Condividi:        

aiuto non ne posso più!!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Re: aiuto non ne posso più!!

Postdi eli87 » 06/09/08 13:10

Ciao sono nuova del forum è ho avuto lo stesso problema per favore mica potresti aiutare anche me.
Questo è il log di combofix.. ti ringrazio anticipatamente

ComboFix 08-09-04.09 - vittorio 2008-09-06 13.44.47.4 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.611 [GMT 2:00]
Eseguito da: C:\Documents and Settings\vittorio\Desktop\ComboFix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmi\PCHealthCenter\sc.html . . . . Eliminazione Fallita

.
((((((((((((((((((((((((( Files Creati Da 2008-08-06 al 2008-09-06 )))))))))))))))))))))))))))))))))))
.

2008-10-05 22:40 . 2008-10-05 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-09-05 18:38 . 2008-09-05 18:38 106,496 --a------ C:\WINDOWS\system32\bydetofs.exe
2008-09-05 18:36 . 2008-09-05 18:36 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-05 18:27 . 2008-09-05 18:27 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-05 18:27 . 2008-09-05 18:27 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-05 18:27 . 2008-09-05 18:27 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-05 18:26 . 2008-09-05 18:26 <DIR> d-------- C:\Programmi\AVG
2008-09-05 18:26 . 2008-09-05 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-09-05 18:22 . 2008-09-05 18:22 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-05 17:49 . 2008-09-05 17:49 <DIR> d-------- C:\Programmi\Enigma Software Group
2008-09-05 17:48 . 2008-09-05 17:49 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-09-04 22:49 . 2008-09-04 22:49 <DIR> d-------- C:\Programmi\PCHealthCenter
2008-09-04 22:49 . 2008-09-04 22:49 90,112 --a------ C:\WINDOWS\system32\uzspqdor.exe
2008-09-04 22:49 . 2008-08-28 15:57 3,262 --a------ C:\WINDOWS\system32\1.ico
2008-08-27 14:07 . 2008-08-27 14:07 <DIR> d-------- C:\Programmi\QooBox
2008-08-27 13:49 . 2008-08-27 13:49 <DIR> d--hs---- C:\FOUND.009
2008-08-27 13:08 . 2006-01-10 15:31 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-08-27 13:08 . 2006-01-10 15:12 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-08-27 13:08 . 2006-01-10 15:12 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-08-27 13:08 . 2006-01-10 15:39 <DIR> dr------- C:\Documents and Settings\Administrator\Preferiti
2008-08-27 13:08 . 2006-01-10 15:12 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-08-27 13:08 . 2006-01-10 15:12 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-08-27 13:08 . 2006-01-10 15:12 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-08-27 13:08 . 2006-01-10 15:39 <DIR> dr------- C:\Documents and Settings\Administrator\Documenti
2008-08-27 13:08 . 2006-01-10 15:41 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Symantec
2008-08-27 13:08 . 2006-01-10 15:12 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-08-27 13:08 . 2008-08-27 13:08 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-27 08:46 . 2008-08-27 08:46 <DIR> d-------- C:\WINDOWS\system32\xlib254.dll
2008-08-27 08:46 . 2008-08-27 08:46 <DIR> d-------- C:\WINDOWS\system32\append.dll
2008-08-27 08:46 . 2008-08-27 08:46 <DIR> d-------- C:\google.com
2008-08-27 08:46 . 2008-08-27 08:46 <DIR> d-------- C:\AntivirAsistant
2008-08-27 08:43 . 2008-08-27 08:43 <DIR> d-------- C:\Programmi\zrummef
2008-08-27 08:43 . 2008-08-27 08:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\vybwdqxk
2008-08-27 08:43 . 2008-08-27 08:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\vmpmxmps
2008-08-25 08:47 . 2008-08-25 08:47 <DIR> d--hs---- C:\FOUND.008
2008-08-18 08:42 . 2008-05-01 16:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 20:40 --------- d-sh--w C:\Programmi\File comuni\WindowsLiveInstaller
2008-08-23 16:10 98,304 ----a-w C:\WINDOWS\DUMP877f.tmp
2008-07-22 10:00 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-22 09:55 --------- d-----w C:\Programmi\KONAMI
2008-07-22 09:49 --------- d-----w C:\Programmi\Alcohol Soft
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-13 16:16 --------- d-----w C:\Programmi\Google
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 09:49 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:39 247,296 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2006-07-12 22:23 844 ----a-w C:\Documents and Settings\vittorio\Dati applicazioni\wklnhst.dat
2006-06-12 18:07 266 ---h--w C:\Programmi\desktop.ini
2006-06-12 18:07 11,079 ---h--w C:\Programmi\folder.htt
.

((((((((((((((((((((((((((((( snapshot@2008-09-05_18.12.38.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-05 16:27:18 26,824 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
- 2008-09-05 15:50:22 41,170 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-06 10:43:22 41,170 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-05 15:50:22 48,988 ----a-w C:\WINDOWS\system32\perfc010.dat
+ 2008-09-06 10:43:22 48,988 ----a-w C:\WINDOWS\system32\perfc010.dat
- 2008-09-05 15:50:22 314,842 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-06 10:43:22 314,842 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-09-05 15:50:22 348,476 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-09-06 10:43:22 348,476 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
+ 2006-12-01 22:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 22:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 22:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 22:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 22:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 22:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 22:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 22:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 22:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-13 171448]
"SysAct"="C:\WINDOWS\system32\uzspqdor.exe" [2008-09-04 90112]
"syscom"="C:\WINDOWS\system32\bydetofs.exe" [2008-09-05 106496]
"SmartProcCmd"="C:\WINDOWS\system32\hcxapirw.exe" [2008-09-06 98304]
"DriverLoad"="" [BU]
"DriverCheck"="" [BU]
"SystemDriverLoad"="" [BU]
"SystemDriver"="" [BU]
"FDriver"="" [BU]
"ADriver"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-08-28 102400]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-23 7286784]
"ASUS Live Update"="C:\Programmi\ASUS\ASUS Live Update\ALU.exe" [2005-11-02 180224]
"Wireless Console 2"="C:\Programmi\Wireless Console 2\wcourier.exe" [2005-10-12 987136]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-08-18 737369]
"RemoteControl"="C:\Programmi\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Power_Gear"="C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe" [2005-06-16 86016]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-08-15 271672]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-06 1235736]
"nwiz"="nwiz.exe" [2005-09-23 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 C:\WINDOWS\SOUNDMAN.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"3ldk3nxqMV"="C:\Documents and Settings\All Users\Dati applicazioni\vmpmxmps\fsrazmvy.exe" [2008-08-27 69632]

C:\Documents and Settings\vittorio\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.3.lnk - C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Speed Launch.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
ASUS ChkMail.lnk - C:\Programmi\Asus\Asus ChkMail\ChkMail.exe [2006-01-10 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CmdAplStr"= {6DB51876-A043-D31F-3FF5-0AD75269C621} - C:\Programmi\zrummef\CmdAplStr.dll [2008-08-27 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\VITTORIO\\Dati applicazioni\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"C:\\Documents and Settings\\VITTORIO\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-06 97928]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 16269]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2005-06-22 216320]
R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-10-03 720470]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-10-03 8278]
S2 dnlsvc;MS Software Shadow Download Provider;C:\DOCUME~1\vittorio\IMPOST~1\Temp\bloadd.exe [ ]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [ ]
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2001-01-08 15576]
Start Pending2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-06 231704]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{994c82f8-57ea-11dd-9c67-0015f2934556}]
\Shell\Auto\command - McRegWizz.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL McRegWizz.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a24dc468-5565-11db-ad8a-0015f2934556}]
\Shell\AutoRun\command - F:\.\run\autorun.exe
\Shell\open\Command - F:\.\run\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af85da3a-8b9c-11dc-b08e-0015f2934556}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4dab1c2-8bb3-11dc-b090-0015f2934556}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
- - - - ORFÇOS REMOVIDOS - - - -

HKCU-Run-CDriver - c:\google.com\svchost.exe
HKCU-Run-DDriver - c:\google.com\svchost.exe
HKCU-Run-alpha - c:\google.com\svchost.exe
HKCU-Run-beta - c:\google.com\svchost.exe
HKCU-Run-gamma - c:\google.com\svchost.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\vittorio\Dati applicazioni\Mozilla\Firefox\Profiles\0qjqdhx3.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 13:48:49
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAMMI\FILE COMUNI\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\WINDOWS\ATKKBSERVICE.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\PROGRAMMI\ASUS\NB PROBE\SPM\SPMGR.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\ATK0100\ATKOSD.EXE
C:\PROGRAMMI\IPOD\BIN\IPODSERVICE.EXE
C:\PROGRAMMI\OPENOFFICE.ORG 2.3\PROGRAM\SOFFICE.EXE
C:\PROGRAMMI\OPENOFFICE.ORG 2.3\PROGRAM\SOFFICE.BIN
C:\Programmi\AVG\AVG8\avgtray.exe
C:\PROGRAMMI\AVG\AVG8\AVGRSX.EXE
C:\PROGRAMMI\AVG\AVG8\AVGRSX.EXE
.
**************************************************************************
.
Ora fine scansione: 2008-09-06 13:52:30 - machine was rebooted
ComboFix2.txt 2008-09-05 15:39:18
ComboFix-quarantined-files.txt 2008-09-06 11:52:18

Pre-Run: 3,956,473,856 byte disponibili
Post-Run: 4,076,503,040 byte disponibili

242 --- E O F --- 2008-09-05 20:19:39
eli87
Newbie
 
Post: 5
Iscritto il: 06/09/08 11:56

Sponsor
 

Re: aiuto non ne posso più!!

Postdi Luke57 » 06/09/08 14:55

Ciao, dal blocco note di windows, apri un file di testo. copia e incolla il seguente script nel file:

Codice: Seleziona tutto
KILLALL::

Driver::
dnlsvc

File::
C:\WINDOWS\system32\bydetofs.exe
C:\WINDOWS\system32\uzspqdor.exe
C:\WINDOWS\system32\xlib254.dll
C:\WINDOWS\system32\append.dll
F:\.\run\autorun.exe

Folder::
C:\Documents and Settings\All Users\Dati applicazioni\vmpmxmps
C:\Documents and Settings\All Users\Dati applicazioni\vybwdqxk
C:\Documents and Settings\All Users\Dati applicazioni\TEMP

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SysAct"=-
"syscom"=-
"SmartProcCmd"=-
DriverLoad"="-
"DriverCheck"=-
"SystemDriverLoad"=-
"SystemDriver"=-
"FDriver"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"3ldk3nxqMV"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a24dc468-5565-11db-ad8a-0015f2934556}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af85da3a-8b9c-11dc-b08e-0015f2934556}]



salva il file di testo, chiamandolo obbligatoriamente CFScript.txt nella stessa direzione di combofix, trascinalo con il puntatore del mouse sull'icona di combofix per una nuova scansione e riavvio del computer. Allega nuovo report se prodotto.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: aiuto non ne posso più!!

Postdi eli87 » 06/09/08 15:24

Grazie per avermi risposto ecco il resoconto di Combofix:

ComboFix 08-09-04.09 - vittorio 2008-09-06 16.14.20.5 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.670 [GMT 2:00]
Eseguito da: C:\Documents and Settings\vittorio\Desktop\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dati applicazioni\TEMP
C:\Documents and Settings\All Users\Dati applicazioni\TEMP\DFC5A2B2.TMP
C:\Documents and Settings\All Users\Dati applicazioni\vmpmxmps
C:\Documents and Settings\All Users\Dati applicazioni\vmpmxmps\fsrazmvy.exe
C:\Documents and Settings\All Users\Dati applicazioni\vybwdqxk
C:\WINDOWS\system32\bydetofs.exe
C:\WINDOWS\system32\uzspqdor.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DNLSVC


((((((((((((((((((((((((( Files Creati Da 2008-08-06 al 2008-09-06 )))))))))))))))))))))))))))))))))))
.

2008-10-05 22:40 . 2008-10-05 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-09-06 16:01 . 2008-09-06 16:01 <DIR> d-------- C:\Programmi\VS Revo Group
2008-09-06 15:42 . 2008-09-06 15:42 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-09-06 15:42 . 2008-09-06 15:42 <DIR> d-------- C:\Documents and Settings\vittorio\Dati applicazioni\Malwarebytes
2008-09-06 15:42 . 2008-09-06 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-09-06 15:42 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-06 15:42 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-06 13:49 . 2008-09-06 13:49 98,304 --a------ C:\WINDOWS\system32\hcxapirw.exe
2008-09-05 18:36 . 2008-09-05 18:36 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-05 18:27 . 2008-09-05 18:27 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-05 18:27 . 2008-09-06 13:50 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-05 18:27 . 2008-09-05 18:27 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-05 18:26 . 2008-09-05 18:26 <DIR> d-------- C:\Programmi\AVG
2008-09-05 18:26 . 2008-09-05 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-09-05 18:22 . 2008-09-05 18:22 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-05 17:49 . 2008-09-05 17:49 <DIR> d-------- C:\Programmi\Enigma Software Group
2008-09-04 22:49 . 2008-08-28 15:57 3,262 --a------ C:\WINDOWS\system32\1.ico
2008-08-27 14:07 . 2008-08-27 14:07 <DIR> d-------- C:\Programmi\QooBox
2008-08-27 13:49 . 2008-08-27 13:49 <DIR> d--hs---- C:\FOUND.009
2008-08-27 13:08 . 2006-01-10 15:31 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-08-27 13:08 . 2006-01-10 15:12 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-08-27 13:08 . 2006-01-10 15:12 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-08-27 13:08 . 2006-01-10 15:39 <DIR> dr------- C:\Documents and Settings\Administrator\Preferiti
2008-08-27 13:08 . 2006-01-10 15:12 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-08-27 13:08 . 2006-01-10 15:12 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-08-27 13:08 . 2006-01-10 15:12 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-08-27 13:08 . 2006-01-10 15:39 <DIR> dr------- C:\Documents and Settings\Administrator\Documenti
2008-08-27 13:08 . 2006-01-10 15:41 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Symantec
2008-08-27 13:08 . 2006-01-10 15:12 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-08-27 13:08 . 2008-08-27 13:08 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-27 08:43 . 2008-08-27 08:43 <DIR> d-------- C:\Programmi\zrummef
2008-08-25 08:47 . 2008-08-25 08:47 <DIR> d--hs---- C:\FOUND.008
2008-08-18 08:42 . 2008-05-01 16:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 20:40 --------- d-sh--w C:\Programmi\File comuni\WindowsLiveInstaller
2008-08-23 16:10 98,304 ----a-w C:\WINDOWS\DUMP877f.tmp
2008-07-22 10:00 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-22 09:55 --------- d-----w C:\Programmi\KONAMI
2008-07-22 09:49 --------- d-----w C:\Programmi\Alcohol Soft
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-13 16:16 --------- d-----w C:\Programmi\Google
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 09:49 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:39 247,296 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2006-07-12 22:23 844 ----a-w C:\Documents and Settings\vittorio\Dati applicazioni\wklnhst.dat
2006-06-12 18:07 266 ---h--w C:\Programmi\desktop.ini
2006-06-12 18:07 11,079 ---h--w C:\Programmi\folder.htt
.

((((((((((((((((((((((((((((( snapshot@2008-09-05_18.12.38.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-05 16:27:18 26,824 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
- 2008-09-05 15:50:22 41,170 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-06 10:43:22 41,170 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-05 15:50:22 48,988 ----a-w C:\WINDOWS\system32\perfc010.dat
+ 2008-09-06 10:43:22 48,988 ----a-w C:\WINDOWS\system32\perfc010.dat
- 2008-09-05 15:50:22 314,842 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-06 10:43:22 314,842 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-09-05 15:50:22 348,476 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-09-06 10:43:22 348,476 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
+ 2006-12-01 22:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 22:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 22:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 22:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 22:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 22:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 22:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 22:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 22:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-13 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-08-28 102400]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-23 7286784]
"ASUS Live Update"="C:\Programmi\ASUS\ASUS Live Update\ALU.exe" [2005-11-02 180224]
"Wireless Console 2"="C:\Programmi\Wireless Console 2\wcourier.exe" [2005-10-12 987136]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-08-18 737369]
"RemoteControl"="C:\Programmi\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Power_Gear"="C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe" [2005-06-16 86016]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-08-15 271672]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-06 1235736]
"nwiz"="nwiz.exe" [2005-09-23 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 C:\WINDOWS\SOUNDMAN.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]

C:\Documents and Settings\vittorio\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.3.lnk - C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Speed Launch.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
ASUS ChkMail.lnk - C:\Programmi\Asus\Asus ChkMail\ChkMail.exe [2006-01-10 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CmdAplStr"= {6DB51876-A043-D31F-3FF5-0AD75269C621} - C:\Programmi\zrummef\CmdAplStr.dll [2008-08-27 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\VITTORIO\\Dati applicazioni\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"C:\\Documents and Settings\\VITTORIO\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-06 97928]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-06 231704]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 16269]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2005-06-22 216320]
R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-10-03 720470]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-10-03 8278]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [ ]
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2001-01-08 15576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{994c82f8-57ea-11dd-9c67-0015f2934556}]
\Shell\Auto\command - McRegWizz.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL McRegWizz.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4dab1c2-8bb3-11dc-b090-0015f2934556}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
- - - - ORFÇOS REMOVIDOS - - - -

HKCU-Run-SysAct - C:\WINDOWS\system32\uzspqdor.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 16:18:46
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAMMI\FILE COMUNI\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\WINDOWS\ATKKBSERVICE.EXE
C:\PROGRAMMI\AVG\AVG8\AVGWDSVC.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\PROGRAMMI\ASUS\NB PROBE\SPM\SPMGR.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\ATK0100\ATKOSD.EXE
C:\PROGRAMMI\AVG\AVG8\AVGTRAY.EXE
C:\PROGRAMMI\OPENOFFICE.ORG 2.3\PROGRAM\SOFFICE.EXE
C:\PROGRAMMI\OPENOFFICE.ORG 2.3\PROGRAM\SOFFICE.BIN
C:\PROGRAMMI\IPOD\BIN\IPODSERVICE.EXE
C:\PROGRAMMI\AVG\AVG8\AVGRSX.EXE
C:\PROGRAMMI\AVG\AVG8\AVGRSX.EXE
.
**************************************************************************
.
Ora fine scansione: 2008-09-06 16:22:03 - machine was rebooted
ComboFix3.txt 2008-09-05 15:39:18
ComboFix-quarantined-files.txt 2008-09-06 14:21:48
ComboFix2.txt 2008-09-06 11:52:34

Pre-Run: 4,129,226,752 byte disponibili
Post-Run: 4,120,674,304 byte disponibili

227 --- E O F --- 2008-09-05 20:19:39
eli87
Newbie
 
Post: 5
Iscritto il: 06/09/08 11:56

Re: aiuto non ne posso più!!

Postdi Luke57 » 06/09/08 16:05

Ciao, ok, adesso nel file di testo scrivi:

Codice: Seleziona tutto
KILLALL::

File::
C:\WINDOWS\system32\hcxapirw.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4dab1c2-8bb3-11dc-b090-0015f2934556}]


2) Fai una scnasione completa con malwarebytes aggiornao, eliminando ciò che trova

3) vai qui
http://www.hwupgrade.it/forum/showthread.php?t=1599603
vai al punto per la rimoazione di knight.exe e seguilo fino all'utilizzo dell'apposito tool.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: aiuto non ne posso più!!

Postdi eli87 » 06/09/08 18:35

ciao, ho fatto tutto ciò che mi hai detto fino al punto due.
malwarebytes non ha trovato niente, ma comunque ti allego il risultato.
sono andata sul link che mi hai dato ma lì parla di rimozione di virus su pendrive! cosa devo fare esattamente? :undecided:
grazie

Malwarebytes' Anti-Malware 1.26
Versione del database: 1119
Windows 5.1.2600 Service Pack 2

06/09/2008 19.26.20
mbam-log-2008-09-06 (19-26-20).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 43316
Tempo trascorso: 3 minute(s), 51 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
eli87
Newbie
 
Post: 5
Iscritto il: 06/09/08 11:56

Re: aiuto non ne posso più!!

Postdi desdemonia » 06/09/08 22:14

ciao...ho fatto la scansione con malware e l'altro programma che non hanno trovato niente....e non sono più comparsi i messagi di segnalazione del trojan.....
cmq la scansione con combofix devo farla trascinando di nuovo il file sull'icona o senza??
grazie ancora!!! :roll:
Ciao, speto che tu abbia fatto le scansioni complete, non solamente quelle veloci ;)
Se non hai più problemi basta così.
desdemonia
Utente Junior
 
Post: 15
Iscritto il: 05/09/08 14:31

Re: aiuto non ne posso più!!

Postdi Luke57 » 06/09/08 22:44

eli87 ha scritto:ciao, ho fatto tutto ciò che mi hai detto fino al punto due.
malwarebytes non ha trovato niente, ma comunque ti allego il risultato.
sono andata sul link che mi hai dato ma lì parla di rimozione di virus su pendrive! cosa devo fare esattamente? :undecided:
grazie

Malwarebytes' Anti-Malware 1.26
Versione del database: 1119
Windows 5.1.2600 Service Pack 2

06/09/2008 19.26.20
mbam-log-2008-09-06 (19-26-20).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 43316
Tempo trascorso: 3 minute(s), 51 second(s)


Ciao, la scansione con malwarebytes devi farla completa, hai terminato solo quella veloce.
Per il tool, nel link che ti ho indicato trovi quel che fare, in sostanza inserire la pen drive ed eseguire il toll avviando knight.exe.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: aiuto non ne posso più!!

Postdi desdemonia » 07/09/08 10:11

ciao...ti allego il report di combo per sicurezza......


ComboFix 08-09-05.02 - marcomichi 2008-09-07 10.53.35.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.1666 [GMT 2:00]
Eseguito da: C:\Users\marcomichi\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active

.

((((((((((((((((((((((((( Files Creati Da 2008-08-07 al 2008-09-07 )))))))))))))))))))))))))))))))))))
.

2008-09-05 18:43 . 2008-09-05 18:43 <DIR> d-------- C:\Users\All Users\InfoMnt
2008-09-05 18:43 . 2008-09-05 18:43 <DIR> d-------- C:\ProgramData\InfoMnt
2008-09-05 17:24 . 2008-09-05 17:24 850 --a------ C:\Windows\System32\ProductTweaks.xml
2008-09-05 17:24 . 2008-09-05 17:24 385 --a------ C:\Windows\System32\user_gensett.xml
2008-09-05 16:51 . 2008-09-05 16:51 <DIR> d-------- C:\Program Files\BitDefender
2008-09-05 16:50 . 2008-09-05 18:39 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-09-05 13:39 . 2008-09-05 13:39 <DIR> d-------- C:\Users\marcomichi\AppData\Roaming\Malwarebytes
2008-09-05 13:39 . 2008-09-05 13:39 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-09-05 13:39 . 2008-09-05 13:39 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-09-05 13:39 . 2008-09-05 13:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-05 13:39 . 2008-09-02 00:16 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-05 13:39 . 2008-09-02 00:16 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-05 12:04 . 2008-09-05 12:04 <DIR> d-------- C:\Users\marcomichi\DoctorWeb
2008-09-05 07:19 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-05 07:19 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-05 07:19 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-05 07:19 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-05 07:19 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-05 07:19 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-05 07:18 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-05 07:18 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-05 07:18 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-04 18:56 . 2008-09-04 18:56 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-04 18:56 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-09-04 12:32 . 2008-09-04 12:32 <DIR> d-------- C:\Users\All Users\AplSh
2008-09-04 12:32 . 2008-09-04 12:32 <DIR> d-------- C:\ProgramData\AplSh
2008-09-04 10:55 . 2008-09-04 10:55 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-04 10:54 . 2008-09-04 10:54 <DIR> d-------- C:\Program Files\iPod
2008-09-04 10:52 . 2008-09-04 10:52 <DIR> d-------- C:\Program Files\Bonjour
2008-09-04 09:58 . 2008-09-04 09:58 <DIR> d-------- C:\Users\All Users\SysChk
2008-09-04 09:58 . 2008-09-04 09:58 <DIR> d-------- C:\ProgramData\SysChk
2008-09-03 15:30 . 2008-09-03 15:32 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-09-03 15:30 . 2008-09-03 15:32 <DIR> d-------- C:\ProgramData\Lavasoft
2008-09-03 14:00 . 2008-09-03 14:00 <DIR> d-------- C:\Program Files\CleanUp!
2008-09-03 09:28 . 2008-09-03 09:28 <DIR> d-------- C:\Users\All Users\MsgWin
2008-09-03 09:28 . 2008-09-03 09:28 <DIR> d-------- C:\ProgramData\MsgWin
2008-09-02 15:37 . 2008-09-02 15:37 <DIR> d-------- C:\Users\All Users\webgen
2008-09-02 15:37 . 2008-09-02 15:37 <DIR> d-------- C:\ProgramData\webgen
2008-09-02 12:00 . 2008-09-05 13:19 1,524 --a------ C:\Windows\wininit.ini
2008-09-02 11:19 . 2008-09-02 15:38 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-09-02 11:19 . 2008-09-02 15:38 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-09-02 11:19 . 2008-09-02 15:11 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-02 10:33 . 2008-09-02 10:33 <DIR> d-------- C:\Users\All Users\hlpstr
2008-09-02 10:33 . 2008-09-02 10:33 <DIR> d-------- C:\ProgramData\hlpstr
2008-09-02 07:18 . 2008-09-02 07:18 <DIR> d-------- C:\Users\All Users\InfoEn
2008-09-02 07:18 . 2008-09-02 07:18 <DIR> d-------- C:\ProgramData\InfoEn
2008-09-01 10:12 . 2008-09-01 10:12 <DIR> d-------- C:\Users\All Users\ActSmart
2008-09-01 10:12 . 2008-09-01 10:12 <DIR> d-------- C:\ProgramData\ActSmart
2008-09-01 07:18 . 2008-09-01 07:18 <DIR> d-------- C:\Users\All Users\SrvApi
2008-09-01 07:18 . 2008-09-01 07:18 <DIR> d-------- C:\ProgramData\SrvApi
2008-08-29 10:56 . 2008-08-29 10:56 <DIR> d-------- C:\Users\All Users\srvappgen
2008-08-29 10:56 . 2008-08-29 10:56 <DIR> d-------- C:\ProgramData\srvappgen
2008-08-28 12:45 . 2008-08-28 14:01 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-08-28 10:26 . 2008-08-28 10:26 <DIR> d-------- C:\Windows\System32\Rinera
2008-08-28 09:09 . 2008-08-28 09:09 <DIR> d-------- C:\Users\All Users\CfgEnMsg
2008-08-28 09:09 . 2008-08-28 09:09 <DIR> d-------- C:\ProgramData\CfgEnMsg
2008-08-28 07:44 . 2008-09-04 09:58 <DIR> d-------- C:\Users\All Users\InfoSrvCom
2008-08-28 07:44 . 2008-08-28 07:44 <DIR> d-------- C:\Users\All Users\endb
2008-08-28 07:44 . 2008-09-04 09:58 <DIR> d-------- C:\ProgramData\InfoSrvCom
2008-08-28 07:44 . 2008-08-28 07:44 <DIR> d-------- C:\ProgramData\endb
2008-08-28 07:43 . 2008-08-28 07:43 <DIR> d-------- C:\Users\All Users\enprocsmart
2008-08-28 07:43 . 2008-08-28 07:43 <DIR> d-------- C:\ProgramData\enprocsmart
2008-08-27 07:49 . 2008-08-27 07:49 0 --a------ C:\Users\marcomichi\AppData\Roaming\wklnhst.dat
2008-08-26 13:54 . 2008-08-26 13:54 <DIR> d-------- C:\Users\All Users\TERMINAL Studio
2008-08-26 13:54 . 2008-08-26 13:54 <DIR> d-------- C:\ProgramData\TERMINAL Studio
2008-08-25 15:35 . 2008-08-25 15:35 <DIR> d-------- C:\Users\All Users\MumboJumbo
2008-08-25 15:35 . 2008-08-25 15:35 <DIR> d-------- C:\ProgramData\MumboJumbo
2008-08-20 14:25 . 2008-08-20 14:25 <DIR> d-------- C:\Users\All Users\EarMaster
2008-08-20 14:25 . 2008-08-20 14:25 <DIR> d-------- C:\ProgramData\EarMaster
2008-08-20 14:25 . 2008-08-20 14:25 <DIR> d-------- C:\Program Files\EarMaster School 5
2008-08-20 11:48 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-19 23:39 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-19 23:39 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-19 23:39 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-19 23:39 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-19 23:39 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-15 14:52 . 2008-08-15 14:52 <DIR> d-------- C:\Users\marcomichi\AppData\Roaming\Nikon
2008-08-15 14:52 . 2004-09-27 20:49 2,813,952 --a------ C:\Windows\System32\NkNEFPlugin.dll
2008-08-15 14:52 . 2004-06-21 14:08 495,616 -ra------ C:\Windows\System32\DRAGNKL1.dll
2008-08-15 14:52 . 2004-08-03 21:47 180,224 -ra------ C:\Windows\System32\picn1120.dll
2008-08-15 14:52 . 2004-07-20 09:45 176,128 -ra------ C:\Windows\System32\Strato4.dll
2008-08-15 14:52 . 2004-08-03 21:47 155,648 -ra------ C:\Windows\System32\picn1020.dll
2008-08-15 14:52 . 2004-07-12 09:59 110,592 -ra------ C:\Windows\System32\RCSigProc.dll
2008-08-15 14:52 . 2004-06-21 14:27 54,784 -ra------ C:\Windows\System32\RedEye.dll
2008-08-15 14:52 . 2004-08-03 21:47 48,128 -ra------ C:\Windows\System32\picn20.dll
2008-08-15 14:51 . 2008-08-15 14:51 <DIR> d-------- C:\Users\All Users\QuickTime
2008-08-15 14:51 . 2008-08-15 14:51 <DIR> d-------- C:\ProgramData\QuickTime
2008-08-15 14:51 . 2008-08-15 14:52 <DIR> d-------- C:\Program Files\Nikon
2008-08-15 14:50 . 2008-08-15 14:50 <DIR> d-------- C:\Program Files\ArcSoft
2008-08-15 14:50 . 1995-08-01 04:44 212,480 --------- C:\Windows\PCDLIB32.DLL
2008-08-15 14:49 . 2008-08-15 14:52 <DIR> d-------- C:\Program Files\Common Files\Nikon
2008-08-09 14:29 . 2008-08-09 14:29 <DIR> d-------- C:\Users\marcomichi\AppData\Roaming\PACE Anti-Piracy
2008-08-09 14:29 . 2008-08-09 14:29 <DIR> d-------- C:\Users\All Users\PACE Anti-Piracy
2008-08-09 14:29 . 2008-08-09 14:29 <DIR> d-------- C:\ProgramData\PACE Anti-Piracy
2008-08-08 19:30 . 2008-08-08 19:33 <DIR> d-------- C:\Program Files\Waves
2008-08-08 19:13 . 2008-08-08 19:23 <DIR> d-------- C:\Program Files\Antares Audio Technologies
2008-08-07 18:27 . 2008-09-01 13:56 <DIR> d-------- C:\Program Files\Zuma Deluxe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 15:20 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-04 08:54 --------- d-----w C:\Program Files\iTunes
2008-09-04 08:53 --------- d-----w C:\ProgramData\Apple Computer
2008-09-04 06:06 --------- d-----w C:\Users\marcomichi\AppData\Roaming\skypePM
2008-09-04 05:51 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Skype
2008-08-31 08:00 --------- d-----w C:\Program Files\McAfee
2008-08-28 09:24 --------- d---a-w C:\ProgramData\TEMP
2008-08-28 09:22 --------- d-----w C:\Program Files\Acer GameZone
2008-08-20 16:56 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Audacity
2008-08-20 11:25 --------- d-----w C:\Program Files\Windows Mail
2008-08-15 15:46 --------- d-----w C:\Users\marcomichi\AppData\Roaming\SiteAdvisor
2008-08-15 12:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-06 21:55 --------- d-----w C:\Users\marcomichi\AppData\Roaming\LimeWire
2008-08-06 20:19 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Acoustica
2008-08-06 20:19 --------- d-----w C:\Program Files\Acoustica Mixcraft 4
2008-08-06 19:27 --------- d-----w C:\Program Files\Acoustica Shared Effects
2008-08-06 19:19 --------- d-----w C:\ProgramData\Acoustica
2008-08-06 17:05 --------- d-----w C:\Program Files\Sony
2008-08-06 14:31 --------- d-----w C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-08-06 09:50 --------- d-----w C:\Program Files\Steinberg
2008-08-06 09:31 --------- d-----w C:\Program Files\ASIO4ALL v2
2008-08-05 17:59 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Sonic Foundry
2008-08-05 17:50 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Sony
2008-08-05 17:50 --------- d-----w C:\ProgramData\Sony
2008-08-05 17:49 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Publish Providers
2008-08-05 17:49 --------- d-----w C:\Users\marcomichi\AppData\Roaming\NetMedia Providers
2008-08-05 16:43 --------- d-----w C:\Program Files\Sonic Foundry
2008-08-04 21:37 --------- d-----w C:\Program Files\Sony Setup
2008-08-04 21:12 --------- d-----w C:\ProgramData\Ref city new
2008-08-04 08:58 --------- d-----w C:\Program Files\directx
2008-08-03 16:07 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Steinberg
2008-08-03 16:01 --------- d-----w C:\Program Files\Syncrosoft
2008-08-01 06:10 --------- d-----w C:\Program Files\Real
2008-08-01 06:10 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-01 06:10 --------- d-----w C:\Program Files\Common Files\Real
2008-07-31 10:01 --------- d-----w C:\ProgramData\Arcade Lab
2008-07-31 09:52 --------- d-----w C:\ProgramData\Sandlot Games
2008-07-31 08:52 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Big Fish Games
2008-07-31 08:13 --------- d-----w C:\ProgramData\JollyBear
2008-07-30 14:59 --------- d-----w C:\Users\marcomichi\AppData\Roaming\PlayFirst
2008-07-30 14:59 --------- d-----w C:\ProgramData\PlayFirst
2008-07-30 14:11 --------- d-----w C:\ProgramData\Oberon Games
2008-07-30 14:05 --------- d-----w C:\ProgramData\SpinTop Games
2008-07-30 12:05 --------- d-----w C:\Users\marcomichi\AppData\Roaming\iWin
2008-07-30 11:57 --------- d-----w C:\ProgramData\InterAction studios
2008-07-30 08:57 --------- d-----w C:\Users\marcomichi\AppData\Roaming\FloodLightGames
2008-07-30 08:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-29 15:50 --------- d-----w C:\ProgramData\Bags loud rect corn
2008-07-28 10:27 --------- d-----w C:\ProgramData\Office Genuine Advantage
2008-07-25 09:22 --------- d-----w C:\Program Files\Sun
2008-07-25 09:22 --------- d-----w C:\Program Files\Java
2008-07-21 13:38 --------- d-----w C:\Program Files\Common Files\Java
2008-07-21 05:39 --------- d-----w C:\ProgramData\eSobi
2008-07-19 10:26 --------- d-----w C:\Program Files\Ubisoft
2008-07-19 09:55 --------- d-----w C:\Program Files\DAEMON Tools Toolbar
2008-07-19 09:55 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-07-19 09:52 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-07-18 18:38 586,752 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-14 17:31 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Image Zone Express
2008-07-13 09:45 --------- d-----w C:\Program Files\Cakewalk
2008-07-13 09:18 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Cakewalk
2008-07-13 09:16 118,784 ----a-w C:\Windows\dsdxirmv.exe
2008-07-13 09:15 --------- d-----w C:\Users\marcomichi\AppData\Roaming\DivX
2008-07-12 14:55 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-07-12 13:42 --------- d-----w C:\Users\marcomichi\AppData\Roaming\DAEMON Tools
2008-06-27 10:06 56 ---ha-w C:\Users\All Users\ezsidmv.dat
2008-06-27 10:06 56 ---ha-w C:\ProgramData\ezsidmv.dat
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-18 17:52 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-06-11 00:07 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-06-11 00:07 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-06-11 00:04 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot_2008-09-05_20.55.19.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-07 08:39:58 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-09-07 08:39:58 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-05 18:50:24 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-07 08:41:57 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-09-05 18:50:23 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-07 08:41:14 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-07 08:41:14 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-09-05 18:50:36 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-07 08:47:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-05 18:50:36 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-07 08:47:23 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-05 18:50:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-07 08:47:23 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-05 13:07:45 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-09-07 08:52:58 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-09-05 16:47:33 112,762 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-09-07 08:44:50 112,762 ----a-w C:\Windows\System32\perfc009.dat
- 2008-09-05 16:47:34 132,852 ----a-w C:\Windows\System32\perfc010.dat
+ 2008-09-07 08:44:50 132,852 ----a-w C:\Windows\System32\perfc010.dat
- 2008-09-05 16:47:34 613,578 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-09-07 08:44:50 613,578 ----a-w C:\Windows\System32\perfh009.dat
- 2008-09-05 16:47:34 690,662 ----a-w C:\Windows\System32\perfh010.dat
+ 2008-09-07 08:44:50 690,662 ----a-w C:\Windows\System32\perfh010.dat
- 2008-09-05 16:43:52 7,628 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2066312072-2244485012-556477551-1000_UserData.bin
+ 2008-09-07 08:41:57 7,850 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2066312072-2244485012-556477551-1000_UserData.bin
- 2008-09-05 16:43:50 77,808 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-07 08:41:55 78,286 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-04 06:09:23 4,214 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-09-06 06:57:23 4,214 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-09-05 18:51:41 65,556 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-07 08:41:44 65,906 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-09-03 11:27:31 267,676 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-09-06 06:56:40 272,610 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-09-07 08:42:24 61,187,709 ----a-w C:\Windows\Temp\a2cache_2EC5E7CC.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-27 01:26 39472 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FiveThat"="C:\ProgramData\messmpegmpeg.ivbyf" [X]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 9117696]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-27 171448]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"InfoSrvCom"="C:\ProgramData\InfoSrvCom\tefkhwhi.exe" [BU]
"InfoMnt"="C:\ProgramData\InfoMnt\uzqpcbyz.exe" [2008-09-05 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="C:\Program Files\Acer\Empowering Technology\SysMonitor.exe" [2008-02-14 319488]
"EmpoweringTechnology"="C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-02-14 319488]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 36640]
"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-27 523312]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"AliceRV_McciTrayApp"="C:\Program Files\Alice ti aiuta\McciTrayApp.exe" [2007-01-23 1001472]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-07-31 2131600]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 C:\Windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 9117696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-08-15 118784]
StupAssist.lnk - C:\Program Files\Common Files\Nikon\Utilities\StupAssist.exe [2008-08-15 31744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rect corn size style]
C:\ProgramData\bleh rect seek.oy63o [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
--a------ 2008-02-25 18:57 34040 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-17 14:20 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
--a------ 2005-05-11 02:46 200069 C:\Program Files\Syncrosoft\POS\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 15:54 21718312 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-01 08:10 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{35231020-9A84-4A5B-A38F-A08085E74F0A}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{8ECF1DFD-54F0-47C8-A63D-2BAF3DBF2C04}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{91AA76E2-621F-4FAD-B445-875BB571F627}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{A0045052-62F3-4D2F-A4A1-C91893026072}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{5693E81E-B138-4A7A-8000-AC9E7A5A73DC}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{4468DF18-54C1-4F98-A685-A1F57BD1D1B6}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{D4AC761A-5E28-4C06-BD84-A06D0E6F585C}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{4CBFA36D-4833-473A-B932-04073C5DF553}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{0E76ADA1-7092-43D0-8B04-758576C5AB4B}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{87B44FEB-AB15-4BF9-93FD-75FF9B1C9C06}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{34BC6C0B-8563-482F-9A3D-20AF105FDD44}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B9121E19-FEC6-47EF-8AB3-4EBBC45299F0}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FED3614C-EFF0-482E-97A9-C29FADDFEAA9}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{AB8ED860-E1B5-420C-8941-E2178F89636A}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{9C041D29-2098-47EF-A01C-608D26B80808}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{0CB7B0FE-0640-4152-AF87-839A3CE6C933}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{F06DED21-C4BF-4C3A-88EF-D7E77A128A76}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{D0BB0099-9E12-48F7-B30D-678AEB325EF4}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{AABCD62C-EEC9-4114-8C90-40A1829DA5C2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5E413CB1-3963-422F-863B-9FD090D12068}"= C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{2BE86962-1FC0-4359-8684-8AD725CB75E2}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{7CECEE54-0CA1-4349-9C1D-A8EB12175E49}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{807649C2-F48D-4109-9E8E-6B2869E3B109}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{31D18DF4-9882-4611-A562-FC805521B284}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{F186FE74-903A-4677-9039-B42E33093A39}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{593298C8-BF53-46AD-9693-EE2950344602}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{99D7AF1E-1895-479A-9E75-6B4C54460742}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 7680]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 21752]
R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-02-14 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 49152]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 131072]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 3533824]
R3 CLEDX;Team H2O CLEDX service;C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 298496]
S4 ahcix86s;ahcix86s;C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 170000]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.it/
R0 -: HKLM-Main,Start Page = hxxp://it.intl.acer.yahoo.com
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: {4819DFDF-ABC4-488C-A323-919848C51175} - C:\Windows\Downloaded Program Files\rineraproxy.inf

- hxxp://portal3.rinera.com/download/RineraProxy-1.4.cab
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 11:02:55
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
Ora fine scansione: 2008-09-07 11:08:23
ComboFix-quarantined-files.txt 2008-09-07 09:08:07
ComboFix2.txt 2008-09-05 18:58:31
ComboFix3.txt 2008-09-05 13:28:47

Pre-Run: 64,947,294,208 byte disponibili
Post-Run: 64,072,384,512 byte disponibili

376 --- E O F --- 2008-09-06 06:49:59
desdemonia
Utente Junior
 
Post: 15
Iscritto il: 05/09/08 14:31

Re: aiuto non ne posso più!!

Postdi eli87 » 07/09/08 10:48

Ciao ho eseguito la scansione completa con Malwerebytes questo è il report:

Malwarebytes' Anti-Malware 1.26
Versione del database: 1119
Windows 5.1.2600 Service Pack 2

07/09/2008 11.41.19
mbam-log-2008-09-07 (11-41-19).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|G:\|)
Elementi scansionati: 95736
Tempo trascorso: 40 minute(s), 15 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 8

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Programmi\QooBox\Quarantine\C\Programmi\PCHealthCenter\0.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Programmi\QooBox\Quarantine\C\Programmi\PCHealthCenter\1.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Programmi\QooBox\Quarantine\C\Programmi\PCHealthCenter\3.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Programmi\QooBox\Quarantine\C\Programmi\PCHealthCenter\4.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Programmi\QooBox\Quarantine\C\Programmi\PCHealthCenter\5.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Programmi\QooBox\Quarantine\C\WINDOWS\system32\VIE1.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Programmi\QooBox\Quarantine\C\WINDOWS\system32\VIE3.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Programmi\QooBox\Quarantine\C\WINDOWS\system32\VIE4.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

inoltre ho effettuato la scansione online questo è il report:

BitDefender Online Scanner
Scan report generated at: Sun, Sep 07, 2008 - 10:55:16

Scan path: C:\;D:\;E:\;F:\;G:\;


Statistics

Time
00:54:07
Files
297431
Folders
6173
Boot Sectors
0
Archives
8924
Packed Files
10692
Results
Identified Viruses
13
Infected Files
16
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
16

Engines Info
Virus Definitions
1730605
Engine build
AVCORE v1.7 (build 8314.19) (i386) (Aug 11 2008 17:31:32)
Scan plugins
16
Archive plugins
43
Unpack plugins
7
E-mail plugins
6
System plugins
4
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\WINDOWS\system32\cjuajdju.log
Infected with: BehavesLike:Win32.ExplorerHijack
C:\WINDOWS\system32\cjuajdju.log
Disinfection failed
C:\WINDOWS\system32\cjuajdju.log
Deleted
C:\Programmi\QooBox\Quarantine\C\Programmi\PCHealthCenter\5.exe.vir=>(RAR Sfx o)=>MSA.exe
Detected with: Adware.FakeAntiVirus.J
C:\Programmi\QooBox\Quarantine\C\Programmi\PCHealthCenter\5.exe.vir=>(RAR Sfx o)=>MSA.exe
Deleted
C:\Programmi\QooBox\Quarantine\C\Programmi\PCHealthCenter\5.exe.vir=>(RAR Sfx o)
Update failed
C:\Programmi\QooBox\Quarantine\C\Programmi\PCHealthCenter\5.exe.vir=>(RAR Sfx o)=>MSA.cpl
Infected with: Trojan.FakeAV.AO
C:\Programmi\QooBox\Quarantine\C\Programmi\PCHealthCenter\5.exe.vir=>(RAR Sfx o)=>MSA.cpl
Deleted
C:\Programmi\QooBox\Quarantine\C\Programmi\PCHealthCenter\5.exe.vir=>(RAR Sfx o)
Update failed
C:\Programmi\QooBox\Quarantine\C\Programmi\PCHealthCenter\5.exe.vir=>(RAR Sfx o)=>msa0.dat
Infected with: Trojan.FakeAlert.ACZ
C:\Programmi\QooBox\Quarantine\C\Programmi\PCHealthCenter\5.exe.vir=>(RAR Sfx o)=>msa0.dat
Deleted
C:\Programmi\QooBox\Quarantine\C\Programmi\PCHealthCenter\5.exe.vir=>(RAR Sfx o)
Update failed
C:\Programmi\QooBox\Quarantine\C\Programmi\PCHealthCenter\5.exe.vir=>(RAR Sfx o)=>msa1.dat
Infected with: Trojan.FakeAlert.ACZ
C:\Programmi\QooBox\Quarantine\C\Programmi\PCHealthCenter\5.exe.vir=>(RAR Sfx o)=>msa1.dat
Deleted
C:\Programmi\QooBox\Quarantine\C\Programmi\PCHealthCenter\5.exe.vir=>(RAR Sfx o)
Update failed
C:\Programmi\QooBox\Quarantine\C\Programmi\PCHealthCenter\7.exe.vir
Infected with: Trojan.Downloader.Exchanger.Gen.2
C:\Programmi\QooBox\Quarantine\C\Programmi\PCHealthCenter\7.exe.vir
Disinfection failed
C:\Programmi\QooBox\Quarantine\C\Programmi\PCHealthCenter\7.exe.vir
Deleted
C:\Programmi\QooBox\Quarantine\C\WINDOWS\system32\alt.exe.exe.vir
Infected with: Trojan.Agentspy.D
C:\Programmi\QooBox\Quarantine\C\WINDOWS\system32\alt.exe.exe.vir
Disinfection failed
C:\Programmi\QooBox\Quarantine\C\WINDOWS\system32\alt.exe.exe.vir
Deleted
C:\Programmi\QooBox\Quarantine\C\WINDOWS\system32\back.exe.exe.vir
Infected with: Dropped:Trojan.Peed.JQV
C:\Programmi\QooBox\Quarantine\C\WINDOWS\system32\back.exe.exe.vir
Disinfection failed
C:\Programmi\QooBox\Quarantine\C\WINDOWS\system32\back.exe.exe.vir
Deleted
C:\Programmi\QooBox\Quarantine\C\WINDOWS\system32\blphc7krj0e3ee.scr.vir
Infected with: Trojan.FakeAlert.AAI
C:\Programmi\QooBox\Quarantine\C\WINDOWS\system32\blphc7krj0e3ee.scr.vir
Disinfection failed
C:\Programmi\QooBox\Quarantine\C\WINDOWS\system32\blphc7krj0e3ee.scr.vir
Deleted
C:\Programmi\QooBox\Quarantine\C\WINDOWS\system32\lphc7krj0e3ee.exe.vir
Infected with: Backdoor.Generic.86987
C:\Programmi\QooBox\Quarantine\C\WINDOWS\system32\lphc7krj0e3ee.exe.vir
Disinfection failed
C:\Programmi\QooBox\Quarantine\C\WINDOWS\system32\lphc7krj0e3ee.exe.vir
Deleted
C:\Programmi\QooBox\Quarantine\C\WINDOWS\system32\phc7krj0e3ee.bmp.vir
Infected with: Trojan.FakeAlert.AAF
C:\Programmi\QooBox\Quarantine\C\WINDOWS\system32\phc7krj0e3ee.bmp.vir
Disinfection failed
C:\Programmi\QooBox\Quarantine\C\WINDOWS\system32\phc7krj0e3ee.bmp.vir
Deleted
C:\Programmi\QooBox\Quarantine\C\WINDOWS\system32\pphc7krj0e3ee.exe.vir
Infected with: Trojan.FakeRemoval.A
C:\Programmi\QooBox\Quarantine\C\WINDOWS\system32\pphc7krj0e3ee.exe.vir
Disinfection failed
C:\Programmi\QooBox\Quarantine\C\WINDOWS\system32\pphc7krj0e3ee.exe.vir
Deleted
C:\Programmi\QooBox\Quarantine\C\WINDOWS\system32\F.tmp.vir
Infected with: Trojan.FakeRemoval.A
C:\Programmi\QooBox\Quarantine\C\WINDOWS\system32\F.tmp.vir
Disinfection failed
C:\Programmi\QooBox\Quarantine\C\WINDOWS\system32\F.tmp.vir
Deleted
C:\Programmi\QooBox\Quarantine\C\WINDOWS\neos.exe.vir
Infected with: Dropped:Trojan.Peed.JQV
C:\Programmi\QooBox\Quarantine\C\WINDOWS\neos.exe.vir
Disinfection failed
C:\Programmi\QooBox\Quarantine\C\WINDOWS\neos.exe.vir
Deleted
C:\System Volume Information\_restore{49D4071F-982A-4C91-8F0F-AF718D6B48A2}\RP250\A0047307.exe
Infected with: Trojan.FakeAlert.ADG
C:\System Volume Information\_restore{49D4071F-982A-4C91-8F0F-AF718D6B48A2}\RP250\A0047307.exe
Deleted
C:\System Volume Information\_restore{49D4071F-982A-4C91-8F0F-AF718D6B48A2}\RP257\A0048369.bat
Infected with: Trojan.BHO.OCC
C:\System Volume Information\_restore{49D4071F-982A-4C91-8F0F-AF718D6B48A2}\RP257\A0048369.bat
Deleted
eli87
Newbie
 
Post: 5
Iscritto il: 06/09/08 11:56

Re: aiuto non ne posso più!!

Postdi desdemonia » 07/09/08 11:55

:cry: :cry: :cry: :cry: :cry:
si è ripresentato il messaggio del firewall.....
:x
desdemonia
Utente Junior
 
Post: 15
Iscritto il: 05/09/08 14:31

Re: aiuto non ne posso più!!

Postdi Luke57 » 07/09/08 14:00

eli87 ha scritto:Ciao ho eseguito la scansione completa con Malwerebytes questo è il report


Ciao, hai sempre problemi?
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: aiuto non ne posso più!!

Postdi Luke57 » 07/09/08 14:25

desdemonia ha scritto::cry: :cry: :cry: :cry: :cry:
si è ripresentato il messaggio del firewall.....
:x

Ciao, sovrascrivi questo testo nel file CFScript.txt :

Codice: Seleziona tutto
KILLALL::

Folder::
C:\Users\All Users\InfoMnt
C:\ProgramData\InfoMnt
C:\Users\All Users\AplSh
C:\ProgramData\AplSh
C:\Users\All Users\SysChk
C:\ProgramData\SysChk
C:\Users\All Users\MsgWin
C:\ProgramData\MsgWin
C:\Users\All Users\webgen
C:\ProgramData\webgen
C:\Users\All Users\hlpstr
C:\ProgramData\hlpstr
C:\Users\All Users\InfoEn
C:\ProgramData\InfoEn
C:\Users\All Users\ActSmart
C:\ProgramData\ActSmart
C:\Users\All Users\SrvApi
C:\ProgramData\SrvApi
C:\Users\All Users\srvappgen
C:\ProgramData\srvappgen
C:\Users\All Users\CfgEnMsg
C:\ProgramData\CfgEnMsg
C:\Users\All Users\endb
C:\ProgramData\InfoSrvCom
C:\ProgramData\endb
C:\Users\All Users\enprocsmart
C:\ProgramData\enprocsmart
C:\Users\All Users\InfoSrvCom
C:\ProgramData\TEMP

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
InfoSrvCom"=-
"InfoMnt"=-


solito trascinamento su combofix e scansione. Riavvia il computer.

N.B.PER PIACERE, ALLEGA IL NUOVO REPORT (con l'apposita funzione del forum), altrimenti con tutti i report postati consecutivamente da utenti diversi non ci capisco più niente, GRAZIE.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: aiuto non ne posso più!!

Postdi desdemonia » 07/09/08 14:52

fatto....


[L’estensione txt è stata disattivata e non puó essere visualizzata.]

desdemonia
Utente Junior
 
Post: 15
Iscritto il: 05/09/08 14:31

Re: aiuto non ne posso più!!

Postdi Luke57 » 07/09/08 15:57

Ciao, ti reinfetti di continuo, scarica sul desktop
http://www.suspectfile.com/systemscan
prima di lanciarlo disattiva l'antivirus che può erroneamente scambiarlo per infetto
aprilo ed assicurati che tutte le opzioni siano spuntate, clicca su "Scan Now" al termine della scansione verranno rilasciati (sempre sul desktop all'interno della cartella suspectfile) due file. Allega il file con estensione .zip nella tua prossima risposta.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: aiuto non ne posso più!!

Postdi eli87 » 07/09/08 16:22

Ciao, no i messaggi del firewall non appaiono più sembra tutto risolto. Ti ringrazio tantissimo di avermi aiutato.
Sei stato gentilissimo.
eli87
Newbie
 
Post: 5
Iscritto il: 06/09/08 11:56

Re: aiuto non ne posso più!!

Postdi desdemonia » 07/09/08 16:25

...non riesco a farlo partire..l'ho installato ma non parte....ho rifatto malware ma non trova niente..
:cry: :cry:
desdemonia
Utente Junior
 
Post: 15
Iscritto il: 05/09/08 14:31

Re: aiuto non ne posso più!!

Postdi Luke57 » 07/09/08 16:38

desdemonia ha scritto:...non riesco a farlo partire..l'ho installato ma non parte....ho rifatto malware ma non trova niente..
:cry: :cry:

Ciao, che cosa succede quando lanci systemscan?
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: aiuto non ne posso più!!

Postdi desdemonia » 07/09/08 16:42

non parte proprio...non si muove nulla
desdemonia
Utente Junior
 
Post: 15
Iscritto il: 05/09/08 14:31

Re: aiuto non ne posso più!!

Postdi Luke57 » 07/09/08 16:53

Ciao, hai scaricato il file eseguibile sul dektop, lo lanci con doppio click e non succede niente?

Prova con questo programma:
http://www.trendsecure.com/portal/en-US ... ckThis.exe

salvi il file in una cartella del disco fisso appositamente dedicata (no desktop), ad esempio C:\programmi\HJT.
Da tale posizione lo avvii, scegli l'opzione "do a system scan and save a log file", attendi l'elaborazione di un file di log che si crea nella stessa cartella dove hai messo hijackthis.exe, rinomina il file hijackthis.log in hijackthis.txt (clicchi con il destro sul file, scegli rinomina) e allega il file di testo in un prossimo post.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: aiuto non ne posso più!!

Postdi desdemonia » 07/09/08 17:12

QUESTO FUNZIONA..

[L’estensione log è stata disattivata e non puó essere visualizzata.]

desdemonia
Utente Junior
 
Post: 15
Iscritto il: 05/09/08 14:31

PrecedenteProssimo

Torna a Sicurezza e Privacy


Topic correlati a "aiuto non ne posso più!!":

aiuto windows 10
Autore: mod360
Forum: Software Windows
Risposte: 1
aiuto installazione
Autore: mod360
Forum: Software Windows
Risposte: 3
aiuto x mobili
Autore: MarioLombardi
Forum: Forum off-topic
Risposte: 8

Chi c’è in linea

Visitano il forum: Nessuno e 82 ospiti