warning sul desktop

[Danivan]

qualcuno mi puo aiutare a capire come fare a cancellare e sistemare il mio pc .Sul desktop mi compare una scritta warning, ho provato con : norton ,avast,adware,cclener, ma niente.il pc inoltre molto piu lento.... aiutoooooo
GRAZIE

[Luke57]

Ciao, disattiva l'antivirus e scarica combofix sul desktop da qui:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
disattiva il tea timer di spybot

Poi da start>esegui>nello spazio bianco copia e incolla, virgolette comprese:
"%userprofile%\desktop\combofix.exe" /killall
Premi OK, se tutto va bene parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione, se spariscono le icone dal desktop è normale),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , riavvia in modalità normale e posta il contenuto del file.

[Danivan]

Ciao, ho eseguito combofix......
...il risultato è questo lo allego qua sotto........
Non so cosa fare adesso......
Grazie

ComboFix 08-12-05.06 - Omar 2008-12-06 14.37.04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.572 [GMT 1:00]
Eseguito da: c:\documents and settings\Omar\desktop\combofix.exe
Interruttori di comando utilizzati :: /killall
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Omar\Impostazioni locali\Dati applicazioni\uecqa.dat
c:\documents and settings\Omar\Impostazioni locali\Dati applicazioni\uecqa_navps.dat
c:\documents and settings\Omar\Impostazioni locali\Dati applicazioni\uecqa_navtmp.dat

.
((((((((((((((((((((((((( Files Creati Da 2008-11-06 al 2008-12-06 )))))))))))))))))))))))))))))))))))
.

2008-12-06 14:37 . 2008-12-06 14:37 6,736 --a------ c:\windows\system32\drivers\PROCEXP90.SYS
2008-12-05 20:42 . 2008-12-05 20:42 <DIR> d-------- c:\documents and settings\Omar\Dati applicazioni\Sammsoft
2008-12-05 20:41 . 2008-12-05 20:41 <DIR> d-------- c:\programmi\Advanced Registry Optimizer
2008-12-04 21:12 . 2008-12-04 21:12 <DIR> d-------- c:\programmi\InCode Solutions
2008-12-03 19:28 . 2008-12-04 19:58 <DIR> d-------- c:\programmi\SUPERAntiSpyware
2008-12-03 19:28 . 2008-12-03 19:28 <DIR> d-------- c:\documents and settings\Omar\Dati applicazioni\SUPERAntiSpyware.com
2008-12-03 19:28 . 2008-12-03 19:28 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-12-02 21:53 . 2008-12-04 20:32 <DIR> d-------- c:\programmi\Spyware Doctor
2008-12-02 21:53 . 2008-12-02 21:53 <DIR> d-------- c:\documents and settings\Omar\Dati applicazioni\PC Tools
2008-12-02 21:53 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-02 21:53 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-02 21:53 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-02 21:53 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-01 18:39 . 2008-12-02 09:27 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-12-01 18:39 . 2008-12-01 18:39 <DIR> d-------- c:\documents and settings\Omar\Dati applicazioni\Malwarebytes
2008-12-01 18:39 . 2008-12-01 18:39 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-12-01 18:39 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-01 18:39 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-01 16:35 . 2008-12-03 19:27 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2008-11-29 11:55 . 2008-11-29 11:55 4,785 --a------ c:\windows\system32\warning.gif
2008-11-29 11:55 . 2008-11-29 11:55 3,104 --a------ c:\windows\system32\ntdll64.exe
2008-11-29 11:55 . 2008-11-29 11:55 1,349 --a------ c:\windows\system32\ahtn.htm
2008-11-29 11:54 . 2008-11-29 11:54 1 --a------ c:\windows\system32\test.ttt
2008-11-29 10:25 . 2002-01-05 03:38 54,784 --a------ c:\windows\system32\MSVCI70.DLL
2008-11-29 09:46 . 2005-02-09 12:59 14,165 --a------ c:\windows\system32\drivers\Pclepci.sys
2008-11-28 21:50 . 2005-09-23 23:18 171,520 --------- c:\windows\system32\drivers\MarvinBus.sys
2008-11-28 21:48 . 2008-11-28 21:48 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Pinnacle Studio Ultimate
2008-11-12 11:15 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 11:15 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 13:29 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-12-05 21:18 --------- d-----w c:\programmi\150 Giochi del GameBoy Advance
2008-12-04 19:37 --------- d-----w c:\programmi\File comuni\Symantec Shared
2008-12-03 16:53 --------- d-----w c:\programmi\Lavasoft
2008-11-29 12:11 --------- d-----w c:\programmi\Google
2008-11-29 10:01 --------- d-----w c:\programmi\Pinnacle
2008-11-29 09:12 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-11-28 21:52 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Pinnacle
2008-11-18 09:36 --------- d-----w c:\programmi\MediaCoder
2008-11-14 21:30 --------- d-----w c:\programmi\File comuni\Adobe
2008-11-12 15:04 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-11-12 09:14 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-11-08 14:09 --------- d-----w c:\documents and settings\Omar\Dati applicazioni\ArcSoft
2008-10-24 11:21 455,296 ------w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 08:43 --------- d-----w c:\documents and settings\Omar\Dati applicazioni\Ahead
2008-10-18 16:50 6,948 ----a-w C:\mediamp3.dat
2008-10-12 03:00 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Symantec
2008-10-11 18:11 --------- d-----w c:\documents and settings\Omar\Dati applicazioni\Sony Corporation
2008-01-22 17:04 85,592 -c--a-w c:\documents and settings\Omar\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-01-22 21:17 4 -c--a-w c:\documents and settings\Omar\Dati applicazioni\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"NBJ"="c:\programmi\Ahead\Nero BackItUp\NBJ.exe" [2004-09-24 1916928]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-01-10 1310720]
"AROReminder"="c:\programmi\Advanced Registry Optimizer\aro.exe" [2008-08-22 2084480]
"RemoveIT Pro v7Ent"="c:\programmi\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe" [2008-12-02 2177536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\programmi\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe" [2006-08-10 217088]
"Switcher.exe"="c:\programmi\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"VAIO Update 2"="c:\programmi\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552]
"HP Software Update"="d:\hp software update\HPWuSchd2.exe" [2004-02-12 49152]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2008-05-27 413696]
"FLMOFFICE4DMOUSE"="c:\programmi\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe" [2006-12-25 370176]
"osCheck"="c:\programmi\Norton AntiVirus\osCheck.exe" [2007-08-24 714608]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"USBToolTip"="c:\programmi\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2005-06-13 192512]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

c:\documents and settings\Omar\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
Stop Dialers.lnk.disabled [2007-02-01 706]
Utilit… di avvio Click to DVD Modalit… automatica.lnk.disabled [2008-05-18 723]
wkcalrem.LNK.disabled [2007-01-22 909]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk.disabled [2006-12-26 1877]
Alice ti aiuta.lnk.disabled [2007-02-20 1658]
Avvio rapido di HP Image Zone.lnk.disabled [2007-01-23 519]
BlueSoleil.lnk.disabled [2007-08-23 1557]
HP Digital Imaging Monitor.lnk.disabled [2007-01-23 1529]
Microsoft Office.lnk.disabled [2006-12-26 1748]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2006-10-19 09:12 258048 c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 15:11 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" /background
"NBJ"="c:\programmi\Ahead\Nero BackItUp\NBJ.exe"
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
"SpybotSD TeaTimer"=c:\programmi\Spybot - Search & Destroy\TeaTimer.exe
"swg"=c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"uygooea"="c:\documents and settings\omar\impostazioni locali\dati applicazioni\uygooea.exe" uygooea

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Alcmtr"=ALCMTR.EXE
"Apoint"=c:\programmi\Apoint\Apoint.exe
"AzMixerSel"=c:\programmi\Realtek\InstallShield\AzMixerSel.exe
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe"
"ehTray"=c:\windows\ehome\ehtray.exe
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"="d:\hp software update\HPWuSchd2.exe"
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"FLMOFFICE4DMOUSE"=c:\programmi\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"ISBMgr.exe"=c:\programmi\Sony\ISB Utility\ISBMgr.exe
"ISTray"="c:\programmi\Spyware Doctor\pctsTray.exe"
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe"
"Mouse Suite 98 Daemon"=ICO.EXE
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"osCheck"="c:\programmi\Norton AntiVirus\osCheck.exe"
"PrepareYourVAIO"=c:\programmi\Sony\Prepare your VAIO\PYVAlert.exe
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime
"SkyTel"=SkyTel.EXE
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe"
"Switcher.exe"=c:\programmi\Sony\Wireless Switch Setting Utility\Switcher.exe
"VAIO Update 2"="c:\programmi\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Sony\\Click to DVD 2\\CtoDvd.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-25 78416]
R1 SASDIFSV;SASDIFSV;\??\c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;\??\c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [2007-01-09 30720]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-08-25 20560]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon [2007-08-24 149864]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-29 99376]
R3 SASENUM;SASENUM;\??\c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-08-23 226304]
S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB []
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2007-05-29 23888]
S3 EraserUtilDrv10820;EraserUtilDrv10820;\??\c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilDrv10820.sys []
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;c:\programmi\Sony\Image Converter 2\IcVzMon.exe [2006-12-25 32768]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [2008-12-02 356920]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81263d3d-e3a5-11db-9fc0-0013a97e01df}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf0a0e11-e569-11dc-a0dd-0018de3eb1cb}]
\Shell\AutoRun\command - qphotux.exe
\Shell\explore\Command - qphotux.exe
\Shell\open\Command - qphotux.exe
.
Contenuto della cartella 'Scheduled Tasks'

2008-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-12-04 c:\windows\Tasks\Norton AntiVirus - Scansione completa sistema - Omar.job
- c:\programmi\Norton AntiVirus\Navw32.exe [2007-08-26 18:19]

2008-12-06 c:\windows\Tasks\User_Feed_Synchronization-{9B4D9B71-1724-4584-A902-18A0D53BB988}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 02:05]
.
- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-LaunchList - i:\pinacle\LaunchList.exe


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.google.it/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Converter... - c:\programmi\MP3 Player Utilities 4.18\AMVConverter\grab.html
IE: Aggiungi sito di supporto RSS a VAIO Information FLOW - c:\programmi\Sony\VAIO Information FLOW\aiesc.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Trasferimento tramite Image Converter 2 Plus - c:\programmi\Sony\Image Converter 2\menu.htm
Trusted Zone: *.sony-europe.com
Trusted Zone: *.sonystyle-europe.com
Trusted Zone: *.vaio-link.com

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
.
------- Associazioni di file -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 14:43:17
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(1172)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\VESWinlogon.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\programmi\Lavasoft\Ad-Aware\aawservice.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\WgaTray.exe
c:\programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\programmi\IVT Corporation\BlueSoleil\BTNtService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\HPZipm12.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\programmi\Sony\VAIO Event Service\VESMgr.exe
c:\programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
c:\programmi\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-06 14:49:29 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-06 13:49:24

Pre-Run: 18.540.834.816 byte disponibili
Post-Run: 18,532,446,208 byte disponibili

273 --- E O F --- 2008-11-12 15:07:35

[Luke57]

Ciao, adesso scarica navilog da qui:
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
installalo e fai doppio click sull'icona navilog1 che si è creata sul desktop
quando ti chiede che lingua selezionare digita E per selezionare l'inglese e clicca invio
continua premendo un tasto qualsiasi per andare avanti
poi digita 1 per avviare la ricerca e clicca invio
Una volta finita la scansione, chiudi il programma.
Poi, riavvialo e apri di nuovo navilog
ma stavolta invece di digitare 1 come prima digita 2 e clicca invio
inizierà a rimuovere i file nascosti
poi riavvierà automaticamente il sistema
al riavvio spetta che finisca la rimozione
se tutto è andato bene si aprirà un file di testo con il risultato (C:\cleannavi.txt‎ )
allegalo a un post.

[Danivan]

Fatta anche questa operazione.........

il file di tesco è questo.......

ps. dopo aver eseguito combofix riesco a modificare il desktop mentre prima non me lo permetteva, così non mi compare più la scritta warning mi sembra in ogni caso ancora lento!!!!!
Grazie ancora....


Navipromo Removal version 3.6.9 started on 2008-12-06 at 16:21:19.71

Fix running from C:\Programmi\navilog1
Actual User Account : "Omar"

Updated on 05.11.2008 at 21h00 by IL-MAFIOSO


Microsoft Windows XP [Versione 5.1.2600]
Internet Explorer : 8.0.6001.18241
Filesystem type : NTFS

Automatic removal
with Catchme and GNS results


Cleanning stage done on Reboot


*** fsbl1.txt not found ***
(Check that Catchme found nothing in Search Mode)


*** Deleting with Backups GenericNaviSearch results ***

* Deletion in "C:\WINDOWS\System32" *


* Deletion in "C:\Documents and Settings\Omar\impost~1\datiap~1" *


* Deletion in "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" *


*** Deleting folders in "C:\WINDOWS" ***


*** Deleting folders in "C:\Programmi" ***


*** Deleting folders in "C:\Documents and Settings\All Users\menuav~1\progra~1" ***


*** Deleting folders in "C:\Documents and Settings\All Users\menuav~1" ***


*** Deleting folders in "c:\docume~1\alluse~1\datiap~1" ***


*** Deleting folders in "C:\Documents and Settings\Omar\datiap~1" ***


*** Deleting folders in "C:\DOCUME~1\ADMINI~1\datiap~1" ***


*** Deleting folders in "C:\Documents and Settings\Omar\impost~1\datiap~1" ***


*** Deleting folders in "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" ***


*** Deleting folders in "C:\Documents and Settings\Omar\menuav~1\progra~1" ***


*** Deleting folders in "C:\DOCUME~1\ADMINI~1\menuav~1\progra~1" ***



*** Deleting files ***


*** Deleting temporary files ***

Cleaning of C:\WINDOWS\Temp done !
Cleaning of C:\Documents and Settings\Omar\impost~1\Temp done !

*** Complementary Search ***
(Search specific files)

1)Deletion with backups new Instant Access files:

2)Heuristic search and deletion with backups :


* In "C:\WINDOWS\system32" *


* In "C:\Documents and Settings\Omar\impost~1\datiap~1" *


* In "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" *


*** Copy Registry to Safebackup folder ***

Backing up Registry done !

*** Cleaning Registry ***

Registry cleaned


*** Certificates ***

Egroup Certificate not found !
Electronic-Group Certificate deleted !
Montorgueil Certificate not found !
OOO-Favorit Certificate deleted !
Sunny-Day-Design-Ltd Certificate not found !

*** Cleaning stage complete on 2008-12-06 at 16:26:25.81 ***

[Luke57]

Ciao, adesso apri un file di testo dal blocco note di windows e incollaci questo codice:

Codice: Seleziona tutto

File::
c:\windows\system32\ntdll64.exe
c:\windows\system32\ahtn.htm

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf0a0e11-e569-11dc-a0dd-0018de3eb1cb}]

salvalo nella stessa direzione di o combofix.exe chiamandolo obbligatoriamente CFScript.txt
trascinalo con il puntatore del mouse sull'icona di combofix per una nuova scansione. Al riavvio, posta il nuovo report, se prodotto.

[Danivan]

Ecco il testo spero di aver eseguito come dovevo......


ComboFix 08-12-05.06 - Omar 2008-12-06 17:05:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.458 [GMT 1:00]
Eseguito da: c:\documents and settings\Omar\Desktop\ComboFix.exe
Interruttori di comando utilizzati :: c:\documents and settings\Omar\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

FILE ::
c:\windows\system32\ahtn.htm
c:\windows\system32\ntdll64.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ahtn.htm
c:\windows\system32\ntdll64.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-11-06 al 2008-12-06 )))))))))))))))))))))))))))))))))))
.

2008-12-06 16:08 . 2008-12-06 16:26 <DIR> d-------- c:\programmi\Navilog1
2008-12-05 20:42 . 2008-12-05 20:42 <DIR> d-------- c:\documents and settings\Omar\Dati applicazioni\Sammsoft
2008-12-05 20:41 . 2008-12-05 20:41 <DIR> d-------- c:\programmi\Advanced Registry Optimizer
2008-12-04 21:12 . 2008-12-04 21:12 <DIR> d-------- c:\programmi\InCode Solutions
2008-12-03 19:28 . 2008-12-06 15:29 <DIR> d-------- c:\programmi\SUPERAntiSpyware
2008-12-03 19:28 . 2008-12-03 19:28 <DIR> d-------- c:\documents and settings\Omar\Dati applicazioni\SUPERAntiSpyware.com
2008-12-03 19:28 . 2008-12-03 19:28 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-12-02 21:53 . 2008-12-04 20:32 <DIR> d-------- c:\programmi\Spyware Doctor
2008-12-02 21:53 . 2008-12-02 21:53 <DIR> d-------- c:\documents and settings\Omar\Dati applicazioni\PC Tools
2008-12-02 21:53 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-02 21:53 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-02 21:53 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-02 21:53 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-01 18:39 . 2008-12-02 09:27 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-12-01 18:39 . 2008-12-01 18:39 <DIR> d-------- c:\documents and settings\Omar\Dati applicazioni\Malwarebytes
2008-12-01 18:39 . 2008-12-01 18:39 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-12-01 18:39 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-01 18:39 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-01 16:35 . 2008-12-03 19:27 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2008-11-29 11:55 . 2008-11-29 11:55 4,785 --a------ c:\windows\system32\warning.gif
2008-11-29 11:54 . 2008-11-29 11:54 1 --a------ c:\windows\system32\test.ttt
2008-11-29 10:25 . 2002-01-05 03:38 54,784 --a------ c:\windows\system32\MSVCI70.DLL
2008-11-29 09:46 . 2005-02-09 12:59 14,165 --a------ c:\windows\system32\drivers\Pclepci.sys
2008-11-28 21:50 . 2005-09-23 23:18 171,520 --------- c:\windows\system32\drivers\MarvinBus.sys
2008-11-28 21:48 . 2008-11-28 21:48 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Pinnacle Studio Ultimate
2008-11-12 11:15 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 11:15 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 13:29 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-12-05 21:18 --------- d-----w c:\programmi\150 Giochi del GameBoy Advance
2008-12-04 19:37 --------- d-----w c:\programmi\File comuni\Symantec Shared
2008-12-03 16:53 --------- d-----w c:\programmi\Lavasoft
2008-11-29 12:11 --------- d-----w c:\programmi\Google
2008-11-29 10:01 --------- d-----w c:\programmi\Pinnacle
2008-11-29 09:12 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-11-28 21:52 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Pinnacle
2008-11-18 09:36 --------- d-----w c:\programmi\MediaCoder
2008-11-14 21:30 --------- d-----w c:\programmi\File comuni\Adobe
2008-11-12 15:04 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-11-12 09:14 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-11-08 14:09 --------- d-----w c:\documents and settings\Omar\Dati applicazioni\ArcSoft
2008-10-24 11:21 455,296 ------w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 08:43 --------- d-----w c:\documents and settings\Omar\Dati applicazioni\Ahead
2008-10-18 16:50 6,948 ----a-w C:\mediamp3.dat
2008-10-16 13:13 202,776 ------w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ------w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ------w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ------w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ------w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ------w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ------w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ------w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ------w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ------w c:\windows\system32\muweb.dll
2008-10-12 03:00 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Symantec
2008-10-11 18:11 --------- d-----w c:\documents and settings\Omar\Dati applicazioni\Sony Corporation
2008-09-30 15:43 1,286,152 ------w c:\windows\system32\msxml4.dll
2008-09-15 15:24 1,846,400 ------w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-01-22 17:04 85,592 -c--a-w c:\documents and settings\Omar\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-01-22 21:17 4 -c--a-w c:\documents and settings\Omar\Dati applicazioni\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-06_14.48.48.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-06 15:24:35 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4cc.dat
+ 2008-12-06 15:24:46 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_950.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"NBJ"="c:\programmi\Ahead\Nero BackItUp\NBJ.exe" [2004-09-24 1916928]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"AROReminder"="c:\programmi\Advanced Registry Optimizer\aro.exe" [2008-08-22 2084480]
"RemoveIT Pro v7Ent"="c:\programmi\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe" [2008-12-02 2177536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\programmi\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe" [2006-08-10 217088]
"Switcher.exe"="c:\programmi\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"VAIO Update 2"="c:\programmi\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552]
"HP Software Update"="d:\hp software update\HPWuSchd2.exe" [2004-02-12 49152]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2008-05-27 413696]
"FLMOFFICE4DMOUSE"="c:\programmi\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe" [2006-12-25 370176]
"osCheck"="c:\programmi\Norton AntiVirus\osCheck.exe" [2007-08-24 714608]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"USBToolTip"="c:\programmi\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2005-06-13 192512]
"LaunchList"="i:\pinacle\LaunchList.exe" [BU]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

c:\documents and settings\Omar\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
Stop Dialers.lnk.disabled [2007-02-01 706]
Utilit… di avvio Click to DVD Modalit… automatica.lnk.disabled [2008-05-18 723]
wkcalrem.LNK.disabled [2007-01-22 909]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk.disabled [2006-12-26 1877]
Alice ti aiuta.lnk.disabled [2007-02-20 1658]
Avvio rapido di HP Image Zone.lnk.disabled [2007-01-23 519]
BlueSoleil.lnk.disabled [2007-08-23 1557]
HP Digital Imaging Monitor.lnk.disabled [2007-01-23 1529]
Microsoft Office.lnk.disabled [2006-12-26 1748]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 15:11 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" /background
"NBJ"="c:\programmi\Ahead\Nero BackItUp\NBJ.exe"
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
"SpybotSD TeaTimer"=c:\programmi\Spybot - Search & Destroy\TeaTimer.exe
"swg"=c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"uygooea"="c:\documents and settings\omar\impostazioni locali\dati applicazioni\uygooea.exe" uygooea

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Alcmtr"=ALCMTR.EXE
"Apoint"=c:\programmi\Apoint\Apoint.exe
"AzMixerSel"=c:\programmi\Realtek\InstallShield\AzMixerSel.exe
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe"
"ehTray"=c:\windows\ehome\ehtray.exe
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"="d:\hp software update\HPWuSchd2.exe"
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"FLMOFFICE4DMOUSE"=c:\programmi\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"ISBMgr.exe"=c:\programmi\Sony\ISB Utility\ISBMgr.exe
"ISTray"="c:\programmi\Spyware Doctor\pctsTray.exe"
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe"
"Mouse Suite 98 Daemon"=ICO.EXE
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"osCheck"="c:\programmi\Norton AntiVirus\osCheck.exe"
"PrepareYourVAIO"=c:\programmi\Sony\Prepare your VAIO\PYVAlert.exe
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime
"SkyTel"=SkyTel.EXE
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe"
"Switcher.exe"=c:\programmi\Sony\Wireless Switch Setting Utility\Switcher.exe
"VAIO Update 2"="c:\programmi\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Sony\\Click to DVD 2\\CtoDvd.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-25 78416]
R1 SASKUTIL;SASKUTIL;\??\c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [2007-01-09 30720]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-08-25 20560]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon [2007-08-24 149864]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-29 99376]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-08-23 226304]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2007-05-29 23888]
S3 EraserUtilDrv10820;EraserUtilDrv10820;\??\c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilDrv10820.sys []
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;c:\programmi\Sony\Image Converter 2\IcVzMon.exe [2006-12-25 32768]
S3 SASENUM;SASENUM;\??\c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [2008-12-02 356920]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81263d3d-e3a5-11db-9fc0-0013a97e01df}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
.
Contenuto della cartella 'Scheduled Tasks'

2008-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-12-04 c:\windows\Tasks\Norton AntiVirus - Scansione completa sistema - Omar.job
- c:\programmi\Norton AntiVirus\Navw32.exe [2007-08-26 18:19]

2008-12-06 c:\windows\Tasks\User_Feed_Synchronization-{9B4D9B71-1724-4584-A902-18A0D53BB988}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 02:05]
.
- - - - ORFÃOS REMOVIDOS - - - -

Notify-!SASWinLogon - (no file)


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Converter... - c:\programmi\MP3 Player Utilities 4.18\AMVConverter\grab.html
IE: Aggiungi sito di supporto RSS a VAIO Information FLOW - c:\programmi\Sony\VAIO Information FLOW\aiesc.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Trasferimento tramite Image Converter 2 Plus - c:\programmi\Sony\Image Converter 2\menu.htm
Trusted Zone: *.sony-europe.com
Trusted Zone: *.sonystyle-europe.com
Trusted Zone: *.vaio-link.com

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 17:07:50
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(1148)
c:\windows\system32\VESWinlogon.dll
.
Ora fine scansione: 2008-12-06 17:09:05
ComboFix-quarantined-files.txt 2008-12-06 16:09:02
ComboFix2.txt 2008-12-06 13:49:31

Pre-Run: 18,313,564,160 byte disponibili
Post-Run: 18,299,285,504 byte disponibili

244 --- E O F --- 2008-11-12 15:07:35

[Luke57]

Ciao, hai fatto bene, per non farti fare un'altra scansione con combofix, apri il registro di sistema:
start>esegui>regedit (lo digiti nello spazio)>OK
aperto l'editor del registro, cliccando sul segno più accanto alle singole voci segui questo percorso:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
click sulla cartella run
se all'interno di essa, trovi sulla parte destra la scritta:
"uygooea"="c:\documents and settings\omar\impostazioni locali\dati applicazioni\uygooea.exe" uygooea
click tasto dx del mouse su di essa e scegli Elimina
Chiudi il registro, visualizzi file e cartella nascosti (risorse del computer>strumenti>opzioni cartella>visualizzazione, metti la spunta a visualizza file e cartelle nascosti >OK).
Cerchi il seguente file:
c:\documents and settings\omar\impostazioni locali\dati applicazioni\uygooea.exe
se presente, lo elimini.

[Danivan]

Ciao, abbiamo abbandonato il computer per un pò scusateci..................
Ad ogni modo ho controllato nel registro e nelle impostazioni locali, in quest'ultima non cera yugogea!!!!!!
Adesso mi sembra che vada bene....un pò lento ma forse è la macchina o tutti gli antivirus che abbiamo installato per cercar di eliminare il virus!!!!!
Chiedo un ultima informazione.... ho visto che nelle scansioni che ci avete chiesto di fare esce una voce in rosso la quale dice che manca la console di ripristino di windows......secondo voi devo far qualcosa ???????

IN TANTO VI RINGRAZIAMO TANTISSIMO PER AVERCI AIUTATO A SCONFIGGERE L'INTRUSO!!!!!!


Buone feste
Dany e Ivan

[Luke57]

Ciao, è combofix che fa notare la mancanza della consolle di ripristino, il messaggio può essere ignorato, per la lentezza del computer, scarica Navilog sul desktop
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

installalo e fai doppio click sull'icona navilog1 che si è creata sul desktop
quando ti chiede che lingua selezionare digita E per selezionare l'inglese e clicca invio
continua premendo un tasto qualsiasi per andare avanti
poi digita 1 per avviare la ricerca e clicca invio
aspetta che finisca la scansione finchè si aprirà il blocco note
metti in allegato il file C:\fixnavi.txt
installalo e fai doppio click sull'icona navilog1 che si è creata sul desktop
quando ti chiede che lingua selezionare digita E per selezionare l'inglese e clicca invio
continua premendo un tasto qualsiasi per andare avanti
poi digita 1 per avviare la ricerca e clicca invio
aspetta che finisca la scansione finchè si aprirà il blocco note
metti in allegato il file C:\fixnavi.txt

[Danivan]

Eccoci ancora qua........ho allegato il file di navilog1!!!!!
Ora si è aggiunto un'altro problema il computer non riesce più a vedere cosa c'è su un disco esterno che abbiamo sempre collegato..........mi esce la "j:" che indica il collegamento ma me lo presenta vuoto senza cartelle.....però su proprietà si vede lo spazio occupato !!!! Non so se centra con virus o se è andato l'hardisk......
Sapete se c'è un sistema per metterlo di nuovo in funzione ????

Ciao e mille grazie!!


Search Navipromo version 3.7.0 began on 2008-12-24 at 15:45:37.84

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!

Fix running from C:\Programmi\navilog1

Updated on 10.12.2008 at 21h00 by IL-MAFIOSO

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T2050 @ 1.60GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : Omar ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1296 [VPS 081224-0] 4.8.1296 (Activated)
Firewall : Norton AntiVirus 15.0.0.58 (Activated)

C:\ (Local Disk) - NTFS - Total:46 Go (Free:19 Go)
D:\ (Local Disk) - NTFS - Total:38 Go (Free:16 Go)
E:\ (USB)
F:\ (USB)
G:\ (CD or DVD)
H:\ (CD or DVD)
J:\ (Local Disk) - FAT32 - Total:465 Go (Free:332 Go)


Search done in normal mode

*** Searching for installed Software ***


*** Search folders in "C:\WINDOWS" ***


*** Search folders in "C:\Programmi" ***


*** Search folders in "C:\Documents and Settings\All Users\menuav~1\progra~1" ***


*** Search folders in "C:\Documents and Settings\All Users\menuav~1" ***


*** Search folders in "c:\docume~1\alluse~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\Omar\datiap~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\Omar\impost~1\datiap~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\Omar\menuav~1\progra~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\menuav~1\progra~1" ***


*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net



*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "C:\WINDOWS\system32" *

* Scan in "C:\Documents and Settings\Omar\impost~1\datiap~1" *

* Scan in "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" *



*** Search files ***



*** Search specific Registry keys ***
!! Following keys are not certainly all infected !!


*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :


2)Heuristic Search :

* In "C:\WINDOWS\system32" :


* In "C:\Documents and Settings\Omar\impost~1\datiap~1" :


* In "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" :


3)Certificates Search :

Egroup certificate not found !
Electronic-Group certificate not found !
Montorgueil certificate not found !
OOO-Favorit certificate not found !
Sunny-Day-Design-Ltd certificate not found !

4)Search others known folders and files :



*** Search completed on 2008-12-24 at 15:52:34.14 ***