Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

aiuto non ne posso più!!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Re: aiuto non ne posso più!!

Postdi Luke57 » 25/08/08 12:05

Ciao, scarica combofix da qui:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Per eseguirlo,doppio click su Combofix.exe
Si aprirà una finestra blu....Attendere....
Dopo qualche attimo apparirà l'avviso che declina l'autore da ogni problema legato ad una errata utilizzazione del tool.
A questo punto selezionate 1 quindi ENTER per lanciare lo scan..
Attendere.....(non fare altre manovre duante lo scan, se spariscono le icone dal desktop è del tutto normale)
Un avviso ti segnalerà la fine dell'operazione e dopo qualche attimo apparirà il log con i dettagli dello scan.
IL log verrà memorizzato in C:\Combofix.txt
Allegalo o incollalo a un post
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Sponsor
 

Re: aiuto non ne posso più!!

Postdi Dhomochevsky » 25/08/08 13:44

Fatto, ecco il LOG:

ComboFix 08-08-24.02 - Roby 2008-08-25 14.38.14.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.1501 [GMT 2:00]
Eseguito da: C:\Users\Roby\Downloads\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\jusched.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-07-25 al 2008-08-25 )))))))))))))))))))))))))))))))))))
.

2008-08-25 13:40 . 2008-08-25 13:40 <DIR> d-------- C:\Users\All Users\Fighters
2008-08-25 13:40 . 2008-08-25 13:40 <DIR> d-------- C:\ProgramData\Fighters
2008-08-25 13:40 . 2008-08-25 13:40 <DIR> d-------- C:\Program Files\Fighters
2008-08-25 11:58 . 2008-08-25 13:36 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-25 11:58 . 2008-08-25 13:36 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-08-25 11:58 . 2008-08-25 12:00 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-25 09:36 . 2008-08-25 09:36 <DIR> d-------- C:\Users\All Users\DscMnt
2008-08-25 09:36 . 2008-08-25 09:36 <DIR> d-------- C:\Users\All Users\admmsg
2008-08-25 09:36 . 2008-08-25 09:36 <DIR> d-------- C:\ProgramData\DscMnt
2008-08-25 09:36 . 2008-08-25 09:36 <DIR> d-------- C:\ProgramData\admmsg
2008-08-24 20:34 . 2008-08-24 20:34 <DIR> d-------- C:\Program Files\CCleaner
2008-08-24 19:25 . 2008-08-24 19:25 <DIR> d-------- C:\Users\Roby\AppData\Roaming\Malwarebytes
2008-08-24 19:25 . 2008-08-24 19:25 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-24 19:25 . 2008-08-24 19:25 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-24 19:25 . 2008-08-24 19:25 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-24 19:25 . 2008-08-17 15:01 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-24 19:25 . 2008-08-17 15:01 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-24 14:23 . 2008-08-24 14:23 512,096 --a------ C:\Windows\System32\drivers\amon.sys
2008-08-24 14:23 . 2008-08-24 14:23 298,104 --a------ C:\Windows\System32\imon.dll
2008-08-24 14:23 . 2008-08-24 14:23 15,424 --a------ C:\Windows\System32\drivers\nod32drv.sys
2008-08-24 14:20 . 2008-08-25 14:38 <DIR> d-------- C:\Program Files\ESET
2008-08-24 14:11 . 2008-08-24 14:32 <DIR> d-a------ C:\Users\All Users\TEMP
2008-08-24 14:11 . 2008-08-24 14:32 <DIR> d-a------ C:\ProgramData\TEMP
2008-08-24 12:05 . 2008-08-24 12:06 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-08-24 12:05 . 2008-08-24 12:06 <DIR> d-------- C:\ProgramData\Lavasoft
2008-08-24 12:05 . 2008-08-24 12:05 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-23 14:45 . 2008-08-25 09:36 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-23 14:22 . 2008-08-23 14:22 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-08-23 14:21 . 2008-08-25 13:48 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-08-23 14:21 . 2008-08-23 14:21 <DIR> d-------- C:\Users\All Users\avg8
2008-08-23 14:21 . 2008-08-23 14:21 <DIR> d-------- C:\ProgramData\avg8
2008-08-23 14:21 . 2008-08-23 14:21 <DIR> d-------- C:\Program Files\AVG
2008-08-23 14:21 . 2008-08-23 14:21 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-08-22 18:32 . 2008-08-23 14:46 <DIR> d-------- C:\Users\All Users\wininfomsg
2008-08-22 18:32 . 2008-08-22 18:32 <DIR> d-------- C:\Users\All Users\ComSh
2008-08-22 18:32 . 2008-08-22 18:32 <DIR> d-------- C:\Users\All Users\anqzkzmz
2008-08-22 18:32 . 2008-08-23 14:46 <DIR> d-------- C:\ProgramData\wininfomsg
2008-08-22 18:32 . 2008-08-22 18:32 <DIR> d-------- C:\ProgramData\ComSh
2008-08-22 18:32 . 2008-08-22 18:32 <DIR> d-------- C:\ProgramData\anqzkzmz
2008-08-22 13:01 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-22 13:01 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-22 13:01 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-22 13:01 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-22 13:01 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-22 13:01 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-22 13:01 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-22 13:01 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-22 13:01 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-13 20:09 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-13 20:04 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-13 20:04 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-13 20:03 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-13 20:03 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-13 20:03 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-01 12:09 . 2008-08-01 12:09 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-08-01 12:00 . 2008-08-01 12:00 <DIR> d-------- C:\Users\Roby\AppData\Roaming\DataCast
2008-08-01 12:00 . 2008-08-01 12:00 <DIR> d-------- C:\Program Files\Samsung
2008-08-01 12:00 . 2008-08-01 12:00 <DIR> d-------- C:\Program Files\MarkAny
2008-07-31 17:14 . 2008-08-23 19:14 <DIR> d-------- C:\Program Files\Starcraft
2008-07-25 21:33 . 2008-07-25 21:33 <DIR> d-------- C:\Windows\System32\tdk-screensaver-a03 dir
2008-07-25 21:33 . 2008-07-25 21:33 201,728 --a------ C:\Windows\System32\tdk-screensaver-a03.scr
2008-07-25 21:32 . 2008-07-25 21:32 <DIR> d-------- C:\Windows\System32\tdkScreensaver dir
2008-07-25 21:32 . 2008-07-25 21:32 201,728 --a------ C:\Windows\System32\tdkScreensaver.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 10:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-22 20:39 --------- d-----w C:\Program Files\THQ
2008-08-22 17:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-22 17:08 --------- d-----w C:\ProgramData\Media Center Programs
2008-08-22 17:05 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-22 17:04 --------- d-----w C:\Program Files\Microsoft Works
2008-08-22 16:57 --------- d-----w C:\ProgramData\eMule
2008-08-19 08:29 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-14 09:44 --------- d-----w C:\Users\Roby\AppData\Roaming\LimeWire
2008-08-13 18:11 --------- d-----w C:\Program Files\Windows Mail
2008-08-13 15:47 --------- d-----w C:\Program Files\Warcraft III
2008-07-22 17:58 --------- d-----w C:\Program Files\DivX
2008-07-21 07:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-18 18:38 586,752 ----a-w C:\Windows\WLXPGSS.SCR
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-11 12:41 21,248 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
2008-06-01 19:43 2,829 ----a-w C:\Windows\War3Unin.pif
2008-06-01 19:43 139,264 ----a-w C:\Windows\War3Unin.exe
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-04-17 15:35 174 --sha-w C:\Program Files\desktop.ini
2007-11-20 13:25 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-20 13:25 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-20 13:25 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-06-01 13:40 1783400]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"ComSh"="C:\ProgramData\ComSh\ajyhyhsz.exe" [2008-08-22 18:32 102400]
"vwkfvM5F01"="C:\ProgramData\anqzkzmz\kjolglab.exe" [2008-08-22 18:32 57344]
"DscMnt"="C:\ProgramData\DscMnt\nidghafi.exe" [2008-08-25 09:36 86016]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 17:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 13:13 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 02:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-10 19:57 92704]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-10 19:57 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-01-10 19:57 88608]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 17:19 132624]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-23 14:21 1232152]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-08-24 14:23 949376]
"spywarefighterguard"="C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-08-06 11:53 176128]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 12:26 4874240 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CBCBEF4E-D83C-40F9-BAC4-4E0AF20765CE}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{CC0B2816-BDB4-4734-B50B-4C4A687B04F8}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{362A35EB-F954-4B64-AD2C-8174BEB44C19}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{5AA7D646-4ACC-477B-B770-E8FA4E0C7624}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{FA1A071D-29A5-4BC3-AC26-C4B8EBF6CFC6}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{C7556F01-EA18-4732-A7A5-30AAF6274D7A}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{5F631893-1EE6-4F23-9358-91314473724F}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{6EF99F4D-C8C9-477A-85A0-78B735433EF6}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{CCF7794F-2732-4964-9C9D-82D51A763E45}"= UDP:C:\Users\Roby\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
"{D772A8C6-B37B-4865-852C-5D3EC31FD04A}"= TCP:C:\Users\Roby\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
"{13D92EDA-8250-49EF-8392-417185772C31}"= UDP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{46B2F534-9D18-4D8A-B03D-DFF31DDD449A}"= TCP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{AF9AE7D2-F79F-4CF2-AA21-706497A68A38}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{03DCA60E-5742-4C83-A346-032BB9B6D416}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{218356BE-08FD-47BF-8B5E-337AAC0125E4}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{2B576221-D16C-4299-B947-A2D0B62F3580}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{54F50414-B270-40E0-AADA-2EDA72422BF1}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{EDE31453-2E0C-49B6-8133-9C01A16A0AE6}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{9E2174C1-EC67-416C-B57E-74BDFBBE0498}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{DC4070CC-7F0C-481E-934C-14FDB0004331}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{AC28FA20-1CD1-471B-AE82-E894549EB722}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{6AEFB000-CC3C-48F5-BE6C-A65EA4901A5B}C:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"UDP Query User{A64FB259-41E6-4130-B2C7-843C94693C04}C:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"TCP Query User{6F53A293-FD00-4326-AA7A-5423FA9E8256}C:\\program files\\thq\\dawn of war - soulstorm demo\\soulstorm.exe"= UDP:C:\program files\thq\dawn of war - soulstorm demo\soulstorm.exe:Soulstorm
"UDP Query User{7793BED4-8A2F-4CD0-90F4-CE4CFD121994}C:\\program files\\thq\\dawn of war - soulstorm demo\\soulstorm.exe"= TCP:C:\program files\thq\dawn of war - soulstorm demo\soulstorm.exe:Soulstorm
"{C58FDCE5-7C30-4AA3-977C-5CD17814FF65}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{A69BE9AA-0636-4B6A-AC36-774973DF1BF5}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"TCP Query User{E1808766-DFCB-4C7E-9489-285CB2F48696}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{B797C6B4-03EA-4442-A7E6-9B1F245EB1A1}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{74DF18AD-B578-4BFD-8954-C55588CA557C}C:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= UDP:C:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"UDP Query User{ACC56A1A-DBAE-4B5D-9EFB-7FBAF53BCF4E}C:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= TCP:C:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"TCP Query User{F1CD67B4-07ED-49BB-8C29-DB2E4F8048CC}C:\\users\\roby\\desktop\\zerg_reveal_final_englishus_xvid.avi-downloader.exe"= UDP:C:\users\roby\desktop\zerg_reveal_final_englishus_xvid.avi-downloader.exe:zerg_reveal_final_englishus_xvid.avi-downloader.exe
"UDP Query User{EA4FE1D6-557B-4D5A-8E16-2C8A1DF9BB07}C:\\users\\roby\\desktop\\zerg_reveal_final_englishus_xvid.avi-downloader.exe"= TCP:C:\users\roby\desktop\zerg_reveal_final_englishus_xvid.avi-downloader.exe:zerg_reveal_final_englishus_xvid.avi-downloader.exe
"{935CEABA-32C2-4030-A024-EEDEFEBC30B7}"= UDP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
"{0545B7FF-2348-4007-B1AF-5A0EB89AA42D}"= TCP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
"{B4C41D7C-7328-41AE-A0F0-DA2C9F9602A6}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-08-23 14:21]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-23 14:21]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 10:32]
R2 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;C:\Program Files\Fighters\licenseservice.exe [2008-08-06 11:53]
R2 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;C:\Program Files\Fighters\updateservice.exe [2008-08-06 11:54]
R2 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;C:\Program Files\Fighters\ScannerService.exe [2008-08-06 11:54]
R2 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;C:\Program Files\Fighters\configservice.exe [2008-08-06 11:53]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-08-31 14:54]
R3 Vfscan;Vfscan;C:\Windows\system32\DRIVERS\vffilter.sys [2008-02-21 13:55]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 09:13]
S3 ST330;ST330;C:\Windows\system32\drivers\st330.sys [2007-11-19 16:08]
S3 STBUS;STBUS;C:\Windows\system32\drivers\stbus.sys [2007-11-19 16:08]
S3 stppp;Speedtouch PPP Adapter Adapter;C:\Windows\system32\DRIVERS\stppp.sys [2007-11-19 16:08]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
*Newly Created Service* - VFSCAN
.
Contenuto della cartella 'Scheduled Tasks'

2008-08-25 C:\Windows\Tasks\User_Feed_Synchronization-{A85B6C8C-972C-49F7-A517-B1D04EB9464C}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]

2007-11-20 C:\Windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-AliceRV_McciTrayApp - C:\Program Files\Alice ti aiuta\McciTrayApp.exe
HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Roby\AppData\Roaming\Mozilla\Firefox\Profiles\xj2q2enz.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 14:40:39
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-08-25 14:41:57
ComboFix-quarantined-files.txt 2008-08-25 12:41:53

Pre-Run: 324,478,324,736 byte disponibili
Post-Run: 324,448,440,320 byte disponibili

255 --- E O F --- 2008-08-21 13:12:35
Dhomochevsky
Newbie
 
Post: 5
Iscritto il: 25/08/08 09:17

Re: aiuto non ne posso più!!

Postdi Luke57 » 25/08/08 15:04

Ciao, dal blocco note di windows, apri un file di testo. copia e incolla il seguente script nel file:
Codice: Seleziona tutto
Folder::
C:\Users\All Users\wininfomsg
C:\Users\All Users\anqzkzmz
C:\ProgramData\wininfomsg
C:\ProgramData\anqzkzmz
C:\Users\All Users\ComSh
C:\Users\All Users\anqzkzmz
C:\ProgramData\ComSh

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComSh"=-
"vwkfvM5F01"=-
"DscMnt"=-


salva il file di testo, chiamandolo obbligatoriamente CFScript.txt , nella stessa direzione di combofix, trascinalo con il puntatore del mouse sull'icona di combofix per una nuova scansione. Allea nuovo report se prodotto.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: aiuto non ne posso più!!

Postdi Dhomochevsky » 25/08/08 16:41

Mi sa che ho fatto confusione... -.-"

Ho fatto ripartire ComboFix, dall'inizio (senza il file che mi hai appena detto di creare) e questo è il log:

ComboFix 08-08-24.02 - Roby 2008-08-25 17.34.54.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.1989 [GMT 2:00]
Eseguito da: C:\Users\Roby\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Creati Da 2008-07-25 al 2008-08-25 )))))))))))))))))))))))))))))))))))
.

2008-08-25 11:58 . 2008-08-25 17:31 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-25 11:58 . 2008-08-25 17:31 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-08-25 11:58 . 2008-08-25 12:00 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-25 09:36 . 2008-08-25 09:36 <DIR> d-------- C:\Users\All Users\DscMnt
2008-08-25 09:36 . 2008-08-25 09:36 <DIR> d-------- C:\Users\All Users\admmsg
2008-08-25 09:36 . 2008-08-25 09:36 <DIR> d-------- C:\ProgramData\DscMnt
2008-08-25 09:36 . 2008-08-25 09:36 <DIR> d-------- C:\ProgramData\admmsg
2008-08-24 20:34 . 2008-08-24 20:34 <DIR> d-------- C:\Program Files\CCleaner
2008-08-24 19:25 . 2008-08-24 19:25 <DIR> d-------- C:\Users\Roby\AppData\Roaming\Malwarebytes
2008-08-24 19:25 . 2008-08-24 19:25 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-24 19:25 . 2008-08-24 19:25 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-24 19:25 . 2008-08-24 19:25 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-24 19:25 . 2008-08-17 15:01 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-24 19:25 . 2008-08-17 15:01 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-24 14:20 . 2008-08-25 17:24 <DIR> d-------- C:\Program Files\ESET
2008-08-24 14:11 . 2008-08-24 14:32 <DIR> d-a------ C:\Users\All Users\TEMP
2008-08-24 14:11 . 2008-08-24 14:32 <DIR> d-a------ C:\ProgramData\TEMP
2008-08-24 12:05 . 2008-08-24 12:06 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-08-24 12:05 . 2008-08-24 12:06 <DIR> d-------- C:\ProgramData\Lavasoft
2008-08-23 14:45 . 2008-08-25 09:36 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-23 14:22 . 2008-08-23 14:22 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-08-23 14:21 . 2008-08-25 13:48 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-08-23 14:21 . 2008-08-23 14:21 <DIR> d-------- C:\Users\All Users\avg8
2008-08-23 14:21 . 2008-08-23 14:21 <DIR> d-------- C:\ProgramData\avg8
2008-08-23 14:21 . 2008-08-23 14:21 <DIR> d-------- C:\Program Files\AVG
2008-08-23 14:21 . 2008-08-23 14:21 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-08-22 18:32 . 2008-08-23 14:46 <DIR> d-------- C:\Users\All Users\wininfomsg
2008-08-22 18:32 . 2008-08-22 18:32 <DIR> d-------- C:\Users\All Users\ComSh
2008-08-22 18:32 . 2008-08-22 18:32 <DIR> d-------- C:\Users\All Users\anqzkzmz
2008-08-22 18:32 . 2008-08-23 14:46 <DIR> d-------- C:\ProgramData\wininfomsg
2008-08-22 18:32 . 2008-08-22 18:32 <DIR> d-------- C:\ProgramData\ComSh
2008-08-22 18:32 . 2008-08-22 18:32 <DIR> d-------- C:\ProgramData\anqzkzmz
2008-08-22 13:01 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-22 13:01 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-22 13:01 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-22 13:01 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-22 13:01 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-22 13:01 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-22 13:01 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-22 13:01 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-22 13:01 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-13 20:09 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-13 20:04 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-13 20:04 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-13 20:03 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-13 20:03 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-13 20:03 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-01 12:09 . 2008-08-01 12:09 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-08-01 12:00 . 2008-08-01 12:00 <DIR> d-------- C:\Users\Roby\AppData\Roaming\DataCast
2008-08-01 12:00 . 2008-08-01 12:00 <DIR> d-------- C:\Program Files\Samsung
2008-08-01 12:00 . 2008-08-01 12:00 <DIR> d-------- C:\Program Files\MarkAny
2008-07-31 17:14 . 2008-08-23 19:14 <DIR> d-------- C:\Program Files\Starcraft
2008-07-25 21:33 . 2008-07-25 21:33 <DIR> d-------- C:\Windows\System32\tdk-screensaver-a03 dir
2008-07-25 21:33 . 2008-07-25 21:33 201,728 --a------ C:\Windows\System32\tdk-screensaver-a03.scr
2008-07-25 21:32 . 2008-07-25 21:32 <DIR> d-------- C:\Windows\System32\tdkScreensaver dir
2008-07-25 21:32 . 2008-07-25 21:32 201,728 --a------ C:\Windows\System32\tdkScreensaver.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 15:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-22 20:39 --------- d-----w C:\Program Files\THQ
2008-08-22 17:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-22 17:08 --------- d-----w C:\ProgramData\Media Center Programs
2008-08-22 17:05 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-22 17:04 --------- d-----w C:\Program Files\Microsoft Works
2008-08-22 16:57 --------- d-----w C:\ProgramData\eMule
2008-08-19 08:29 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-14 09:44 --------- d-----w C:\Users\Roby\AppData\Roaming\LimeWire
2008-08-13 18:11 --------- d-----w C:\Program Files\Windows Mail
2008-08-13 15:47 --------- d-----w C:\Program Files\Warcraft III
2008-07-22 17:58 --------- d-----w C:\Program Files\DivX
2008-07-21 07:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-18 18:38 586,752 ----a-w C:\Windows\WLXPGSS.SCR
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-11 12:41 21,248 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
2008-06-01 19:43 2,829 ----a-w C:\Windows\War3Unin.pif
2008-06-01 19:43 139,264 ----a-w C:\Windows\War3Unin.exe
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-04-17 15:35 174 --sha-w C:\Program Files\desktop.ini
2007-11-20 13:25 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-20 13:25 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-20 13:25 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-08-25_14.41.06.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-24 18:38:12 860,080 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-08-25 15:23:29 860,080 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-08-25 07:04:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-08-25 15:24:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-08-25 07:04:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-08-25 15:24:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-08-25 07:05:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-25 15:26:30 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-08-25 07:06:26 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-25 15:28:53 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-25 15:28:53 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-08-25 12:24:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-25 15:33:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-25 12:24:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-25 15:33:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-25 12:24:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-25 15:33:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-25 07:06:03 7,122 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3930960926-3077408177-1412927889-1001_UserData.bin
+ 2008-08-25 15:26:20 7,464 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3930960926-3077408177-1412927889-1001_UserData.bin
- 2008-08-25 07:06:03 61,194 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-25 15:26:20 61,536 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-25 07:06:02 41,984 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-25 15:26:19 43,760 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-06-01 13:40 1783400]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"ComSh"="C:\ProgramData\ComSh\ajyhyhsz.exe" [2008-08-22 18:32 102400]
"vwkfvM5F01"="C:\ProgramData\anqzkzmz\kjolglab.exe" [2008-08-22 18:32 57344]
"DscMnt"="C:\ProgramData\DscMnt\nidghafi.exe" [2008-08-25 09:36 86016]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 17:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 13:13 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 02:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-10 19:57 92704]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-10 19:57 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-01-10 19:57 88608]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 17:19 132624]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-23 14:21 1232152]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 12:26 4874240 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CBCBEF4E-D83C-40F9-BAC4-4E0AF20765CE}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{CC0B2816-BDB4-4734-B50B-4C4A687B04F8}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{362A35EB-F954-4B64-AD2C-8174BEB44C19}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{5AA7D646-4ACC-477B-B770-E8FA4E0C7624}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{FA1A071D-29A5-4BC3-AC26-C4B8EBF6CFC6}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{C7556F01-EA18-4732-A7A5-30AAF6274D7A}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{5F631893-1EE6-4F23-9358-91314473724F}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{6EF99F4D-C8C9-477A-85A0-78B735433EF6}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{CCF7794F-2732-4964-9C9D-82D51A763E45}"= UDP:C:\Users\Roby\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
"{D772A8C6-B37B-4865-852C-5D3EC31FD04A}"= TCP:C:\Users\Roby\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
"{13D92EDA-8250-49EF-8392-417185772C31}"= UDP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{46B2F534-9D18-4D8A-B03D-DFF31DDD449A}"= TCP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{AF9AE7D2-F79F-4CF2-AA21-706497A68A38}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{03DCA60E-5742-4C83-A346-032BB9B6D416}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{218356BE-08FD-47BF-8B5E-337AAC0125E4}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{2B576221-D16C-4299-B947-A2D0B62F3580}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{54F50414-B270-40E0-AADA-2EDA72422BF1}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{EDE31453-2E0C-49B6-8133-9C01A16A0AE6}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{9E2174C1-EC67-416C-B57E-74BDFBBE0498}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{DC4070CC-7F0C-481E-934C-14FDB0004331}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{AC28FA20-1CD1-471B-AE82-E894549EB722}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{6AEFB000-CC3C-48F5-BE6C-A65EA4901A5B}C:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"UDP Query User{A64FB259-41E6-4130-B2C7-843C94693C04}C:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"TCP Query User{6F53A293-FD00-4326-AA7A-5423FA9E8256}C:\\program files\\thq\\dawn of war - soulstorm demo\\soulstorm.exe"= UDP:C:\program files\thq\dawn of war - soulstorm demo\soulstorm.exe:Soulstorm
"UDP Query User{7793BED4-8A2F-4CD0-90F4-CE4CFD121994}C:\\program files\\thq\\dawn of war - soulstorm demo\\soulstorm.exe"= TCP:C:\program files\thq\dawn of war - soulstorm demo\soulstorm.exe:Soulstorm
"{C58FDCE5-7C30-4AA3-977C-5CD17814FF65}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{A69BE9AA-0636-4B6A-AC36-774973DF1BF5}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"TCP Query User{E1808766-DFCB-4C7E-9489-285CB2F48696}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{B797C6B4-03EA-4442-A7E6-9B1F245EB1A1}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{74DF18AD-B578-4BFD-8954-C55588CA557C}C:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= UDP:C:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"UDP Query User{ACC56A1A-DBAE-4B5D-9EFB-7FBAF53BCF4E}C:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= TCP:C:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"TCP Query User{F1CD67B4-07ED-49BB-8C29-DB2E4F8048CC}C:\\users\\roby\\desktop\\zerg_reveal_final_englishus_xvid.avi-downloader.exe"= UDP:C:\users\roby\desktop\zerg_reveal_final_englishus_xvid.avi-downloader.exe:zerg_reveal_final_englishus_xvid.avi-downloader.exe
"UDP Query User{EA4FE1D6-557B-4D5A-8E16-2C8A1DF9BB07}C:\\users\\roby\\desktop\\zerg_reveal_final_englishus_xvid.avi-downloader.exe"= TCP:C:\users\roby\desktop\zerg_reveal_final_englishus_xvid.avi-downloader.exe:zerg_reveal_final_englishus_xvid.avi-downloader.exe
"{935CEABA-32C2-4030-A024-EEDEFEBC30B7}"= UDP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
"{0545B7FF-2348-4007-B1AF-5A0EB89AA42D}"= TCP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
"{B4C41D7C-7328-41AE-A0F0-DA2C9F9602A6}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-08-23 14:21]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-23 14:21]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 10:32]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-08-31 14:54]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 09:13]
S3 ST330;ST330;C:\Windows\system32\drivers\st330.sys [2007-11-19 16:08]
S3 STBUS;STBUS;C:\Windows\system32\drivers\stbus.sys [2007-11-19 16:08]
S3 stppp;Speedtouch PPP Adapter Adapter;C:\Windows\system32\DRIVERS\stppp.sys [2007-11-19 16:08]
.
Contenuto della cartella 'Scheduled Tasks'

2008-08-25 C:\Windows\Tasks\User_Feed_Synchronization-{A85B6C8C-972C-49F7-A517-B1D04EB9464C}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]

2007-11-20 C:\Windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Roby\AppData\Roaming\Mozilla\Firefox\Profiles\xj2q2enz.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 17:36:19
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-08-25 17:37:26
ComboFix-quarantined-files.txt 2008-08-25 15:37:23
ComboFix2.txt 2008-08-25 13:14:37
ComboFix3.txt 2008-08-25 12:41:58

Pre-Run: 323,861,876,736 byte disponibili
Post-Run: 323,828,654,080 byte disponibili

257 --- E O F --- 2008-08-21 13:12:35
Dhomochevsky
Newbie
 
Post: 5
Iscritto il: 25/08/08 09:17

Re: aiuto non ne posso più!!

Postdi Luke57 » 25/08/08 17:33

Ciao, questo è lo stesso, devi fare lo scan trascinandoci sopra il file di testo, preparato come ti ho suggerito.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: aiuto non ne posso più!!

Postdi Dhomochevsky » 25/08/08 18:36

OK... :oops:

Fatto, ho trascianto il file su ComboFix, questo è il rapporto:

ComboFix 08-08-24.02 - Roby 2008-08-25 19.29.38.5 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.1793 [GMT 2:00]
Eseguito da: C:\Users\Roby\Downloads\ComboFix.exe
Command switches used :: C:\QooBox\CFScript.txt
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\anqzkzmz
C:\ProgramData\anqzkzmz\kjolglab.exe
C:\ProgramData\ComSh
C:\ProgramData\ComSh\ajyhyhsz.exe
C:\ProgramData\wininfomsg
C:\Users\All Users\anqzkzmz\kjolglab.exe
C:\Users\All Users\ComSh\ajyhyhsz.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-07-25 al 2008-08-25 )))))))))))))))))))))))))))))))))))
.

2008-08-25 17:57 . 2008-08-25 19:25 <DIR> d-------- C:\Users\All Users\SysStrMsg
2008-08-25 17:57 . 2008-08-25 17:57 <DIR> d-------- C:\Users\All Users\ComDb
2008-08-25 17:57 . 2008-08-25 19:25 <DIR> d-------- C:\ProgramData\SysStrMsg
2008-08-25 17:57 . 2008-08-25 17:57 <DIR> d-------- C:\ProgramData\ComDb
2008-08-25 11:58 . 2008-08-25 17:42 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-25 11:58 . 2008-08-25 17:42 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-08-25 11:58 . 2008-08-25 12:00 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-25 09:36 . 2008-08-25 09:36 <DIR> d-------- C:\Users\All Users\DscMnt
2008-08-25 09:36 . 2008-08-25 09:36 <DIR> d-------- C:\Users\All Users\admmsg
2008-08-25 09:36 . 2008-08-25 09:36 <DIR> d-------- C:\ProgramData\DscMnt
2008-08-25 09:36 . 2008-08-25 09:36 <DIR> d-------- C:\ProgramData\admmsg
2008-08-24 20:34 . 2008-08-24 20:34 <DIR> d-------- C:\Program Files\CCleaner
2008-08-24 19:25 . 2008-08-24 19:25 <DIR> d-------- C:\Users\Roby\AppData\Roaming\Malwarebytes
2008-08-24 19:25 . 2008-08-24 19:25 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-24 19:25 . 2008-08-24 19:25 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-24 19:25 . 2008-08-24 19:25 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-24 19:25 . 2008-08-17 15:01 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-24 19:25 . 2008-08-17 15:01 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-24 14:20 . 2008-08-25 17:24 <DIR> d-------- C:\Program Files\ESET
2008-08-24 14:11 . 2008-08-24 14:32 <DIR> d-a------ C:\Users\All Users\TEMP
2008-08-24 14:11 . 2008-08-24 14:32 <DIR> d-a------ C:\ProgramData\TEMP
2008-08-24 12:05 . 2008-08-24 12:06 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-08-24 12:05 . 2008-08-24 12:06 <DIR> d-------- C:\ProgramData\Lavasoft
2008-08-23 14:45 . 2008-08-25 19:25 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-23 14:22 . 2008-08-23 14:22 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-08-23 14:21 . 2008-08-25 13:48 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-08-23 14:21 . 2008-08-23 14:21 <DIR> d-------- C:\Users\All Users\avg8
2008-08-23 14:21 . 2008-08-23 14:21 <DIR> d-------- C:\ProgramData\avg8
2008-08-23 14:21 . 2008-08-23 14:21 <DIR> d-------- C:\Program Files\AVG
2008-08-23 14:21 . 2008-08-23 14:21 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-08-22 13:01 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-22 13:01 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-22 13:01 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-22 13:01 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-22 13:01 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-22 13:01 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-22 13:01 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-22 13:01 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-22 13:01 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-13 20:09 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-13 20:04 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-13 20:04 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-13 20:03 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-13 20:03 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-13 20:03 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-01 12:09 . 2008-08-01 12:09 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-08-01 12:00 . 2008-08-01 12:00 <DIR> d-------- C:\Users\Roby\AppData\Roaming\DataCast
2008-08-01 12:00 . 2008-08-01 12:00 <DIR> d-------- C:\Program Files\Samsung
2008-08-01 12:00 . 2008-08-01 12:00 <DIR> d-------- C:\Program Files\MarkAny
2008-07-31 17:14 . 2008-08-23 19:14 <DIR> d-------- C:\Program Files\Starcraft
2008-07-25 21:33 . 2008-07-25 21:33 <DIR> d-------- C:\Windows\System32\tdk-screensaver-a03 dir
2008-07-25 21:33 . 2008-07-25 21:33 201,728 --a------ C:\Windows\System32\tdk-screensaver-a03.scr
2008-07-25 21:32 . 2008-07-25 21:32 <DIR> d-------- C:\Windows\System32\tdkScreensaver dir
2008-07-25 21:32 . 2008-07-25 21:32 201,728 --a------ C:\Windows\System32\tdkScreensaver.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 15:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-22 20:39 --------- d-----w C:\Program Files\THQ
2008-08-22 17:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-22 17:08 --------- d-----w C:\ProgramData\Media Center Programs
2008-08-22 17:05 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-22 17:04 --------- d-----w C:\Program Files\Microsoft Works
2008-08-22 16:57 --------- d-----w C:\ProgramData\eMule
2008-08-19 08:29 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-14 09:44 --------- d-----w C:\Users\Roby\AppData\Roaming\LimeWire
2008-08-13 18:11 --------- d-----w C:\Program Files\Windows Mail
2008-08-13 15:47 --------- d-----w C:\Program Files\Warcraft III
2008-07-22 17:58 --------- d-----w C:\Program Files\DivX
2008-07-21 07:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-18 18:38 586,752 ----a-w C:\Windows\WLXPGSS.SCR
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-11 12:41 21,248 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
2008-06-01 19:43 2,829 ----a-w C:\Windows\War3Unin.pif
2008-06-01 19:43 139,264 ----a-w C:\Windows\War3Unin.exe
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-04-17 15:35 174 --sha-w C:\Program Files\desktop.ini
2007-11-20 13:25 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-20 13:25 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-20 13:25 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-08-25_14.41.06.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-24 18:38:12 860,080 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-08-25 15:23:29 860,080 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-08-25 07:04:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-08-25 15:24:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-08-25 07:04:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-08-25 15:24:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-08-25 07:05:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-25 15:26:30 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-08-25 07:06:26 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-25 15:28:53 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-25 15:28:53 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-08-25 12:24:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-25 15:33:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-25 12:24:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-25 15:33:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-25 12:24:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-25 15:33:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-25 07:06:03 7,122 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3930960926-3077408177-1412927889-1001_UserData.bin
+ 2008-08-25 15:26:20 7,464 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3930960926-3077408177-1412927889-1001_UserData.bin
- 2008-08-25 07:06:03 61,194 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-25 15:26:20 61,536 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-25 07:06:02 41,984 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-25 15:26:19 43,760 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-06-01 13:40 1783400]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 17:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 13:13 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 02:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-10 19:57 92704]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-10 19:57 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-01-10 19:57 88608]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 17:19 132624]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-23 14:21 1232152]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 12:26 4874240 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CBCBEF4E-D83C-40F9-BAC4-4E0AF20765CE}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{CC0B2816-BDB4-4734-B50B-4C4A687B04F8}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{362A35EB-F954-4B64-AD2C-8174BEB44C19}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{5AA7D646-4ACC-477B-B770-E8FA4E0C7624}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{FA1A071D-29A5-4BC3-AC26-C4B8EBF6CFC6}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{C7556F01-EA18-4732-A7A5-30AAF6274D7A}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{5F631893-1EE6-4F23-9358-91314473724F}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{6EF99F4D-C8C9-477A-85A0-78B735433EF6}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{CCF7794F-2732-4964-9C9D-82D51A763E45}"= UDP:C:\Users\Roby\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
"{D772A8C6-B37B-4865-852C-5D3EC31FD04A}"= TCP:C:\Users\Roby\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
"{13D92EDA-8250-49EF-8392-417185772C31}"= UDP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{46B2F534-9D18-4D8A-B03D-DFF31DDD449A}"= TCP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{AF9AE7D2-F79F-4CF2-AA21-706497A68A38}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{03DCA60E-5742-4C83-A346-032BB9B6D416}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{218356BE-08FD-47BF-8B5E-337AAC0125E4}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{2B576221-D16C-4299-B947-A2D0B62F3580}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{54F50414-B270-40E0-AADA-2EDA72422BF1}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{EDE31453-2E0C-49B6-8133-9C01A16A0AE6}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{9E2174C1-EC67-416C-B57E-74BDFBBE0498}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{DC4070CC-7F0C-481E-934C-14FDB0004331}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{AC28FA20-1CD1-471B-AE82-E894549EB722}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{6AEFB000-CC3C-48F5-BE6C-A65EA4901A5B}C:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"UDP Query User{A64FB259-41E6-4130-B2C7-843C94693C04}C:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"TCP Query User{6F53A293-FD00-4326-AA7A-5423FA9E8256}C:\\program files\\thq\\dawn of war - soulstorm demo\\soulstorm.exe"= UDP:C:\program files\thq\dawn of war - soulstorm demo\soulstorm.exe:Soulstorm
"UDP Query User{7793BED4-8A2F-4CD0-90F4-CE4CFD121994}C:\\program files\\thq\\dawn of war - soulstorm demo\\soulstorm.exe"= TCP:C:\program files\thq\dawn of war - soulstorm demo\soulstorm.exe:Soulstorm
"{C58FDCE5-7C30-4AA3-977C-5CD17814FF65}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{A69BE9AA-0636-4B6A-AC36-774973DF1BF5}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"TCP Query User{E1808766-DFCB-4C7E-9489-285CB2F48696}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{B797C6B4-03EA-4442-A7E6-9B1F245EB1A1}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{74DF18AD-B578-4BFD-8954-C55588CA557C}C:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= UDP:C:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"UDP Query User{ACC56A1A-DBAE-4B5D-9EFB-7FBAF53BCF4E}C:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= TCP:C:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"TCP Query User{F1CD67B4-07ED-49BB-8C29-DB2E4F8048CC}C:\\users\\roby\\desktop\\zerg_reveal_final_englishus_xvid.avi-downloader.exe"= UDP:C:\users\roby\desktop\zerg_reveal_final_englishus_xvid.avi-downloader.exe:zerg_reveal_final_englishus_xvid.avi-downloader.exe
"UDP Query User{EA4FE1D6-557B-4D5A-8E16-2C8A1DF9BB07}C:\\users\\roby\\desktop\\zerg_reveal_final_englishus_xvid.avi-downloader.exe"= TCP:C:\users\roby\desktop\zerg_reveal_final_englishus_xvid.avi-downloader.exe:zerg_reveal_final_englishus_xvid.avi-downloader.exe
"{935CEABA-32C2-4030-A024-EEDEFEBC30B7}"= UDP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
"{0545B7FF-2348-4007-B1AF-5A0EB89AA42D}"= TCP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
"{B4C41D7C-7328-41AE-A0F0-DA2C9F9602A6}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-08-23 14:21]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-23 14:21]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 10:32]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-08-31 14:54]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 09:13]
S3 ST330;ST330;C:\Windows\system32\drivers\st330.sys [2007-11-19 16:08]
S3 STBUS;STBUS;C:\Windows\system32\drivers\stbus.sys [2007-11-19 16:08]
S3 stppp;Speedtouch PPP Adapter Adapter;C:\Windows\system32\DRIVERS\stppp.sys [2007-11-19 16:08]
.
Contenuto della cartella 'Scheduled Tasks'

2008-08-25 C:\Windows\Tasks\User_Feed_Synchronization-{A85B6C8C-972C-49F7-A517-B1D04EB9464C}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]

2007-11-20 C:\Windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 19:31:01
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-08-25 19:32:06
ComboFix-quarantined-files.txt 2008-08-25 17:32:03
ComboFix2.txt 2008-08-25 15:37:27
ComboFix3.txt 2008-08-25 13:14:37
ComboFix4.txt 2008-08-25 12:41:58

Pre-Run: 320,372,641,792 byte disponibili
Post-Run: 320,342,433,792 byte disponibili

260 --- E O F --- 2008-08-21 13:12:35
Dhomochevsky
Newbie
 
Post: 5
Iscritto il: 25/08/08 09:17

Re: aiuto non ne posso più!!

Postdi Dhomochevsky » 25/08/08 18:47

:o
...ho sbagliato, mi ero dimenticato di mettere il file di testo nella stessa directory di ComboFix...
Quindi ho rifatto, ecco cosa m'ha scritto:

ComboFix 08-08-24.02 - Roby 2008-08-25 19.39.57.6 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.1783 [GMT 2:00]
Eseguito da: C:\Users\Roby\Downloads\ComboFix.exe
Command switches used :: C:\Users\Roby\Downloads\CFScript.txt
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2008-07-25 al 2008-08-25 )))))))))))))))))))))))))))))))))))
.

2008-08-25 17:57 . 2008-08-25 19:25 <DIR> d-------- C:\Users\All Users\SysStrMsg
2008-08-25 17:57 . 2008-08-25 17:57 <DIR> d-------- C:\Users\All Users\ComDb
2008-08-25 17:57 . 2008-08-25 19:25 <DIR> d-------- C:\ProgramData\SysStrMsg
2008-08-25 17:57 . 2008-08-25 17:57 <DIR> d-------- C:\ProgramData\ComDb
2008-08-25 11:58 . 2008-08-25 17:42 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-25 11:58 . 2008-08-25 17:42 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-08-25 11:58 . 2008-08-25 12:00 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-25 09:36 . 2008-08-25 09:36 <DIR> d-------- C:\Users\All Users\DscMnt
2008-08-25 09:36 . 2008-08-25 09:36 <DIR> d-------- C:\Users\All Users\admmsg
2008-08-25 09:36 . 2008-08-25 09:36 <DIR> d-------- C:\ProgramData\DscMnt
2008-08-25 09:36 . 2008-08-25 09:36 <DIR> d-------- C:\ProgramData\admmsg
2008-08-24 20:34 . 2008-08-24 20:34 <DIR> d-------- C:\Program Files\CCleaner
2008-08-24 19:25 . 2008-08-24 19:25 <DIR> d-------- C:\Users\Roby\AppData\Roaming\Malwarebytes
2008-08-24 19:25 . 2008-08-24 19:25 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-24 19:25 . 2008-08-24 19:25 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-24 19:25 . 2008-08-24 19:25 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-24 19:25 . 2008-08-17 15:01 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-24 19:25 . 2008-08-17 15:01 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-24 14:20 . 2008-08-25 17:24 <DIR> d-------- C:\Program Files\ESET
2008-08-24 14:11 . 2008-08-24 14:32 <DIR> d-a------ C:\Users\All Users\TEMP
2008-08-24 14:11 . 2008-08-24 14:32 <DIR> d-a------ C:\ProgramData\TEMP
2008-08-24 12:05 . 2008-08-24 12:06 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-08-24 12:05 . 2008-08-24 12:06 <DIR> d-------- C:\ProgramData\Lavasoft
2008-08-23 14:45 . 2008-08-25 19:25 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-23 14:22 . 2008-08-23 14:22 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-08-23 14:21 . 2008-08-25 13:48 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-08-23 14:21 . 2008-08-23 14:21 <DIR> d-------- C:\Users\All Users\avg8
2008-08-23 14:21 . 2008-08-23 14:21 <DIR> d-------- C:\ProgramData\avg8
2008-08-23 14:21 . 2008-08-23 14:21 <DIR> d-------- C:\Program Files\AVG
2008-08-23 14:21 . 2008-08-23 14:21 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-08-22 13:01 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-22 13:01 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-22 13:01 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-22 13:01 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-22 13:01 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-22 13:01 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-22 13:01 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-22 13:01 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-22 13:01 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-13 20:09 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-13 20:04 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-13 20:04 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-13 20:03 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-13 20:03 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-13 20:03 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-01 12:09 . 2008-08-01 12:09 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-08-01 12:00 . 2008-08-01 12:00 <DIR> d-------- C:\Users\Roby\AppData\Roaming\DataCast
2008-08-01 12:00 . 2008-08-01 12:00 <DIR> d-------- C:\Program Files\Samsung
2008-08-01 12:00 . 2008-08-01 12:00 <DIR> d-------- C:\Program Files\MarkAny
2008-07-31 17:14 . 2008-08-23 19:14 <DIR> d-------- C:\Program Files\Starcraft
2008-07-25 21:33 . 2008-07-25 21:33 <DIR> d-------- C:\Windows\System32\tdk-screensaver-a03 dir
2008-07-25 21:33 . 2008-07-25 21:33 201,728 --a------ C:\Windows\System32\tdk-screensaver-a03.scr
2008-07-25 21:32 . 2008-07-25 21:32 <DIR> d-------- C:\Windows\System32\tdkScreensaver dir
2008-07-25 21:32 . 2008-07-25 21:32 201,728 --a------ C:\Windows\System32\tdkScreensaver.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 15:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-22 20:39 --------- d-----w C:\Program Files\THQ
2008-08-22 17:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-22 17:08 --------- d-----w C:\ProgramData\Media Center Programs
2008-08-22 17:05 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-22 17:04 --------- d-----w C:\Program Files\Microsoft Works
2008-08-22 16:57 --------- d-----w C:\ProgramData\eMule
2008-08-19 08:29 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-14 09:44 --------- d-----w C:\Users\Roby\AppData\Roaming\LimeWire
2008-08-13 18:11 --------- d-----w C:\Program Files\Windows Mail
2008-08-13 15:47 --------- d-----w C:\Program Files\Warcraft III
2008-07-22 17:58 --------- d-----w C:\Program Files\DivX
2008-07-21 07:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-18 18:38 586,752 ----a-w C:\Windows\WLXPGSS.SCR
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-11 12:41 21,248 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
2008-06-01 19:43 2,829 ----a-w C:\Windows\War3Unin.pif
2008-06-01 19:43 139,264 ----a-w C:\Windows\War3Unin.exe
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-04-17 15:35 174 --sha-w C:\Program Files\desktop.ini
2007-11-20 13:25 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-20 13:25 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-20 13:25 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-08-25_14.41.06.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-24 18:38:12 860,080 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-08-25 15:23:29 860,080 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-08-25 07:04:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-08-25 15:24:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-08-25 07:04:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-08-25 15:24:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-08-25 07:05:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-25 15:26:30 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-08-25 07:06:26 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-25 15:28:53 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-25 15:28:53 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-08-25 12:24:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-25 15:33:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-25 12:24:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-25 15:33:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-25 12:24:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-25 15:33:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-25 07:06:03 7,122 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3930960926-3077408177-1412927889-1001_UserData.bin
+ 2008-08-25 15:26:20 7,464 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3930960926-3077408177-1412927889-1001_UserData.bin
- 2008-08-25 07:06:03 61,194 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-25 15:26:20 61,536 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-25 07:06:02 41,984 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-25 15:26:19 43,760 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-06-01 13:40 1783400]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 17:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 13:13 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 02:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-10 19:57 92704]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-10 19:57 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-01-10 19:57 88608]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 17:19 132624]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-23 14:21 1232152]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 12:26 4874240 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CBCBEF4E-D83C-40F9-BAC4-4E0AF20765CE}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{CC0B2816-BDB4-4734-B50B-4C4A687B04F8}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{362A35EB-F954-4B64-AD2C-8174BEB44C19}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{5AA7D646-4ACC-477B-B770-E8FA4E0C7624}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{FA1A071D-29A5-4BC3-AC26-C4B8EBF6CFC6}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{C7556F01-EA18-4732-A7A5-30AAF6274D7A}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{5F631893-1EE6-4F23-9358-91314473724F}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{6EF99F4D-C8C9-477A-85A0-78B735433EF6}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{CCF7794F-2732-4964-9C9D-82D51A763E45}"= UDP:C:\Users\Roby\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
"{D772A8C6-B37B-4865-852C-5D3EC31FD04A}"= TCP:C:\Users\Roby\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
"{13D92EDA-8250-49EF-8392-417185772C31}"= UDP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{46B2F534-9D18-4D8A-B03D-DFF31DDD449A}"= TCP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{AF9AE7D2-F79F-4CF2-AA21-706497A68A38}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{03DCA60E-5742-4C83-A346-032BB9B6D416}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{218356BE-08FD-47BF-8B5E-337AAC0125E4}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{2B576221-D16C-4299-B947-A2D0B62F3580}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{54F50414-B270-40E0-AADA-2EDA72422BF1}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{EDE31453-2E0C-49B6-8133-9C01A16A0AE6}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{9E2174C1-EC67-416C-B57E-74BDFBBE0498}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{DC4070CC-7F0C-481E-934C-14FDB0004331}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{AC28FA20-1CD1-471B-AE82-E894549EB722}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{6AEFB000-CC3C-48F5-BE6C-A65EA4901A5B}C:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"UDP Query User{A64FB259-41E6-4130-B2C7-843C94693C04}C:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"TCP Query User{6F53A293-FD00-4326-AA7A-5423FA9E8256}C:\\program files\\thq\\dawn of war - soulstorm demo\\soulstorm.exe"= UDP:C:\program files\thq\dawn of war - soulstorm demo\soulstorm.exe:Soulstorm
"UDP Query User{7793BED4-8A2F-4CD0-90F4-CE4CFD121994}C:\\program files\\thq\\dawn of war - soulstorm demo\\soulstorm.exe"= TCP:C:\program files\thq\dawn of war - soulstorm demo\soulstorm.exe:Soulstorm
"{C58FDCE5-7C30-4AA3-977C-5CD17814FF65}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{A69BE9AA-0636-4B6A-AC36-774973DF1BF5}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"TCP Query User{E1808766-DFCB-4C7E-9489-285CB2F48696}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{B797C6B4-03EA-4442-A7E6-9B1F245EB1A1}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{74DF18AD-B578-4BFD-8954-C55588CA557C}C:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= UDP:C:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"UDP Query User{ACC56A1A-DBAE-4B5D-9EFB-7FBAF53BCF4E}C:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= TCP:C:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"TCP Query User{F1CD67B4-07ED-49BB-8C29-DB2E4F8048CC}C:\\users\\roby\\desktop\\zerg_reveal_final_englishus_xvid.avi-downloader.exe"= UDP:C:\users\roby\desktop\zerg_reveal_final_englishus_xvid.avi-downloader.exe:zerg_reveal_final_englishus_xvid.avi-downloader.exe
"UDP Query User{EA4FE1D6-557B-4D5A-8E16-2C8A1DF9BB07}C:\\users\\roby\\desktop\\zerg_reveal_final_englishus_xvid.avi-downloader.exe"= TCP:C:\users\roby\desktop\zerg_reveal_final_englishus_xvid.avi-downloader.exe:zerg_reveal_final_englishus_xvid.avi-downloader.exe
"{935CEABA-32C2-4030-A024-EEDEFEBC30B7}"= UDP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
"{0545B7FF-2348-4007-B1AF-5A0EB89AA42D}"= TCP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
"{B4C41D7C-7328-41AE-A0F0-DA2C9F9602A6}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-08-23 14:21]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-23 14:21]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 10:32]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-08-31 14:54]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 09:13]
S3 ST330;ST330;C:\Windows\system32\drivers\st330.sys [2007-11-19 16:08]
S3 STBUS;STBUS;C:\Windows\system32\drivers\stbus.sys [2007-11-19 16:08]
S3 stppp;Speedtouch PPP Adapter Adapter;C:\Windows\system32\DRIVERS\stppp.sys [2007-11-19 16:08]
.
Contenuto della cartella 'Scheduled Tasks'

2008-08-25 C:\Windows\Tasks\User_Feed_Synchronization-{A85B6C8C-972C-49F7-A517-B1D04EB9464C}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]

2007-11-20 C:\Windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 19:41:18
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-08-25 19:42:24
ComboFix-quarantined-files.txt 2008-08-25 17:42:21
ComboFix2.txt 2008-08-25 17:32:06
ComboFix3.txt 2008-08-25 15:37:27
ComboFix4.txt 2008-08-25 13:14:37
ComboFix5.txt 2008-08-25 17:39:27

Pre-Run: 321,082,421,248 byte disponibili
Post-Run: 321,047,126,016 byte disponibili

251 --- E O F --- 2008-08-21 13:12:35
Dhomochevsky
Newbie
 
Post: 5
Iscritto il: 25/08/08 09:17

Re: aiuto non ne posso più!!

Postdi krukko » 27/08/08 11:37

ciao!!
anche io come DIRRTYMATRIX ed altri ho questo problema con virus trojan come trojan-spy.win32.keylogger.aa,trojan-clicker.win32.tiny.h,trojan-spy.win32.greenscreen...e mi continuano a spuntare avvisi di virus firmati windows security alert che linkano a siti che "invitano" ad acquistare antivirus.
ho fatto scansioni con malwarebytes e Ccleaner ma non hanno dato risultati.
leggendo altri forum, viene consigliato di ricercare il file che supporta lo spyware ed eliminarlo (come ha consigliato anche luke57) ma non so come trovare questo file di supporto per lo spyware.

confido in un rapido aiuto da parte di qualcuno, come il sempre disponibile luke57.

grazie 1000
krukko
Newbie
 
Post: 9
Iscritto il: 27/08/08 11:23

Re: aiuto non ne posso più!!

Postdi Luke57 » 27/08/08 12:08

krukko ha scritto:ciao!!
anche io come DIRRTYMATRIX ed altri ho questo problema con virus trojan come trojan-spy.win32.keylogger.aa,trojan-clicker.win32.tiny.h,trojan-spy.win32.greenscreen...e mi continuano a spuntare avvisi di virus firmati windows security alert che linkano a siti che "invitano" ad acquistare antivirus.
ho fatto scansioni con malwarebytes e Ccleaner ma non hanno dato risultati.
leggendo altri forum, viene consigliato di ricercare il file che supporta lo spyware ed eliminarlo (come ha consigliato anche luke57) ma non so come trovare questo file di supporto per lo spyware.

confido in un rapido aiuto da parte di qualcuno, come il sempre disponibile luke57.

grazie 1000

Ciao, utilizza combofix come spiegato in un mio post pecedente e posta il suo report.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: aiuto non ne posso più!!

Postdi krukko » 27/08/08 12:39

ciao luke57...grazie per la rapida risposta

ecco il report

ComboFix 08-08-26.02 - Pc 2008-08-27 13:30:06.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.599 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Pc\Desktop\ComboFix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-07-27 al 2008-08-27 )))))))))))))))))))))))))))))))))))
.

2008-08-27 13:12 . 2008-08-27 13:12 203,776 --a------ C:\WINDOWS\system32\wvmvqzux.exe
2008-08-27 13:12 . 2008-08-27 13:12 86,016 --a------ C:\WINDOWS\system32\crspwzwj.exe
2008-08-27 11:15 . 2008-08-27 11:15 90,112 --a------ C:\WINDOWS\system32\kpormnyv.exe
2008-08-27 10:58 . 2008-08-27 10:58 <DIR> d-------- C:\Programmi\CCleaner
2008-08-27 10:22 . 2008-08-27 10:22 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-08-27 10:22 . 2008-08-27 10:22 <DIR> d-------- C:\Documents and Settings\Pc\Dati applicazioni\Malwarebytes
2008-08-27 10:22 . 2008-08-27 10:22 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-08-27 10:22 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-27 10:22 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-27 09:52 . 2008-08-27 12:04 <DIR> d-------- C:\Programmi\Enigma Software Group
2008-08-27 09:24 . 2008-08-27 09:37 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-08-27 00:58 . 2008-08-27 00:58 94,208 --a------ C:\WINDOWS\system32\bwnejmzm.exe
2008-08-27 00:50 . 2008-08-27 00:50 610 --a------ C:\WINDOWS\wininit.ini
2008-08-26 23:58 . 2008-08-27 00:12 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-08-26 23:58 . 2008-08-27 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-08-26 23:47 . 2008-08-26 23:47 <DIR> d-------- C:\Programmi\Lavasoft
2008-08-26 23:44 . 2008-08-26 23:45 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-08-26 23:32 . 2008-08-26 23:32 <DIR> d-------- C:\Programmi\icbcrke
2008-08-26 23:32 . 2008-08-26 23:32 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\lelgfoxw
2008-08-26 23:32 . 2008-08-26 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\anabovit
2008-08-26 23:32 . 2008-08-26 23:32 94,208 --a------ C:\WINDOWS\system32\rsbytkri.exe
2008-08-16 16:04 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-12 16:27 . 2008-08-12 16:27 268 --ah----- C:\sqmdata04.sqm
2008-08-12 16:27 . 2008-08-12 16:27 244 --ah----- C:\sqmnoopt04.sqm
2008-08-04 20:11 . 2008-08-05 10:04 <DIR> d-------- C:\Documents and Settings\Pc\Dati applicazioni\U3
2008-08-03 15:21 . 2008-08-26 12:55 <DIR> d-------- C:\Documents and Settings\Pc\Dati applicazioni\Skype
2008-08-03 15:20 . 2008-08-03 15:20 <DIR> d-------- C:\Programmi\Skype
2008-08-03 15:20 . 2008-08-03 15:20 <DIR> d-------- C:\Programmi\File comuni\Skype
2008-08-03 14:10 . 2008-08-26 12:46 <DIR> d-------- C:\Documents and Settings\Pc\Dati applicazioni\skypePM
2008-08-03 14:10 . 2008-08-03 14:10 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-08-03 14:04 . 2008-08-04 12:07 <DIR> d-------- C:\Programmi\Google
2008-08-03 14:02 . 2008-08-03 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-07-27 16:38 . 2008-07-27 16:38 <DIR> d-------- C:\Documents and Settings\Pc\Dati applicazioni\GARMIN
2008-07-27 16:37 . 2008-07-27 16:37 <DIR> d-------- C:\Programmi\Garmin
2008-07-27 16:17 . 2008-07-27 16:37 <DIR> d-------- C:\Garmin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 21:46 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-08-26 21:10 --------- d-----w C:\Programmi\eMule
2008-08-25 15:31 --------- d-----w C:\Programmi\Microsoft Silverlight
2008-07-03 08:24 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-03 08:24 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-30 16:42 --------- d-----w C:\Programmi\File comuni\Adobe
2008-06-30 16:40 --------- d-----w C:\Documents and Settings\Pc\Dati applicazioni\AdobeUM
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 12:00 15360]
"TOSCDSPD"="C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 10:14 65536]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"NBJ"="C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 20:14 1867776]
"StrActSh"="C:\WINDOWS\system32\rsbytkri.exe" [2008-08-26 23:32 94208]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]
"WebSmartApl"="C:\WINDOWS\system32\bwnejmzm.exe" [2008-08-27 00:58 94208]
"uisrvwin"="C:\WINDOWS\system32\crspwzwj.exe" [2008-08-27 13:12 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\WINDOWS\system32\thpsrv" [X]
"SoundMAXPnP"="C:\Programmi\Analog Devices\Core\smax4pnp.exe" [2005-05-20 17:11 925696]
"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2006-03-29 08:59 253952]
"Apoint"="C:\Programmi\Apoint2K\Apoint.exe" [2004-03-24 07:40 196608]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 22:55 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 22:52 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 22:55 118784]
"SmoothView"="C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 13:33 118784]
"TouchED"="C:\Programmi\TOSHIBA\TouchED\TouchED.Exe" [2005-09-01 15:21 102400]
"PadTouch"="C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-22 14:16 1077330]
"Tvs"="C:\Programmi\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 13:11 73728]
"TosHKCW.exe"="C:\Programmi\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 11:42 49152]
"DDWMon"="C:\Programmi\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-03-30 12:51 262144]
"IntelZeroConfig"="C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 13:37 667718]
"IntelWireless"="C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 12:41 602182]
"PSQLLauncher"="C:\Programmi\Protector Suite QL\launcher.exe" [2006-02-24 11:37 30208]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"Symantec PIF AlertEng"="C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-03 10:24 1232152]
"000StTHK"="000StTHK.exe" [2001-06-23 04:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 15:29 88203 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2006-03-27 16:13 299008 C:\WINDOWS\system32\TPSMain.exe]
"TPSODDCtl"="TPSODDCtl.exe" [2006-03-27 16:13 102400 C:\WINDOWS\system32\TPSODDCtl.exe]
"TFNF5"="TFNF5.exe" [2006-03-17 02:34 593920 C:\WINDOWS\system32\TFNF5.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 12:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"FM4Qan0ShG"="C:\Documents and Settings\All Users\Dati applicazioni\lelgfoxw\nizebono.exe" [2008-08-26 23:32 61440]

C:\Documents and Settings\Pc\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 13:49:52 64864]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Bluetooth Manager.lnk - C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-02-02 22:19:10 1753088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SrvMsgStr"= {40E7D30F-1F19-3ED8-C5DC-0066240737B3} - C:\Programmi\icbcrke\SrvMsgStr.dll [2008-08-26 23:32 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-24 11:49 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.l3codec"= l3codecp.acm
"msacm.divxa32"= divxa32.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\WINDOWS\system32\DRIVERS\thpdrv.sys [2004-12-27 23:31]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\WINDOWS\system32\DRIVERS\Thpevm.SYS [2004-11-13 12:24]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-03 10:24]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-03 10:24]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 10:24]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-03 10:24]
R2 FdRedir;FdRedir;C:\Programmi\File comuni\Protector Suite QL\Drivers\FdRedir.sys [2006-02-24 12:01]
R2 FileDisk2;FileDisk Protector Kernel Driver;C:\Programmi\File comuni\Protector Suite QL\Drivers\filedisk.sys [2006-02-24 12:01]
R2 smihlp;SMI helper driver;C:\Programmi\Protector Suite QL\smihlp.sys [2006-02-24 11:34]
R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-03-06 19:28]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 18:45]
S3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 22:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95aade05-0f94-11dd-b5af-0015b714ce5e}]
\Shell\AutoRun\command - E:\OnSpcLCK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4a9a88a-6250-11dd-b767-0015b714ce5e}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = www.google.it/
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://gamenextit.oberon-media.com/Game ... meHost.cab
C:\WINDOWS\Downloaded Program Files\OberonGameHost_dbg.inf
C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 13:33:54
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


C:\WINDOWS\system32\lmjabqjc.exe 86016 bytes executable

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmi\Toshiba\ConfigFree\CFSvcs.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\Toshiba\ConfigFree\NDSTray.exe
C:\Programmi\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe
C:\Programmi\Apoint2K\ApntEx.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Programmi\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Programmi\Toshiba\ConfigFree\CFSServ.exe
C:\Programmi\Protector Suite QL\psqltray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Programmi\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Ora fine scansione: 2008-08-27 13:37:05 - machine was rebooted [Pc]
ComboFix-quarantined-files.txt 2008-08-27 11:36:59

Pre-Run: 69,814,177,792 byte disponibili
Post-Run: 69,750,812,672 byte disponibili

215 --- E O F --- 2008-08-25 15:31:10
krukko
Newbie
 
Post: 9
Iscritto il: 27/08/08 11:23

Re: aiuto non ne posso più!!

Postdi krukko » 27/08/08 12:56

luke57...ora probabilmente mi darai uno script da salvare con nome CFScript.txt nella stessa direzione di combofix.
nel mio caso combofix sta in (C:)....mi limito a salvarlo in C: oppure, cliccando due volte su C: , si aprono altre sottofinestre di cui 2 sono relative a combofix (una cartella vuota e un file di testo che penso sia il primo report che ti ho postato)....insomma lo salvo in C: o in una sua sottofinestra relativa a combofix? (cartella vuota o file di testo)?

grazie per la pazienza ;)
krukko
Newbie
 
Post: 9
Iscritto il: 27/08/08 11:23

Re: aiuto non ne posso più!!

Postdi krukko » 27/08/08 13:01

ehehe....poi....una volta salvato nella stessa direzione di combofix....dovrei trascinarlo da C: (ossia da dove l'ho salvato) sull'icona di combofix che ho sul desktop e avviare una nuova scansione?
krukko
Newbie
 
Post: 9
Iscritto il: 27/08/08 11:23

Re: aiuto non ne posso più!!

Postdi Luke57 » 27/08/08 13:07

Ciao, apri un file di testo (dal blocco note di windows), copia questo codice:

Codice: Seleziona tutto
File::
C:\WINDOWS\system32\wvmvqzux.exe
C:\WINDOWS\system32\crspwzwj.exe
C:\WINDOWS\system32\kpormnyv.exe
C:\WINDOWS\system32\bwnejmzm.exe
C:\WINDOWS\system32\rsbytkri.exe
C:\WINDOWS\system32\lmjabqjc.exe

Folder::
C:\Programmi\icbcrke
C:\Documents and Settings\All Users\Dati applicazioni\lelgfoxw
C:\Documents and Settings\All Users\Dati applicazioni\anabovit

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebSmartApl"=-
"uisrvwin"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"FM4Qan0ShG"=-


incollalo nel file di testo, salva il file nella stessa direzione di combofix, chiamandolo obbligatoriamente CFScript.txt trascinalo con il puntatore del mouse sull'icona di combofix per una nuova scansione ed eventuale riavvio. Posta il nuovo report, se prodotto.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: aiuto non ne posso più!!

Postdi krukko » 27/08/08 13:15

ecco il nuovo report :


ComboFix 08-08-26.02 - Pc 2008-08-27 14.11.37.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.581 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Pc\Desktop\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

FILE ::
C:\WINDOWS\system32\bwnejmzm.exe
C:\WINDOWS\system32\crspwzwj.exe
C:\WINDOWS\system32\kpormnyv.exe
C:\WINDOWS\system32\lmjabqjc.exe
C:\WINDOWS\system32\rsbytkri.exe
C:\WINDOWS\system32\wvmvqzux.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dati applicazioni\anabovit
C:\Documents and Settings\All Users\Dati applicazioni\lelgfoxw
C:\Documents and Settings\All Users\Dati applicazioni\lelgfoxw\nizebono.exe
C:\Programmi\icbcrke
C:\Programmi\icbcrke\SrvMsgStr.dll
C:\WINDOWS\system32\bwnejmzm.exe
C:\WINDOWS\system32\crspwzwj.exe
C:\WINDOWS\system32\kpormnyv.exe
C:\WINDOWS\system32\lmjabqjc.exe
C:\WINDOWS\system32\rsbytkri.exe
C:\WINDOWS\system32\wvmvqzux.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-07-27 al 2008-08-27 )))))))))))))))))))))))))))))))))))
.

2008-08-27 13:35 . 2008-08-27 13:35 203,776 --a------ C:\WINDOWS\system32\bkvifqpw.exe
2008-08-27 10:58 . 2008-08-27 10:58 <DIR> d-------- C:\Programmi\CCleaner
2008-08-27 10:22 . 2008-08-27 10:22 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-08-27 10:22 . 2008-08-27 10:22 <DIR> d-------- C:\Documents and Settings\Pc\Dati applicazioni\Malwarebytes
2008-08-27 10:22 . 2008-08-27 10:22 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-08-27 10:22 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-27 10:22 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-27 09:52 . 2008-08-27 12:04 <DIR> d-------- C:\Programmi\Enigma Software Group
2008-08-27 09:24 . 2008-08-27 09:37 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-08-27 00:50 . 2008-08-27 00:50 610 --a------ C:\WINDOWS\wininit.ini
2008-08-26 23:58 . 2008-08-27 00:12 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-08-26 23:58 . 2008-08-27 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-08-26 23:47 . 2008-08-26 23:47 <DIR> d-------- C:\Programmi\Lavasoft
2008-08-26 23:44 . 2008-08-26 23:45 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-08-16 16:04 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-12 16:27 . 2008-08-12 16:27 268 --ah----- C:\sqmdata04.sqm
2008-08-12 16:27 . 2008-08-12 16:27 244 --ah----- C:\sqmnoopt04.sqm
2008-08-04 20:11 . 2008-08-05 10:04 <DIR> d-------- C:\Documents and Settings\Pc\Dati applicazioni\U3
2008-08-03 15:21 . 2008-08-26 12:55 <DIR> d-------- C:\Documents and Settings\Pc\Dati applicazioni\Skype
2008-08-03 15:20 . 2008-08-03 15:20 <DIR> d-------- C:\Programmi\Skype
2008-08-03 15:20 . 2008-08-03 15:20 <DIR> d-------- C:\Programmi\File comuni\Skype
2008-08-03 14:10 . 2008-08-26 12:46 <DIR> d-------- C:\Documents and Settings\Pc\Dati applicazioni\skypePM
2008-08-03 14:10 . 2008-08-03 14:10 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-08-03 14:04 . 2008-08-04 12:07 <DIR> d-------- C:\Programmi\Google
2008-08-03 14:02 . 2008-08-03 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-07-27 16:38 . 2008-07-27 16:38 <DIR> d-------- C:\Documents and Settings\Pc\Dati applicazioni\GARMIN
2008-07-27 16:37 . 2008-07-27 16:37 <DIR> d-------- C:\Programmi\Garmin
2008-07-27 16:17 . 2008-07-27 16:37 <DIR> d-------- C:\Garmin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 21:46 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-08-26 21:10 --------- d-----w C:\Programmi\eMule
2008-08-25 15:31 --------- d-----w C:\Programmi\Microsoft Silverlight
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:17 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-03 08:24 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-03 08:24 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-03 08:24 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-30 16:42 --------- d-----w C:\Programmi\File comuni\Adobe
2008-06-30 16:40 --------- d-----w C:\Documents and Settings\Pc\Dati applicazioni\AdobeUM
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:15 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 12:00 15360]
"TOSCDSPD"="C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 10:14 65536]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"NBJ"="C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 20:14 1867776]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\WINDOWS\system32\thpsrv" [X]
"SoundMAXPnP"="C:\Programmi\Analog Devices\Core\smax4pnp.exe" [2005-05-20 17:11 925696]
"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2006-03-29 08:59 253952]
"Apoint"="C:\Programmi\Apoint2K\Apoint.exe" [2004-03-24 07:40 196608]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 22:55 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 22:52 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 22:55 118784]
"SmoothView"="C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 13:33 118784]
"TouchED"="C:\Programmi\TOSHIBA\TouchED\TouchED.Exe" [2005-09-01 15:21 102400]
"PadTouch"="C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-22 14:16 1077330]
"Tvs"="C:\Programmi\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 13:11 73728]
"TosHKCW.exe"="C:\Programmi\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 11:42 49152]
"DDWMon"="C:\Programmi\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-03-30 12:51 262144]
"IntelZeroConfig"="C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 13:37 667718]
"IntelWireless"="C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 12:41 602182]
"PSQLLauncher"="C:\Programmi\Protector Suite QL\launcher.exe" [2006-02-24 11:37 30208]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"Symantec PIF AlertEng"="C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-03 10:24 1232152]
"000StTHK"="000StTHK.exe" [2001-06-23 04:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 15:29 88203 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2006-03-27 16:13 299008 C:\WINDOWS\system32\TPSMain.exe]
"TPSODDCtl"="TPSODDCtl.exe" [2006-03-27 16:13 102400 C:\WINDOWS\system32\TPSODDCtl.exe]
"TFNF5"="TFNF5.exe" [2006-03-17 02:34 593920 C:\WINDOWS\system32\TFNF5.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 12:00 15360]

C:\Documents and Settings\Pc\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 13:49:52 64864]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Bluetooth Manager.lnk - C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-02-02 22:19:10 1753088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-24 11:49 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.l3codec"= l3codecp.acm
"msacm.divxa32"= divxa32.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\WINDOWS\system32\DRIVERS\thpdrv.sys [2004-12-27 23:31]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\WINDOWS\system32\DRIVERS\Thpevm.SYS [2004-11-13 12:24]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-03 10:24]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-03 10:24]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 10:24]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-03 10:24]
R2 FdRedir;FdRedir;C:\Programmi\File comuni\Protector Suite QL\Drivers\FdRedir.sys [2006-02-24 12:01]
R2 FileDisk2;FileDisk Protector Kernel Driver;C:\Programmi\File comuni\Protector Suite QL\Drivers\filedisk.sys [2006-02-24 12:01]
R2 smihlp;SMI helper driver;C:\Programmi\Protector Suite QL\smihlp.sys [2006-02-24 11:34]
R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-03-06 19:28]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 18:45]
S3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 22:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95aade05-0f94-11dd-b5af-0015b714ce5e}]
\Shell\AutoRun\command - E:\OnSpcLCK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4a9a88a-6250-11dd-b767-0015b714ce5e}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-StrActSh - C:\WINDOWS\system32\rsbytkri.exe
SSODL-SrvMsgStr-{40E7D30F-1F19-3ED8-C5DC-0066240737B3} - C:\Programmi\icbcrke\SrvMsgStr.dll



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 14:12:48
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-08-27 14:13:21
ComboFix-quarantined-files.txt 2008-08-27 12:13:17
ComboFix2.txt 2008-08-27 11:37:05

Pre-Run: 69,735,940,096 byte disponibili
Post-Run: 69,727,375,360 byte disponibili

197 --- E O F --- 2008-08-25 15:31:10
krukko
Newbie
 
Post: 9
Iscritto il: 27/08/08 11:23

Re: aiuto non ne posso più!!

Postdi krukko » 27/08/08 14:08

questo è il report della scansione con malwarebytes :

Malwarebytes' Anti-Malware 1.25
Versione del database: 1088
Windows 5.1.2600 Service Pack 2

15.06.41 27/08/2008
mbam-log-08-27-2008 (15-06-41).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 81952
Tempo trascorso: 24 minute(s), 16 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
krukko
Newbie
 
Post: 9
Iscritto il: 27/08/08 11:23

Re: aiuto non ne posso più!!

Postdi Luke57 » 27/08/08 14:55

Ciao, mi era sfuggita una cosa, stavolta all'interno del file CFScript.txt incolla 'sto codice:

Codice: Seleziona tutto
File::
C:\WINDOWS\system32\bkvifqpw.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95aade05-0f94-11dd-b5af-0015b714ce5e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4a9a88a-6250-11dd-b767-0015b714ce5e}]


solita manovra, poi dovresti essere a posto.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: aiuto non ne posso più!!

Postdi krukko » 27/08/08 15:46

mmm...
...ho spento e riacceso dopo un pò il pc....e non solo non mi sono comparse più le finestre di allerta per i virus trojan, ma non trovo più il programma combofix che avevo scaricato ed utilizzato poco fà....
ora riprovo a spegnere e riaccendere....speriamo bene!!!
krukko
Newbie
 
Post: 9
Iscritto il: 27/08/08 11:23

Re: aiuto non ne posso più!!

Postdi krukko » 27/08/08 15:59

spento e riacceso....tutto ok!
niente avvisi di virus...niente combofix!
cosa mi consigli? rifaccio il download di combofix per aggiungere l'ultimo script che mi hai consigliato o lascio tutto come sta?


grazie
krukko
Newbie
 
Post: 9
Iscritto il: 27/08/08 11:23

Re: aiuto non ne posso più!!

Postdi Luke57 » 27/08/08 16:45

Ciao, cerca:
C:\WINDOWS\system32\bkvifqpw.exe
e se presente eliminalo.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: aiuto non ne posso più!!

Postdi krukko » 27/08/08 16:52

luke57...
trovato ed eliminato!
credo che ora dovrei essere a posto...se ci dovessereo essere novità ti farò sapere.
grazie 1000 per l'aiuto!!!
krukko
Newbie
 
Post: 9
Iscritto il: 27/08/08 11:23

PrecedenteProssimo

Torna a Sicurezza e Privacy


Topic correlati a "aiuto non ne posso più!!":


Chi c’è in linea

Visitano il forum: Nessuno e 1 ospite