grazie infinite Luke57
combofix ha funzionato a quanto pare!!!!!
ti posto il contenuto di combofix.txt (di cui io non ho capito una beneamata mazza!!!
)
ComboFix 08-11-12.01 - utente 2008-11-13 22.14.08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.603 [GMT 1:00]
Eseguito da: c:\documents and settings\utente\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\egeyosk.dat
c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\egeyosk.exe
c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\egeyosk_nav.dat
c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\egeyosk_navps.dat
c:\windows\IE4 Error Log.txt
c:\windows\system32\amvo0.dll
c:\windows\system32\amvo1.dll
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Creati Da 2008-10-13 al 2008-11-13 )))))))))))))))))))))))))))))))))))
.
2008-11-13 16:20 . 2007-08-01 22:47 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-11-13 15:35 . 2008-11-13 17:57 <DIR> d-------- c:\documents and settings\utente\.housecall6.6
2008-11-08 01:44 . 2008-11-08 01:44 <DIR> d-------- c:\programmi\MapPoint Find Sample
2008-11-08 01:43 . 2008-11-08 01:43 <DIR> d-------- c:\programmi\Spinning Gobe Sample
2008-11-08 01:38 . 2008-11-08 01:38 <DIR> d-------- c:\programmi\Accessing the MapPoint ActiveX Control in Visual Basic Sample
2008-11-06 23:35 . 2008-11-06 23:35 38 --a------ c:\windows\avisplitter.INI
2008-11-05 12:57 . 2008-11-05 13:50 <DIR> d-------- c:\windows\SxsCaPendDel
2008-11-01 14:14 . 2008-11-01 14:14 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\Media Player Classic
2008-10-31 17:20 . 2004-08-19 14:39 221,184 --a------ c:\windows\system32\wmpns.dll
2008-10-31 17:20 . 2008-10-31 17:24 23,392 --a------ c:\windows\system32\nscompat.tlb
2008-10-31 17:20 . 2008-10-31 17:24 16,832 --a------ c:\windows\system32\amcompat.tlb
2008-10-31 16:37 . 2008-10-31 16:37 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\agi
2008-10-31 16:33 . 2008-10-31 16:33 <DIR> d-------- c:\documents and settings\LocalService\Dati applicazioni\agi
2008-10-31 16:33 . 2008-10-31 16:33 2,117,632 --a------ c:\windows\system32\python25.dll
2008-10-31 16:33 . 2008-09-16 17:26 1,332,197 --a------ c:\windows\system32\pythondll.zip
2008-10-31 16:33 . 2008-10-31 16:33 339,968 --a------ c:\windows\system32\pythoncom25.dll
2008-10-31 16:33 . 2008-10-31 16:33 114,688 --a------ c:\windows\system32\pywintypes25.dll
2008-10-30 14:02 . 2008-10-30 14:02 <DIR> d-------- c:\windows\Sun
2008-10-30 14:02 . 2008-10-30 14:02 <DIR> d-------- c:\programmi\Java
2008-10-30 14:02 . 2008-10-31 08:45 <DIR> d-------- c:\programmi\Google
2008-10-30 14:02 . 2008-10-30 14:02 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-30 14:02 . 2008-10-30 14:02 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-10-30 13:11 . 2008-10-30 13:11 <DIR> d-------- c:\programmi\Windows Media Connect 2
2008-10-30 13:09 . 2008-10-31 17:22 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-10-30 12:56 . 2008-11-13 18:35 <DIR> d-------- c:\programmi\eMule
2008-10-30 12:29 . 2008-10-30 12:29 <DIR> d-------- c:\programmi\Microsoft SQL Server Compact Edition
2008-10-30 12:28 . 2008-10-30 12:28 <DIR> d-------- c:\programmi\Windows Live Toolbar
2008-10-30 12:28 . 2008-10-30 12:28 <DIR> d-------- c:\programmi\Windows Live Favorites
2008-10-30 12:24 . 2008-11-13 19:49 <DIR> d-------- c:\documents and settings\utente\Contacts
2008-10-30 12:15 . 2008-11-05 16:06 <DIR> d-------- c:\programmi\Windows Live
2008-10-30 12:15 . 2008-10-30 12:22 <DIR> d--hsc--- c:\programmi\File comuni\WindowsLiveInstaller
2008-10-30 12:15 . 2008-10-30 12:15 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-10-30 12:12 . 2007-07-30 19:19 43,352 --a------ c:\windows\system32\wups2.dll
2008-10-30 12:12 . 2007-07-30 19:19 38,232 --a------ c:\windows\system32\wucltui.dll.mui
2008-10-30 12:12 . 2007-07-30 19:20 30,040 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-10-30 12:12 . 2007-07-30 19:20 30,040 --a------ c:\windows\system32\wuapi.dll.mui
2008-10-30 12:12 . 2007-07-30 19:18 21,336 --a------ c:\windows\system32\wuaueng.dll.mui
2008-10-30 12:11 . 2008-10-30 12:11 <DIR> d---s---- c:\documents and settings\utente\UserData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 21:03 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-11-13 11:10 --------- d-----w c:\documents and settings\utente\Dati applicazioni\AVG7
2008-11-13 09:03 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg7
2008-11-11 22:31 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-11-01 12:09 --------- d-----w c:\programmi\K-Lite Codec Pack
2008-11-01 12:08 --------- d-----w c:\programmi\DivX
2008-02-12 08:37 87,608 ----a-w c:\documents and settings\utente\Dati applicazioni\ezpinst.exe
2008-02-12 08:37 47,360 ----a-w c:\documents and settings\utente\Dati applicazioni\pcouffin.sys
2008-01-16 08:51 22,328 ----a-w c:\documents and settings\utente\Dati applicazioni\PnkBstrK.sys
2004-10-01 14:00 40,960 ----a-w c:\programmi\Uninstall_CDS.exe
2007-12-10 15:40 655,360 --sh--r c:\windows\system32\wbcmgr.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"AlcoholAutomount"="c:\programmi\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 221568]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-10-30 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2007-11-08 579072]
"RemoteControl"="c:\programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"DSLSTATEXE"="c:\program files\D-Link\DSL-200\dslstat.exe" [2005-12-12 344064]
"DSLAGENTEXE"="c:\program files\D-Link\DSL-200\dslagent.exe" [2005-08-25 65536]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-10-30 136600]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"Wbcmgr"="wbcmgr.exe" [2007-12-10 c:\windows\system32\wbcmgr.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-11-08 219136]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-08 110592]
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Programmi\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Programmi\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2006-10-17 9216]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22a9f07f-ba86-11dc-97f4-001966322e81}]
\Shell\AutoRun\command - I:\1weicxa.com
\Shell\explore\Command - I:\1weicxa.com
\Shell\open\Command - I:\1weicxa.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d3aac00-c0ac-11dc-9853-001966322e81}]
\Shell\AutoRun\command - H:\1weicxa.com
\Shell\explore\Command - H:\1weicxa.com
\Shell\open\Command - H:\1weicxa.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a33a204-166d-11dd-b8b1-001966322e81}]
\Shell\AutoRun\command - H:\1weicxa.com
\Shell\explore\Command - H:\1weicxa.com
\Shell\open\Command - H:\1weicxa.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{717c8610-ba92-11dc-97f6-001966322e81}]
\Shell\AutoRun\command - I:\1weicxa.com
\Shell\explore\Command - I:\1weicxa.com
\Shell\open\Command - I:\1weicxa.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b1035df-b003-11dd-b9a5-00195b300101}]
\Shell\AutoRun\command - H:\1weicxa.com
\Shell\explore\Command - H:\1weicxa.com
\Shell\open\Command - H:\1weicxa.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a815c176-e352-11dc-99e6-001966322e81}]
\Shell\AutoRun\command - H:\1weicxa.com
\Shell\explore\Command - H:\1weicxa.com
\Shell\open\Command - H:\1weicxa.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac13ea8e-e869-11dc-9a2c-001966322e81}]
\Shell\AutoRun\command - H:\1weicxa.com
\Shell\explore\Command - H:\1weicxa.com
\Shell\open\Command - H:\1weicxa.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb0fe308-adc0-11dd-b995-00195b300101}]
\Shell\AutoRun\command - H:\1weicxa.com
\Shell\explore\Command - H:\1weicxa.com
\Shell\open\Command - H:\1weicxa.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f60192a1-8fd6-11dc-9695-001966322e81}]
\Shell\AutoRun\command - I:\1weicxa.com
\Shell\explore\Command - I:\1weicxa.com
\Shell\open\Command - I:\1weicxa.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9c8595e-b425-11dc-9780-001966322e81}]
\Shell\AutoRun\command - I:\1weicxa.com
\Shell\explore\Command - I:\1weicxa.com
\Shell\open\Command - I:\1weicxa.com
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
2008-11-13 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORFÃOS REMOVIDOS - - - -
HKCU-Run-egeyosk - c:\documents and settings\utente\impostazioni locali\dati applicazioni\egeyosk.exe
.
------- Supplementare di scansione -------
.
R0 -: HKCU-Main,Start Page =
hxxp://www.google.it/R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) =
hxxp://www.google.com/search?q=%s
O8 -: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 -: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 -: {C4046502-6524-4d87-896C-878F57D1FF07} - f:\nuova cartella (2)\PokerStarsUpdate.exe
O9 -: {C4046502-6524-4d87-896C-878F57D1FF07} - f:\nuova cartella (2)\PokerStarsUpdate.exe -
O17 -: HKLM\CCS\Interface\{4AD00F10-3C7B-4803-98A4-F033115B12D7}: NameServer = 193.70.152.15 193.70.152.25
O16 -: CabBuilder -
hxxp://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cabc:\windows\Downloaded Program Files\OSDC5.OSD
c:\windows\Downloaded Program Files\InstallerControl.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-11-13 22:15:19
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-11-13 22.15.45
ComboFix-quarantined-files.txt 2008-11-13 21:15:41
Pre-Run: 1.531.904 byte disponibili
Post-Run: 1,696,899,072 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
201