-15 19:25 . 2009-06-19 13:44   325896   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2009-06-15 19:25 . 2009-06-19 13:44   27784   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2009-06-15 19:25 . 2009-06-21 11:52   --------   d-----w-   c:\windows\system32\drivers\Avg
2009-06-15 19:25 . 2009-06-15 19:25   --------   d-----w-   c:\programmi\AVG
2009-06-15 19:25 . 2009-06-21 11:43   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\avg8

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 19:53 . 2009-07-29 19:53   2232   ----a-w-   c:\windows\java\Packages\Data\1VZHRHFH.DAT
2009-07-29 19:53 . 2009-07-29 19:53   155995   ----a-w-   c:\windows\java\Packages\YZRDNDBV.ZIP
2009-07-29 19:53 . 2009-07-29 19:53   2678   ----a-w-   c:\windows\java\Packages\Data\AHVZB75Z.DAT
2009-07-29 19:52 . 2009-07-29 19:52   2678   ----a-w-   c:\windows\java\Packages\Data\37333ZPN.DAT
2009-07-29 19:52 . 2009-07-29 19:52   2678   ----a-w-   c:\windows\java\Packages\Data\3VZLRBXV.DAT
2009-07-29 19:52 . 2009-07-29 19:52   2678   ----a-w-   c:\windows\java\Packages\Data\2HJ7NTJT.DAT
2009-07-29 19:52 . 2009-07-29 19:52   2678   ----a-w-   c:\windows\java\Packages\Data\RJ7TFH7F.DAT
2009-07-29 19:51 . 2009-06-15 17:55   --------   d--h--w-   c:\programmi\InstallShield Installation Information
2009-06-21 11:29 . 2001-08-31 15:00   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2009-06-21 11:29 . 2001-08-31 15:00   196608   ----a-w-   c:\windows\system32\libssl32.dll
2009-06-21 11:29 . 2001-08-31 15:00   1015808   ----a-w-   c:\windows\system32\libeay32.dll
2009-06-21 11:29 . 2001-08-31 15:00   --------   d-----w-   c:\programmi\File comuni\Mozilla Shared
2009-06-16 16:21 . 2009-06-16 16:21   --------   d-----w-   c:\programmi\iTunes
2009-06-16 16:21 . 2009-06-16 16:21   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-16 16:21 . 2009-06-16 16:21   --------   d-----w-   c:\programmi\Bonjour
2009-06-16 16:21 . 2009-06-16 16:20   --------   d-----w-   c:\programmi\QuickTime
2009-06-16 16:20 . 2009-06-16 16:20   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-06-16 16:20 . 2009-06-16 16:20   --------   d-----w-   c:\programmi\Apple Software Update
2009-06-16 16:19 . 2009-06-16 16:19   --------   d-----w-   c:\programmi\File comuni\Apple
2009-06-16 16:19 . 2009-06-16 16:19   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Apple
2009-06-15 18:17 . 2009-06-15 18:17   --------   d-----w-   c:\programmi\File comuni\Ulead Systems
2009-06-15 18:15 . 2009-06-15 18:15   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Ulead Systems
2009-06-15 18:15 . 2009-06-15 18:15   --------   d-----w-   c:\programmi\WinFast
2009-06-15 18:05 . 2009-06-15 17:55   --------   d-----w-   c:\programmi\File comuni\InstallShield
2009-06-15 18:04 . 2009-06-15 18:04   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\UDL
2009-06-15 18:03 . 2009-06-15 18:01   --------   d-----w-   c:\programmi\EPSON
2009-06-15 17:57 . 2009-06-15 17:57   --------   d-----w-   c:\programmi\C-Media 3D Audio
2009-06-15 17:52 . 2009-06-15 17:52   --------   d-----w-   c:\programmi\Intel
2009-06-15 17:08 . 2009-06-15 16:32   86327   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-15 16:40 . 2001-08-31 15:00   47592   ----a-w-   c:\windows\system32\perfc010.dat
2009-06-15 16:40 . 2001-08-31 15:00   345010   ----a-w-   c:\windows\system32\perfh010.dat
2009-06-15 16:31 . 2009-06-15 16:31   --------   d-----w-   c:\programmi\Servizi in linea
2009-06-15 16:29 . 2009-06-15 16:29   21840   ----a-w-   c:\windows\system32\emptyregdb.dat
2009-06-05 11:57 . 2009-06-05 11:57   75048   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 09:42 . 2009-06-16 16:20   39424   ----a-w-   c:\windows\system32\drivers\usbaapl.sys
2009-06-05 09:42 . 2009-06-16 16:20   2060288   ----a-w-   c:\windows\system32\usbaaplrc.dll
.

------- Sigcheck -------

[-] 2008-05-12 18:59   361344   ACCF5A9A1FFAA490F33DBA1C632B95E1   c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((   SnapShot@2009-06-21_11.44.50   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-15 16:34 . 2009-06-21 12:07   32768              c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-15 16:34 . 2009-06-21 11:27   32768              c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-15 16:34 . 2009-06-21 12:07   32768              c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2009-06-15 16:34 . 2009-06-21 11:27   32768              c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2009-06-15 16:34 . 2009-06-21 12:07   16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-06-15 16:34 . 2009-06-21 11:27   16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-13 101888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R240 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE" [2005-04-25 98304]
"WinFast Schedule"="c:\programmi\WinFast\WFTVFM\WFWIZ.exe" [2005-09-30 319488]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-19 1947928]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"VirtualCloneDrive"="c:\programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2009-06-20 262144]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-03 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-13 101888]

c:\documents and settings\Matteo\Menu Avvio\Programmi\Esecuzione automatica\
FreePOPs.lnk - c:\programmi\FreePOPs\freepopsd.exe [2008-6-11 49152]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-19 13:44   11952   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"f:\\Programmi\\eMule Extreme\\emule.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list]
"8085:TCP"= 8085:TCP:driver

S0 a247286bcfaf320fd2296054b4f5693b;a247286bcfaf320fd2296054b4f5693b; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/06/2009 21.25.29 325896]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15/06/2009 21.25.34 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [15/06/2009 21.25.08 908568]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [15/06/2009 21.25.07 298776]
S3 WFIOCTL;WFIOCTL;c:\programmi\WinFast\WFTVFM\WFIOCTL.sys [15/06/2009 20.15.30 9446]
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{000eb29f-90dd-41df-bca5-614124613bc6} - (no file)
BHO-{0010131b-384c-469f-9243-80430e69c14a} - (no file)


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.malwarelist.org/
TCP: {9ea652ab-c2dc-4f79-9ae2-dca36fe50b54} = 85.37.17.12 85.38.28.79
DPF: microsoft xml parser for java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-22 20:06
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(1452)
c:\programmi\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\File comuni\Ahead\lib\NeroDigitalExt.dll
.
Ora fine scansione: 2009-06-22 20.09.40 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2009-06-22 18:09
ComboFix2.txt  2009-06-21 20:59
ComboFix3.txt  2009-06-21 11:48

Pre-Run: 11.080.556.544 byte disponibili
Post-Run: 11.086.688.256 byte disponibili

238


ed ecco quello di mbam:
Codice: Seleziona tutto
Malwarebytes' Anti-Malware 1.38
Versione del database: 2297
Windows 5.1.2600 Service Pack 3

22/06/2009 21.16.33
mbam-log-2009-06-22 (21-16-27).txt

Tipo di scansione: Scansione completa (C:\|F:\|)
Elementi scansionati: 137741
Tempo trascorso: 27 minute(s), 22 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 2
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 33

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\8085:tcp (Malware.Trace) -> No action taken.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
c:\documents and settings\localservice\impostazioni locali\temporary internet files\Content.IE5\FY2RMTLM\w[1].bin (Trojan.Downloader) -> No action taken.
c:\documents and settings\localservice\impostazioni locali\temporary internet files\Content.IE5\FY2RMTLM\w[2].bin (Trojan.Downloader) -> No action taken.
c:\documents and settings\localservice\impostazioni locali\temporary internet files\Content.IE5\I7KCV8RJ\w[1].bin (Trojan.Downloader) -> No action taken.
c:\programmi\SlySoft\AnyDVD\Crack.exe (Backdoor.Bot) -> No action taken.
c:\Qoobox\quarantine\C\qatrll.exe.vir (Trojan.Downloader) -> No action taken.
c:\Qoobox\quarantine\C\WINDOWS\system32\6to4v32.dll.vir (Trojan.Agent) -> No action taken.
c:\Qoobox\quarantine\C\WINDOWS\system32\edfbafcd.dll.vir (Worm.AutoRun) -> No action taken.
c:\Qoobox\quarantine\C\WINDOWS\system32\Iasv32.dll.vir (Trojan.Agent) -> No action taken.
c:\Qoobox\quarantine\C\WINDOWS\system32\isadisk.sys.vir (Rootkit.GamesThief) -> No action taken.
c:\Qoobox\quarantine\C\WINDOWS\system32\kdpini.dll.vir (Trojan.BHO) -> No action taken.
c:\Qoobox\quarantine\C\WINDOWS\system32\msncache.dll.vir (Backdoor.Bot) -> No action taken.
c:\Qoobox\quarantine\C\WINDOWS\system32\mukmil.dll.vir (Rogue.Multiple) -> No action taken.
c:\Qoobox\quarantine\C\WINDOWS\system32\sopidkc.exe.vir (Trojan.Downloader) -> No action taken.
c:\Qoobox\quarantine\C\WINDOWS\system32\tpsaxyd.exe.vir (Trojan.Downloader) -> No action taken.
c:\Qoobox\quarantine\C\WINDOWS\system32\tpszxyd.sys.vir (Trojan.Downloader) -> No action taken.
c:\Qoobox\quarantine\C\WINDOWS\system32\wiwow64.exe.vir (Trojan.Downloader) -> No action taken.
c:\Qoobox\quarantine\C\WINDOWS\system32\wtukd32.exe.vir (Trojan.Downloader) -> No action taken.
c:\Qoobox\quarantine\C\WINDOWS\system32\3361\services.exe.vir (Trojan.Downloader) -> No action taken.
c:\system volume information\_restore{9a9b279d-6aa6-4359-a339-4e8b15746bb7}\RP0\A0001095.exe (Trojan.Downloader) -> No action taken.
c:\system volume information\_restore{9a9b279d-6aa6-4359-a339-4e8b15746bb7}\RP0\A0001096.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{9a9b279d-6aa6-4359-a339-4e8b15746bb7}\RP0\A0001101.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{9a9b279d-6aa6-4359-a339-4e8b15746bb7}\RP0\A0001102.sys (Rootkit.GamesThief) -> No action taken.
c:\system volume information\_restore{9a9b279d-6aa6-4359-a339-4e8b15746bb7}\RP0\A0001104.dll (Backdoor.Bot) -> No action taken.
c:\system volume information\_restore{9a9b279d-6aa6-4359-a339-4e8b15746bb7}\RP0\A0001105.dll (Rogue.Multiple) -> No action taken.
c:\system volume information\_restore{9a9b279d-6aa6-4359-a339-4e8b15746bb7}\RP0\A0001106.exe (Trojan.Downloader) -> No action taken.
c:\system volume information\_restore{9a9b279d-6aa6-4359-a339-4e8b15746bb7}\RP0\A0001108.exe (Trojan.Downloader) -> No action taken.
c:\system volume information\_restore{9a9b279d-6aa6-4359-a339-4e8b15746bb7}\RP0\A0001109.sys (Trojan.Downloader) -> No action taken.
c:\system volume information\_restore{9a9b279d-6aa6-4359-a339-4e8b15746bb7}\RP0\A0001111.exe (Trojan.Downloader) -> No action taken.
c:\system volume information\_restore{9a9b279d-6aa6-4359-a339-4e8b15746bb7}\RP0\A0001114.exe (Trojan.Downloader) -> No action taken.
c:\system volume information\_restore{9a9b279d-6aa6-4359-a339-4e8b15746bb7}\RP0\A0001903.exe (Trojan.Downloader) -> No action taken.
c:\system volume information\_restore{9a9b279d-6aa6-4359-a339-4e8b15746bb7}\RP0\A0004058.dll (Trojan.BHO) -> No action taken.
c:\system volume information\_restore{9a9b279d-6aa6-4359-a339-4e8b15746bb7}\RP0\A0004197.dll (Worm.AutoRun) -> No action taken.
c:\WINDOWS\system32\msncav32.dll (Trojan.Agent) -> No action taken.
mat90
Utente Senior
 
Post: 181
Iscritto il: 11/08/07 13:33

Re: AIUTO!!! STO VIRUS NON SE NE VUOLE ANDARE!!!

Postdi mat90 » 22/06/09 20:36

ah, che faccio cancello le minacce trovate con mbam ???????????????
mat90
Utente Senior
 
Post: 181
Iscritto il: 11/08/07 13:33

Re: AIUTO!!! STO VIRUS NON SE NE VUOLE ANDARE!!!

Postdi mat90 » 22/06/09 23:42

Ho cancellato le voci di registro, ho riavviato il pc in modalità normale.

Il pc sembra funzionare NORMALMENTE ;)

Mi è apparso un paio di volte "nessun firewall attivo" che ho riattivato da pannello di controllo

ed ho avuto qualche problema con l'hardware e software della scheda televisiva, però dopo vari riavvi del sistema sembra funzionare, ex. mi appariva il wizard di win fast in automatico, o non si vedeva la tv, immagine bloccata ecc..
ma ora sembra funzionare.

incrocio le dita...

GRAZIE RAGAZZI, spero di non chiedervi altro aiuto, o se avete in mente qualcosa che devo ancora fare vi chiedo se potete continuare ad aiutarmi, GRAZIE!!! ;)
mat90
Utente Senior
 
Post: 181
Iscritto il: 11/08/07 13:33

Precedente

Torna a Sicurezza e Privacy


Topic correlati a "AIUTO!!! STO VIRUS NON SE NE VUOLE ANDARE!!!":

aiuto windows 10
Autore: mod360
Forum: Software Windows
Risposte: 1
aiuto installazione
Autore: mod360
Forum: Software Windows
Risposte: 3

Chi c’è in linea

Visitano il forum: Nessuno e 39 ospiti