shel ha scritto:eseguile da modalita' provvisoria, e' meglio
intanto ti comunico che combofix non rileva piu' l'infezione nel MBR......mah!!! vedremo cosa fare
nel frattempo esegui queste due scansioni e posta i rapporti
devi chiudere i programmi, se ne hai aperto qualcuno o qualche pagina aperta, la scansione non deve interferire con niente
Ho fatto la scansione con findkill ma col tasto 1 perchè la scansione si fa col tasto 1, col tasto 2 si eliminano i file infetti. Adesso ti posto il report qua sotto, poi dimmi se devo eliminare i file infetti col tasto 2... o se fare direttamente la scansione con hitman
----------------- FindyKill V4.707 ------------------
* User: Gabriele - PORTATILE
* Executed from : C:\Programmi\FindyKill
* Update on 06/12/08 by Chiquitine29
* Start at 12:30:14 the 09/01/2010
* Windows XP - Internet Explorer 7.0.5730.11
((((((((((((((((( *** Searching *** ))))))))))))))))))
--------------- [ Active Processes ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
--------------- [ Infected files / folders ] ----------------
»»»» Presence Files in C:
»»»» Presence Files in C:\WINDOWS
»»»» Presence Files in C:\WINDOWS\Prefetch
Found ! - C:\WINDOWS\Prefetch\IAUPATCH.EXE-0B150001.pf
»»»» Presence Files in C:\WINDOWS\system32
»»»» Presence Files in C:\WINDOWS\system32\drivers
»»»» Presence Files in C:\Documents and Settings\Gabriele\Application Data
»»»» Presence Files in C:\DOCUME~1\Gabriele\IMPOST~1\Temp
»»»» Presence Files in C:\Documents and Settings\Gabriele\Local Settings\Temporary Internet Files\Content.IE5
Found ! [12/07/2007 18.13] - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Plugins\Local Cache\26A4AFDD6DB64A03ADFA6DAB836DB8D6_more.jpg
Found ! [10/11/2006 09.39] - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Plugins\Local Cache\7B5560BB781B40259A06350E9B643B6E_more.jpg
Found ! [06/07/2007 11.31] - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
Found ! [24/09/2007 20.43] - C:\Documents and Settings\Gabriele\Documenti\Mp3\Italiani\AlbumArt_{12BB764B-C788-441F-838A-0B649E2AF714}_Large.jpg
Found ! [24/09/2007 20.43] - C:\Documents and Settings\Gabriele\Documenti\Mp3\Italiani\AlbumArt_{12BB764B-C788-441F-838A-0B649E2AF714}_Small.jpg
--------------- [ Registry / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
updateMgr="C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
WMPNSCFG=C:\Programmi\Windows Media Player\WMPNSCFG.exe
PC Suite Tray="C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=
<NO NAME>=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ehTray=C:\WINDOWS\ehome\ehtray.exe
hpWirelessAssistant=C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
nwiz=nwiz.exe /installquiet /nodetect
MsmqIntCert=regsvr32 /s mqrt.dll
High Definition Audio Property Page Shortcut=CHDAudPropShortcut.exe
SynTPEnh=C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
QPService="C:\Programmi\HP\QuickPlay\QPService.exe"
HP Software Update=C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
QlbCtrl=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
Cpqset=C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe
RecGuard=C:\Windows\SMINST\RecGuard.exe
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
DAEMON Tools-1033="C:\Programmi\D-Tools\daemon.exe" -lang 1033
UfSeAgnt.exe="C:\Programmi\Trend Micro\Internet Security\UfSeAgnt.exe"
SunJavaUpdateSched="C:\Programmi\Java\jre6\bin\jusched.exe"
UserFaultCheck=%systemroot%\system32\dumprep 0 -u
QuickTime Task="C:\Programmi\QuickTime\qttask.exe" -atboottime
iTunesHelper="C:\Programmi\iTunes\iTunesHelper.exe"
NokiaMServer=C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles startup
HitmanPro35="C:\Programmi\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
[HKEY_CURRENT_USER\software\local appwizard-generated applications\GIOLViewer]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Installazione guidata]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\tisspwiz]
--------------- [ Registry / Infected keys ] ----------------
--------------- [ States / Services ] ----------------
+- Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - Type of startup = 3
EapHost - Type of startup = 3
Ip6Fw - Type of startup = 3
SharedAccess - Type of startup = 2
wuauserv - Type of startup = 2
wscsvc - Type of startup = 2
--------------- [ Searching in removable drives ] ----------------
+- Informations :
C: - Unit… fissa
D: - Unit… fissa
E: - Unit… fissa
+- Presence of files :
Found ! [30/11/2004 02.01][---hs----] - E:\info.exe
--------------- [ Registry / Mountpoint2 ] ----------------
-> Not found !
------------------- ! End of report ! --------------------