shel ha scritto:ciao
magari se posti il log sara' piu' facile vedere se c'e' qualcosa
Eccolo!!!
ComboFix 09-08-10.04 - Antonio 11/08/2009 12.31.57.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.446.208 [GMT 2:00]
Eseguito da: D:\Rosolutore.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {806ED0B3-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {806ED0B3-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {806EE0B3-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {806EE0B3-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {806EE0B3-FFA4-00FC-0D24-347CA8A3377C}
AV: Sistema Antivirus NOD32 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-2000478354-152049171-839522115-1003
c:\recycler\S-1-5-21-4037498340-3510512148-831538865-1003
c:\windows\Installer\100466.msi
c:\windows\Installer\10046c.msi
c:\windows\Installer\35c96.msi
c:\windows\Installer\373a5.msi
c:\windows\Installer\373ae.msi
c:\windows\Installer\3ca98.msi
c:\windows\Installer\9f7830.msi
c:\windows\run.log
c:\windows\system32\drivers\UACebdyuyxmpj.sys
c:\windows\system32\uacinit.dll
c:\windows\system32\UACitqsnoewog.db
c:\windows\system32\UACkcntjxdhxr.dll
c:\windows\system32\UACnalsupapsk.dll
c:\windows\system32\UACqmbpdqpxvv.dat
c:\windows\system32\UACtmxcnbmpvd.dll
c:\windows\system32\UACwyhrgruefo.dll
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_UACd.sys
-------\Legacy_NETCONF32
-------\Legacy_SYSMGR64
-------\Service_netconf32
-------\Service_sysmgr64
((((((((((((((((((((((((( Files Creati Da 2009-07-11 al 2009-08-11 )))))))))))))))))))))))))))))))))))
.
2009-08-11 06:45 . 2009-08-11 06:44 270336 ----a-w- c:\windows\system32\imon.dll
2009-08-11 06:45 . 2009-08-11 06:44 502208 ----a-w- c:\windows\system32\drivers\amon.sys
2009-08-10 21:47 . 2009-08-11 10:31 -------- d-----w- c:\programmi\ESET
2009-08-10 21:17 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-10 19:53 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-08-10 19:35 . 2009-08-10 19:35 70656 ----a-w- c:\windows\system32\drivers\iqmbyxevsixtbqpc.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 21:33 . 2002-12-31 22:39 -------- d-----w- c:\programmi\File comuni\Adobe
2009-08-07 19:26 . 2007-11-02 22:35 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-07 19:26 . 2007-11-02 22:34 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-07 17:55 . 2007-11-02 18:44 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-26 16:49 . 2006-02-24 13:22 669184 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:49 . 2004-08-19 22:39 81920 ------w- c:\windows\system32\ieencode.dll
2009-06-16 14:36 . 2003-04-08 02:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2003-04-08 02:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2005-01-10 18:17 1296384 ----a-w- c:\windows\system32\quartz.dll
2009-05-14 18:28 . 2009-05-14 18:26 16742799 ----a-w- c:\docume~1\ALLUSE~1\DATIAP~1\vlc-0.9.9-win32.exe
2008-09-10 18:45 . 2008-09-10 18:45 59 --sh--r- c:\windows\system32\1361889.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2009-08-11 917504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^DigiScan.lnk]
backup=c:\windows\pss\DigiScan.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^NetFly U54 Wireless Utility .lnk]
backup=c:\windows\pss\NetFly U54 Wireless Utility .lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Ralink Wireless Utility.lnk]
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Antonio^Menu Avvio^Programmi^Esecuzione automatica^WKCALREM.LNK]
backup=c:\windows\pss\WKCALREM.LNKStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"sysmgr64"=2 (0x2)
"netconf32"=2 (0x2)
"getPlus(R) Helper"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"ose"=3 (0x3)
"HPWirelessMgr"=2 (0x2)
"HPConfig"=2 (0x2)
"PnkBstrA"=3 (0x3)
"helpsvc"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/08/2009 21.53.10 28544]
R0 WCMBusXP;WCM Enumerator and Bus Driver;c:\windows\system32\drivers\WCMBusXP.sys [11/06/2006 22.35.45 66816]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [01/01/2003 1.21.47 291328]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [01/01/2003 1.21.47 244608]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [17/07/2003 3.01.02 28280]
R3 ZD1211BU(Atlantis-Land);NetFly U54 Wireless USB Adapter Driver(Atlantis-Land);c:\windows\system32\drivers\ZD1211BU.sys [02/12/2008 16.05.51 500736]
S2 pciinfo;HP Pci Information; [x]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [02/12/2008 16.05.50 20608]
S3 MEMSWEEP2;MEMSWEEP2; [x]
S3 rtl8180;PCM1000 Wireless LAN Card Adapter NT Driver;c:\windows\system32\drivers\RTL8180.sys [16/04/2003 14.04.46 151808]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [27/12/2007 21.18.41 44928]
S3 WCMVmdXP;WCM VMODEM Driver;c:\windows\system32\drivers\WCMVmdXP.sys [11/06/2006 22.35.45 54656]
--- Altri Servizi/Drivers In Memoria ---
*Deregistered* - uphcleanhlp
.
Contenuto della cartella 'Scheduled Tasks'
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKU-Default-Run-Microsoft SDKP2 - mswinsdp.exe
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/IE: Download with GetRight
IE: E&sporta in Microsoft Excel
IE: Open with GetRight Browser
LSP: imon.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -
hxxp://download.eset.com/special/eos/OnlineScanner.cab.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-11 12:48
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'lsass.exe'(824)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(908)
c:\windows\System32\WMVCore.DLL
c:\windows\System32\WMASF.DLL
c:\windows\system32\mswmdm.dll
c:\windows\system32\wmdmlog.dll
c:\windows\system32\mspmsp.dll
c:\windows\system32\wmdmps.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\netdde.exe
c:\programmi\ESET\nod32krn.exe
c:\windows\system32\wdfmgr.exe
c:\programmi\UPHClean\uphclean.exe
.
**************************************************************************
.
Ora fine scansione: 2009-08-11 12.55.04 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-08-11 10:53
Pre-Run: 20.166.430.720 byte disponibili
Post-Run: 20.037.406.720 byte disponibili
176
Ma che è arabo??? Vi prego aiutatemi :''''''''''''''''''''''