Condividi:        

MALWARE mi stà uccidndo il PC !!! AIUTO !!!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

MALWARE mi stà uccidndo il PC !!! AIUTO !!!

Postdi Cash_and_Carry » 05/12/08 20:45

... Amici di PC-Facile rieccomi ancora qui per un problema al mio Pc ... sono infetto da un malware ( o come cvolo si scive!) che mi ha blocato l'antivirus (AVG 8.0) !!!

... non mi fa andare neanche in modalità provvisoria ...

... non posso nemmeno postarvi il log di Hijackthis perchè non me lo fà usare ... !!!

... cosa posso fare ?!? :(
Cash_and_Carry
Utente Junior
 
Post: 69
Iscritto il: 06/09/06 15:16
Località: Pavia

Sponsor
 

Re: MALWARE mi stà uccidndo il PC !!! AIUTO !!!

Postdi newgeppetto » 05/12/08 21:14

La cosa + semplice e veloce e sicura che puoi fare è staccare l'hd dal tuo computer.
Lo installi poi nel computer di un tuo amico ( collega ) e gli fai fare la scansione con un antivirus e antispywere.
una volta rimosso tutto lo rimonti nel tuo computer.
newgeppetto
Utente Junior
 
Post: 75
Iscritto il: 06/11/05 22:05

Re: MALWARE mi stà uccidndo il PC !!! AIUTO !!!

Postdi Luke57 » 05/12/08 21:25

Cash_and_Carry ha scritto:... Amici di PC-Facile rieccomi ancora qui per un problema al mio Pc ... sono infetto da un malware ( o come cvolo si scive!) che mi ha blocato l'antivirus (AVG 8.0) !!!

... non mi fa andare neanche in modalità provvisoria ...

... non posso nemmeno postarvi il log di Hijackthis perchè non me lo fà usare ... !!!

... cosa posso fare ?!? :(


Ciao, scarica combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
devi rinominare il file prima di salvarlo sul desktop in abc.exe
(per rinominare il file, quando lo scarichi ti chiede dove salvarlo e ti compare la casella "nome file" ,basta che cambi il nome che ti appare in abc.exe)

Fatto ciò, clicca su start>esegui, nel box bianco copia e incolla questo comando, virgolette comprese:
"%userprofile%\desktop\abc.exe" /killall

Premi OK, se tutto va bene parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , riavvia e posta il contenuto del file.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: MALWARE mi stà uccidndo il PC !!! AIUTO !!!

Postdi Cash_and_Carry » 06/12/08 20:23

... grazie per la risp ;)


... ho fatto tutto però non trovo il file combofix.txt in C: ... cosa devo fare ? rifaccio tutto ? :undecided:
Cash_and_Carry
Utente Junior
 
Post: 69
Iscritto il: 06/09/06 15:16
Località: Pavia

Re: MALWARE mi stà uccidndo il PC !!! AIUTO !!!

Postdi Cash_and_Carry » 06/12/08 20:25

... Ah no forse è questo ?



ComboFix 08-12-05.01 - Marco Barbieri 2008-12-05 21.03.45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.256 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Marco Barbieri\desktop\abc.exe
Interruttori di comando utilizzati :: /killall
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Marco Barbieri\Dati applicazioni\hidires
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\msnimport.exe
C:\WINDOWS\system32\cbXOeDWo.dll
C:\WINDOWS\system32\cmmgr32.exe
C:\WINDOWS\system32\oWDeOXbc.ini
C:\WINDOWS\system32\oWDeOXbc.ini2
C:\WINDOWS\system32\xxyYSIBt.dll
C:\WINDOWS\Tasks\ouisrdtn.job
Cash_and_Carry
Utente Junior
 
Post: 69
Iscritto il: 06/09/06 15:16
Località: Pavia

Re: MALWARE mi stà uccidndo il PC !!! AIUTO !!!

Postdi Luke57 » 06/12/08 22:26

Ciao, hai postato solo una piccola parte del log, va incollato tutto.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: MALWARE mi stà uccidndo il PC !!! AIUTO !!!

Postdi Cash_and_Carry » 07/12/08 21:03

... è vero ... perdonatemi ... ecco tutto!


ComboFix 08-12-05.01 - Marco Barbieri 2008-12-05 21.03.45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.256 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Marco Barbieri\desktop\abc.exe
Interruttori di comando utilizzati :: /killall
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Marco Barbieri\Dati applicazioni\hidires
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\msnimport.exe
C:\WINDOWS\system32\cbXOeDWo.dll
C:\WINDOWS\system32\cmmgr32.exe
C:\WINDOWS\system32\oWDeOXbc.ini
C:\WINDOWS\system32\oWDeOXbc.ini2
C:\WINDOWS\system32\xxyYSIBt.dll
C:\WINDOWS\Tasks\ouisrdtn.job

----- BITS: Sites possivelmente infetados -----

hxxp://childhe.com
.
((((((((((((((((((((((((( Files Creati Da 2008-11-05 al 2008-12-05 )))))))))))))))))))))))))))))))))))
.

2008-12-05 20:35 . 2008-12-05 20:35 <DIR> d-------- C:\Programmi\Trend Micro
2008-12-04 20:12 . 2008-12-04 20:12 34,816 --a------ C:\WINDOWS\system32\ddcApqqq.dll
2008-11-30 21:23 . 2008-12-02 21:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-11-30 21:23 . 2008-11-30 21:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-11-13 16:47 . 2008-10-24 12:21 455,296 --a------ C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-11-13 16:46 . 2008-09-04 18:15 1,106,944 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 19:10 --------- d-----w C:\Programmi\eMule
2008-10-30 00:40 --------- d-----w C:\Programmi\File comuni\Adobe
2008-10-30 00:40 --------- d-----w C:\Programmi\Bonjour
2008-10-30 00:23 --------- d-----w C:\Programmi\File comuni\Macrovision Shared
2008-10-24 11:21 455,296 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2006-11-05 17:29 174 ----a-w C:\Documents and Settings\Marco Barbieri\Dati applicazioni\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2008-12-04 20:12 34816 --a------ C:\WINDOWS\system32\ddcApqqq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 18:14 15360]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 15:19 5728112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-11-27 14:24 1261336]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"ISUSPM Startup"="C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 15:50 221184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 18:14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "C:\WINDOWS\system32\ddcApqqq.dll" [2008-12-04 20:12 34816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcApqqq]
2008-12-04 20:12 34816 C:\WINDOWS\system32\ddcApqqq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
Cash_and_Carry
Utente Junior
 
Post: 69
Iscritto il: 06/09/06 15:16
Località: Pavia

Re: MALWARE mi stà uccidndo il PC !!! AIUTO !!!

Postdi Luke57 » 07/12/08 21:39

Ma non ti riesce copiarlo e incollarlo per quanto è lungo? Lo propini come se fosse una medicina, boh.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: MALWARE mi stà uccidndo il PC !!! AIUTO !!!

Postdi Cash_and_Carry » 07/12/08 21:48

... Mi dispiace ma è così !!! ... finisce lì c'è piu niente :-?
Cash_and_Carry
Utente Junior
 
Post: 69
Iscritto il: 06/09/06 15:16
Località: Pavia

Re: MALWARE mi stà uccidndo il PC !!! AIUTO !!!

Postdi Luke57 » 07/12/08 21:52

Cash_and_Carry ha scritto:... Mi dispiace ma è così !!! ... finisce lì c'è piu niente :-?

Ciao, sei infetto dal bagle, elimina abc.exe che hai sul computer.
Poi riesegui daccapo questa perocedura:
scarica combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
devi rinominare il file prima di salvarlo sul desktop in abc.exe
(per rinominare il file, quando lo scarichi ti chiede dove salvarlo e ti compare la casella "nome file" ,basta che cambi il nome che ti appare in abc.exe)

Fatto ciò, clicca su start>esegui, nel box bianco copia e incolla questo comando, virgolette comprese:
"%userprofile%\desktop\abc.exe" /killall

Premi OK, se tutto va bene parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , riavvia e posta il contenuto del file.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: MALWARE mi stà uccidndo il PC !!! AIUTO !!!

Postdi Cash_and_Carry » 07/12/08 23:00

... Ah ecco qui tutto ... ho rifatto tutto e ho aspettato che facesse il report.


ComboFix 08-12-05.01 - Marco Barbieri 2008-12-07 22:04:52.2 - NTFSx86
Running from: c:\documents and settings\Marco Barbieri\desktop\abc.exe
Command switches used :: /killall

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\MARCOB~1\IMPOST~1\Temp\tmp2.tmp
c:\windows\system32\bodvsjtd.dll
c:\windows\system32\cudixwsm.dll
c:\windows\system32\dcdMnnnn.ini
c:\windows\system32\dcdMnnnn.ini2
c:\windows\system32\mcrh.tmp
c:\windows\system32\mswxiduc.ini
c:\windows\system32\nnnnMdcd.dll
c:\windows\system32\oenovccr.ini
c:\windows\system32\rccvoneo.dll
c:\windows\system32\rfnwxr.dll
c:\windows\system32\vmybyvdr.dll
c:\windows\system32\yyahgp.dll
.
---- Previous Run -------
.
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Marco Barbieri\Dati applicazioni\hidires
c:\windows\Downloaded Program Files\setup.inf
c:\windows\msnimport.exe
c:\windows\system32\cbXOeDWo.dll
c:\windows\system32\cmmgr32.exe
c:\windows\system32\oWDeOXbc.ini
c:\windows\system32\oWDeOXbc.ini2
c:\windows\system32\xxyYSIBt.dll
c:\windows\Tasks\ouisrdtn.job

.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-05 20:35 . 2008-12-05 20:35 <DIR> d-------- c:\programmi\Trend Micro
2008-12-04 20:12 . 2008-12-04 20:12 34,816 --a------ c:\windows\system32\ddcApqqq.dll
2008-11-13 16:47 . 2008-10-24 12:21 455,296 --a------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 16:46 . 2008-09-04 18:15 1,106,944 --a------ c:\windows\system32\dllcache\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 19:10 --------- d-----w c:\programmi\eMule
2008-10-30 00:40 --------- d-----w c:\programmi\File comuni\Adobe
2008-10-30 00:40 --------- d-----w c:\programmi\Bonjour
2008-10-30 00:23 --------- d-----w c:\programmi\File comuni\Macrovision Shared
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2006-11-05 17:29 174 ----a-w c:\documents and settings\Marco Barbieri\Dati applicazioni\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0586142F-F82F-4F60-837E-63D94E615773}]
c:\windows\system32\cbXOeDWo.dll [BU]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2008-12-04 20:12 34816 --a------ c:\windows\system32\ddcApqqq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 5728112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-02-16 282624]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\ddcApqqq.dll" [2008-12-04 34816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcApqqq]
2008-12-04 20:12 34816 c:\windows\system32\ddcApqqq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^BTTray.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Marco Barbieri^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma.lnk]
path=c:\documents and settings\Marco Barbieri\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2004-11-05 12:52 233534 c:\programmi\HPQ\Default Settings\Cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-13 18:14 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2004-12-03 12:24 290816 c:\programmi\HPQ\Quick Launch Buttons\eabservr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-01-22 19:31 126976 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 c:\programmi\Hp\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2005-01-21 12:40 790528 c:\programmi\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-01-22 19:36 155648 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 15:50 221184 c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 15:50 81920 c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-03-14 19:05 257088 c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2004-10-14 12:54 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2007-09-18 14:39 190024 c:\programmi\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-08-16 15:19 5728112 c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 10:54 282624 c:\programmi\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 c:\programmi\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-11-04 19:38 688218 c:\programmi\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-11-04 19:40 98394 c:\programmi\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-20 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-04 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-06-20 76040]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cbdaeda-60fb-11db-ae0d-0010c6e57e00}]
\Shell\AutoRun\command - E:\load.exe /CDROM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba132330-a7b0-11da-ac3d-0010c6e57e00}]
\Shell\AutoRun\command - D:\nideiect.com
\Shell\explore\Command - D:\nideiect.com
\Shell\open\Command - D:\nideiect.com
.
Contents of the 'Scheduled Tasks' folder

2007-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-01-10 15:42]

2008-12-07 c:\windows\Tasks\User_Feed_Synchronization-{010685F7-DF01-4D4A-9725-9D19A75A39C7}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]

2008-12-07 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1BA43F2B-8CC4-4469-B15D-5BB009854805} - c:\windows\system32\nnnnMdcd.dll
BHO-{b9984fb5-850e-4c59-9530-e1a8ef0b77d6} - c:\windows\system32\rfnwxr.dll
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-!AVG Anti-Spyware - c:\programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-ISTray - c:\programmi\Spyware Doctor\pctsTray.exe
MSConfigStartUp-MMReminderService - c:\programmi\Mindjet\MindManager 6\MMReminderService.exe
MSConfigStartUp-SUPERAntiSpyware - c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-swg - c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\ImageUploader5.ocx
O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
hxxp://www.digitalpix.com/Controls/Imag ... oader5.cab
c:\windows\Downloaded Program Files\ImageUploader5.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 22:40:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\ddcApqqq.dll
.
------------------------ Other Running Processes ------------------------
.
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\windows\system32\HPZipm12.exe
c:\programmi\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-12-07 22:54:50 - machine was rebooted [Marco Barbieri]
ComboFix-quarantined-files.txt 2008-12-07 21:54:41

Pre-Run: 54,099,234,816 byte disponibili
Post-Run: 54,145,228,800 byte disponibili

234 --- E O F --- 2008-11-13 19:02:07
Cash_and_Carry
Utente Junior
 
Post: 69
Iscritto il: 06/09/06 15:16
Località: Pavia

Re: MALWARE mi stà uccidndo il PC !!! AIUTO !!!

Postdi Luke57 » 08/12/08 10:17

Ciao, adesso apri un file di testo dal blocco note di windows e incollaci questo codice:

Codice: Seleziona tutto
File::
c:\windows\system32\cbXOeDWo.dll
c:\windows\system32\ddcApqqq.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0586142F-F82F-4F60-837E-63D94E615773}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcApqqq]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cbdaeda-60fb-11db-ae0d-0010c6e57e00}]

salvalo nella stessa direzione di combofix.exe (o abc.exe)chiamandolo obbligatoriamente CFScript.txt
trascinalo con il puntatore del mouse sull'icona di combofix per una nuova scansione. Al riavvio, posta il nuovo report, se prodotto.

Fatto ciò, scarca malwarebytes da qui:
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completata, posta il rapporto.
Per ora non rimuovere nulla.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: MALWARE mi stà uccidndo il PC !!! AIUTO !!!

Postdi Cash_and_Carry » 08/12/08 19:24

... Ho fatto la prima parte che mi hai detto ... questo è il report ... ora proseguo con la seconda parte


ComboFix 08-12-05.01 - Marco Barbieri 2008-12-08 16:00:24.3 - NTFSx86
Eseguito da: c:\documents and settings\Marco Barbieri\Desktop\abc.exe
Interruttori di comando utilizzati :: C:\CFScript.txt

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

FILE ::
c:\windows\system32\cbXOeDWo.dll
c:\windows\system32\ddcApqqq.dll
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\MARCOB~1\IMPOST~1\Temp\tmp1.tmp
c:\windows\system32\awttSJdd.dll
c:\windows\system32\ddcApqqq.dll
c:\windows\system32\ddJSttwa.ini
c:\windows\system32\ddJSttwa.ini2
c:\windows\system32\dtzrer.dll
c:\windows\system32\tvgbsnbv.ini
c:\windows\system32\vbnsbgvt.dll
c:\windows\system32\vmafjkuj.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-11-08 al 2008-12-08 )))))))))))))))))))))))))))))))))))
.

2008-12-05 20:35 . 2008-12-05 20:35 <DIR> d-------- c:\programmi\Trend Micro
2008-11-13 16:47 . 2008-10-24 12:21 455,296 --a------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 16:46 . 2008-09-04 18:15 1,106,944 --a------ c:\windows\system32\dllcache\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 19:10 --------- d-----w c:\programmi\eMule
2008-10-30 00:40 --------- d-----w c:\programmi\File comuni\Adobe
2008-10-30 00:40 --------- d-----w c:\programmi\Bonjour
2008-10-30 00:23 --------- d-----w c:\programmi\File comuni\Macrovision Shared
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2006-11-05 17:29 174 ----a-w c:\documents and settings\Marco Barbieri\Dati applicazioni\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 5728112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-02-16 282624]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll dtzrer.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^BTTray.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Marco Barbieri^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma.lnk]
path=c:\documents and settings\Marco Barbieri\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2004-11-05 12:52 233534 c:\programmi\HPQ\Default Settings\Cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-13 18:14 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2004-12-03 12:24 290816 c:\programmi\HPQ\Quick Launch Buttons\eabservr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-01-22 19:31 126976 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 c:\programmi\Hp\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2005-01-21 12:40 790528 c:\programmi\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-01-22 19:36 155648 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 15:50 221184 c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 15:50 81920 c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-03-14 19:05 257088 c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2004-10-14 12:54 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2007-09-18 14:39 190024 c:\programmi\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-08-16 15:19 5728112 c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 10:54 282624 c:\programmi\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 c:\programmi\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-11-04 19:38 688218 c:\programmi\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-11-04 19:40 98394 c:\programmi\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-20 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-04 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-06-20 76040]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba132330-a7b0-11da-ac3d-0010c6e57e00}]
\Shell\AutoRun\command - D:\nideiect.com
\Shell\explore\Command - D:\nideiect.com
\Shell\open\Command - D:\nideiect.com
.
Contenuto della cartella 'Scheduled Tasks'

2007-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-01-10 15:42]

2008-12-07 c:\windows\Tasks\User_Feed_Synchronization-{010685F7-DF01-4D4A-9725-9D19A75A39C7}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]

2008-12-07 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{9AB41696-907E-423D-8151-3392D16F67CF} - c:\windows\system32\awttSJdd.dll
BHO-{eda84207-d6c5-440a-9d58-d9061cd00e9a} - c:\windows\system32\dtzrer.dll


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\ImageUploader5.ocx
O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
hxxp://www.digitalpix.com/Controls/Imag ... oader5.cab
c:\windows\Downloaded Program Files\ImageUploader5.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 19:05:11
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\windows\system32\HPZipm12.exe
c:\programmi\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-08 19:16:36 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-08 18:16:17
ComboFix2.txt 2008-12-07 21:54:53

Pre-Run: 54,166,994,944 byte disponibili
Post-Run: 54,151,503,872 byte disponibili

196 --- E O F --- 2008-11-13 19:02:07
Cash_and_Carry
Utente Junior
 
Post: 69
Iscritto il: 06/09/06 15:16
Località: Pavia

Re: MALWARE mi stà uccidndo il PC !!! AIUTO !!!

Postdi Cash_and_Carry » 08/12/08 23:11

... Ecco ho fatto anche la scansione ... ha trovato un bel pò di roba ehehe ...

... questo dovrebbe essere il rapporto


Malwarebytes' Anti-Malware 1.31
Versione del database: 1475
Windows 5.1.2600 Service Pack 3

2008-12-08 23:09:53
mbam-log-2008-12-08 (23-09-44).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 157180
Tempo trascorso: 1 hour(s), 49 minute(s), 42 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 4
Valori di registro infetti: 0
Elementi dato del registro infetti: 1
Cartelle infette: 0
File infetti: 20

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0709-0000-0000-000330050660} (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Qoobox\Quarantine\C\WINDOWS\system32\awttSJdd.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\bodvsjtd.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cbXOeDWo.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cudixwsm.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dtzrer.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nnnnMdcd.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rccvoneo.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rfnwxr.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vbnsbgvt.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vmafjkuj.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vmybyvdr.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xxyYSIBt.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yyahgp.dll.vir (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{8B7A22D4-A76E-4996-8147-5F0473E9EDE1}\RP4\A0001393.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{8B7A22D4-A76E-4996-8147-5F0473E9EDE1}\RP4\A0001394.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{8B7A22D4-A76E-4996-8147-5F0473E9EDE1}\RP4\A0001395.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{8B7A22D4-A76E-4996-8147-5F0473E9EDE1}\RP6\A0001483.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{8B7A22D4-A76E-4996-8147-5F0473E9EDE1}\RP6\A0001484.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{8B7A22D4-A76E-4996-8147-5F0473E9EDE1}\RP6\A0001486.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{8B7A22D4-A76E-4996-8147-5F0473E9EDE1}\RP6\A0001487.dll (Trojan.Vundo) -> No action taken.
Cash_and_Carry
Utente Junior
 
Post: 69
Iscritto il: 06/09/06 15:16
Località: Pavia

Re: MALWARE mi stà uccidndo il PC !!! AIUTO !!!

Postdi Luke57 » 09/12/08 08:45

Ciao, puoi rimuovere tutto quello trovato.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: MALWARE mi stà uccidndo il PC !!! AIUTO !!!

Postdi Cash_and_Carry » 09/12/08 15:05

... Fatto !!! ... il PC non mi dà piu problemi ... dici che sono pulito ?
Cash_and_Carry
Utente Junior
 
Post: 69
Iscritto il: 06/09/06 15:16
Località: Pavia

Re: MALWARE mi stà uccidndo il PC !!! AIUTO !!!

Postdi Luke57 » 09/12/08 23:11

Ciao, penso di sì, alla prossima ;)
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: MALWARE mi stà uccidndo il PC !!! AIUTO !!!

Postdi Cash_and_Carry » 10/12/08 01:15

... Ok !!! ... Grazie Mille ... gentilissimo come sempre ;)
Cash_and_Carry
Utente Junior
 
Post: 69
Iscritto il: 06/09/06 15:16
Località: Pavia


Torna a Sicurezza e Privacy


Topic correlati a "MALWARE mi stà uccidndo il PC !!! AIUTO !!!":

aiuto windows 10
Autore: mod360
Forum: Software Windows
Risposte: 1
aiuto installazione
Autore: mod360
Forum: Software Windows
Risposte: 3
aiuto x mobili
Autore: MarioLombardi
Forum: Forum off-topic
Risposte: 8

Chi c’è in linea

Visitano il forum: Nessuno e 71 ospiti