Non riesco ad accedere ai siti degli antivirus

[Luke57]

Anche io lo stesso problema......cosa devo fare? Allego report di ComboFix.....grazie in anticipo!!

Ciao, Prepara un file di testo, dal blocco note di windows e al suo interno copia e incolla il seguente script:

Codice: Seleziona tutto

NetSvcs::
pitskyah

Driver::
pitskyah

File::
c:\windows\system32\mygahct.dll

salvi il file con il nome obbligatorio di CFScript.txt
lo metti nella stessa cartella di combofix e poi, con il puntatore del mouse, lo trascini sull'icona del programma stesso che farà una nuova scansione con le stesse modalità della precedente.

[gincobiloba]

Grazie mille, Luke, ora è risolto!

Ciao, se lo sai gia che lo chedi a fà

...eh beh, tra "sospettare" e "sapere" ce ne passa! Diciamo che leggendo il tabulato, un servizio zxyqwpr che mi rimanda ad una .dll fcwurpfx non mi quadrava, ma non avrei saputo preparare lo script - ora penso di aver capito come si fa - grazie ancora cmq

[panson]

Ciao!! ho provato e riprovato ma non ci sono riuscito! ho gia scaricato SystemScan e ho la cartella, e ho installato combofix, http://rapidshare.com/files/310245293/2 ... t.zip.html
Ciao!
HELP ME!!! panson56!

[Luke57]

Ciao!! ho provato e riprovato ma non ci sono riuscito! ho gia scaricato SystemScan e ho la cartella, e ho installato combofix, http://rapidshare.com/files/310245293/2 ... t.zip.html
Ciao!
HELP ME!!! panson56!

Ciao, disconnettiti da internet e disattiva l'antivirus
avvia combofix.exe (se non è già lì, mettilo sul desktop)
Lascia lavorare il programma senza interferire (non installare la recovery console)
Al termine, allega il rapporto C:\ComboFix.txt nella tua risposta.

[panson]

http://rapidshare.com/files/311589711/ComboFix.txt.html

Grazie mille!!

[Luke57]

Ciao, attualmente non riesco a scaricare il report di combofix, puoi anche allegarlo a un post in formato .txt o incollare il log per intero in un post.

[Luke57]

Ciao, Prepara un file di testo, dal blocco note di windows e al suo interno copia e incolla il seguente script:

Codice: Seleziona tutto

NetSvcs::
ohksaepay

Driver::
ohksaepay

File::
c:\windows\system32\llskhmt.exe
c:\windows\system32\cqtw.exe
c:\windows\system32\aitzpx.exe
c:\windows\system32\cpgxs.exe
c:\windows\system32\howboyz.dll

salvi il file con il nome obbligatorio di CFScript.txt
lo metti nel desktop e poi, con il puntatore del mouse, lo trascini sull'icona del programma stesso che farà una nuova scansione con le stesse modalità della precedente. Al termine della scansione (il programma avvertirà) riavvia il computer e posta il nuovo report.

[leone_67]

Idem come tutti.
Se vuoi essere così gentile da rispondere anche a me te ne sarei grato.
Ciao

Ecco il log
ComboFix 09-11-25.05 - cristina 26/11/2009 12.42.37.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.1015.637 [GMT 1:00]
Eseguito da: c:\documents and settings\cristina.PC475714713263\desktop\abc.exe
Opzioni usate :: /killall
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: COMODO Antivirus *On-access scanning enabled* (Outdated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-10-26 al 2009-11-26 )))))))))))))))))))))))))))))))))))
.

2009-11-25 21:57 . 2009-11-25 20:51 360584 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtdix.sys
2009-11-25 21:57 . 2009-11-25 20:51 333192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgldx86.sys
2009-11-25 21:56 . 2009-11-25 20:51 12464 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgrsstx.dll
2009-11-25 21:56 . 2009-11-25 20:50 502040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgrsx.exe
2009-11-25 21:56 . 2009-11-25 20:51 28424 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgmfx86.sys
2009-11-25 21:55 . 2009-11-25 20:50 877848 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.exe
2009-11-25 21:55 . 2009-11-25 20:50 613656 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgiproxy.exe
2009-11-25 21:55 . 2009-11-25 20:50 1657112 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2009-11-25 21:55 . 2009-11-25 20:50 798488 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avginet.dll
2009-11-25 20:51 . 2009-11-25 21:00 -------- d-----w- C:\$AVG
2009-11-25 20:51 . 2009-11-25 21:56 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-25 20:51 . 2009-11-25 21:56 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-25 20:51 . 2009-11-25 21:56 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-25 20:51 . 2009-11-25 21:56 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-25 20:51 . 2009-11-25 21:57 -------- d-----w- c:\windows\system32\drivers\Avg
2009-11-25 20:50 . 2009-11-25 20:50 -------- d-----w- c:\programmi\AVG
2009-11-25 20:50 . 2009-11-26 10:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2009-11-25 11:57 . 2009-11-26 11:47 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-11-25 11:11 . 2009-11-25 11:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Comodo
2009-11-25 11:11 . 2009-11-25 11:11 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-11-25 11:11 . 2009-11-25 11:11 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-11-25 11:11 . 2009-11-25 11:11 171552 ----a-w- c:\windows\system32\guard32.dll
2009-11-25 11:11 . 2009-11-25 11:11 132808 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-11-25 11:11 . 2009-11-25 11:11 -------- d-----w- c:\programmi\COMODO
2009-11-04 07:50 . 2009-11-12 10:50 -------- d-----w- c:\documents and settings\cristina.PC475714713263\Impostazioni locali\Dati applicazioni\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-26 11:10 . 2009-02-02 17:58 -------- d-----w- c:\documents and settings\cristina.PC475714713263\Dati applicazioni\Skype
2009-11-26 10:40 . 2009-02-02 18:00 -------- d-----w- c:\documents and settings\cristina.PC475714713263\Dati applicazioni\skypePM
2009-11-25 20:34 . 2009-02-02 17:53 1 ----a-w- c:\documents and settings\cristina.PC475714713263\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-25 14:40 . 2009-02-02 17:06 17788 ----a-w- c:\windows\system32\events.dat
2009-11-25 07:28 . 2004-08-30 11:20 84354 ----a-w- c:\windows\system32\perfc010.dat
2009-11-25 07:28 . 2004-08-30 11:20 489648 ----a-w- c:\windows\system32\perfh010.dat
2009-11-24 20:22 . 2009-04-05 19:06 -------- d-----w- c:\programmi\Mozilla Thunderbird
2009-11-23 21:43 . 2009-02-02 16:56 -------- d-----w- c:\documents and settings\cristina.PC475714713263\Dati applicazioni\ZipGenius
.

((((((((((((((((((((((((((((( SnapShot@2009-11-26_11.20.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-26 11:48 . 2009-11-26 11:48 16384 c:\windows\temp\Perflib_Perfdata_20c.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-05-24 148888]
"PTHOSTTR"="c:\programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"Cpqset"="c:\programmi\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-01-23 802816]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
"WatchDog"="c:\programmi\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320]
"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\programmi\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-10 57393]
"IndexSearch"="c:\programmi\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-10 40960]
"SetDefPrt"="c:\programmi\Brother\Brmfl04e\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\programmi\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-05-22 262144]
"snp2std"="c:\windows\vsnp2std.exe" [2006-05-15 675840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
DVD Check.lnk - c:\programmi\InterVideo\DVD Check\DVDCheck.exe [2009-2-2 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41 40960 ----a-w- c:\programmi\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-25 21:56 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"msav"=2 (0x2)
"cmdAgent"=2 (0x2)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8101:TCP"= 8101:TCP:pqhgfzjj

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25/11/2009 21.51.20 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25/11/2009 21.51.28 360584]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [25/11/2009 12.11.04 132808]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [25/11/2009 12.11.04 25160]
R2 ASChannel;Canale di comunicazione locale;c:\windows\System32\svchost.exe -k Cognizance [19/08/2004 9.00.00 14336]
S2 gupdate1ca0ba245ea2be4;Servizio di Google Update (gupdate1ca0ba245ea2be4);c:\programmi\Google\Update\GoogleUpdate.exe [23/07/2009 15.31.30 133104]
S2 jatprtj;Universal Manager;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 9.00.00 14336]
S3 BrUsbScn;Driver scanner Brother MFC USB;c:\windows\system32\drivers\BrUsbScn.sys [08/04/2009 8.49.53 10368]
S4 avg9emc;AVG Free E-mail Scanner;c:\programmi\AVG\AVG9\avgemc.exe [25/11/2009 22.56.27 906520]
S4 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [25/11/2009 22.56.31 285392]
S4 msav;Moon Secure Antivirus Core;c:\programmi\Moon Secure Antivirus\msavcore.exe --> c:\programmi\Moon Secure Antivirus\msavcore.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
jatprtj
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-07-23 14:31]

2009-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-07-23 14:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.hp.com/
IE: &Cerca con Google - c:\programmi\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Traduci parola in italiano - c:\programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Link a ritroso - c:\programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Pagine simili - c:\programmi\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Versione cache della pagina - c:\programmi\Google\GoogleToolbar1.dll/cmcache.html
FF - ProfilePath - c:\documents and settings\cristina.PC475714713263\Dati applicazioni\Mozilla\Firefox\Profiles\ysfthusv.default\
FF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-26 12:48
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\HPQ\Default Settings\cpqset.exe?????????? ???@???????????????@?????h\??????(?@???????@

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jatprtj]
"ServiceDll"="c:\windows\system32\zwinuae.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(920)
c:\programmi\HPQ\IAM\Bin\AsWlnPkg.dll
c:\windows\system32\msi.dll

- - - - - - - > 'explorer.exe'(1244)
c:\programmi\HPQ\IAM\Bin\SFSShell.dll
c:\programmi\HPQ\IAM\bin\ItMsg.dll
c:\programmi\HPQ\IAM\bin\1040\SFSShell.dll
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\windows\system32\Brmfrmps.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\DllHost.exe
c:\programmi\HPQ\IAM\bin\asghost.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\wdfmgr.exe
c:\programmi\Hewlett-Packard\Shared\hpqwmiex.exe
c:\programmi\Canon\CAL\CALMAIN.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
.
**************************************************************************
.
Ora fine scansione: 2009-11-26 12:52 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-26 11:52
ComboFix2.txt 2009-11-26 11:26

Pre-Run: 38.492.512.256 byte disponibili
Post-Run: 38.459.731.968 byte disponibili

- - End Of File - - A30AE5E2EF98E9CE7FFBD957EED9F46A

[gahan]

Ciao,

scarica Malwarebytes anti-malware da questo link e salvalo sul desktop:
http://www.malwarebytes.org/mbam-download.php

Disattiva il tuo antivirus;
Installa malwarebytes facendo l'update (aggiornamento) e infine esegui il programma;
Esegui una scansione completa del tuo sistema.

[panson]

ecco qua!
http://rapidshare.com/files/312528786/ComboFix.txt.html

Grazie

[Luke57]

ecco qua!
http://rapidshare.com/files/312528786/ComboFix.txt.html

Grazie

Ok, sembra a posto, hai sempre problemi?

[Luke57]

Idem come tutti.
Se vuoi essere così gentile da rispondere anche a me te ne sarei grato.
Ciao

Ciao, Prepara un file di testo, dal blocco note di windows e al suo interno copia e incolla il seguente script:


[note]NetSvcs::
jatprtj

Driver::
jatprtj

File::
c:\windows\system32\zwinuae.dll[/note]



salvi il file con il nome obbligatorio di CFScript.txt
lo metti nel desktop e poi, con il puntatore del mouse, lo trascini sull'icona del programma stesso che farà una nuova scansione con le stesse modalità della precedente. Al termine della scansione (il programma avvertirà) riavvia il computer e posta il nuovo report.

[Luke57]

Idem come tutti.
Se vuoi essere così gentile da rispondere anche a me te ne sarei grato.
Ciao

Ciao, Prepara un file di testo, dal blocco note di windows e al suo interno copia e incolla il seguente script:

Codice: Seleziona tutto

NetSvcs::
jatprtj

Driver::
jatprtj

File::
c:\windows\system32\zwinuae.dll

salvi il file con il nome obbligatorio di CFScript.txt
lo metti nel desktop e poi, con il puntatore del mouse, lo trascini sull'icona del programma stesso che farà una nuova scansione con le stesse modalità della precedente. Al termine della scansione (il programma avvertirà) riavvia il computer e posta il nuovo report.

[alex1972]

potresti aiutarmi con un problema simile?
grazie
alessandro


ComboFix 09-11-29.02 - babbo 29/11/2009 22.28.47.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.39.1040.18.1014.718 [GMT 1:00]
Eseguito da: c:\documents and settings\babbo.ALEX.000\desktop\abc.exe
Opzioni usate :: /killall

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
/wow section - STAGE 4


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\babbo\Dati applicazioni\inst.exe
c:\documents and settings\babbo\Menu Avvio\Programmi\QUAD Utilities
c:\documents and settings\babbo\Menu Avvio\Programmi\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner.lnk
c:\documents and settings\babbo\Menu Avvio\Programmi\QUAD Utilities\QUAD RegistryCleaner\Uninstall QUAD RegistryCleaner.lnk
c:\documents and settings\babbo3\Dati applicazioni\inst.exe
c:\programmi\QUAD Utilities
c:\programmi\QUAD Utilities\QUAD RegistryCleaner\program.log
c:\programmi\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner.exe
c:\programmi\QUAD Utilities\QUAD RegistryCleaner\Scheduler.dll
c:\programmi\QUAD Utilities\QUAD RegistryCleaner\Styles\Vista.cjstyles
c:\recycler\S-1-5-21-1292428093-1229272821-682003330-1004
c:\recycler\S-1-5-21-1708537768-515967899-725345543-1004

c:\windows\system32\qmgr.dll . . . è infetto!!

.
((((((((((((((((((((((((( Files Creati Da 2009-10-28 al 2009-11-29 )))))))))))))))))))))))))))))))))))
.

2009-11-29 21:10 . 2009-11-29 21:10 -------- d-s---w- c:\documents and settings\babbo.ALEX.000\UserData
2009-11-29 10:52 . 2009-11-29 10:55 102912 ---ha-w- c:\windows\system32\zdjow.exe
2009-11-29 10:33 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-29 10:33 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-29 10:33 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-29 10:33 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-29 10:33 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-29 10:33 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-29 10:33 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-29 10:33 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-29 10:33 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-11-29 10:33 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-11-29 10:33 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-11-29 10:31 . 2009-11-29 10:37 -------- d-----w- c:\programmi\Nutstation
2009-11-29 10:30 . 2009-11-29 10:30 197120 ------w- c:\windows\Setup1.exe
2009-11-29 10:30 . 2009-11-29 10:30 74752 ----a-w- c:\windows\ST6UNST.EXE
2009-11-29 10:25 . 2009-11-29 10:25 13824 ---ha-w- c:\windows\system32\yxtbly.exe
2009-11-29 10:10 . 2008-02-15 11:49 188416 ----a-w- c:\windows\system32\igfxres.dll
2009-11-29 10:05 . 2008-09-19 16:48 1200128 ----a-w- c:\windows\RtlUpd.exe
2009-11-29 10:04 . 2008-02-28 14:00 141848 ----a-w- c:\windows\system32\igfxtray.exe
2009-11-29 10:03 . 2002-08-29 00:32 135552 -c--a-w- c:\windows\system32\dllcache\usbport.sys
2009-11-29 10:01 . 2005-03-16 06:23 13696 ----a-r- c:\windows\system32\drivers\BIOS.sys
2009-11-29 08:56 . 2003-04-08 12:00 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2009-11-29 08:55 . 2003-04-08 12:00 106562 -c--a-w- c:\windows\system32\dllcache\srchctls.dll
2009-11-29 08:55 . 2003-04-08 12:00 3346432 -c--a-w- c:\windows\system32\dllcache\msgr3en.dll
2009-11-29 08:53 . 2003-04-08 12:00 5632 -c--a-w- c:\windows\system32\dllcache\write.exe
2009-11-29 08:50 . 2001-08-17 20:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2009-11-29 08:50 . 2002-09-09 12:50 20480 ----a-w- c:\windows\system32\hidserv.dll
2009-11-29 08:49 . 2002-09-09 12:38 57344 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-11-29 08:47 . 2009-11-29 08:48 -------- d--h--r- c:\documents and settings\All Users.WINDOWS\Dati applicazioni
2009-11-29 08:47 . 2009-11-29 08:48 -------- d--h--r- c:\documents and settings\Default User.WINDOWS\Dati applicazioni
2009-11-29 08:46 . 2009-11-29 08:55 -------- d-----w- c:\documents and settings\All Users.WINDOWS
2009-11-29 08:46 . 2009-11-29 21:23 -------- d--h--w- c:\documents and settings\Default User.WINDOWS
2009-11-05 12:31 . 2009-11-05 12:31 -------- d-----w- c:\documents and settings\babbo3\Impostazioni locali\Dati applicazioni\Identities
2009-11-04 20:30 . 2009-11-04 20:30 -------- d-----w- c:\programmi\Recovery Toolbox for Access
2009-11-04 20:17 . 2009-11-04 20:17 -------- d-----w- c:\programmi\Kernel Recovery for Access Demo
2009-11-04 20:01 . 2009-11-04 20:01 269919 ----a-w- c:\documents and settings\babbo3\Impostazioni locali\Dati applicazioni\iangzt_nav.dat
2009-11-04 20:01 . 2009-11-07 19:14 1754 ----a-w- c:\documents and settings\babbo3\Impostazioni locali\Dati applicazioni\iangzt_navps.dat
2009-11-04 20:01 . 2009-11-07 18:59 3368 ----a-w- c:\documents and settings\babbo3\Impostazioni locali\Dati applicazioni\iangzt.dat
2009-11-04 20:01 . 2009-11-04 20:01 340480 ----a-w- c:\documents and settings\babbo3\Impostazioni locali\Dati applicazioni\iangzt.exe
2009-11-01 17:28 . 2009-11-01 17:28 -------- d-----w- c:\documents and settings\babbo3\Dati applicazioni\Sonic
2009-11-01 17:28 . 2009-11-01 17:28 -------- d-----w- c:\programmi\File comuni\Sonic
2009-11-01 17:27 . 2009-11-01 20:14 -------- d-----w- c:\programmi\ASUS RecordNow DX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-29 10:07 . 2003-04-08 12:00 47592 ----a-w- c:\windows\system32\perfc010.dat
2009-11-29 10:07 . 2003-04-08 12:00 345010 ----a-w- c:\windows\system32\perfh010.dat
2009-11-29 10:05 . 2009-11-29 10:05 319488 ----a-w- c:\windows\HideWin.exe
2009-11-29 10:05 . 2009-11-29 10:05 -------- d-----w- c:\documents and settings\babbo.ALEX.000\Dati applicazioni\InstallShield
2009-11-29 08:55 . 2009-11-29 08:55 71079 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-11-29 08:54 . 2009-11-29 08:54 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-06 19:08 . 2009-10-28 20:16 -------- d-----w- c:\documents and settings\babbo3\Dati applicazioni\Vso
2009-11-06 19:08 . 2009-10-16 19:09 -------- d-----w- c:\programmi\DVDFab 6
2009-11-04 20:01 . 2009-10-18 17:28 -------- d-----w- c:\programmi\eMule
2009-10-31 21:34 . 2009-10-17 10:18 -------- d-----w- c:\programmi\DVD Shrink
2009-10-30 18:55 . 2009-10-30 18:55 -------- d-----w- c:\documents and settings\babbo3\Dati applicazioni\vlc
2009-10-28 20:16 . 2009-10-28 20:16 47360 ----a-w- c:\documents and settings\babbo3\Dati applicazioni\pcouffin.sys
2009-10-28 20:16 . 2009-10-28 20:16 47360 ----a-w- c:\documents and settings\babbo3\Dati applicazioni\pcouffin.sys
2009-10-28 20:16 . 2009-10-16 19:11 -------- d-----w- c:\programmi\DVDFab 5
2009-10-28 19:38 . 2009-10-28 19:38 -------- d-----w- c:\documents and settings\babbo3\Dati applicazioni\InstallShield
2009-10-27 18:28 . 2009-10-27 18:28 -------- d-----w- c:\documents and settings\babbo.ALEX\Dati applicazioni\InstallShield
2009-10-21 17:32 . 2009-10-21 17:32 -------- d-----w- c:\programmi\CyberLink
2009-10-21 17:32 . 2009-10-21 17:32 -------- d-----w- c:\programmi\ASUSTek
2009-10-21 17:32 . 2009-10-14 20:27 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-21 17:27 . 2009-10-21 17:27 -------- d-----w- c:\documents and settings\babbo.ALEX\Dati applicazioni\vlc
2009-10-20 12:34 . 2009-10-17 10:09 -------- d-----w- c:\programmi\QuickTime
2009-10-20 11:53 . 2009-10-18 17:28 1534 ----a-w- c:\documents and settings\babbo\Impostazioni locali\Dati applicazioni\idfavql_navps.dat
2009-10-20 11:53 . 2009-10-20 11:53 -------- d-----w- c:\programmi\Alwil Software
2009-10-20 11:52 . 2009-10-18 17:28 3249 ----a-w- c:\documents and settings\babbo\Impostazioni locali\Dati applicazioni\idfavql.dat
2009-10-19 18:44 . 2009-10-19 18:39 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2009-10-19 18:43 . 2009-10-19 18:39 -------- d-----w- c:\programmi\Symantec
2009-10-19 18:39 . 2009-10-19 18:39 -------- d-----w- c:\documents and settings\babbo\Dati applicazioni\Symantec
2009-10-18 18:15 . 2009-10-18 18:15 -------- d-----w- c:\programmi\CCleaner
2009-10-18 18:15 . 2009-10-18 18:15 -------- d-----w- c:\programmi\Yahoo!
2009-10-18 18:15 . 2009-10-18 18:15 -------- d-----w- c:\documents and settings\babbo\Dati applicazioni\Yahoo!
2009-10-18 17:28 . 2009-10-18 17:29 297958 ----a-w- c:\documents and settings\babbo\Impostazioni locali\Dati applicazioni\idfavql_nav.dat
2009-10-17 17:46 . 2009-10-17 17:46 -------- d-----w- c:\documents and settings\babbo\Dati applicazioni\Ulead Systems
2009-10-17 10:23 . 2009-10-17 10:04 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-17 10:10 . 2009-10-17 10:10 -------- d-----w- c:\programmi\File comuni\Real
2009-10-17 10:10 . 2009-10-17 10:10 -------- d-----w- c:\programmi\Real
2009-10-17 10:09 . 2009-10-17 10:09 -------- d-----w- c:\programmi\File comuni\Ulead Systems
2009-10-17 10:09 . 2009-10-17 10:09 -------- d-----w- c:\programmi\Ulead Systems
2009-10-17 10:07 . 2009-10-14 20:38 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-10-16 19:30 . 2009-10-16 17:38 -------- d-----w- c:\documents and settings\babbo\Dati applicazioni\Vso
2009-10-16 19:09 . 2009-10-16 17:38 47360 ----a-w- c:\documents and settings\babbo\Dati applicazioni\pcouffin.sys
2009-10-16 19:09 . 2009-10-16 17:38 47360 ----a-w- c:\documents and settings\babbo\Dati applicazioni\pcouffin.sys
2009-10-16 17:40 . 2009-10-16 17:40 -------- d-----w- c:\documents and settings\babbo\Dati applicazioni\Datel
2009-10-16 17:15 . 2009-10-16 17:15 -------- d-----w- c:\documents and settings\babbo\Dati applicazioni\vlc
2009-10-16 17:15 . 2009-10-16 17:15 -------- d-----w- c:\programmi\VideoLAN
2009-10-14 20:38 . 2009-10-14 20:27 -------- d-----w- c:\programmi\Realtek
2009-10-14 20:27 . 2009-10-14 20:27 -------- d-----w- c:\documents and settings\babbo\Dati applicazioni\InstallShield
2009-10-14 19:54 . 2009-10-14 19:54 -------- d-----w- c:\programmi\Intel
2009-10-14 19:47 . 2009-10-14 19:47 -------- d-----w- c:\programmi\microsoft frontpage
2009-10-14 19:44 . 2009-10-14 19:44 -------- d-----w- c:\programmi\Servizi in linea
2003-04-08 12:00 . 2003-04-08 12:00 167765 --sha-r- c:\windows\system32\eykfcqc.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\System32\igfxpers.exe" [2008-02-28 137752]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-10-09 17021440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2003-04-08 13312]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29/11/2009 11.33.13 114768]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [29/11/2009 11.01.37 13696]
S2 ztijqwrf;Universal System;c:\windows\system32\svchost.exe -k netsvcs [08/04/2003 13.00.00 12800]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - ALG
*NewlyCreated* - IPNAT

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ztijqwrf
.
.
------- Scansione supplementare -------
.
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-29 22:33
Windows 5.1.2600 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ztijqwrf]
"ServiceDll"="c:\windows\System32\eykfcqc.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\System32\ODBC32.dll

- - - - - - - > 'lsass.exe'(744)
c:\windows\System32\dssenh.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\igfxsrvc.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Ora fine scansione: 2009-11-29 22:34 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-29 21:34

Pre-Run: 170.987.360.256 byte disponibili
Post-Run: 171.049.140.224 byte disponibili

- - End Of File - - 65D9CF1F213224E738AFA0422ED6EE34

[leone_67]

Grazie, tutto a posto....sei un grande

[Luke57]

@Alex1972
Ciao, Prepara un file di testo, dal blocco note di windows e al suo interno copia e incolla il seguente script:

Codice: Seleziona tutto

NetSvcs::
ztijqwrf

Driver::
ztijqwrf

File::
c:\windows\System32\eykfcqc.dll
c:\windows\system32\zdjow.exe

salvi il file con il nome obbligatorio di CFScript.txt
lo metti nel desktop e poi, con il puntatore del mouse, lo trascini sull'icona del programma stesso che farà una nuova scansione con le stesse modalità della precedente. Al termine della scansione (il programma avvertirà) riavvia il computer e posta il nuovo report.

[alex1972]

ciao ho fatto come mi hai detto.
allego il file
ciao e grazie


ComboFix 09-11-29.02 - babbo 30/11/2009 13.23.23.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.39.1040.18.1014.671 [GMT 1:00]
Eseguito da: c:\documents and settings\babbo.ALEX.000\Desktop\abc.exe
Opzioni usate :: c:\documents and settings\babbo.ALEX.000\Desktop\CFScript.txt

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\System32\eykfcqc.dll"
"c:\windows\system32\zdjow.exe"
.
/wow section - STAGE 4


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\eykfcqc.dll
c:\windows\system32\zdjow.exe

La copia infetta di c:\windows\system32\qmgr.dll è stata trovata e disinfettata
ipristinata copia da - c:\windows\ERDNT\cache\qmgr.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ZTIJQWRF
-------\Service_ztijqwrf


((((((((((((((((((((((((( Files Creati Da 2009-10-28 al 2009-11-30 )))))))))))))))))))))))))))))))))))
.

2009-11-29 21:48 . 2009-11-29 21:48 -------- d-----w- c:\documents and settings\babbo.ALEX.000\Impostazioni locali\Dati applicazioni\Identities
2009-11-29 21:10 . 2009-11-29 21:10 -------- d-s---w- c:\documents and settings\babbo.ALEX.000\UserData
2009-11-29 10:33 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-29 10:33 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-29 10:33 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-29 10:33 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-29 10:33 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-29 10:33 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-29 10:33 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-29 10:33 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-29 10:33 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-11-29 10:33 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-11-29 10:33 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-11-29 10:31 . 2009-11-29 10:37 -------- d-----w- c:\programmi\Nutstation
2009-11-29 10:30 . 2009-11-29 10:30 197120 ------w- c:\windows\Setup1.exe
2009-11-29 10:30 . 2009-11-29 10:30 74752 ----a-w- c:\windows\ST6UNST.EXE
2009-11-29 10:25 . 2009-11-29 10:25 13824 ---ha-w- c:\windows\system32\yxtbly.exe
2009-11-29 10:10 . 2008-02-15 11:49 188416 ----a-w- c:\windows\system32\igfxres.dll
2009-11-29 10:05 . 2008-09-19 16:48 1200128 ----a-w- c:\windows\RtlUpd.exe
2009-11-29 10:04 . 2008-02-28 14:00 141848 ----a-w- c:\windows\system32\igfxtray.exe
2009-11-29 10:03 . 2002-08-29 00:32 135552 -c--a-w- c:\windows\system32\dllcache\usbport.sys
2009-11-29 10:01 . 2005-03-16 06:23 13696 ----a-r- c:\windows\system32\drivers\BIOS.sys
2009-11-29 08:56 . 2003-04-08 12:00 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2009-11-29 08:55 . 2003-04-08 12:00 106562 -c--a-w- c:\windows\system32\dllcache\srchctls.dll
2009-11-29 08:55 . 2003-04-08 12:00 3346432 -c--a-w- c:\windows\system32\dllcache\msgr3en.dll
2009-11-29 08:53 . 2003-04-08 12:00 5632 -c--a-w- c:\windows\system32\dllcache\write.exe
2009-11-29 08:50 . 2001-08-17 20:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2009-11-29 08:50 . 2002-09-09 12:50 20480 ----a-w- c:\windows\system32\hidserv.dll
2009-11-29 08:49 . 2002-09-09 12:38 57344 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-11-29 08:47 . 2009-11-29 08:48 -------- d--h--r- c:\documents and settings\All Users.WINDOWS\Dati applicazioni
2009-11-29 08:47 . 2009-11-29 08:48 -------- d--h--r- c:\documents and settings\Default User.WINDOWS\Dati applicazioni
2009-11-29 08:46 . 2009-11-29 08:55 -------- d-----w- c:\documents and settings\All Users.WINDOWS
2009-11-29 08:46 . 2009-11-29 21:23 -------- d--h--w- c:\documents and settings\Default User.WINDOWS
2009-11-05 12:31 . 2009-11-05 12:31 -------- d-----w- c:\documents and settings\babbo3\Impostazioni locali\Dati applicazioni\Identities
2009-11-04 20:30 . 2009-11-04 20:30 -------- d-----w- c:\programmi\Recovery Toolbox for Access
2009-11-04 20:17 . 2009-11-04 20:17 -------- d-----w- c:\programmi\Kernel Recovery for Access Demo
2009-11-04 20:01 . 2009-11-04 20:01 269919 ----a-w- c:\documents and settings\babbo3\Impostazioni locali\Dati applicazioni\iangzt_nav.dat
2009-11-04 20:01 . 2009-11-07 19:14 1754 ----a-w- c:\documents and settings\babbo3\Impostazioni locali\Dati applicazioni\iangzt_navps.dat
2009-11-04 20:01 . 2009-11-07 18:59 3368 ----a-w- c:\documents and settings\babbo3\Impostazioni locali\Dati applicazioni\iangzt.dat
2009-11-04 20:01 . 2009-11-04 20:01 340480 ----a-w- c:\documents and settings\babbo3\Impostazioni locali\Dati applicazioni\iangzt.exe
2009-11-01 17:28 . 2009-11-01 17:28 -------- d-----w- c:\documents and settings\babbo3\Dati applicazioni\Sonic
2009-11-01 17:28 . 2009-11-01 17:28 -------- d-----w- c:\programmi\File comuni\Sonic
2009-11-01 17:27 . 2009-11-01 20:14 -------- d-----w- c:\programmi\ASUS RecordNow DX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-29 21:36 . 2003-04-08 12:00 47592 ----a-w- c:\windows\system32\perfc010.dat
2009-11-29 21:36 . 2003-04-08 12:00 345010 ----a-w- c:\windows\system32\perfh010.dat
2009-11-29 10:05 . 2009-11-29 10:05 319488 ----a-w- c:\windows\HideWin.exe
2009-11-29 10:05 . 2009-11-29 10:05 -------- d-----w- c:\documents and settings\babbo.ALEX.000\Dati applicazioni\InstallShield
2009-11-29 08:55 . 2009-11-29 08:55 71079 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-11-29 08:54 . 2009-11-29 08:54 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-06 19:08 . 2009-10-28 20:16 -------- d-----w- c:\documents and settings\babbo3\Dati applicazioni\Vso
2009-11-06 19:08 . 2009-10-16 19:09 -------- d-----w- c:\programmi\DVDFab 6
2009-11-04 20:01 . 2009-10-18 17:28 -------- d-----w- c:\programmi\eMule
2009-10-31 21:34 . 2009-10-17 10:18 -------- d-----w- c:\programmi\DVD Shrink
2009-10-30 18:55 . 2009-10-30 18:55 -------- d-----w- c:\documents and settings\babbo3\Dati applicazioni\vlc
2009-10-28 20:16 . 2009-10-28 20:16 47360 ----a-w- c:\documents and settings\babbo3\Dati applicazioni\pcouffin.sys
2009-10-28 20:16 . 2009-10-28 20:16 47360 ----a-w- c:\documents and settings\babbo3\Dati applicazioni\pcouffin.sys
2009-10-28 20:16 . 2009-10-16 19:11 -------- d-----w- c:\programmi\DVDFab 5
2009-10-28 19:38 . 2009-10-28 19:38 -------- d-----w- c:\documents and settings\babbo3\Dati applicazioni\InstallShield
2009-10-27 18:28 . 2009-10-27 18:28 -------- d-----w- c:\documents and settings\babbo.ALEX\Dati applicazioni\InstallShield
2009-10-21 17:32 . 2009-10-21 17:32 -------- d-----w- c:\programmi\CyberLink
2009-10-21 17:32 . 2009-10-21 17:32 -------- d-----w- c:\programmi\ASUSTek
2009-10-21 17:32 . 2009-10-14 20:27 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-21 17:27 . 2009-10-21 17:27 -------- d-----w- c:\documents and settings\babbo.ALEX\Dati applicazioni\vlc
2009-10-20 12:34 . 2009-10-17 10:09 -------- d-----w- c:\programmi\QuickTime
2009-10-20 11:53 . 2009-10-18 17:28 1534 ----a-w- c:\documents and settings\babbo\Impostazioni locali\Dati applicazioni\idfavql_navps.dat
2009-10-20 11:53 . 2009-10-20 11:53 -------- d-----w- c:\programmi\Alwil Software
2009-10-20 11:52 . 2009-10-18 17:28 3249 ----a-w- c:\documents and settings\babbo\Impostazioni locali\Dati applicazioni\idfavql.dat
2009-10-19 18:44 . 2009-10-19 18:39 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2009-10-19 18:43 . 2009-10-19 18:39 -------- d-----w- c:\programmi\Symantec
2009-10-19 18:39 . 2009-10-19 18:39 -------- d-----w- c:\documents and settings\babbo\Dati applicazioni\Symantec
2009-10-18 18:15 . 2009-10-18 18:15 -------- d-----w- c:\programmi\CCleaner
2009-10-18 18:15 . 2009-10-18 18:15 -------- d-----w- c:\programmi\Yahoo!
2009-10-18 18:15 . 2009-10-18 18:15 -------- d-----w- c:\documents and settings\babbo\Dati applicazioni\Yahoo!
2009-10-18 17:28 . 2009-10-18 17:29 297958 ----a-w- c:\documents and settings\babbo\Impostazioni locali\Dati applicazioni\idfavql_nav.dat
2009-10-17 17:46 . 2009-10-17 17:46 -------- d-----w- c:\documents and settings\babbo\Dati applicazioni\Ulead Systems
2009-10-17 10:23 . 2009-10-17 10:04 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-17 10:10 . 2009-10-17 10:10 -------- d-----w- c:\programmi\File comuni\Real
2009-10-17 10:10 . 2009-10-17 10:10 -------- d-----w- c:\programmi\Real
2009-10-17 10:09 . 2009-10-17 10:09 -------- d-----w- c:\programmi\File comuni\Ulead Systems
2009-10-17 10:09 . 2009-10-17 10:09 -------- d-----w- c:\programmi\Ulead Systems
2009-10-17 10:07 . 2009-10-14 20:38 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-10-16 19:30 . 2009-10-16 17:38 -------- d-----w- c:\documents and settings\babbo\Dati applicazioni\Vso
2009-10-16 19:09 . 2009-10-16 17:38 47360 ----a-w- c:\documents and settings\babbo\Dati applicazioni\pcouffin.sys
2009-10-16 19:09 . 2009-10-16 17:38 47360 ----a-w- c:\documents and settings\babbo\Dati applicazioni\pcouffin.sys
2009-10-16 17:40 . 2009-10-16 17:40 -------- d-----w- c:\documents and settings\babbo\Dati applicazioni\Datel
2009-10-16 17:15 . 2009-10-16 17:15 -------- d-----w- c:\documents and settings\babbo\Dati applicazioni\vlc
2009-10-16 17:15 . 2009-10-16 17:15 -------- d-----w- c:\programmi\VideoLAN
2009-10-14 20:38 . 2009-10-14 20:27 -------- d-----w- c:\programmi\Realtek
2009-10-14 20:27 . 2009-10-14 20:27 -------- d-----w- c:\documents and settings\babbo\Dati applicazioni\InstallShield
2009-10-14 19:54 . 2009-10-14 19:54 -------- d-----w- c:\programmi\Intel
2009-10-14 19:47 . 2009-10-14 19:47 -------- d-----w- c:\programmi\microsoft frontpage
2009-10-14 19:44 . 2009-10-14 19:44 -------- d-----w- c:\programmi\Servizi in linea
.

((((((((((((((((((((((((((((( SnapShot@2009-11-29_21.32.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-30 12:28 . 2009-11-30 12:28 16384 c:\windows\Temp\Perflib_Perfdata_60c.dat
+ 2003-04-08 12:00 . 2009-11-29 21:36 39992 c:\windows\system32\perfc009.dat
- 2003-04-08 12:00 . 2009-11-29 10:07 39992 c:\windows\system32\perfc009.dat
+ 2009-11-29 08:57 . 2009-11-30 12:15 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-29 08:57 . 2009-11-29 21:03 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-29 08:57 . 2009-11-30 12:15 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2009-11-29 08:57 . 2009-11-29 21:03 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2009-11-29 08:57 . 2009-11-29 21:03 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-11-29 08:57 . 2009-11-30 12:15 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2003-04-08 12:00 . 2009-11-29 21:36 311604 c:\windows\system32\perfh009.dat
- 2003-04-08 12:00 . 2009-11-29 10:07 311604 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2002-08-20 1511453]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\System32\igfxpers.exe" [2008-02-28 137752]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-10-09 17021440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2003-04-08 13312]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29/11/2009 11.33.13 114768]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [29/11/2009 11.01.37 13696]
.
.
------- Scansione supplementare -------
.
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-30 13:30
Windows 5.1.2600 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\System32\ODBC32.dll

- - - - - - - > 'lsass.exe'(744)
c:\windows\System32\dssenh.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\igfxsrvc.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Ora fine scansione: 2009-11-30 13:31 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-30 12:31
ComboFix2.txt 2009-11-29 21:34

Pre-Run: 171.046.879.232 byte disponibili
Post-Run: 170.996.498.432 byte disponibili

- - End Of File - - 26F4B957803B0626EDC5D8F9EC3542F4

[silvia.markovina]

Ciao, anch'io non riesco a collegarmi al sito di avast, avg e ad altri siti di antivirus, né con firefox né con explorer e nemmeno ai siti microsoft. Gli altri siti funzionano regolarmente.
Mi sono permessa di inviarvi il file di log di Combofix. Potete darmi una mano?
Grazie 1000!!



ComboFix 10-01-03.05 - Proprietario 04/01/2010 21.55.43.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.1023.688 [GMT 1:00]
Eseguito da: c:\documents and settings\Proprietario\Desktop\ComboFix.exe

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\muzapp.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-12-04 al 2010-01-04 )))))))))))))))))))))))))))))))))))
.

2010-01-02 18:37 . 2010-01-02 18:40 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Temp
2010-01-02 18:37 . 2010-01-02 18:37 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Deployment
2010-01-02 18:14 . 2010-01-04 20:55 -------- d-----w- c:\windows\system32\CatRoot2
2009-12-17 19:36 . 2009-12-17 19:36 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Help
2009-12-10 20:19 . 2008-12-08 16:21 110080 ----a-r- c:\windows\system32\drivers\ZTEusbnet.sys
2009-12-10 20:19 . 2008-12-08 16:21 104960 ----a-r- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2009-12-10 20:19 . 2008-12-08 16:21 104960 ----a-r- c:\windows\system32\drivers\zteusbvoice.sys
2009-12-10 20:19 . 2008-12-08 16:21 105344 ----a-r- c:\windows\system32\drivers\ZTEusbnmea.sys
2009-12-10 20:19 . 2008-12-08 16:21 104960 ----a-r- c:\windows\system32\drivers\ZTEusbser6k.sys
2009-12-10 20:19 . 2009-12-10 20:19 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Vodafone
2009-12-10 20:19 . 2009-12-10 20:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\InstallShield
2009-12-10 20:19 . 2009-12-10 20:19 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\Vodafone
2009-12-10 20:19 . 2008-12-08 16:21 7680 ----a-r- c:\windows\system32\drivers\massfilter.sys
2009-12-10 20:18 . 2009-12-10 20:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Vodafone
2009-12-10 20:18 . 2009-12-10 20:18 -------- d-----w- c:\programmi\Vodafone
2009-12-10 20:18 . 2009-12-10 20:18 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\{90DDF577-6237-4218-85BC-4261AC7E443B}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 17:20 . 2007-09-26 22:31 1 ----a-w- c:\documents and settings\Proprietario\Dati applicazioni\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-04 17:20 . 2007-09-26 22:30 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\OpenOffice.org2
2009-12-10 20:18 . 2006-12-21 15:57 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-12-10 20:18 . 2006-03-02 12:00 74210 ----a-w- c:\windows\system32\perfc010.dat
2009-12-10 20:18 . 2006-03-02 12:00 447502 ----a-w- c:\windows\system32\perfh010.dat
2009-12-09 20:03 . 2009-04-21 18:21 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\HP
2009-11-15 11:27 . 2007-11-22 23:06 -------- d-----w- c:\programmi\eMule
2009-11-08 15:40 . 2009-11-08 15:36 -------- d-----w- c:\programmi\SopCast
2009-11-08 15:36 . 2009-11-08 15:36 -------- d-----w- c:\programmi\Ask.com
2009-04-20 18:29 . 2009-04-20 18:29 82432 --sha-r- c:\windows\system32\qmldkr.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-04 17:04 1144712 ----a-w- c:\programmi\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2009-06-04 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2009-06-04 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-16 68856]
"DAEMON Tools"="c:\programmi\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Google Update"="c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-01-02 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-06-29 286720]
"SMSTray"="c:\programmi\Samsung\EmoDio\SMSTray.exe" [2008-09-17 484880]
"AdslTaskBar"="stmctrl.dll" [2003-03-27 151552]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"MobileConnect"="c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-11-04 2087424]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\cli.exe" [2004-11-24 32768]

c:\documents and settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\
Monitor Apache Servers.lnk - c:\web\WebServer\Apache2\bin\ApacheMonitor.exe [2006-7-27 41042]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
ATI CATALYST System Tray.lnk - c:\programmi\ATI Technologies\ATI.ACE\CLI.exe [2004-11-25 32768]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-6-21 67128]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2007-1-2 118784]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/01/2007 19.13.30 646392]
R0 vburner;vburner;c:\windows\system32\drivers\vburner.sys [16/01/2008 17.55.17 17408]
R2 pgsql-8.1;PostgreSQL Database Server 8.1;c:\programmi\PostgreSQL\8.1\bin\pg_ctl.exe runservice -N "pgsql-8.1" -D "c:\programmi\PostgreSQL\8.1\data\" --> c:\programmi\PostgreSQL\8.1\bin\pg_ctl.exe runservice -N pgsql-8.1 [?]
R2 Tomcat5;Apache Tomcat;c:\programmi\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe [29/08/2004 1.06.16 94208]
R2 VMCService;Vodafone Mobile Connect Service;c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [04/11/2008 11.39.20 14336]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [06/01/2007 19.20.49 59466]
R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [06/01/2007 19.20.49 538925]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S2 Remotesvc;Support Center;c:\windows\system32\svchost.exe -k netsvcs [02/03/2006 13.00.00 14336]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [10/12/2009 21.19.03 7680]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [10/12/2009 21.19.54 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [10/12/2009 21.19.36 104960]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Remotesvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34e80a12-9a8d-11db-a5b1-e41825dd69fa}]
\Shell\AutoRun\command - E:\Setup.exe
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-838170752-839522115-1003Core.job
- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-01-02 18:37]

2010-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-838170752-839522115-1003UA.job
- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-01-02 18:37]

2010-01-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2009-06-04 17:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\o18inczb.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - plugin: c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Garmin GPS Plugin\npGarmin.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npitunes.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKCU-Run-LDM - c:\programmi\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-04 22:05
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x867D41E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7893fc3
\Driver\ACPI -> ACPI.sys @ 0xf76f4cb8
\Driver\atapi -> 0x867661e8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0004
ParseProcedure -> ntoskrnl.exe @ 0x8056f00e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0004
ParseProcedure -> ntoskrnl.exe @ 0x8056f00e
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\programmi\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\programmi\MySQL\MySQL Server 5.0\my.ini\" MySQL"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Remotesvc]
"ServiceDll"="c:\windows\system32\qmldkr.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\programmi\PostgreSQL\8.1\bin\pg_ctl.exe
c:\programmi\PostgreSQL\8.1\bin\postmaster.exe
c:\windows\system32\wdfmgr.exe
c:\programmi\PostgreSQL\8.1\bin\postgres.exe
c:\programmi\PostgreSQL\8.1\bin\postgres.exe
c:\programmi\PostgreSQL\8.1\bin\postgres.exe
c:\programmi\PostgreSQL\8.1\bin\postgres.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-04 22:11:33 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-04 21:11

Pre-Run: 92.597.506.048 byte disponibili
Post-Run: 92.923.551.744 byte disponibili

- - End Of File - - 97E08CAE64E70214A3DD81E3D852F130

[Luke57]

Ciao, Prepara un file di testo, dal blocco note di windows e al suo interno copia e incolla il seguente script:

Codice: Seleziona tutto

NetSvcs::
Remotesvc

Driver::
Remotesvc

File::
c:\windows\system32\qmldkr.dll

salvi il file con il nome obbligatorio di CFScript.txt
lo metti nella stessa cartella di combofix e poi, con il puntatore del mouse, lo trascini sull'icona del programma stesso che farà una nuova scansione con le stesse modalità della precedente.

[stix]

ciao ragazzi io avrei lo stesso problema cosi ho provato a leggere i consigli che avete dato ma non ci capisco niente. perche da quello che ho capito la cosa cambia da persona a persona..quindi se qualcuno gentilmente mi potesse spiegare come devo fare anche io e spigarmi per bene tutte le operazioni anche con un messggio privato cosi da non confondere le idee con alte persone che hanno lo stesso problema..