non mi si aprono alcuni programmi! tipo emule, msn..HELP!

[shel]

ve bene cosi', lascialo .....in sistem 32 e' legittimo



disinstalla il tuo antivirus e il tuo firewall e reinstallali puliti, oramai sono corrotti

riattiva i Servizi che il virus ha disattivato.
fai in questo modo:
Start\Esegui\SERVICES.MSC
Cerca questi Servizi:

Centro sicurezza PC.
Aggiornamenti automatici.
Connessioni di rete.
Zero Configuration reti senza fili.
Windows Firewall/ Condivisione connessione Internet (ICS).

Se ne trovi qualcuno disattivato lo devi riattivare cosi:
Clicca con il tasto destro sul Servizio,Proprietà\Tipo di avvio: Automatico\ Ok\ Avvia\ Ok.
DEVI RIAVVIARE IL PC perchè le modifiche vengano confermate.

Una volta riattivati i servizi che troverai disabilitati reinstalla il tuo antivirus

Se tutto funziona bene, riattiva il ripristino configurazione di sistema, e creane uno nuovo

[MikGio90]

questi servizi non li trovo:

Aggiornamenti automatici.
Zero Configuration reti senza fili.
Windows Firewall/ Condivisione connessione Internet (ICS).

per il momento non ho nessun antivirus e anti firewall, puoi consigliarmene qualcuno gratito ed efficace?

[shel]

apri un file di testo (dal blocco note di windows), al suo interno incollaci il seguente script:

file::
c:\users\Michele\AppData\Roaming\o24z9y1Q9hg9u.vbs
c:\users\Michele\AppData\Roaming\R7I2twMtNuddI.vbs
c:\users\Michele\AppData\Roaming\BHKBjnxDYVAa9.vbs
c:\users\Michele\AppData\Roaming\Ke4auEzpUXlNo.vbs
c:\users\Michele\AppData\Roaming\122r20GAWvvXN.vbs
c:\users\Michele\AppData\Roaming\J99vrFEqRFGVe5b.vbs
c:\users\Michele\AppData\Local\xcdhkmpz.bat
c:\windows\inf\Ovi Player\0010\tmp8BD1.tmp
c:\windows\inf\Ovi Player\0009\tmp8BD1.tmp
c:\windows\inf\Ovi Player\0000\tmp8BD1.tmp
c:\windows\inf\Ovi Player\tmp8BE2.tmp

salva il file nella stessa cartella dove hai messo combofix chiamandolo obbligatoriamente CFScript.txt

Fatto ciò, con il puntatore del mouse, trascina il file sull'icona di combofix.



Il programma avvierà una nuova scansione, come la precedente. Non fare e non muovere nulla. Al termine di essa, se non si riavvierà automaticamente il computer, fallo tu. Allega il nuovo file c:\combofix.txt prodotto dalla scansione.

[MikGio90]

ComboFix 10-01-13.07 - Michele 14/01/2010 23.08.59.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.39.1040.18.2037.907 [GMT 1:00]
Eseguito da: c:\users\Michele\Downloads\ComboFix.exe
Opzioni usate :: c:\users\Michele\Downloads\CFScript.txt
.

((((((((((((((((((((((((( Files Creati Da 2009-12-14 al 2010-01-14 )))))))))))))))))))))))))))))))))))
.

2010-01-14 22:15 . 2010-01-14 22:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-14 22:15 . 2010-01-14 22:15 -------- d-----w- c:\users\Incomplete\AppData\Local\temp
2010-01-14 22:15 . 2010-01-14 22:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-14 20:31 . 2010-01-14 20:31 388096 ----a-r- c:\users\Michele\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-14 20:31 . 2010-01-14 20:31 -------- d-----w- c:\program files\TrendMicro
2010-01-14 20:13 . 2010-01-14 20:23 -------- d-----w- c:\program files\Navilog1
2010-01-14 17:53 . 2010-01-14 17:53 407304 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-01-14 14:35 . 2010-01-14 14:35 -------- d-----w- c:\users\Michele\AppData\Local\PackageAware
2010-01-14 11:11 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 11:11 . 2010-01-14 11:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 11:11 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 07:54 . 2010-01-14 07:54 -------- d-----w- c:\programdata\eMule AdunanzA
2010-01-14 07:54 . 2010-01-14 07:54 -------- d-----w- c:\program files\eMule AdunanzA
2010-01-13 21:20 . 2010-01-13 21:21 -------- d-----w- c:\program files\FindyKill
2010-01-13 20:26 . 2010-01-13 21:32 -------- d-----w- C:\FindyKill
2010-01-13 17:50 . 2010-01-13 17:50 16219 ----a-w- C:\Nuova cartella.zip
2010-01-13 16:39 . 2010-01-13 16:39 -------- d-----w- c:\program files\CCleaner
2010-01-13 12:31 . 2010-01-13 12:31 -------- d-----w- c:\users\Michele\AppData\Roaming\Malwarebytes
2010-01-13 12:30 . 2010-01-13 12:30 -------- d-----w- c:\programdata\Malwarebytes
2010-01-13 10:35 . 2010-01-14 14:21 -------- d-----w- c:\program files\Angle Interactive
2010-01-13 10:25 . 2010-01-13 10:25 -------- d-----w- c:\users\Michele\AppData\Local\eMule AdunanzA
2010-01-10 12:17 . 2010-01-10 12:17 1288481 ----a-w- c:\users\Michele\symella nokia 5800.zip
2010-01-10 12:16 . 2010-01-10 12:17 1290901 ----a-w- c:\users\Michele\symella nokia 5800 plus no-trial patch by FFF [working].zip
2009-12-23 02:16 . 2009-12-23 02:16 -------- d-----w- c:\users\Michele\AppData\Local\IsolatedStorage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 20:22 . 2008-07-09 07:54 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-14 19:41 . 2008-07-04 11:10 118072 ----a-w- c:\users\Michele\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-14 14:36 . 2010-01-14 14:36 -------- dc-h--w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}
2010-01-13 22:46 . 2009-10-21 19:56 -------- d-----w- c:\users\Michele\AppData\Roaming\drivers
2010-01-13 21:36 . 2010-01-13 21:36 1372 ----a-w- c:\users\Michele\AppData\Roaming\ewOOaj7HOTjIW81.vbs
2010-01-13 17:41 . 2009-11-27 19:36 -------- d-----w- c:\programdata\Skype
2010-01-13 12:13 . 2010-01-13 12:13 1372 ----a-w- c:\users\Michele\AppData\Roaming\MgTdPqIewG3tE.vbs
2010-01-13 10:35 . 2009-12-15 22:14 -------- d-----w- c:\users\Michele\AppData\Roaming\Lavasoft
2010-01-13 10:12 . 2008-10-30 21:00 -------- d-----w- c:\programdata\Avira
2010-01-13 10:11 . 2008-07-11 05:31 26946 ----a-w- c:\users\Incomplete\downloads.dat
2010-01-13 09:32 . 2010-01-13 09:32 1372 ----a-w- c:\users\Michele\AppData\Roaming\ipWzcVdjXO7gsnk.vbs
2010-01-13 08:54 . 2008-07-04 10:58 -------- d-----w- c:\program files\Electronic Arts
2010-01-12 21:27 . 2010-01-12 21:27 1372 ----a-w- c:\users\Michele\AppData\Roaming\2zp2hpJ2td1hgR6.vbs
2010-01-12 19:12 . 2010-01-12 19:12 1372 ----a-w- c:\users\Michele\AppData\Roaming\KYNpCJO.vbs
2010-01-12 13:03 . 2010-01-12 13:03 1372 ----a-w- c:\users\Michele\AppData\Roaming\eDsC6QMai5UJng6.vbs
2010-01-12 11:35 . 2010-01-12 11:35 1372 ----a-w- c:\users\Michele\AppData\Roaming\FwBzwDz2lLuO1zE.vbs
2010-01-12 10:48 . 2010-01-12 10:48 1372 ----a-w- c:\users\Michele\AppData\Roaming\XsJF9Uf.vbs
2010-01-12 08:57 . 2010-01-12 08:57 1372 ----a-w- c:\users\Michele\AppData\Roaming\pknd3GcHXtXI1.vbs
2010-01-12 07:50 . 2010-01-12 07:50 1372 ----a-w- c:\users\Michele\AppData\Roaming\NzMBdQE.vbs
2010-01-11 18:03 . 2007-11-30 07:30 693604 ----a-w- c:\windows\system32\perfh010.dat
2010-01-11 18:03 . 2007-11-30 07:30 119194 ----a-w- c:\windows\system32\perfc010.dat
2010-01-11 17:07 . 2010-01-14 14:36 2856026 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\vnlt6565.exe
2010-01-11 16:40 . 2010-01-11 16:40 1372 ----a-w- c:\users\Michele\AppData\Roaming\EkrMQ0h.vbs
2010-01-11 12:54 . 2010-01-11 12:54 1372 ----a-w- c:\users\Michele\AppData\Roaming\qEiTA.vbs
2010-01-11 12:47 . 2010-01-11 12:47 1372 ----a-w- c:\users\Michele\AppData\Roaming\EMi4uMO.vbs
2010-01-11 09:22 . 2010-01-14 14:36 352256 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\BB22A901\76AC2E42\Scan.dll
2010-01-11 07:52 . 2010-01-11 07:52 1372 ----a-w- c:\users\Michele\AppData\Roaming\wqcN7.vbs
2010-01-10 21:20 . 2010-01-10 21:20 1372 ----a-w- c:\users\Michele\AppData\Roaming\o24z9y1Q9hg9u.vbs
2010-01-10 11:12 . 2010-01-10 11:12 1372 ----a-w- c:\users\Michele\AppData\Roaming\R7I2twMtNuddI.vbs
2010-01-10 09:36 . 2010-01-10 09:36 0 ----a-w- c:\windows\system32\8F62.tmp
2010-01-10 09:36 . 2010-01-10 09:36 0 ----a-w- c:\windows\system32\87B3.tmp
2010-01-09 21:43 . 2010-01-09 21:43 1372 ----a-w- c:\users\Michele\AppData\Roaming\DnEFp.vbs
2010-01-09 08:55 . 2010-01-09 08:55 1372 ----a-w- c:\users\Michele\AppData\Roaming\BHKBjnxDYVAa9.vbs
2010-01-08 19:06 . 2010-01-08 19:06 1372 ----a-w- c:\users\Michele\AppData\Roaming\Ke4auEzpUXlNo.vbs
2010-01-08 13:47 . 2010-01-08 13:47 1372 ----a-w- c:\users\Michele\AppData\Roaming\122r20GAWvvXN.vbs
2010-01-07 15:44 . 2010-01-14 14:36 274432 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\D89A54DE\76AC2E42\MONLITE.exe
2010-01-07 13:05 . 2010-01-07 13:05 1372 ----a-w- c:\users\Michele\AppData\Roaming\J99vrFEqRFGVe5b.vbs
2010-01-03 13:39 . 2010-01-03 13:39 0 ----a-w- c:\windows\system32\92FE.tmp
2010-01-03 13:39 . 2010-01-03 13:39 0 ----a-w- c:\windows\system32\928F.tmp
2009-12-29 09:23 . 2008-07-09 13:03 -------- d-----w- c:\program files\Melody Assistant
2009-12-18 10:18 . 2010-01-14 14:36 122880 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\361580F9\76AC2E42\viritupg.dll
2009-12-15 20:22 . 2009-12-01 22:06 92 ----a-w- c:\users\Michele\AppData\Local\xcdhkmpz.bat
2009-12-15 16:07 . 2009-12-15 16:07 389120 ----a-w- c:\users\Michele\AppData\Local\xizkc.exe
2009-12-15 16:04 . 2009-12-15 16:04 389120 ----a-w- c:\users\Michele\AppData\Local\diecsx.exe
2009-12-13 08:30 . 2009-11-27 19:40 -------- d-----w- c:\users\Michele\AppData\Roaming\skypePM
2009-12-12 11:44 . 2008-07-26 13:44 -------- d-----w- c:\users\Michele\AppData\Roaming\Nokia
2009-12-12 10:58 . 2009-12-12 10:53 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-12 10:58 . 2008-07-09 09:21 -------- d-----w- c:\program files\Nokia
2009-12-12 10:57 . 2009-12-12 10:57 52948 ----a-w- c:\windows\inf\Ovi Player\0010\tmp8BD1.tmp
2009-12-12 10:57 . 2009-12-12 10:57 52948 ----a-w- c:\windows\inf\Ovi Player\0009\tmp8BD1.tmp
2009-12-12 10:57 . 2009-12-12 10:57 52948 ----a-w- c:\windows\inf\Ovi Player\0000\tmp8BD1.tmp
2009-12-12 10:57 . 2009-12-12 10:57 1657 ----a-w- c:\windows\inf\Ovi Player\tmp8BE2.tmp
2009-12-12 10:56 . 2009-12-12 10:56 -------- d-----w- c:\programdata\NokiaMusic
2009-12-12 10:53 . 2009-12-12 10:53 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-12-12 10:51 . 2008-07-26 13:45 -------- d-----w- c:\program files\DIFX
2009-12-11 17:45 . 2009-12-11 17:45 -------- d-----w- c:\program files\Microsoft
2009-12-11 17:44 . 2009-12-02 18:33 -------- d-----w- c:\program files\Windows Live
2009-12-09 16:57 . 2007-11-29 22:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-02 18:32 . 2008-10-31 14:46 -------- d-----w- c:\programdata\WLInstaller
2009-12-02 18:09 . 2009-01-02 23:31 -------- d-----w- c:\program files\Image-Line
2009-12-02 18:09 . 2009-11-15 14:15 -------- d-----w- c:\program files\High Quality Photo Resizer
2009-12-02 18:08 . 2007-11-30 00:29 -------- d-----w- c:\program files\CyberLink
2009-12-02 18:03 . 2008-12-06 02:39 -------- d-----w- c:\program files\MessengerDiscovery
2009-12-02 18:03 . 2007-11-30 00:38 -------- d-----w- c:\program files\MSN Messenger
2009-11-30 13:11 . 2008-07-26 10:42 -------- d-----w- c:\programdata\eMule
2009-11-29 22:55 . 2008-09-20 13:47 -------- d-----w- c:\program files\KONAMI
2009-11-29 22:49 . 2009-01-02 23:32 -------- d-----w- c:\program files\VstPlugins
2009-11-29 21:53 . 2009-09-29 20:16 91 ----a-w- c:\users\Michele\AppData\Local\dywebxnc.bat
2009-11-27 19:40 . 2009-11-27 19:40 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-27 14:10 . 2010-01-14 14:36 69632 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\__Nas01_sviluppo_varie\Setup\VIRITLite\Files\viritsvc.exe
2009-11-27 14:06 . 2010-01-14 14:36 815104 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\5BF53870\76AC2E42\viritexp.exe
2009-11-26 20:30 . 2008-07-11 05:25 -------- d-----w- c:\users\Michele\AppData\Roaming\LimeWire
2009-11-25 19:30 . 2009-11-25 19:29 -------- d-----w- c:\program files\SopCast
2009-11-22 10:13 . 2008-03-12 14:29 -------- d-----w- c:\programdata\WildTangent
2009-11-11 07:53 . 2010-01-14 14:36 45312 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\931FE753\76AC2E42\VIRAGTLT.sys
2009-11-11 07:53 . 2010-01-14 14:36 45312 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\277632B2\76AC2E42\VIRAGTLT.sys
2009-11-11 07:53 . 2009-11-11 07:53 45312 --s-a-w- c:\windows\system32\drivers\VIRAGTLT.sys
2009-11-08 15:40 . 2010-01-14 14:36 49152 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\22028FD3\76AC2E42\tgdlg.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-07-11 1232896]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-30 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2009-10-29 1006264]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"BTUSRBDG"="BtUsrBdg.exe" [2003-11-05 53248]
"BTSETBOOTKEY"="BTSetBootKey.exe" [2003-04-15 36864]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2010-01-14 274432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3153192815-3773127929-4141947523-1000]
"EnableNotificationsRef"=dword:00000003

R0 VIRAGTLT;VIRAGTLT;c:\windows\System32\drivers\VIRAGTLT.sys [11/11/2009 8.53.20 45312]
R2 viritsvclite;VirIT eXplorer Lite;c:\vexplite\VIRITSVC.EXE [14/01/2010 15.39.36 69632]
R3 BTCOMM;BTCOMM;c:\windows\System32\drivers\Btcomm.sys [04/11/2008 20.13.40 57512]
R3 BTKRNBDG;Bluetooth COM Bridge;c:\windows\System32\drivers\BtKrnBdg.sys [04/11/2008 20.13.40 15876]
R3 vad_multi;Windigo Virtual Audio Device (WDM);c:\windows\System32\drivers\vadmulti.sys [04/11/2008 20.13.40 17792]
S3 btusbflt;Bluetooth USB Filter;c:\windows\System32\drivers\btusbflt.sys [09/07/2008 8.54.03 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contenuto della cartella 'Scheduled Tasks'

2009-07-25 c:\windows\Tasks\20090725_010100_Michele.job
- c:\program files\Nero\Nero 7\Nero BackItUp\BackItUp.exe [2007-01-05 11:53]

2010-01-14 c:\windows\Tasks\Advanced WindowsCare Personal Startup.job
- c:\program files\IObit\Advanced WindowsCare V2\Awcl.exe [2008-10-31 11:09]

2010-01-13 c:\windows\Tasks\User_Feed_Synchronization-{4007CFA8-F92F-477D-8152-FA16B90DAE43}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Scansione supplementare -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE: &AOL Toolbar Cerca - c:\program files\aol\aol toolbar 5.0\resources\it-it\local\search.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\4ji9m3kr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.tattoodle.com/
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 23:15
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000059

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2010-01-14 23:18:33
ComboFix-quarantined-files.txt 2010-01-14 22:18
ComboFix2.txt 2010-01-13 22:58

Pre-Run: 60.835.094.528 byte disponibili
Post-Run: 60.807.819.264 byte disponibili

- - End Of File - - CFF30EAECE055103B406024A680BD303

[shel]

ma non hai eseguito lo script come ti ho detto? devi trascinrlo sull'icona di combobix

[MikGio90]

va bene questo log?




ComboFix 10-01-13.07 - Michele 15/01/2010 10.18.56.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.39.1040.18.2037.1247 [GMT 1:00]
Eseguito da: c:\users\Michele\Downloads\ComboFix.exe
Opzioni usate :: c:\users\Michele\Downloads\CFScript.txt
.

((((((((((((((((((((((((( Files Creati Da 2009-12-15 al 2010-01-15 )))))))))))))))))))))))))))))))))))
.

2010-01-15 09:25 . 2010-01-15 09:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-15 09:25 . 2010-01-15 09:25 -------- d-----w- c:\users\Incomplete\AppData\Local\temp
2010-01-15 09:25 . 2010-01-15 09:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-14 20:31 . 2010-01-14 20:31 388096 ----a-r- c:\users\Michele\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-14 20:31 . 2010-01-14 20:31 -------- d-----w- c:\program files\TrendMicro
2010-01-14 20:13 . 2010-01-14 20:23 -------- d-----w- c:\program files\Navilog1
2010-01-14 17:53 . 2010-01-14 17:53 407304 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-01-14 14:35 . 2010-01-14 14:35 -------- d-----w- c:\users\Michele\AppData\Local\PackageAware
2010-01-14 11:11 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 11:11 . 2010-01-14 11:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 11:11 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 07:54 . 2010-01-14 07:54 -------- d-----w- c:\programdata\eMule AdunanzA
2010-01-14 07:54 . 2010-01-14 07:54 -------- d-----w- c:\program files\eMule AdunanzA
2010-01-13 21:20 . 2010-01-13 21:21 -------- d-----w- c:\program files\FindyKill
2010-01-13 20:26 . 2010-01-13 21:32 -------- d-----w- C:\FindyKill
2010-01-13 17:50 . 2010-01-13 17:50 16219 ----a-w- C:\Nuova cartella.zip
2010-01-13 16:39 . 2010-01-13 16:39 -------- d-----w- c:\program files\CCleaner
2010-01-13 12:31 . 2010-01-13 12:31 -------- d-----w- c:\users\Michele\AppData\Roaming\Malwarebytes
2010-01-13 12:30 . 2010-01-13 12:30 -------- d-----w- c:\programdata\Malwarebytes
2010-01-13 10:35 . 2010-01-14 14:21 -------- d-----w- c:\program files\Angle Interactive
2010-01-13 10:25 . 2010-01-13 10:25 -------- d-----w- c:\users\Michele\AppData\Local\eMule AdunanzA
2010-01-10 12:17 . 2010-01-10 12:17 1288481 ----a-w- c:\users\Michele\symella nokia 5800.zip
2010-01-10 12:16 . 2010-01-10 12:17 1290901 ----a-w- c:\users\Michele\symella nokia 5800 plus no-trial patch by FFF [working].zip
2009-12-23 02:16 . 2009-12-23 02:16 -------- d-----w- c:\users\Michele\AppData\Local\IsolatedStorage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 23:50 . 2008-07-09 07:54 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-14 19:41 . 2008-07-04 11:10 118072 ----a-w- c:\users\Michele\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-14 14:36 . 2010-01-14 14:36 -------- dc-h--w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}
2010-01-13 22:46 . 2009-10-21 19:56 -------- d-----w- c:\users\Michele\AppData\Roaming\drivers
2010-01-13 21:36 . 2010-01-13 21:36 1372 ----a-w- c:\users\Michele\AppData\Roaming\ewOOaj7HOTjIW81.vbs
2010-01-13 17:41 . 2009-11-27 19:36 -------- d-----w- c:\programdata\Skype
2010-01-13 12:13 . 2010-01-13 12:13 1372 ----a-w- c:\users\Michele\AppData\Roaming\MgTdPqIewG3tE.vbs
2010-01-13 10:35 . 2009-12-15 22:14 -------- d-----w- c:\users\Michele\AppData\Roaming\Lavasoft
2010-01-13 10:12 . 2008-10-30 21:00 -------- d-----w- c:\programdata\Avira
2010-01-13 10:11 . 2008-07-11 05:31 26946 ----a-w- c:\users\Incomplete\downloads.dat
2010-01-13 09:32 . 2010-01-13 09:32 1372 ----a-w- c:\users\Michele\AppData\Roaming\ipWzcVdjXO7gsnk.vbs
2010-01-13 08:54 . 2008-07-04 10:58 -------- d-----w- c:\program files\Electronic Arts
2010-01-12 21:27 . 2010-01-12 21:27 1372 ----a-w- c:\users\Michele\AppData\Roaming\2zp2hpJ2td1hgR6.vbs
2010-01-12 19:12 . 2010-01-12 19:12 1372 ----a-w- c:\users\Michele\AppData\Roaming\KYNpCJO.vbs
2010-01-12 13:03 . 2010-01-12 13:03 1372 ----a-w- c:\users\Michele\AppData\Roaming\eDsC6QMai5UJng6.vbs
2010-01-12 11:35 . 2010-01-12 11:35 1372 ----a-w- c:\users\Michele\AppData\Roaming\FwBzwDz2lLuO1zE.vbs
2010-01-12 10:48 . 2010-01-12 10:48 1372 ----a-w- c:\users\Michele\AppData\Roaming\XsJF9Uf.vbs
2010-01-12 08:57 . 2010-01-12 08:57 1372 ----a-w- c:\users\Michele\AppData\Roaming\pknd3GcHXtXI1.vbs
2010-01-12 07:50 . 2010-01-12 07:50 1372 ----a-w- c:\users\Michele\AppData\Roaming\NzMBdQE.vbs
2010-01-11 18:03 . 2007-11-30 07:30 693604 ----a-w- c:\windows\system32\perfh010.dat
2010-01-11 18:03 . 2007-11-30 07:30 119194 ----a-w- c:\windows\system32\perfc010.dat
2010-01-11 17:07 . 2010-01-14 14:36 2856026 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\vnlt6565.exe
2010-01-11 16:40 . 2010-01-11 16:40 1372 ----a-w- c:\users\Michele\AppData\Roaming\EkrMQ0h.vbs
2010-01-11 12:54 . 2010-01-11 12:54 1372 ----a-w- c:\users\Michele\AppData\Roaming\qEiTA.vbs
2010-01-11 12:47 . 2010-01-11 12:47 1372 ----a-w- c:\users\Michele\AppData\Roaming\EMi4uMO.vbs
2010-01-11 09:22 . 2010-01-14 14:36 352256 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\BB22A901\76AC2E42\Scan.dll
2010-01-11 07:52 . 2010-01-11 07:52 1372 ----a-w- c:\users\Michele\AppData\Roaming\wqcN7.vbs
2010-01-10 21:20 . 2010-01-10 21:20 1372 ----a-w- c:\users\Michele\AppData\Roaming\o24z9y1Q9hg9u.vbs
2010-01-10 11:12 . 2010-01-10 11:12 1372 ----a-w- c:\users\Michele\AppData\Roaming\R7I2twMtNuddI.vbs
2010-01-10 09:36 . 2010-01-10 09:36 0 ----a-w- c:\windows\system32\8F62.tmp
2010-01-10 09:36 . 2010-01-10 09:36 0 ----a-w- c:\windows\system32\87B3.tmp
2010-01-09 21:43 . 2010-01-09 21:43 1372 ----a-w- c:\users\Michele\AppData\Roaming\DnEFp.vbs
2010-01-09 08:55 . 2010-01-09 08:55 1372 ----a-w- c:\users\Michele\AppData\Roaming\BHKBjnxDYVAa9.vbs
2010-01-08 19:06 . 2010-01-08 19:06 1372 ----a-w- c:\users\Michele\AppData\Roaming\Ke4auEzpUXlNo.vbs
2010-01-08 13:47 . 2010-01-08 13:47 1372 ----a-w- c:\users\Michele\AppData\Roaming\122r20GAWvvXN.vbs
2010-01-07 15:44 . 2010-01-14 14:36 274432 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\D89A54DE\76AC2E42\MONLITE.exe
2010-01-07 13:05 . 2010-01-07 13:05 1372 ----a-w- c:\users\Michele\AppData\Roaming\J99vrFEqRFGVe5b.vbs
2010-01-03 13:39 . 2010-01-03 13:39 0 ----a-w- c:\windows\system32\92FE.tmp
2010-01-03 13:39 . 2010-01-03 13:39 0 ----a-w- c:\windows\system32\928F.tmp
2009-12-29 09:23 . 2008-07-09 13:03 -------- d-----w- c:\program files\Melody Assistant
2009-12-18 10:18 . 2010-01-14 14:36 122880 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\361580F9\76AC2E42\viritupg.dll
2009-12-15 20:22 . 2009-12-01 22:06 92 ----a-w- c:\users\Michele\AppData\Local\xcdhkmpz.bat
2009-12-15 16:07 . 2009-12-15 16:07 389120 ----a-w- c:\users\Michele\AppData\Local\xizkc.exe
2009-12-15 16:04 . 2009-12-15 16:04 389120 ----a-w- c:\users\Michele\AppData\Local\diecsx.exe
2009-12-13 08:30 . 2009-11-27 19:40 -------- d-----w- c:\users\Michele\AppData\Roaming\skypePM
2009-12-12 11:44 . 2008-07-26 13:44 -------- d-----w- c:\users\Michele\AppData\Roaming\Nokia
2009-12-12 10:58 . 2009-12-12 10:53 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-12 10:58 . 2008-07-09 09:21 -------- d-----w- c:\program files\Nokia
2009-12-12 10:57 . 2009-12-12 10:57 52948 ----a-w- c:\windows\inf\Ovi Player\0010\tmp8BD1.tmp
2009-12-12 10:57 . 2009-12-12 10:57 52948 ----a-w- c:\windows\inf\Ovi Player\0009\tmp8BD1.tmp
2009-12-12 10:57 . 2009-12-12 10:57 52948 ----a-w- c:\windows\inf\Ovi Player\0000\tmp8BD1.tmp
2009-12-12 10:57 . 2009-12-12 10:57 1657 ----a-w- c:\windows\inf\Ovi Player\tmp8BE2.tmp
2009-12-12 10:56 . 2009-12-12 10:56 -------- d-----w- c:\programdata\NokiaMusic
2009-12-12 10:53 . 2009-12-12 10:53 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-12-12 10:51 . 2008-07-26 13:45 -------- d-----w- c:\program files\DIFX
2009-12-11 17:45 . 2009-12-11 17:45 -------- d-----w- c:\program files\Microsoft
2009-12-11 17:44 . 2009-12-02 18:33 -------- d-----w- c:\program files\Windows Live
2009-12-09 16:57 . 2007-11-29 22:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-02 18:32 . 2008-10-31 14:46 -------- d-----w- c:\programdata\WLInstaller
2009-12-02 18:09 . 2009-01-02 23:31 -------- d-----w- c:\program files\Image-Line
2009-12-02 18:09 . 2009-11-15 14:15 -------- d-----w- c:\program files\High Quality Photo Resizer
2009-12-02 18:08 . 2007-11-30 00:29 -------- d-----w- c:\program files\CyberLink
2009-12-02 18:03 . 2008-12-06 02:39 -------- d-----w- c:\program files\MessengerDiscovery
2009-12-02 18:03 . 2007-11-30 00:38 -------- d-----w- c:\program files\MSN Messenger
2009-11-30 13:11 . 2008-07-26 10:42 -------- d-----w- c:\programdata\eMule
2009-11-29 22:55 . 2008-09-20 13:47 -------- d-----w- c:\program files\KONAMI
2009-11-29 22:49 . 2009-01-02 23:32 -------- d-----w- c:\program files\VstPlugins
2009-11-29 21:53 . 2009-09-29 20:16 91 ----a-w- c:\users\Michele\AppData\Local\dywebxnc.bat
2009-11-27 19:40 . 2009-11-27 19:40 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-27 14:10 . 2010-01-14 14:36 69632 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\__Nas01_sviluppo_varie\Setup\VIRITLite\Files\viritsvc.exe
2009-11-27 14:06 . 2010-01-14 14:36 815104 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\5BF53870\76AC2E42\viritexp.exe
2009-11-26 20:30 . 2008-07-11 05:25 -------- d-----w- c:\users\Michele\AppData\Roaming\LimeWire
2009-11-25 19:30 . 2009-11-25 19:29 -------- d-----w- c:\program files\SopCast
2009-11-22 10:13 . 2008-03-12 14:29 -------- d-----w- c:\programdata\WildTangent
2009-11-11 07:53 . 2010-01-14 14:36 45312 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\931FE753\76AC2E42\VIRAGTLT.sys
2009-11-11 07:53 . 2010-01-14 14:36 45312 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\277632B2\76AC2E42\VIRAGTLT.sys
2009-11-11 07:53 . 2009-11-11 07:53 45312 --s-a-w- c:\windows\system32\drivers\VIRAGTLT.sys
2009-11-08 15:40 . 2010-01-14 14:36 49152 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\22028FD3\76AC2E42\tgdlg.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-07-11 1232896]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-30 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2009-10-29 1006264]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"BTUSRBDG"="BtUsrBdg.exe" [2003-11-05 53248]
"BTSETBOOTKEY"="BTSetBootKey.exe" [2003-04-15 36864]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2010-01-14 274432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3153192815-3773127929-4141947523-1000]
"EnableNotificationsRef"=dword:00000003

R0 VIRAGTLT;VIRAGTLT;c:\windows\System32\drivers\VIRAGTLT.sys [11/11/2009 8.53.20 45312]
R2 viritsvclite;VirIT eXplorer Lite;c:\vexplite\VIRITSVC.EXE [14/01/2010 15.39.36 69632]
R3 BTCOMM;BTCOMM;c:\windows\System32\drivers\Btcomm.sys [04/11/2008 20.13.40 57512]
R3 BTKRNBDG;Bluetooth COM Bridge;c:\windows\System32\drivers\BtKrnBdg.sys [04/11/2008 20.13.40 15876]
R3 vad_multi;Windigo Virtual Audio Device (WDM);c:\windows\System32\drivers\vadmulti.sys [04/11/2008 20.13.40 17792]
S3 btusbflt;Bluetooth USB Filter;c:\windows\System32\drivers\btusbflt.sys [09/07/2008 8.54.03 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contenuto della cartella 'Scheduled Tasks'

2009-07-25 c:\windows\Tasks\20090725_010100_Michele.job
- c:\program files\Nero\Nero 7\Nero BackItUp\BackItUp.exe [2007-01-05 11:53]

2010-01-15 c:\windows\Tasks\Advanced WindowsCare Personal Startup.job
- c:\program files\IObit\Advanced WindowsCare V2\Awcl.exe [2008-10-31 11:09]

2010-01-14 c:\windows\Tasks\User_Feed_Synchronization-{4007CFA8-F92F-477D-8152-FA16B90DAE43}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Scansione supplementare -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE: &AOL Toolbar Cerca - c:\program files\aol\aol toolbar 5.0\resources\it-it\local\search.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\4ji9m3kr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.tattoodle.com/
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 10:25
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000059

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2010-01-15 10:28:01
ComboFix-quarantined-files.txt 2010-01-15 09:27
ComboFix2.txt 2010-01-14 22:18
ComboFix3.txt 2010-01-13 22:58

Pre-Run: 61.251.411.968 byte disponibili
Post-Run: 61.221.765.120 byte disponibili

- - End Of File - - C6329BB303A96AD4C5BCAE67F5156C4B

[shel]

Scarica Avenger

http://swandog46.geekstogo.com/avenger.zip

Estrailo in una cartella a tua scelta
Esegui il file avenger.exe
Ora incolla queste righe nella box bianca che si è aperta:

files to delete:
c:\users\Michele\AppData\Roaming\o24z9y1Q9hg9u.vbs
c:\users\Michele\AppData\Roaming\R7I2twMtNuddI.vbs
c:\users\Michele\AppData\Roaming\BHKBjnxDYVAa9.vbs
c:\users\Michele\AppData\Roaming\Ke4auEzpUXlNo.vbs
c:\users\Michele\AppData\Roaming\122r20GAWvvXN.vbs
c:\users\Michele\AppData\Roaming\J99vrFEqRFGVe5b.vbs
c:\users\Michele\AppData\Local\xcdhkmpz.bat
c:\windows\inf\Ovi Player\0010\tmp8BD1.tmp
c:\windows\inf\Ovi Player\0009\tmp8BD1.tmp
c:\windows\inf\Ovi Player\0000\tmp8BD1.tmp
c:\windows\inf\Ovi Player\tmp8BE2.tmp

Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

[MikGio90]

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "c:\users\Michele\AppData\Roaming\o24z9y1Q9hg9u.vbs" deleted successfully.
File "c:\users\Michele\AppData\Roaming\R7I2twMtNuddI.vbs" deleted successfully.
File "c:\users\Michele\AppData\Roaming\BHKBjnxDYVAa9.vbs" deleted successfully.
File "c:\users\Michele\AppData\Roaming\Ke4auEzpUXlNo.vbs" deleted successfully.
File "c:\users\Michele\AppData\Roaming\122r20GAWvvXN.vbs" deleted successfully.
File "c:\users\Michele\AppData\Roaming\J99vrFEqRFGVe5b.vbs" deleted successfully.
File "c:\users\Michele\AppData\Local\xcdhkmpz.bat" deleted successfully.
File "c:\windows\inf\Ovi Player\0010\tmp8BD1.tmp" deleted successfully.
File "c:\windows\inf\Ovi Player\0009\tmp8BD1.tmp" deleted successfully.

Error: could not delete file "c:\windows\inf\Ovi Player\0000\tmp8BD1.tmp"
Deletion of file "c:\windows\inf\Ovi Player\0000\tmp8BD1.tmp" failed!
Status: 0xc0000035 (STATUS_OBJECT_NAME_COLLISION)
--> another object exists already with the same name

File "c:\windows\inf\Ovi Player\tmp8BE2.tmp" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[shel]

usa ccleaner avvialo, seleziona "Analizza" ed alla fine dell'analisi premi "Avvia pulizia".

clicca su Registro, nella pagina successiva clicca Trova problemi, poi al termine dello scan clicca su Ripara selezionati , risposndi di sì alla richiesta di salvare il backup (salvalo in una cartella a piacimento) poi ripara tutti gli elementi trovati.

fai una scansione con http://www.prevx.com/freescan.asp

controlla se trova qualcosa e se ci riesci eliminalo solo dopo averlo postato con il percorso completo

fai una nuova scansione completa con malwarebytes dopo averlo aggiornato

[MikGio90]

Prevx ha trovato 8 infezioni

1. disinstallazione config emule adunanza.exe in c:\users\michele\appdata\local\emuleadunanza\
2. " " " .Ink in\??\c:\users\michele\appdata\roaming\microsoft\start\programmi\emuleadunanza\
3. diecsx.exe in c:\users\michele\appdata\local\
4. xizkc.exe in c:\users\michele\appdata\local\
5. hddvd.exe in c:\program files\vistacodecpack\tools\
6. HD DVD EVO.lnk in \??\c:\programdata\microsoft\windows\start menu\programs\vistacodecs\32bit tools\MPEG\
7. mpeg.exe in c:\program files\vistacodecpack\tools\
8. HD MPEG2.lnk in \??\c:\programdata\microsoft\windows\start menu\programs\vistacodecs\32bit tools\MPEG\

le prime quattro sono "free to cleanuo" mentre sulle altre dice "license requiured to clean"
elimino le prime quattro infezioni?

minacce identificate:
1. low risk adware
2.infected entry
3.low risk adware
4. " "

5.high risk worm
6.infected entry
7.high risk worm
8.infected entry

[shel]

vorrei controllarle meglio, magari insieme a Luke57

non sempre quello che rileva prevx e' infezione

[MikGio90]

ok aspetto vostre notizie!

[shel]

ma sei sicuro di aver attivato l'antivirus? ogni volta ne esce una nuova.....

scarica

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

Crea una cartella sul Desktop e salvaci al suo interno il file che andrai a scaricare
lancia il tool
imposta le aree che vuoi scansionare
attendere.....al termine della scansione sarà possibile rimuovere e/o mettere in quarantena i file infetti rilevati
Salva il log che verrà rilasciato e postalo sul forum

N.B._ avendo cambiato alcune cose kaspersky potrebbe non rilasciare log- nel caso posta uno screen per controllare cio che e' stato eliminato- se invece dovesse rilasciarlo, dovrai postare le sole infezioni trovate facendo un copia\incolla e postarlo nel forum

[MikGio90]

no che non l'ho attivato l'antivirus! volevo un tuo consiglio su quale scaricare

[shel]

il mio consiglio e' avira, poi decidi tu - l'importante e' che ne installi uno co un buon firewall

qui hai un'ampia scelta

http://www.pc-facile.com/download/

[MikGio90]

kaspersky ha finito la scansione
ha trovato un casino di file però non li ha eliminati tutti, vicino ad alcuni c'è scritto postponed

non ha rilasciato il log in blocco note come faccio per farti vedere i risultati?
con il copia incolla ci metterei una vita!

[shel]

prova a incollare solo le infezioni che ha trovato, fai copia\incolla solo di queste

[MikGio90]

sono troppe shel! la scanisone è durata quasi venti ore! mancava qualche minuto... però mi sembra strano che ha trovato tutte quelle cose, vogliamo provare a fare una scansione con un altro programma?

[shel]

scusa ma voui postarmele almeno zippate? fai copia\incolla delle sole infezioni rilevate in un file di testo e zippale

come faccio a vedere cosa ti ha tolto?

[valeriot90]

I sintomi mi sanno molto di trojan bagle, comunque:

Avvia il pc in modalità provvisoria ( premendo ripetutamente esc o f9 , canc... a seconda del pc ) e prova ad installare un antivirus:
http://blog.defcon.it/2008/10/installar ... installer/
è una guida per avviare windows installer in modalità provvisoria.
Effettua una scansione ( sempre in modalità provvisoria utilizzando un buon antivirus ) consiglio g-data o kaspersky e vedi se risolve qualcosa, prima ovviamente devi disinstallare qualsiasi antivirus installato sul pc.
Ciao.