Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

aitatemi vi prego "virus"

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

aitatemi vi prego "virus"

Postdi dominique87 » 07/01/09 21:14

aiutatemi vi prego nn ce la fcacci sto impazzendo con questo virus che nn mi fa fare niente...
mi AITATE vi prego... ora vi mando il mio log....
spero tanto in un vostro aiuto....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.13.42, on 07/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Programmi\TOSHIBA\ConfigFree\NDSTray.exe
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
C:\Programmi\Synaptics\SynTP\Toshiba.exe
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\Philips\SPC220NC\Monitor.exe
C:\Programmi\TomTom HOME\TomTomHOME.exe
C:\Programmi\PowerISO\PWRISOVM.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\DOCUME~1\xp\IMPOST~1\Temp\winlogin.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\xp\IMPOST~1\Temp\csrssc.exe
C:\Programmi\Antivirus 2009\av2009.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
C:\Programmi\Philips\Philips SPC220NC Webcam\TrayMin220.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programmi\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
R3 - URLSearchHook: (no name) - {6afa4ceb-530b-4e23-8d4e-127348cc1d0c} - (no file)
R3 - URLSearchHook: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Programmi\myBabylon\tbmyB0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programmi\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: (no name) - {6afa4ceb-530b-4e23-8d4e-127348cc1d0c} - (no file)
O3 - Toolbar: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Programmi\myBabylon\tbmyB0.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programmi\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Programmi\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\xp\IMPOST~1\Temp\winlogin.exe
O4 - HKLM\..\Run: [Cwusofajahi] rundll32.exe "C:\WINDOWS\Mdazebin.dll",e
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LaunchList] C:\Programmi\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\xp\IMPOST~1\Temp\winlogin.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\xp\IMPOST~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [svschost.exe] C:\WINDOWS\system32\svschost.exe -check
O4 - HKCU\..\Run: [77384656978944953555552096785410] C:\Programmi\Antivirus 2009\av2009.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Controllo del Calendario di Ulead Photo Express.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
O4 - Global Startup: TrayMin220.lnk = ?
O4 - Global Startup: Ulead Photo Express SE Calendar Checker.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?1287d277d0644f5abb9c9c6152e2a365
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?1287d277d0644f5abb9c9c6152e2a365
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F14C7A12-9F4B-407D-BEA1-4A35D1807326}: NameServer = 85.37.17.46 85.38.28.84
O20 - AppInit_DLLs: gcmqpk.dll
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\rwhbfb873unjdfdg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 12879 bytes
dominique87
Utente Junior
 
Post: 37
Iscritto il: 18/02/07 17:52

Sponsor
 

Re: aitatemi vi prego "virus"

Postdi Luke57 » 07/01/09 22:38

Ciao, scarica sdfix da qui:
http://www.bleepingcomputer.com/resources/link252.html
Una volta scaricato,doppio click su SDFix.exe per lanciare l'installazione
Cliccate su Install (verrà creata una cartella alla radice dell'HD dal nome SDFix)




Riavvia il sistema in modalità provvisoria (se non sai come fare, vedi sotto)
http://www.upyou.it/smartfaq+faq.faqid+3.htm

# Una volta in modalità provvisoria; apri la cartella Sdfix, fate un doppio click sul file RunThis.bat
# selezionate Y
# premete il tasto ENTER della vostra tastiera per lanciare la pulizia.
Pazientate qualche attimo e il tool vi chiederà di premere un tasto per riavviare.
Al riavvio SDFix porterà a termine la procedura e visualizzerà un messaggio nel quale indica la fine della pulizia e l'opzione per visualizzare il log.

Poi scarica combofix da qui sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Vai in start>esegui>nel box bianco copia e incolla, virgolette comprese:

"%userprofile%\desktop\combofix.exe" /killall

Premi OK, parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione, se dovessero scomparire le icone sul desktop e la barra delle applicazioni, non è nulla di cui preoccuparsi),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , posta il contenuto del file, insieme al report di sdfix.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: aitatemi vi prego "virus"

Postdi shel » 07/01/09 22:50

ciao

hai scaricato antivirus 2009?



scarica Avenger da qui

http://swandog46.geekstogo.com/avenger.zip

lo installi e lo lanci

Copi e incolli nella finestra: "Input script here" il testo in rosso così come lo vedi scritto:

Files to delete:
C:\DOCUME~1\xp\IMPOST~1\Temp\winlogin.exe
C:\DOCUME~1\xp\IMPOST~1\Temp\csrssc.exe
C:\Programmi\Antivirus 2009\av2009.exe



Spunta "Automatically disable any rootkits found"

clicca sul pulsante "Execute"
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

posta il log di avenger che trovi in c:\



Apri hjt, spunta queste voci e premi fix checked

R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programmi\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

R3 - URLSearchHook: (no name) - {6afa4ceb-530b-4e23-8d4e-127348cc1d0c} - (no file)

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programmi\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

O3 - Toolbar: (no name) - {6afa4ceb-530b-4e23-8d4e-127348cc1d0c} - (no file)

O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\xp\IMPOST~1\Temp\winlogin.exe

O4 - HKLM\..\Run: [Cwusofajahi] rundll32.exe "C:\WINDOWS\Mdazebin.dll",e

O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\xp\IMPOST~1\Temp\winlogin.exe

O4 - HKLM\..\Run: [Cwusofajahi] rundll32.exe "C:\WINDOWS\Mdazebin.dll",e

O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\xp\IMPOST~1\Temp\winlogin.exe

O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\xp\IMPOST~1\Temp\csrssc.exe

O4 - HKCU\..\Run: [svschost.exe] C:\WINDOWS\system32\svschost.exe -check



O4 - HKCU\..\Run: [77384656978944953555552096785410] C:\Programmi\Antivirus 2009\av2009.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O20 - AppInit_DLLs: gcmqpk.dll


Per questa aspetta l'ok di luke57

O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\rwhbfb873unjdfdg.dll


scarica Malwarebytes

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto .
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: aitatemi vi prego "virus"

Postdi dominique87 » 07/01/09 22:51

ciao luke57 nn mi apre il primo link e mi dice
Spiacenti! Questo link non sembra essere funzionante.
dominique87
Utente Junior
 
Post: 37
Iscritto il: 18/02/07 17:52

Re: aitatemi vi prego "virus"

Postdi dominique87 » 07/01/09 22:55

no shel mi si e scaricato da solo quel antivirus che traparentesi e lui il virus
dominique87
Utente Junior
 
Post: 37
Iscritto il: 18/02/07 17:52

Re: aitatemi vi prego "virus"

Postdi Luke57 » 07/01/09 23:06

dominique87 ha scritto:no shel mi si e scaricato da solo quel antivirus che traparentesi e lui il virus

Ciao, esegui avenger e hijackthis come ti ha suggerito Shel (strano, a me il link funziona) poi esegui combofix e malwarebytes.
Posta i loro report.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: aitatemi vi prego "virus"

Postdi dominique87 » 08/01/09 12:14

ciao ragazzi nn mi fa scaricare i file .exe penso visto che nn me le fa aprire le pagine....
se mi allegate i file si puo fare??
vi rimando il log di hjk se vi puo essere d aiuto dopo aver usato avanger e fixato i numeri che mi ha detto shel...
grazie ancora

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.10.24, on 08/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Programmi\TOSHIBA\ConfigFree\NDSTray.exe
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Programmi\Synaptics\SynTP\Toshiba.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\Philips\SPC220NC\Monitor.exe
C:\Programmi\TomTom HOME\TomTomHOME.exe
C:\Programmi\PowerISO\PWRISOVM.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Babylon\Babylon-Pro\Babylon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
C:\Programmi\Philips\Philips SPC220NC Webcam\TrayMin220.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Programmi\myBabylon\tbmyB0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Programmi\myBabylon\tbmyB0.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programmi\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Programmi\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LaunchList] C:\Programmi\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Controllo del Calendario di Ulead Photo Express.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
O4 - Global Startup: TrayMin220.lnk = ?
O4 - Global Startup: Ulead Photo Express SE Calendar Checker.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?1287d277d0644f5abb9c9c6152e2a365
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?1287d277d0644f5abb9c9c6152e2a365
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F14C7A12-9F4B-407D-BEA1-4A35D1807326}: NameServer = 85.37.17.46 85.38.28.84
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\rwhbfb873unjdfdg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 11738 bytes
dominique87
Utente Junior
 
Post: 37
Iscritto il: 18/02/07 17:52

Re: aitatemi vi prego "virus"

Postdi shel » 08/01/09 13:19

dovresti postare il log di avenger

rimangono incerti questi due

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe

O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\rwhbfb873unjdfdg.dll


attendi luke57 cosa ti consiglia
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: aitatemi vi prego "virus"

Postdi shel » 08/01/09 13:24

prova a scaricare combofix da qui

http://wikisend.com/download/893670/ComboFix.exe
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: aitatemi vi prego "virus"

Postdi dominique87 » 08/01/09 13:45

shel si apre la pagina e lo scarica ma l esegui nn va ora ti mando il log i di avanger

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Jan 07 20:04:56 2009

20:04:50: Warning: Trying to solve a NULL hostname: giving up
20:04:52: Error: Could not open input stream to URL:
http:// (error 6: handle non valido.)


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "TDSSserv.sys" found!
ImagePath: \systemroot\system32\drivers\TDSSpqlt.sys
Start Type: 1 (System)

Rootkit scan completed.


Completed script processing.

*******************

Finished! Terminate.



//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Jan 07 22:57:12 2009

22:57:12: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Jan 07 22:57:25 2009

22:57:25: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Jan 07 22:57:34 2009

22:57:34: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Jan 07 22:58:28 2009

22:58:28: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Jan 07 22:58:55 2009

22:58:55: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Jan 07 22:59:01 2009

22:59:01: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "TDSSserv.sys" found!
ImagePath: \systemroot\system32\drivers\TDSSpqlt.sys
Driver disabled successfully.

Rootkit scan completed.

File "C:\DOCUME~1\xp\IMPOST~1\Temp\winlogin.exe" deleted successfully.
File "C:\DOCUME~1\xp\IMPOST~1\Temp\csrssc.exe" deleted successfully.
File "C:\Programmi\Antivirus 2009\av2009.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
dominique87
Utente Junior
 
Post: 37
Iscritto il: 18/02/07 17:52

Re: aitatemi vi prego "virus"

Postdi Luke57 » 08/01/09 19:50

Ciao, un pò meno di agitazione non guasterebbe ;) stampati le istruzioni seguenti:
Elimina la versione di combofix che hai scaricato , vai sul link e scaricalo di nuovo (devi rinominare il file prima di salvarlo sul desktop in abc.exe, per rinominare il file, quando lo scarichi ti chiede dove salvarlo e ti compare la casella "nome file" basta che cambi il nome che ti appare in abc.exe)
Fatto questo, clicca su start>esegui, nel box bianco copia e incolla questo comando, virgolette comprese:

"%userprofile%\desktop\abc.exe" /killall

Premi OK, se tutto va bene parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , riavvia in modalità normale e posta il contenuto del file o allegalo.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: aitatemi vi prego "virus"

Postdi dominique87 » 08/01/09 21:53

ciao luke57 il pc diciamo che sta molto meglio ora ti allego il log che mi si e creato

ComboFix 09-01-07.02 - xp 2009-01-08 20:49:51.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.502.288 [GMT 1:00]
Eseguito da: c:\documents and settings\xp\desktop\abc.exe
Interruttori di comando utilizzati :: /killall
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\xp\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
c:\programmi\Antivirus 2009
c:\programmi\Microsoft Common
c:\programmi\Microsoft Common\svchost.exe
c:\windows\system32\dihjoixk.dll
c:\windows\system32\drivers\TDSSpqlt.sys
c:\windows\system32\drivers\tdssserv.sys
c:\windows\system32\ewbpipgt.dll
c:\windows\system32\gcmqpk.dll
c:\windows\system32\HghNonnn.ini
c:\windows\system32\HghNonnn.ini2
c:\windows\system32\mlJCRkhg.dll
c:\windows\system32\nnnoNhgH.dll
c:\windows\system32\rwhbfb873unjdfdg.dll
c:\windows\system32\scui.cpl
c:\windows\system32\TDSShrxx.dll
c:\windows\system32\TDSSlxcp.dll
c:\windows\system32\TDSSmtvd.dat
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSoeqh.log
c:\windows\system32\TDSSoiqt.dll
c:\windows\system32\TDSSpaxt.log
c:\windows\system32\TDSSsahc.dll
c:\windows\system32\TDSSvkql.dll
c:\windows\system32\TDSSxfmm.dll
c:\windows\system32\tgpipbwe.ini

----- BITS: Sites possivelmente infetados -----

hxxp://www.dapsp.com
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv.sys
-------\Legacy_TDSSserv.sys


((((((((((((((((((((((((( Files Creati Da 2008-12-08 al 2009-01-08 )))))))))))))))))))))))))))))))))))
.

2009-01-08 20:09 . 2009-01-08 20:10 <DIR> d-------- C:\32788R22FWJFW
2009-01-08 19:27 . 2009-01-08 19:27 67 --a------ C:\temp.bat
2009-01-08 11:50 . 2006-06-07 22:48 <DIR> d-------- c:\documents and settings\Administrator.YOUR-FF0EBBA6E9\WINDOWS
2009-01-08 11:50 . 2006-01-17 10:25 <DIR> d--h----- c:\documents and settings\Administrator.YOUR-FF0EBBA6E9\Risorse di stampa
2009-01-08 11:50 . 2007-01-10 11:37 <DIR> d-------- c:\documents and settings\Administrator.YOUR-FF0EBBA6E9\Risorse di rete
2009-01-08 11:50 . 2006-06-07 22:48 <DIR> dr------- c:\documents and settings\Administrator.YOUR-FF0EBBA6E9\Preferiti
2009-01-08 11:50 . 2006-06-07 22:48 <DIR> d--h----- c:\documents and settings\Administrator.YOUR-FF0EBBA6E9\Modelli
2009-01-08 11:50 . 2006-06-07 22:48 <DIR> dr------- c:\documents and settings\Administrator.YOUR-FF0EBBA6E9\Menu Avvio
2009-01-08 11:50 . 2006-06-07 22:48 <DIR> d--h----- c:\documents and settings\Administrator.YOUR-FF0EBBA6E9\Impostazioni locali
2009-01-08 11:50 . 2006-06-07 22:48 <DIR> dr------- c:\documents and settings\Administrator.YOUR-FF0EBBA6E9\Documenti
2009-01-08 11:50 . 2006-06-07 22:48 <DIR> d-------- c:\documents and settings\Administrator.YOUR-FF0EBBA6E9\Dati applicazioni\toshiba
2009-01-08 11:50 . 2006-06-07 22:48 <DIR> d-------- c:\documents and settings\Administrator.YOUR-FF0EBBA6E9\Dati applicazioni\Sonic
2009-01-08 11:50 . 2006-06-07 22:48 <DIR> d-------- c:\documents and settings\Administrator.YOUR-FF0EBBA6E9\Dati applicazioni\ATI
2009-01-08 11:50 . 2006-06-07 22:48 <DIR> dr-h----- c:\documents and settings\Administrator.YOUR-FF0EBBA6E9\Dati applicazioni
2009-01-08 11:50 . 2009-01-08 11:52 <DIR> d-------- c:\documents and settings\Administrator.YOUR-FF0EBBA6E9
2009-01-07 19:56 . 2009-01-07 19:56 40,960 --a------ c:\windows\system32\system32xp.exe
2009-01-07 19:56 . 2009-01-07 19:56 40,960 --a------ c:\windows\Mdazebin.dll
2009-01-07 19:55 . 2009-01-07 19:55 85,504 --a------ c:\windows\system32\svñshost.exe
2009-01-07 17:48 . 2009-01-07 20:22 0 --a------ c:\windows\system32\drivers\d6f2cbde.sys
2009-01-07 17:47 . 2009-01-07 17:47 705 --a------ C:\rasj.exe
2009-01-04 21:18 . 2009-01-04 21:22 <DIR> d-------- c:\programmi\myBabylon
2009-01-02 16:02 . 2009-01-02 16:03 <DIR> d--h----- c:\programmi\Zero G Registry
2009-01-02 16:02 . 2009-01-02 16:02 <DIR> d--h----- c:\documents and settings\xp\InstallAnywhere
2009-01-02 15:59 . 2009-01-02 15:59 <DIR> d-------- c:\documents and settings\xp\Dati applicazioni\Sports Interactive
2008-12-29 13:30 . 2008-12-29 13:30 <DIR> d-------- c:\programmi\VDOWNLOADER
2008-12-25 20:05 . 2008-12-25 21:11 <DIR> d-------- c:\documents and settings\xp\Dati applicazioni\Nikon
2008-12-25 20:00 . 2008-12-25 20:00 <DIR> d-------- c:\programmi\File comuni\muvee Technologies
2008-12-25 20:00 . 2008-12-25 20:00 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Nikon
2008-12-25 19:59 . 2008-12-25 19:59 <DIR> d-------- c:\programmi\Nikon
2008-12-25 19:59 . 2008-12-25 19:59 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Ultima_T15
2008-12-25 19:59 . 2008-12-25 19:59 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\EnterNHelp
2008-12-25 19:59 . 2008-12-26 20:35 20 ---h----- c:\documents and settings\All Users\Dati applicazioni\PKP_DLdu.DAT
2008-12-25 19:56 . 2008-12-25 21:11 <DIR> d-------- c:\programmi\File comuni\Nikon
2008-12-25 18:45 . 2008-12-25 18:45 <DIR> d-------- c:\programmi\iTunes
2008-12-25 18:45 . 2008-12-25 18:45 <DIR> d-------- c:\programmi\iPod
2008-12-25 18:45 . 2008-12-25 18:45 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-25 18:43 . 2008-12-25 18:43 <DIR> d-------- c:\programmi\Bonjour
2008-12-25 18:41 . 2008-12-25 18:42 <DIR> d-------- c:\programmi\QuickTime
2008-12-23 20:44 . 2008-12-23 20:45 <DIR> d-------- c:\programmi\Alice ti aiuta
2008-12-23 20:43 . 2008-12-23 20:43 <DIR> d-------- c:\programmi\Telecom Italia
2008-12-23 20:09 . 2008-12-30 16:14 <DIR> d-------- c:\documents and settings\xp\Dati applicazioni\BearShare
2008-12-23 15:41 . 2008-12-23 20:09 <DIR> d-------- c:\programmi\eMule
2008-12-23 13:39 . 2008-12-23 13:39 61,440 --a------ c:\windows\system32\drivers\rsbh.sys
2008-12-23 12:45 . 2009-01-08 13:40 <DIR> d-------- C:\ComboFix
2008-12-23 11:40 . 2008-12-23 11:40 61,440 --a------ c:\windows\system32\drivers\pfqrm.sys
2008-12-20 18:49 . 2008-12-20 18:49 <DIR> d-------- c:\programmi\BassPower
2008-12-16 11:06 . 2008-12-16 11:06 <DIR> d-------- c:\programmi\Crave Entertainment
2008-12-14 18:05 . 2008-12-14 18:05 <DIR> d-------- c:\documents and settings\xp\Dati applicazioni\Malwarebytes
2008-12-14 18:05 . 2008-12-14 18:05 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-12-13 13:08 . 2008-12-13 13:08 <DIR> d-------- c:\programmi\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 18:27 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-08 18:27 --------- d-----w c:\programmi\Sonic
2009-01-08 14:57 --------- d-----w c:\programmi\ArcSoft
2009-01-08 12:18 6,656 ----a-w c:\windows\system32\drivers\aec.sys
2009-01-07 17:07 --------- d-----w c:\programmi\Pinnacle
2009-01-07 16:49 6,656 ----a-w c:\windows\system32\drivers\asyncmac.sys
2009-01-07 16:21 --------- d-----w c:\documents and settings\xp\Dati applicazioni\Azureus
2009-01-04 20:55 --------- d-----w c:\programmi\vanBasco's Karaoke Player
2008-12-29 10:17 --------- d-----w c:\programmi\Google
2008-12-25 18:01 --------- d-----w c:\programmi\Apple Software Update
2008-12-23 19:45 --------- d-----w c:\programmi\Motive
2008-12-14 20:52 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2008-12-05 19:19 --------- d-----w c:\programmi\Vuze
2008-11-16 19:04 230,432 ----a-w C:\SPC220NC.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-12-14_17.44.23.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-26 13:43:23 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-12-16 10:28:37 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-10-26 13:43:23 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-12-16 10:28:38 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-10-26 13:43:24 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-12-16 10:28:38 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-12-16 10:28:38 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-26 13:43:26 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-12-16 10:28:39 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-10-26 13:43:27 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-12-16 10:28:39 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-10-26 13:43:28 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-12-16 10:28:39 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-10-26 13:43:28 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-12-16 10:28:40 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-10-26 13:43:21 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-12-16 10:28:37 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-12-29 10:18:11 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe
+ 2008-12-29 10:18:11 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-12-29 10:18:11 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-12-29 10:18:11 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2008-12-29 10:18:11 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2008-12-29 10:18:11 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
+ 2008-12-25 17:46:38 102,400 ----a-r c:\windows\Installer\{318AB667-3230-41B5-A617-CB3BF748D371}\iTunesIco.exe
+ 2008-12-25 17:24:00 27,136 ----a-r c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2008-12-25 17:43:35 86,016 ----a-r c:\windows\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\PrntWzrdIco.exe
- 2008-11-12 22:37:29 593,920 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-12-14 21:24:43 593,920 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-11-12 22:37:29 12,288 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-12-14 21:24:43 12,288 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-11-12 22:37:29 86,016 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-12-14 21:24:43 86,016 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-11-12 22:37:28 135,168 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-12-14 21:24:43 135,168 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-11-12 22:37:29 11,264 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-12-14 21:24:43 11,264 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-11-12 22:37:29 27,136 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-12-14 21:24:43 27,136 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-11-12 22:37:29 4,096 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-12-14 21:24:43 4,096 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-11-12 22:37:29 794,624 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-12-14 21:24:43 794,624 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-11-12 22:37:29 249,856 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-12-14 21:24:43 249,856 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-11-12 22:37:29 61,440 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-12-14 21:24:43 61,440 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-11-12 22:37:29 23,040 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-12-14 21:24:43 23,040 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-11-12 22:37:28 286,720 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-12-14 21:24:43 286,720 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-11-12 22:37:28 409,600 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-12-14 21:24:43 409,600 ----a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-12-25 19:00:38 8,854 ----a-r c:\windows\Installer\{E9757890-7EC5-46C8-99AB-B00F07B6525C}\New_Shortcut_E97578907EC546C899ABB00F07B6525C_1.exe
+ 2008-12-25 19:00:38 450,560 ----a-r c:\windows\Installer\{E9757890-7EC5-46C8-99AB-B00F07B6525C}\NewShortcut2_E97578907EC546C899ABB00F07B6525C.exe
+ 2008-12-25 19:00:39 450,560 ----a-r c:\windows\Installer\{E9757890-7EC5-46C8-99AB-B00F07B6525C}\NewShortcut3_E97578907EC546C899ABB00F07B6525C.exe
+ 2005-03-18 16:23:14 567,296 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
- 2003-11-21 14:48:58 106,496 ----a-w c:\windows\system32\atl71.dll
+ 2008-12-25 18:59:14 106,496 ----a-w c:\windows\system32\ATL71.DLL
- 2008-08-20 05:32:29 1,024,000 ----a-w c:\windows\system32\browseui.dll
+ 2008-10-16 10:22:44 1,024,000 ----a-w c:\windows\system32\browseui.dll
- 2008-08-20 05:32:25 151,552 ----a-w c:\windows\system32\cdfview.dll
+ 2008-10-16 10:22:34 151,552 ----a-w c:\windows\system32\cdfview.dll
- 2007-01-10 10:32:54 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-08 19:48:06 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-01-10 10:32:54 32,768 ----a-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2009-01-08 19:48:06 32,768 ----a-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2007-01-10 10:32:54 32,768 ----a-w c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-08 19:48:06 32,768 ----a-w c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2005-03-18 16:19:58 2,337,488 ----a-w c:\windows\system32\d3dx9_25.dll
- 2008-08-20 05:32:26 1,056,256 ----a-w c:\windows\system32\danim.dll
+ 2008-10-16 10:22:36 1,056,256 ----a-w c:\windows\system32\danim.dll
+ 2004-08-19 11:00:00 4,224 -c--a-w c:\windows\system32\dllcache\beep.sys
- 2008-08-20 05:32:29 1,024,000 -c----w c:\windows\system32\dllcache\browseui.dll
+ 2008-10-16 10:22:44 1,024,000 -c--a-w c:\windows\system32\dllcache\browseui.dll
- 2008-08-20 05:32:25 151,552 -c----w c:\windows\system32\dllcache\cdfview.dll
+ 2008-10-16 10:22:34 151,552 -c--a-w c:\windows\system32\dllcache\cdfview.dll
- 2008-08-20 05:32:26 1,056,256 -c----w c:\windows\system32\dllcache\danim.dll
+ 2008-10-16 10:22:36 1,056,256 -c--a-w c:\windows\system32\dllcache\danim.dll
- 2008-08-20 05:32:26 357,888 -c----w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 10:22:36 357,888 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-20 05:32:26 205,312 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 10:22:36 205,312 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-20 05:32:26 55,808 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 10:22:36 55,808 -c--a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-02-20 06:50:40 282,624 -c----w c:\windows\system32\dllcache\gdi32.dll
+ 2008-10-23 12:59:54 283,648 -c--a-w c:\windows\system32\dllcache\gdi32.dll
- 2008-08-19 09:38:57 18,432 -c----w c:\windows\system32\dllcache\iedw.exe
+ 2008-10-15 14:18:21 18,432 -c--a-w c:\windows\system32\dllcache\iedw.exe
- 2008-08-20 05:32:26 251,904 -c----w c:\windows\system32\dllcache\iepeers.dll
+ 2008-10-16 10:22:37 251,904 -c--a-w c:\windows\system32\dllcache\iepeers.dll
- 2008-08-20 05:32:26 96,768 -c----w c:\windows\system32\dllcache\inseng.dll
+ 2008-10-16 10:22:37 96,768 -c--a-w c:\windows\system32\dllcache\inseng.dll
- 2008-08-20 05:32:29 16,384 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 10:22:42 16,384 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-06-10 08:17:42 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-20 05:32:31 3,088,384 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-12 17:28:49 3,088,384 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-20 05:32:29 449,024 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 10:22:42 449,024 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-20 05:32:26 146,432 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 10:22:37 146,432 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-08-20 05:32:27 532,480 -c----w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 10:22:38 532,480 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2008-08-20 05:32:27 39,424 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 10:22:38 39,424 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-08-20 05:32:28 1,499,648 -c----w c:\windows\system32\dllcache\shdocvw.dll
+ 2008-10-16 10:22:40 1,499,648 -c--a-w c:\windows\system32\dllcache\shdocvw.dll
- 2008-08-20 05:32:29 474,624 -c----w c:\windows\system32\dllcache\shlwapi.dll
+ 2008-10-16 10:22:43 474,624 -c--a-w c:\windows\system32\dllcache\shlwapi.dll
- 2006-08-24 12:19:52 246,814 -c----w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:15:48 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-20 05:32:30 620,032 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 10:22:44 620,032 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-20 05:32:28 670,208 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 10:22:41 670,208 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-06-10 10:37:02 1,026,048 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-12-07 06:40:49 2,362,184 -c----w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-10 10:57:40 2,364,472 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
+ 2008-08-29 09:18:58 87,336 ----a-w c:\windows\system32\dns-sd.exe
+ 2008-08-29 08:53:50 61,440 ----a-w c:\windows\system32\dnssd.dll
- 2006-09-19 13:44:04 15,664 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-04-17 12:12:54 15,464 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
- 2007-10-31 13:09:14 30,464 ----a-w c:\windows\system32\drivers\usbaapl.sys
+ 2008-11-07 13:23:30 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
+ 2008-04-17 12:12:54 107,368 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2008-04-17 12:12:54 15,464 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
+ 2008-11-07 13:23:30 32,000 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_246F92BBD6449C86FC3F3F28C40D59AC1F69C558\usbaapl.sys
- 2008-08-20 05:32:26 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 10:22:36 357,888 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-20 05:32:26 205,312 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 10:22:36 205,312 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-20 05:32:26 55,808 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 10:22:36 55,808 ----a-w c:\windows\system32\extmgr.dll
- 2008-10-26 14:50:02 398,344 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-08 19:46:36 384,016 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-02-20 06:50:40 282,624 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 12:59:54 283,648 ----a-w c:\windows\system32\gdi32.dll
- 2006-10-03 18:47:52 109,360 ----a-w c:\windows\system32\GEARAspi.dll
+ 2008-04-17 12:12:54 107,368 ----a-w c:\windows\system32\GEARAspi.dll
- 2008-08-20 05:32:26 251,904 ----a-w c:\windows\system32\iepeers.dll
+ 2008-10-16 10:22:37 251,904 ----a-w c:\windows\system32\iepeers.dll
- 2008-08-20 05:32:26 96,768 ----a-w c:\windows\system32\inseng.dll
+ 2008-10-16 10:22:37 96,768 ----a-w c:\windows\system32\inseng.dll
- 2008-08-20 05:32:29 16,384 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 10:22:42 16,384 ----a-w c:\windows\system32\jsproxy.dll
- 2004-08-10 20:46:46 96,768 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-10 08:17:42 96,768 ----a-w c:\windows\system32\logagent.exe
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
- 2008-02-29 21:08:26 74,649 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-01-08 12:10:22 88,590 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2003-03-19 12:28:40 2,179,072 ----a-w c:\windows\system32\mfc71d.dll
+ 2006-12-01 23:25:52 1,101,824 ----a-w c:\windows\system32\mfc80.dll
+ 2006-12-01 23:25:56 1,093,120 ----a-w c:\windows\system32\mfc80u.dll
+ 2006-12-01 23:25:58 69,632 ----a-w c:\windows\system32\mfcm80.dll
+ 2006-12-01 23:26:00 57,856 ----a-w c:\windows\system32\mfcm80u.dll
- 2008-08-20 05:32:31 3,088,384 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-12 17:28:49 3,088,384 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-20 05:32:29 449,024 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 10:22:42 449,024 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-20 05:32:26 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 10:22:37 146,432 ----a-w c:\windows\system32\msrating.dll
- 2008-08-20 05:32:27 532,480 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 10:22:38 532,480 ----a-w c:\windows\system32\mstime.dll
+ 2006-12-01 21:54:32 479,232 ----a-w c:\windows\system32\msvcm80.dll
+ 2003-03-19 11:04:24 765,952 ----a-w c:\windows\system32\msvcp71d.dll
+ 2006-12-01 21:54:34 548,864 ----a-w c:\windows\system32\msvcp80.dll
+ 2003-03-19 11:03:52 544,768 ----a-w c:\windows\system32\msvcr71d.dll
+ 2006-12-01 21:54:32 626,688 ----a-w c:\windows\system32\msvcr80.dll
- 2008-08-20 05:32:27 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 10:22:38 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2007-10-31 13:09:14 30,464 ----a-w c:\windows\system32\ReinstallBackups\0012\DriverFiles\usbaapl.sys
+ 2008-12-23 19:10:47 120,484 ----a-w c:\windows\system32\Restore\rstrlog.dat
- 2008-08-20 05:32:28 1,499,648 ----a-w c:\windows\system32\shdocvw.dll
+ 2008-10-16 10:22:40 1,499,648 ----a-w c:\windows\system32\shdocvw.dll
- 2008-08-20 05:32:29 474,624 ----a-w c:\windows\system32\shlwapi.dll
+ 2008-10-16 10:22:43 474,624 ----a-w c:\windows\system32\shlwapi.dll
- 2008-07-08 13:06:04 18,808 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:40 18,808 ----a-w c:\windows\system32\spmsg.dll
- 2006-08-24 12:19:52 246,814 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:15:48 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2008-07-14 11:09:18 62,976 ------w c:\windows\system32\tzchange.exe
+ 2008-10-22 09:47:07 62,976 ----a-w c:\windows\system32\tzchange.exe
- 2008-08-20 05:32:30 620,032 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 10:22:44 620,032 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-20 05:32:28 670,208 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 10:22:41 670,208 ----a-w c:\windows\system32\wininet.dll
+ 2004-08-03 22:59:10 311,808 ----a-w c:\windows\system32\winsystems.dll
- 2004-08-10 23:41:04 1,027,072 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-10 10:37:02 1,026,048 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-12-07 06:40:49 2,362,184 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-10 10:57:40 2,364,472 ----a-w c:\windows\system32\WMVCore.dll
- 2008-08-19 09:51:43 367,104 ----a-w c:\windows\system32\xpsp3res.dll
+ 2008-10-15 19:05:30 367,104 ----a-w c:\windows\system32\xpsp3res.dll
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "c:\programmi\myBabylon\tbmyB0.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "c:\programmi\myBabylon\tbmyB0.dll" [2008-02-14 1555480]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{34EA1C70-42CC-42C5-AA29-EC58B95A343E}"= "c:\programmi\myBabylon\tbmyB0.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"TOSCDSPD"="c:\programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
"LaunchList"="c:\programmi\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"PcSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-08-26 860160]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-04 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 761945]
"THotkey"="c:\programmi\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"Tvs"="c:\programmi\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"IntelZeroConfig"="c:\programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"DataLayer"="c:\programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" [2005-09-06 820736]
"PCSuiteTrayApplication"="c:\programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 176128]
"Monitor"="c:\windows\Philips\SPC220NC\Monitor.exe" [2006-11-03 319488]
"TomTomHOME.exe"="c:\programmi\TomTom HOME\TomTomHOME.exe" [2008-04-01 3976528]
"PWRISOVM.EXE"="c:\programmi\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 c:\windows\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 c:\windows\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-08-04 c:\windows\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-09-16 c:\windows\system32\TDispVol.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\xp\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-12-23 212992]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-12-07 1744896]
Controllo del Calendario di Ulead Photo Express.lnk - c:\programmi\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2007-07-20 69632]
Nikon Monitor.lnk - c:\programmi\File comuni\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - c:\programmi\File comuni\Autodesk Shared\acstart17.exe [2006-03-05 11000]
TrayMin220.lnk - c:\programmi\Philips\Philips SPC220NC Webcam\TrayMin220.exe [2008-03-07 278528]
Ulead Photo Express SE Calendar Checker.lnk - c:\programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2007-07-14 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.MJPX"= PICVideo MJPEG Codec

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\nnnoNhgH

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\Toshiba\\ConfigFree\\CFXFER.exe"=
"c:\\Programmi\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Programmi\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\BearShare Applications\\BearShare\\BearShare.exe"=

S1 d6f2cbde;d6f2cbde;c:\windows\system32\drivers\d6f2cbde.sys [2009-01-07 0]
S3 SPC220NC;Philips SPC220NC Webcam;c:\windows\system32\drivers\SPC220NC.SYS [2008-03-07 507136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b9f8fce-3ec5-11dd-b7c2-00037ae056f8}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com q:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ceaa989a-84f4-11dd-b815-00037ae056f8}]
\shell\autorun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\shell\explore\command - F:\system.exe
\shell\open\command - F:\system.exe
.
Contenuto della cartella 'Scheduled Tasks'

2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{36991B5E-CC44-49E5-92A7-4E53D71A196A} - c:\windows\system32\nnnoNhgH.dll
BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\mlJCRkhg.dll
BHO-{C5BF49A2-94F3-42BD-F434-3604812C8955} - c:\windows\system32\rwhbfb873unjdfdg.dll
WebBrowser-{6AFA4CEB-530B-4E23-8D4E-127348CC1D0C} - (no file)
SharedTaskScheduler-{C5BF49A2-94F3-42BD-F434-3604812C8955} - c:\windows\system32\rwhbfb873unjdfdg.dll
ShellExecuteHooks-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\mlJCRkhg.dll


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Apri in nuova scheda in primo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?1287d277d0644f5abb9c9c6152e2a365
IE: Apri in nuova scheda in secondo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?1287d277d0644f5abb9c9c6152e2a365
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 20:58:44
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,71,bc,c0,40,6d,\
78,3f,22,e2,63,26,f1,3f,c8,ff,68,49,eb,f8,2f,34,1e,61,fe,e2,63,26,f1,3f,c8,\
ff,68,53,49,fc,e2,59,99,60,cd,c8,28,51,af,b0,29,a3,98,1c,20,5d,11,83,d0,d5,\
07,28,42,e5,e4

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,7b,0f,fa,65,62,\
1f,6a,04,6a,9c,d6,61,af,45,84,18,a7,73,7c,fd,c6,14,ea,46,6a,9c,d6,61,af,45,\
84,18,6a,3a,db,78,5c,aa,c5,99,6a,9c,d6,61,af,45,84,18,83,1f,14,18,b0,5e,12,\
93,33,8a,08,e6

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,9e,d8,e8,1b,61,\
f3,6a,13,ff,7c,85,e0,43,d4,0e,fe,9d,67,92,05,fe,68,03,7c,ff,7c,85,e0,43,d4,\
0e,fe,f6,50,4b,12,7f,c0,8b,df,25,da,ec,7e,55,20,c9,26,3f,14,26,32,77,5c,f9,\
9f,14,e4,7d,df

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,af,f4,ea,cb,4f,\
5e,b5,14,86,8c,21,01,be,91,eb,e7,b9,dd,e9,d2,b7,a3,ab,06,86,8c,21,01,be,91,\
eb,e7,52,d6,ea,66,e5,66,ae,84,3e,1e,9e,e0,57,5a,93,61,2e,f7,0f,47,9b,f0,91,\
93,ce,68,e4,ef

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,4f,a1,aa,43,e3,\
5d,9d,c2,f5,1d,4d,73,a8,13,5c,05,4c,da,6e,a2,17,17,06,3e,f5,1d,4d,73,a8,13,\
5c,05,a4,f3,69,b4,6e,df,09,91,f5,1d,4d,73,a8,13,5c,05,37,7b,4e,0e,27,4c,54,\
b2,4b,45,77,0d

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,10,f5,f7,d0,32,\
77,72,d9,df,20,58,62,78,6b,cf,c8,28,87,ec,0c,74,64,7b,96,df,20,58,62,78,6b,\
cf,c8,af,4a,d5,6d,14,ed,bb,d2,b0,18,ed,a7,3f,8d,37,a4,dd,fd,2a,0e,12,21,d8,\
bf,b4,67,27,fa

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,5c,31,64,fd,4e,\
74,f7,d0,fb,a7,78,e6,12,2f,9a,ea,5b,1d,1d,e7,e5,cc,ac,3e,fb,a7,78,e6,12,2f,\
9a,ea,8d,28,6e,d2,c2,f5,1e,3c,97,20,4e,9a,c7,f1,35,ee,de,2d,a3,2f,e1,a8,2f,\
86,de,cb,6f,07

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,ae,f5,b8,91,5c,\
e0,44,d3,01,3a,48,fc,e8,04,4a,f1,e0,66,46,b3,b8,5c,0b,06,01,3a,48,fc,e8,04,\
4a,f1,fa,b9,8d,86,3e,c6,4f,53,83,6c,56,8b,a0,85,96,ab,2b,07,69,4c,ac,da,7d,\
09,af,1c,5f,cf

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,6c,c3,3a,b4,28,\
2d,5b,93,f6,0f,4e,58,98,5b,89,c9,19,17,e0,58,67,19,97,84,f6,0f,4e,58,98,5b,\
89,c9,48,f2,72,34,81,21,96,70,51,fa,6e,91,28,9e,14,cc,1f,f5,39,c7,a0,e1,6c,\
3b,44,62,ea,48

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,c4,1e,49,0b,2a,\
7e,d9,b2,3d,ce,ea,26,2d,45,aa,78,9e,41,96,79,1a,ae,9c,44,3d,ce,ea,26,2d,45,\
aa,78,d5,31,7d,cc,6f,3a,90,9a,b1,cd,45,5a,a8,c4,f8,b9,f0,8b,bc,8a,05,92,1e,\
a5,7a,2b,f4,a3

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,e1,f1,7e,47,2b,\
56,23,26,2a,b7,cc,b5,b9,7f,41,e7,66,1c,38,26,ca,b1,9c,05,2a,b7,cc,b5,b9,7f,\
41,e7,78,76,7f,a4,dc,e8,ef,49,2a,b7,cc,b5,b9,7f,41,e7,38,a5,6d,93,90,b5,3d,\
c5,50,0b,ec,1b

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,1d,59,b8,42,8f,\
c7,9e,04,6c,43,2d,1e,aa,22,2f,9c,b7,3e,07,77,59,ce,05,b9,6c,43,2d,1e,aa,22,\
2f,9c,d4,f8,5c,0d,86,57,ea,33,6c,43,2d,1e,aa,22,2f,9c,95,ff,ea,8b,60,80,3d,\
b4,f7,32,3a,42

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*NULL*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(1200)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Toshiba\ConfigFree\CFSvcs.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\programmi\Synaptics\SynTP\Toshiba.exe
c:\programmi\Toshiba\ConfigFree\NDSTray.exe
c:\windows\system32\TPSBattM.exe
c:\programmi\Toshiba\TOSHIBA Controls\TFncKy.exe
c:\progra~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\progra~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
.
**************************************************************************
.
Ora fine scansione: 2009-01-08 21:06:04 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2009-01-08 20:06:00
ComboFix2.txt 2008-12-14 16:47:48

Pre-Run: 38,354,788,352 byte disponibili
Post-Run: 40,758,288,384 byte disponibili

562 --- E O F --- 2008-12-18 15:18:41
dominique87
Utente Junior
 
Post: 37
Iscritto il: 18/02/07 17:52

Re: aitatemi vi prego "virus"

Postdi Luke57 » 09/01/09 08:07

Ciao, lancia nuovamente avenger mettendo nello spazio bianco questo script:

Files to delete:
C:\temp.bat
c:\windows\system32\system32xp.exe
c:\windows\Mdazebin.dll
c:\windows\system32\drivers\d6f2cbde.sys
C:\rasj.exe

Premi Execute.

Al riavvio, scarica, installa, aggiorna ed esegui una scansione complea con Malwarebytes
http://www.malwarebytes.org/mbam.php
Al termine della scansione, allega il rapporto nella tua risposta (senza rimuovere, per adesso, quello che ha trovato).
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: aitatemi vi prego "virus"

Postdi dominique87 » 09/01/09 20:48

ecco il risultato di malw e dovrebbero esserci 24 virus....
Allegati

[L’estensione txt è stata disattivata e non puó essere visualizzata.]

dominique87
Utente Junior
 
Post: 37
Iscritto il: 18/02/07 17:52

Re: aitatemi vi prego "virus"

Postdi shel » 09/01/09 22:05

Disattiva il ripristino di sistema fino a che non sarai stati completamente disinfestati:

1. clic su Start-> Programmi->Accessori->Esplora risorse.

2. clic con il pulsante destro del mouse sull'icona Risorse del computer e quindi su Proprietà.

3. Selezionare la scheda "Ripristino configurazione di sistema".

4. Selezionare la voce "Disattiva ripristino configurazione di sistema"

5. Premere OK. Verrà richiesto di confermare l'azione in quanto saranno eliminati tutti i punti di ripristino memorizzati. Confermare premendo SI.


Riesegui malwarebytes e togli tutto quello che ti rileva(sei pieno come un uovo)


Riattiva il ripristino creando un nuovo punto
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56


Torna a Sicurezza e Privacy


Topic correlati a "aitatemi vi prego "virus"":

MB "andata"?
Autore: Cassidy
Forum: Assistenza Hardware
Risposte: 4

Chi c’è in linea

Visitano il forum: Nessuno e 8 ospiti