Non valido per Win32

[christian87xx]

mi dice che combofix non è un pallicazione win32 valida

[Luke57]

mi dice che combofix non è un pallicazione win32 valida

Ciao, devi fare come descritto, prima di salvarlo lo devi rinominare in abc.exe come spiegato nel mio post.

[christian87xx]

no non mi chiede dove salvarlo mi dice solo salva o anulla sono le uniche due cose che posso schiacciare

[christian87xx]

ah no ok fatto

[christian87xx]

ComboFix 08-12-07.01 - Cristian 2008-12-08 18:56:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.95 [GMT 1:00]
Interruttori di comando utilizzati :: /killall
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Cristian\Dati applicazioni\m
c:\documents and settings\Cristian\Dati applicazioni\m\data.oct
c:\documents and settings\Cristian\Dati applicazioni\m\flec006.exe
c:\documents and settings\Cristian\Dati applicazioni\m\list.oct
c:\documents and settings\Cristian\Dati applicazioni\m\shared\myurlbar_a_2006.04.20.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\NeoNapster 4 beta.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\NetMarks_Manager_3.0.1.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\OneButton 1.4.1.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Operation Flashpoint Cold War Crisis - Avon's Powder Dry Roll-on map pack 1.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Ozone for Winamp 2 1.03 [KeyGen].zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Paragon_Partition_Manager_(Personal)_7.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\PassDir_1.7.0_Patch.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Php_Charts_1.4.1.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Plato PPC Package 7.83.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Pluto_the_Dead_Planet_Screensaver_1.0.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Policy_and_Procedure_Manual_2.0.7.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\PurchaseNet_2.18.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Rander_2.1.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Remote_Database_Manager_SQL_1.0_Key.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\RIQTek_Manager_4.7.1.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Roulette_Screensaver_1.0.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\SerialTrace 2.2 build 3399.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\ServiceQuery_1.0_[With_Crack].zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Snoop Internet and PC Monitor 1.0 [Crack].zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Space3D_Screensaver_1.0.1.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\TatukGIS Internet Server LITE Edition 8.6.6.1085.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Teroid_Data_Source_Browser_3.0_(Key+Serial).zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Text Line Remover 1.01.01.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\The Swamp (interactive desktop) 1.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\The_Ad-Police_1.0.9.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\The_OggMachine_0.62.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\TinyPic 3.13.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\TrafficCompressor_1.0.352_With_Crack.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\TweakNow PowerPack 2006 Professional 1.8.0.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\uCertify_-_A+2003_Practice_Test_for_Exam_220-301_-_224+_Questions_7.00.05.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\UM Converter 1.1.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Understanding Graphing Plus 1.0.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Unreal Tournament 2003 - DOD deathmatch map.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Unreal_Serpentine_Mod_8.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Unreal_Tournament_2003_-_Karnt_Cee_Me_skin.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\UPS Rating Tool 1.27.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Uxtheme Multi-patcher 6.0.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Video Search Gadget 1.0.0.0.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Visual Trace Route 0.8.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Visual_Face_Lift_0.91.b2_(Cracked).zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Warcraft_III_-_Dead_Center_map.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Warcraft_III_-_Green_Swamp_map.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Wav_File_Info_1.0.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Windows_Me_Share_Level_Password_Vulnerability_Patch.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\WinTools.net Extra Edition 8.3.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\Wonders of Denali National Park 1.4.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\x2y_0.1.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\XMP_IFilter_2.0_(Patch).zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\XtraWarp PRO 1.05 B.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\XTreeM 0.976.zip
c:\documents and settings\Cristian\Dati applicazioni\m\shared\ZDelete_4.0_Patch.zip
c:\documents and settings\Cristian\Dati applicazioni\m\srvlist.oct
c:\documents and settings\Cristian\Impostazioni locali\Dati applicazioni\jmwndf.dat
c:\documents and settings\Cristian\Impostazioni locali\Dati applicazioni\jmwndf_nav.dat
c:\documents and settings\Cristian\Impostazioni locali\Dati applicazioni\jmwndf_navps.dat
c:\windows\regedit.com
c:\windows\system32\ban_list.txt
c:\windows\system32\drivers\downld
c:\windows\system32\drivers\downld\1030321.exe
c:\windows\system32\drivers\downld\131809.exe
c:\windows\system32\drivers\downld\142264.exe
c:\windows\system32\drivers\downld\143045.exe
c:\windows\system32\drivers\downld\14739344.exe
c:\windows\system32\drivers\downld\14747295.exe
c:\windows\system32\drivers\downld\14758070.exe
c:\windows\system32\drivers\downld\14761035.exe
c:\windows\system32\drivers\downld\14780343.exe
c:\windows\system32\drivers\downld\14808263.exe
c:\windows\system32\drivers\downld\14817696.exe
c:\windows\system32\drivers\downld\14823695.exe
c:\windows\system32\drivers\downld\14828602.exe
c:\windows\system32\drivers\downld\14850794.exe
c:\windows\system32\drivers\downld\14887507.exe
c:\windows\system32\drivers\downld\14907125.exe
c:\windows\system32\drivers\downld\14913604.exe
c:\windows\system32\drivers\downld\14918802.exe
c:\windows\system32\drivers\downld\14926693.exe
c:\windows\system32\drivers\downld\14961904.exe
c:\windows\system32\drivers\downld\14974952.exe
c:\windows\system32\drivers\downld\14997825.exe
c:\windows\system32\drivers\downld\180789.exe
c:\windows\system32\drivers\downld\197974.exe
c:\windows\system32\drivers\downld\200287.exe
c:\windows\system32\drivers\downld\203061.exe
c:\windows\system32\drivers\downld\207928.exe
c:\windows\system32\drivers\downld\239614.exe
c:\windows\system32\drivers\downld\248016.exe
c:\windows\system32\drivers\downld\252713.exe
c:\windows\system32\drivers\downld\254425.exe
c:\windows\system32\drivers\downld\276477.exe
c:\windows\system32\drivers\downld\29402969.exe
c:\windows\system32\drivers\downld\29417500.exe
c:\windows\system32\drivers\downld\29429637.exe
c:\windows\system32\drivers\downld\29432852.exe
c:\windows\system32\drivers\downld\29440713.exe
c:\windows\system32\drivers\downld\29455765.exe
c:\windows\system32\drivers\downld\29458719.exe
c:\windows\system32\drivers\downld\29462464.exe
c:\windows\system32\drivers\downld\29468453.exe
c:\windows\system32\drivers\downld\29496714.exe
c:\windows\system32\drivers\downld\29530282.exe
c:\windows\system32\drivers\downld\29534938.exe
c:\windows\system32\drivers\downld\29537252.exe
c:\windows\system32\drivers\downld\29541388.exe
c:\windows\system32\drivers\downld\29574956.exe
c:\windows\system32\drivers\downld\29595696.exe
c:\windows\system32\drivers\downld\29612240.exe
c:\windows\system32\drivers\downld\310596.exe
c:\windows\system32\drivers\downld\324807.exe
c:\windows\system32\drivers\downld\338206.exe
c:\windows\system32\drivers\downld\368369.exe
c:\windows\system32\drivers\downld\402018.exe
c:\windows\system32\drivers\downld\419473.exe
c:\windows\system32\drivers\downld\421986.exe
c:\windows\system32\drivers\downld\44015751.exe
c:\windows\system32\drivers\downld\44025014.exe
c:\windows\system32\drivers\downld\44043330.exe
c:\windows\system32\drivers\downld\44045073.exe
c:\windows\system32\drivers\downld\44052664.exe
c:\windows\system32\drivers\downld\44075857.exe
c:\windows\system32\drivers\downld\44083799.exe
c:\windows\system32\drivers\downld\44089537.exe
c:\windows\system32\drivers\downld\44094444.exe
c:\windows\system32\drivers\downld\44112179.exe
c:\windows\system32\drivers\downld\44150485.exe
c:\windows\system32\drivers\downld\44165306.exe
c:\windows\system32\drivers\downld\44174419.exe
c:\windows\system32\drivers\downld\44180267.exe
c:\windows\system32\drivers\downld\44187358.exe
c:\windows\system32\drivers\downld\44223630.exe
c:\windows\system32\drivers\downld\44236168.exe
c:\windows\system32\drivers\downld\44256217.exe
c:\windows\system32\drivers\downld\460942.exe
c:\windows\system32\drivers\downld\466240.exe
c:\windows\system32\drivers\downld\472028.exe
c:\windows\system32\drivers\downld\480931.exe
c:\windows\system32\drivers\downld\519647.exe
c:\windows\system32\drivers\downld\561897.exe
c:\windows\system32\drivers\downld\571171.exe
c:\windows\system32\drivers\downld\574656.exe
c:\windows\system32\drivers\downld\581275.exe
c:\windows\system32\drivers\downld\625018.exe
c:\windows\system32\drivers\downld\642583.exe
c:\windows\system32\drivers\downld\660700.exe
c:\windows\system32\drivers\downld\829582.exe
c:\windows\system32\drivers\downld\837964.exe
c:\windows\system32\drivers\downld\846967.exe
c:\windows\system32\drivers\downld\848009.exe
c:\windows\system32\drivers\downld\8640233.exe
c:\windows\system32\drivers\downld\8666752.exe
c:\windows\system32\drivers\downld\866996.exe
c:\windows\system32\drivers\downld\8675985.exe
c:\windows\system32\drivers\downld\8678358.exe
c:\windows\system32\drivers\downld\8699689.exe
c:\windows\system32\drivers\downld\8703424.exe
c:\windows\system32\drivers\downld\8707330.exe
c:\windows\system32\drivers\downld\8713319.exe
c:\windows\system32\drivers\downld\8743662.exe
c:\windows\system32\drivers\downld\8763981.exe
c:\windows\system32\drivers\downld\8768939.exe
c:\windows\system32\drivers\downld\8771532.exe
c:\windows\system32\drivers\downld\8776359.exe
c:\windows\system32\drivers\downld\878312.exe
c:\windows\system32\drivers\downld\879985.exe
c:\windows\system32\drivers\downld\8815766.exe
c:\windows\system32\drivers\downld\8827593.exe
c:\windows\system32\drivers\downld\8843666.exe
c:\windows\system32\drivers\downld\886765.exe
c:\windows\system32\drivers\downld\893374.exe
c:\windows\system32\drivers\downld\928084.exe
c:\windows\system32\drivers\downld\952369.exe
c:\windows\system32\drivers\downld\957116.exe
c:\windows\system32\drivers\downld\988361.exe
c:\windows\system32\drivers\downld\997604.exe
c:\windows\system32\drivers\srosa.sys
c:\windows\system32\drivers\srosa2.sys
c:\windows\system32\drivers\winfilse.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\taskmgr.com
c:\windows\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s


((((((((((((((((((((((((( Files Creati Da 2008-11-08 al 2008-12-08 )))))))))))))))))))))))))))))))))))
.

2008-12-07 16:24 . 2008-12-07 16:26 <DIR> d-------- c:\programmi\Fighters
2008-12-07 16:24 . 2008-12-07 16:24 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Fighters
2008-12-04 22:22 . 2008-12-08 18:00 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-04 22:22 . 2008-12-04 22:22 1,409 --a------ c:\windows\QTFont.for
2008-12-03 11:38 . 2008-12-06 14:20 <DIR> d-------- c:\programmi\Hobbybrew
2008-12-03 01:29 . 2008-12-03 01:33 <DIR> d-------- c:\programmi\PhotomatixPro3
2008-12-02 17:20 . 2008-12-02 17:20 <DIR> d-------- c:\programmi\Auslogics
2008-12-02 17:20 . 2008-12-02 17:20 <DIR> d-------- c:\documents and settings\Cristian\Dati applicazioni\Auslogics
2008-12-02 16:21 . 2008-12-02 16:21 <DIR> d-------- c:\windows\system32\FLIQLO dir
2008-12-02 16:21 . 2008-12-02 16:21 532,480 --a------ c:\windows\system32\FLIQLO.scr
2008-12-01 00:23 . 2008-12-01 00:28 <DIR> d-------- c:\windows\Motive
2008-12-01 00:22 . 2008-12-01 00:22 <DIR> d-------- c:\programmi\Motive
2008-12-01 00:21 . 2008-12-01 00:23 <DIR> d-------- c:\programmi\Alice ti aiuta
2008-11-19 21:00 . 2008-11-19 21:00 <DIR> d-------- c:\programmi\Setup
2008-11-19 20:59 . 2008-12-01 00:23 <DIR> d-------- c:\programmi\Common Files
2008-11-19 03:42 . 2008-11-19 03:43 <DIR> d-------- c:\programmi\jose
2008-11-19 03:41 . 2008-11-19 03:42 <DIR> d--h----- c:\programmi\Zero G Registry
2008-11-19 03:41 . 2008-11-19 03:41 <DIR> d--h----- c:\documents and settings\Cristian\InstallAnywhere
2008-11-18 11:01 . 2008-11-18 11:01 15,496 --a------ c:\windows\system32\drivers\vffilter.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 15:57 --------- d-----w c:\programmi\eMule
2008-12-04 00:02 --------- d-----w c:\documents and settings\Cristian\Dati applicazioni\gtk-2.0
2008-12-03 04:26 --------- d-----w c:\documents and settings\Cristian\Dati applicazioni\uTorrent
2008-11-30 23:38 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-11-30 23:20 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-11-20 12:50 --------- d-----w c:\documents and settings\Michel\Dati applicazioni\Apple Computer
2008-10-31 09:10 --------- d-----w c:\programmi\MemoriesOnTV3
2008-10-31 08:39 --------- d-----w c:\programmi\Google
2008-10-31 08:31 --------- d-----w c:\programmi\Winamp
2008-10-31 08:30 --------- d-----w c:\programmi\TVAnts
2008-10-30 18:32 --------- d-----w c:\programmi\GIMP-2.0
2008-10-30 14:22 --------- d-----w c:\programmi\Free Window Registry Repair
2008-10-30 14:16 --------- d-----w c:\documents and settings\Cristian\Dati applicazioni\Media Player Classic
2008-10-30 14:12 --------- d-----w c:\programmi\K-Lite Codec Pack
2008-10-30 14:11 --------- d-----w c:\programmi\DivX
2008-10-30 14:00 --------- d-----w c:\programmi\IObit
2008-10-15 10:49 --------- d-----w c:\documents and settings\Luca\Dati applicazioni\ATI
2008-10-14 23:02 --------- d-----w c:\programmi\File comuni\Adobe
2008-10-12 02:18 --------- d-----w c:\documents and settings\Michel\Dati applicazioni\DivX
2008-10-08 02:40 --------- d-----w c:\programmi\SHARP
2008-10-08 02:03 43,872 ------w c:\windows\system32\drivers\PxHelp20.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-04-30 32768]
"avast!"="c:\programmi\Alwil Software\Avast4\ashDisp.exe" [2008-12-08 79224]
"spywarefighterguard"="c:\programmi\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-11-18 180872]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 c:\windows\system32\bthprops.cpl]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk.disabled [2008-12-01 1660]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jmwndf

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-12-20 19:54 278528 c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 c:\programmi\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-19 14:39 110592 c:\windows\system32\bthprops.cpl

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" /background
"SpybotSD TeaTimer"=c:\programmi\Spybot - Search & Destroy\TeaTimer.exe
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\HOMERunner.exe"
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime
"amd_dc_opt"="c:\programmi\AMD\amd_dc_opt\amd_dc_opt.exe"
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\MultiProxy\\MProxy.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys [2008-09-23 31744]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys [2007-09-30 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [2007-09-30 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\DRIVERS\CnxTgN.sys [2007-09-30 108675]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2007-09-30 820133]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2008-04-14 167808]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\DRIVERS\V0330Vid.sys [2008-06-04 157696]
S3 Vfscan;Vfscan;c:\windows\system32\DRIVERS\vffilter.sys [2008-11-18 15496]
.
Contenuto della cartella 'Scheduled Tasks'

2008-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-10-21 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2008-04-14 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
.
------- Supplementare di scansione -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
FireFox -: Profile - c:\documents and settings\Cristian\Dati applicazioni\Mozilla\Firefox\Profiles\09f4x13j.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.it
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 19:02:20
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Fighters\ConfigService.exe
c:\windows\system32\wdfmgr.exe
c:\programmi\Fighters\LicenseService.exe
c:\programmi\Fighters\UpdateService.exe
c:\programmi\Fighters\ScannerService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\programmi\Fighters\Spywarefighter\SpywarefighterTray.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-08 19:09:56 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-08 18:09:44

Pre-Run: 10,952,130,560 byte disponibili
Post-Run: 10,952,753,152 byte disponibili

361 --- E O F --- 2008-05-20 15:56:51

[Luke57]

Ciao, sembra che combofix abbia eliminato il bagle, per sicurezza scarica malwarebytes da qui:
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completata, posta il rapporto.
Per ora non rimuovere nulla.

[christian87xx]

Malwarebytes' Anti-Malware 1.31
Versione del database: 1475
Windows 5.1.2600 Service Pack 2

2008-12-08 23:51:18
mbam-log-2008-12-08 (23-51-06).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 94786
Tempo trascorso: 43 minute(s), 16 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 6

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\srosa2.sys.vir (Worm.Bagel) -> No action taken.
C:\System Volume Information\_restore{C352D056-1ECD-4B96-B443-93A48F3090E1}\RP370\A0173542.sys (Worm.Bagel) -> No action taken.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\vcmgcd32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\logo1_.exe (Worm.Viking) -> No action taken.
C:\WINDOWS\system32\systems.txt (Trojan.FakeAlert) -> No action taken.

[Luke57]

Ciao, puoi rimuovere le voci trovate.

[christian87xx]

niente da fare è cm prima questo è il log
Malwarebytes' Anti-Malware 1.31
Versione del database: 1477
Windows 5.1.2600 Service Pack 2

2008-12-09 13:53:04
mbam-log-2008-12-09 (13-53-04).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 97551
Tempo trascorso: 44 minute(s), 11 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 6

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\srosa2.sys.vir (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C352D056-1ECD-4B96-B443-93A48F3090E1}\RP370\A0173542.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\WINDOWS\system32\vcmgcd32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\logo1_.exe (Worm.Viking) -> Delete on reboot.
C:\WINDOWS\system32\systems.txt (Trojan.FakeAlert) -> Delete on reboot.

[Luke57]

Ciao, che cosa vuol dire "niente da fare"?
Elimina quanto trovato da malwarebytes, poi prova a reinstallare l'antivirus.

[Dylan666]

forse a christian87xx sfugge che "Delete on reboot" significa che verranno cancellati quando riavvierà il pc, se non lo riavvia è ovvio che restino lì...

[kikkaspina]

Ciao, io sono un'autodidatta e stò impazzendo dietro al pc..
Ho avuto gli stessi sintomi con avast, mi dice che non è un'applicazione di win32,e così trovando questo "luogo x pc" sono andata a fare una scansione con Bagle e mi dice che c'è una chiave di registro corrotta.. ma adesso che faccio>??

[kikkaspina]

Insomma..non c'è nessuno qui??..sigh..sigh..

[Luke57]

Insomma..non c'è nessuno qui??..sigh..sigh..

Ciao, vai qui e scarica combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
devi rinominare il file prima di salvarlo sul desktop in abc.exe
(per rinominare il file, quando lo scarichi ti chiede dove salvarlo e ti compare la casella "nome file" ,basta che cambi il nome che ti appare in abc.exe)
clicca su start>esegui, nel box bianco copia e incolla questo comando, virgolette comprese:

"%userprofile%\desktop\abc.exe" /killall

Premi OK, se tutto va bene parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , riavvia in modalità normale e allega il file C:\combofix.txt.

[Dylan666]

Insomma..non c'è nessuno qui??..sigh..sigh..

Questo è un forum, non una chat.
Aspettarsi una risposta entro 75 minuti da quando si ha scritto è un pochino esagerato per come è pensato tale strumento

[Brigida]

ciao, sto impazzendo:
il mio computer oramai non funziona quasi più.
ho fatto una scansione con Kaspersky. questo è il risultato. cosa devo fare?

Saturday, April 18, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, April 18, 2009 11:21:09
Records in database: 2058036
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
Scan statistics
Files scanned 49556
Threat name 2
Infected objects 15
Suspicious objects 0
Duration of the scan 02:16:36

File name Threat name Threats count
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoestb.dll/C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoestb.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 7
MWSOEMON.EXE\mwsoemon.exe/MWSOEMON.EXE\mwsoemon.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe/C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
MWSOEMON.EXE\mwsoestb.dll/MWSOEMON.EXE\mwsoestb.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
vsnp325.exe\mwsoestb.dll/vsnp325.exe\mwsoestb.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Programmi\MyWebSearch\bar\1.bin\MWSBAR.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bc 1
C:\Programmi\MyWebSearch\bar\1.bin\MWSOEMON.EXE Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Programmi\MyWebSearch\bar\1.bin\MWSOESTB.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Programmi\Uninstall Fun Web Products.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bc 1

[Luke57]

@Brigida
Ciao, scarica e installa malwarebytes:
http://download.cnet.com/Malwarebytes-A ... tag=button

aggiornalo e fai una scansione completa del computer. Al termine di essa, seleziona gli elementi trovati e premi il tasto Rimuovi.

[Brigida]

@Luke
Ti ringrazio. Ci provo.
brigida

[Brigida]

@Luke57:
oltre alla scansione con l'antimalware, ho utilizzato windows installer clean up; i problemi sembrano risolti, anche se ho perso qualche programma di facile reperimento