non apro nessun antivirus

[tixxy82]

Ciao a tutti e prima di tutto buon Natale,
stamattina navigando su un sito antivir mi ha segnalato 2 virus, al mio comando elimina, antivir smette di funzionare.
in contemporanea è partito ad aware, che ha trovato due elementi infetti, ma non riesco a trovare il log dello scan...
mi segnala win32fraudtoolactivesecurity.
Cmq non mi funziona più nessun antivirus e nessun antispyware eccetto ad aware.
Ho anche disinstallato antivir e installato mc afee, ma il problema non si risolve, anche questo antivirus non funziona.
vi invio il log di hijackthis e grazie a che mi saprà aiutare:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.06.28, on 26/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\McAfee\SiteAdvisor\McSACore.exe
C:\Programmi\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Intel\Wireless\Bin\OProtSvc.exe
C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\ASUS\NB Probe\NBProbe.exe
C:\Programmi\ASUS\Wireless Console\wcourier.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\MASSIMO\IMPOST~1\Temp\richtx64.exe
C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\FirefoxPortableUnibo-2.0.0.5\App\firefox\firefox.exe
C:\Programmi\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmi\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NB Probe] C:\Programmi\ASUS\NB Probe\NBProbe.exe
O4 - HKLM\..\Run: [Wireless Console] C:\Programmi\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Programmi\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [richtx64.exe] C:\DOCUME~1\MASSIMO\IMPOST~1\Temp\richtx64.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: Yahoo! Poker - http://origin.games.yahoo.net/games/clients/y/pt3_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: McAfee Application Installer Cleanup (0153541261825555) (0153541261825555mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\MASSIMO\IMPOST~1\Temp\015354~1.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Programmi\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\PROGRA~1\FILECO~1\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: spmgr - Unknown owner - C:\Programmi\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 10985 bytes

[shel]

ciao

nel log riesco a vedere solo questo

http://www.prevx.com/filenames/X8387366 ... 4.EXE.html

Lancia HiJackThis -> Clicca Do a scan only -> Metti la spunta a fianco delle righe che ti segnalo qui sotto -> Clicca su Fix Checked

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O4 - HKCU\..\Run: [richtx64.exe] C:\DOCUME~1\MASSIMO\IMPOST~1\Temp\richtx64.exe

O18 - Filter hijack: text/html - (no CLSID) - (no file)


Scarica ComboFix da qui http://download.bleepingcomputer.com/sUBs/ComboFix.exe , avvialo e quindi premi 1 per avviare la scansione. Alla fine della scansione ti verrà rilasciato un file chiamato combofix.txt nella cartella c:\combofix, allegami tale file nel prossimo messaggio.

[tixxy82]

ciao, grazie per l'aiuto.
Allora ho fixato le voci e ho scaricato combofix, ma non riesco a farlo partire.

[shel]

disinstalla combofix in questo modo

clicca su start - esegui - digita combofix /u e dai l'ok ... (nota: combofix[spazio]/u)

scaricalo nuovamente, ma questa volta devi rinominarlo prima di scaricarlo con un nome di fantasia (123.exe) ad esempio

la tua infezione dovrebe essere il bagle ed e' proprio per qquesto motivo che non riesci a lanciarlo

[tixxy82]

oddio, non è possibile...
IMPOSSIBILE TROVARE IL FILE COMBOFIX

[tixxy82]

dopo che ad aware aveva terminato la scansione, mi ha fatto riavviare il sistema e al riavvio ha eseguito un'operazione, ha cancellato qualcosa forse? qualche file che mi impedisce l'accesso agli antivirus??
Il problema è che non riesco a trovare il log.
Ora provo almeno a incollarti la schermata sempre che riesca a capire come fare

[tixxy82]

ecco il log, l'ho trovato:

MSG [2816] 2009/12/26 11:05:33: Configure new scan with profile: smart
MSG [2816] 2009/12/26 11:05:34: -> scanning critical objects
MSG [2816] 2009/12/26 11:05:34: -> scanning running processes
MSG [2816] 2009/12/26 11:05:34: -> scanning registry
MSG [2816] 2009/12/26 11:05:34: -> scanning lsp
MSG [2816] 2009/12/26 11:05:34: -> scanning browser hijacks
MSG [2816] 2009/12/26 11:05:34: -> scanning cookies
MSG [2816] 2009/12/26 11:05:34: -> neutralizing rootkits
MSG [2816] 2009/12/26 11:05:34: -> use spyware heuristics
MSG [2816] 2009/12/26 11:05:34: -> scan only executables
MSG [2816] 2009/12/26 11:05:34: -> file size limit = 20480 kB (0 = unlimited)
ERR [2816] 2009/12/26 11:08:31: SDKController::GetQuarantineList -> Not in idle state
ERR [2816] 2009/12/26 11:08:31: SDKController::GetWhiteList -> Not in idle state
ERR [2816] 2009/12/26 11:08:34: SDKController::GetDefinitonsFileVersion -> Not in idle state
ERR [2816] 2009/12/26 11:08:34: SDKController::GetLatestSuccessfulScanReport -> Not in idle state
MSG [1704] 2009/12/26 11:10:40: Scan was completed in 306 seconds
MSG [1704] 2009/12/26 11:10:40: Objects processed: 9954, infections detected: 2
MSG [2708] 2009/12/26 11:11:13: Remediating 2 infections
MSG [2708] 2009/12/26 11:11:13: Infections quarantined: 2, removed: 0, repaired: 0
MSG [2708] 2009/12/26 11:11:13: Infections ignored by remediation: 0 (0 whitelisted, 0 skipped).
MSG [2816] 2009/12/26 11:11:14: Dumping scan report:
>>> Logfile created: 26/12/2009 11:5:38
>>> Lavasoft Ad-Aware version: 8.0.8
>>> Extended engine version: 8.1
>>> User performing scan: MASSIMO
>>>
>>> *********************** Definitions database information ***********************
>>> Lavasoft definition file: 149.119
>>> Extended engine definition file: 8.1
>>>
>>> ******************************** Scan results: *********************************
>>> Scan profile name: Scans. intelligente (ID: smart)
>>> Objects scanned: 9954
>>> Objects detected: 2
>>>
>>>
>>> Type Detected
>>> ==========================
>>> Processes.......: 1
>>> Registry entries: 1
>>> Hostfile entries: 0
>>> Files...........: 0
>>> Folders.........: 0
>>> LSPs............: 0
>>> Cookies.........: 0
>>> Browser hijacks.: 0
>>> MRU objects.....: 0
>>>
>>>
>>>
>>> Quarantined items:
>>> Description: c:\docume~1\massimo\impost~1\temp\wscsvc32.exe Family Name: Win32.FraudTool.ActiveSecurity Clean status: Success Item ID: 1676525 Family ID: 1674243
>>> Description: HKU:S-1-5-21-629448158-4073424505-2892820372-1005\Software:eee0bd2f-ff2e-46ef-83fb-d4fda84462a3 Family Name: Win32.FraudTool.ActiveSecurity Clean status: Success Item ID: 1674250 Family ID: 1674243
>>>
>>> Scan and cleaning complete: Finished correctly after 306 seconds
>>>
>>> *********************************** Settings ***********************************
>>>
>>> Scan profile:
>>> ID: smart, enabled:1, value: Scans. intelligente
>>> ID: scancriticalareas, enabled:1, value: true
>>> ID: scanrunningapps, enabled:1, value: true
>>> ID: scanregistry, enabled:1, value: true
>>> ID: scanlsp, enabled:1, value: true
>>> ID: scanads, enabled:1, value: false
>>> ID: scanhostsfile, enabled:1, value: false
>>> ID: scanmru, enabled:1, value: false
>>> ID: scanbrowserhijacks, enabled:1, value: true
>>> ID: scantrackingcookies, enabled:1, value: true
>>> ID: closebrowsers, enabled:1, value: false
>>> ID: folderstoscan, enabled:1, value:
>>> ID: usespywareheuristics, enabled:1, value: true
>>> ID: extendedengine, enabled:0, value: true
>>> ID: useheuristics, enabled:0, value: true
>>> ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
>>> ID: filescanningoptions, enabled:1
>>> ID: scanrootkits, enabled:1, value: true
>>> ID: archives, enabled:1, value: false
>>> ID: onlyexecutables, enabled:1, value: true
>>> ID: skiplargerthan, enabled:1, value: 20480
>>>
>>> Scan global:
>>> ID: global, enabled:1
>>> ID: addtocontextmenu, enabled:1, value: true
>>> ID: playsoundoninfection, enabled:1, value: false
>>> ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
>>>
>>> Scheduled scan settings:
>>> <Empty>
>>>
>>> Update settings:
>>> ID: updates, enabled:1
>>> ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
>>> ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>> ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>> ID: schedules, enabled:1, value: true
>>> ID: updatedaily, enabled:1, value: Daily
>>> ID: time, enabled:1, value: Sat Feb 14 23:03:00 2009
>>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:1
>>> ID: monday, enabled:1, value: false
>>> ID: tuesday, enabled:1, value: false
>>> ID: wednesday, enabled:1, value: false
>>> ID: thursday, enabled:1, value: false
>>> ID: friday, enabled:1, value: false
>>> ID: saturday, enabled:1, value: false
>>> ID: sunday, enabled:1, value: false
>>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:1, value:
>>> ID: auto_deal_with_infections, enabled:1, value: false
>>> ID: updateweekly, enabled:1, value: Weekly
>>> ID: time, enabled:1, value: Sat Feb 14 23:03:00 2009
>>> ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:1
>>> ID: monday, enabled:1, value: true
>>> ID: tuesday, enabled:1, value: false
>>> ID: wednesday, enabled:1, value: false
>>> ID: thursday, enabled:1, value: false
>>> ID: friday, enabled:1, value: false
>>> ID: saturday, enabled:1, value: true
>>> ID: sunday, enabled:1, value: false
>>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:1, value:
>>> ID: auto_deal_with_infections, enabled:1, value: false
>>>
>>> Appearance settings:
>>> ID: appearance, enabled:1
>>> ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
>>> ID: showtrayicon, enabled:1, value: true
>>> ID: language, enabled:1, value: it, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
>>>
>>> Realtime protection settings:
>>> ID: realtime, enabled:1
>>> ID: processprotection, enabled:1, value: true
>>> ID: registryprotection, enabled:0, value: true
>>> ID: networkprotection, enabled:0, value: true
>>> ID: usespywareheuristics, enabled:0, value: true
>>> ID: extendedengine, enabled:0, value: true
>>> ID: useheuristics, enabled:0, value: true
>>> ID: heuristicslevel, enabled:0, value: strict, domain: medium,mild,strict
>>> ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
>>>
>>>
>>> ****************************** System information ******************************
>>> Computer name: NOME-8F77BE914A
>>> Processor name: Intel(R) Pentium(R) M processor 1.73GHz
>>> Processor identifier: x86 Family 6 Model 13 Stepping 8
>>> Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3336, number of processors 1
>>> Physical memory available: 179539968 bytes
>>> Physical memory total: 1073004544 bytes
>>> Virtual memory available: 1992744960 bytes
>>> Virtual memory total: 2147352576 bytes
>>> Memory load: 83%
>>> Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
>>> Windows startup mode:
>>>
>>> Running processes:
>>> PID: 904 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1000 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1024 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1068 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1080 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1240 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1340 name: C:\WINDOWS\system32\svchost.exe owner: SERVIZIO DI RETE domain: NT AUTHORITY
>>> PID: 1380 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1424 name: C:\Programmi\Intel\Wireless\Bin\EvtEng.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1568 name: C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1664 name: C:\WINDOWS\system32\svchost.exe owner: SERVIZIO DI RETE domain: NT AUTHORITY
>>> PID: 1760 name: C:\WINDOWS\system32\svchost.exe owner: SERVIZIO LOCALE domain: NT AUTHORITY
>>> PID: 1976 name: C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 240 name: C:\Programmi\Avira\AntiVir Desktop\sched.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 280 name: C:\WINDOWS\system32\svchost.exe owner: SERVIZIO LOCALE domain: NT AUTHORITY
>>> PID: 368 name: C:\Programmi\Avira\AntiVir Desktop\avguard.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 380 name: C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 400 name: C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 448 name: C:\Programmi\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 576 name: C:\WINDOWS\system32\nvsvc32.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 620 name: C:\Programmi\Intel\Wireless\Bin\OProtSvc.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 652 name: C:\Programmi\Raxco\PerfectDisk\PDAgent.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 692 name: C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 748 name: C:\Programmi\ASUS\NB Probe\SPM\spmgr.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 784 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1636 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1592 name: C:\WINDOWS\System32\alg.exe owner: SERVIZIO LOCALE domain: NT AUTHORITY
>>> PID: 2052 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2468 name: C:\Programmi\Intel\Wireless\Bin\ZcfgSvc.exe owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 2592 name: C:\WINDOWS\system32\WgaTray.exe owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 2684 name: C:\WINDOWS\Explorer.EXE owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 2952 name: C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 3700 name: C:\WINDOWS\ATK0100\HControl.exe owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 3784 name: C:\WINDOWS\RTHDCPL.EXE owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 3796 name: C:\Programmi\ASUS\NB Probe\NBProbe.exe owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 3804 name: C:\Programmi\ASUS\Wireless Console\wcourier.exe owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 3852 name: C:\Programmi\Synaptics\SynTP\SynTPLpr.exe owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 3912 name: C:\Programmi\Synaptics\SynTP\SynTPEnh.exe owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 4048 name: C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 516 name: C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 1524 name: C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 2492 name: C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 2504 name: C:\WINDOWS\ATK0100\ATKOSD.exe owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 3160 name: C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 3204 name: C:\Programmi\Avira\AntiVir Desktop\avgnt.exe owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 3424 name: C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 3520 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1288 name: C:\WINDOWS\system32\ctfmon.exe owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 2728 name: C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 2988 name: C:\Programmi\Asus\Asus ChkMail\ChkMail.exe owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 3344 name: C:\Programmi\FirefoxPortableUnibo-2.0.0.5\App\firefox\firefox.exe owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 1508 name: C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 4044 name: C:\WINDOWS\system32\dumprep.exe owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 488 name: C:\DOCUME~1\MASSIMO\IMPOST~1\Temp\richtx64.exe owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 2240 name: C:\DOCUME~1\MASSIMO\IMPOST~1\Temp\wscsvc32.exe owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 2440 name: C:\WINDOWS\system32\dumprep.exe owner: MASSIMO domain: NOME-8F77BE914A
>>> PID: 1872 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
>>>
>>> Startup items:
>>> Name: CTFMON.EXE
>>> imagepath: C:\WINDOWS\system32\CTFMON.EXE
>>> Name: DWQueuedReporting
>>> imagepath: "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t
>>> Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
>>> imagepath: Precaricatore Browseui
>>> Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
>>> imagepath: Daemon di cache delle categorie di componenti
>>> Name: PostBootReminder
>>> imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
>>> Name: CDBurn
>>> imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
>>> Name: WebCheck
>>> imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
>>> Name: SysTray
>>> imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
>>> Name: UPnPMonitor
>>> imagepath: {e57ce738-33e8-4c51-8354-bb4de9d215d1}
>>> Name: WPDShServiceObj
>>> imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
>>> Name: HControl
>>> imagepath: C:\WINDOWS\ATK0100\HControl.exe
>>> Name: NvCplDaemon
>>> imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
>>> Name: nwiz
>>> imagepath: nwiz.exe /install
>>> Name: RTHDCPL
>>> imagepath: RTHDCPL.EXE
>>> Name: NB Probe
>>> imagepath: C:\Programmi\ASUS\NB Probe\NBProbe.exe
>>> Name: Wireless Console
>>> imagepath: C:\Programmi\ASUS\Wireless Console\wcourier.exe
>>> Name: SynTPLpr
>>> imagepath: C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
>>> Name: SynTPEnh
>>> imagepath: C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
>>> Name: IntelZeroConfig
>>> imagepath: C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
>>> Name: IntelWireless
>>> imagepath: C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
>>> Name: EOUApp
>>> imagepath: C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe
>>> Name: NeroFilterCheck
>>> imagepath: C:\WINDOWS\system32\NeroCheck.exe
>>> Name: RemoteControl
>>> imagepath: C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
>>> Name: Power_Gear
>>> imagepath: C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
>>> Name: Adobe Reader Speed Launcher
>>> imagepath: "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
>>> Name: Ad-Watch
>>> imagepath: C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
>>> Name: avgnt
>>> imagepath: "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
>>> Name: Samsung Common SM
>>> imagepath: "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
>>> Name: Adobe ARM
>>> imagepath: "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
>>> Name:
>>> location: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ASUS ChkMail.lnk
>>> imagepath: C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
>>> Name:
>>> imagepath: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
>>>
>>> Bootexecute items:
>>> Name:
>>> imagepath: PDBoot.exe
>>> Name:
>>> imagepath: autocheck autochk *
>>>
>>> Running services:
>>> Name: ALG
>>> displayname: Servizio Gateway di livello applicazione
>>> Name: AntiVirScheduler
>>> displayname: Avira AntiVir Scheduler
>>> Name: AntiVirService
>>> displayname: Avira AntiVir Guard
>>> Name: Apple Mobile Device
>>> displayname: Apple Mobile Device
>>> Name: AudioSrv
>>> displayname: Audio Windows
>>> Name: AVG Anti-Spyware Guard
>>> displayname: AVG Anti-Spyware Guard
>>> Name: BITS
>>> displayname: Servizio trasferimento intelligente in background
>>> Name: Bonjour Service
>>> displayname: Bonjour Service
>>> Name: CryptSvc
>>> displayname: Servizi di crittografia
>>> Name: DcomLaunch
>>> displayname: Utilità di avvio processo server DCOM
>>> Name: Dhcp
>>> displayname: Client DHCP
>>> Name: Dnscache
>>> displayname: Client DNS
>>> Name: ERSvc
>>> displayname: Servizio di segnalazione errori
>>> Name: Eventlog
>>> displayname: Registro eventi
>>> Name: EventSystem
>>> displayname: Sistema di eventi COM+
>>> Name: EvtEng
>>> displayname: EvtEng
>>> Name: FastUserSwitchingCompatibility
>>> displayname: Compatibilità di Cambio rapido utente
>>> Name: helpsvc
>>> displayname: Guida in linea e supporto tecnico
>>> Name: HidServ
>>> displayname: HID Input Service
>>> Name: HTTPFilter
>>> displayname: SSL HTTP
>>> Name: Irmon
>>> displayname: Monitor infrarossi
>>> Name: lanmanserver
>>> displayname: Server
>>> Name: lanmanworkstation
>>> displayname: Workstation
>>> Name: Lavasoft Ad-Aware Service
>>> displayname: Lavasoft Ad-Aware Service
>>> Name: LmHosts
>>> displayname: Helper NetBIOS di TCP/IP
>>> Name: Netman
>>> displayname: Connessioni di rete
>>> Name: Nla
>>> displayname: NLA (Network Location Awareness)
>>> Name: NVSvc
>>> displayname: NVIDIA Display Driver Service
>>> Name: OwnershipProtocol
>>> displayname: OwnershipProtocol
>>> Name: PDAgent
>>> displayname: PDAgent
>>> Name: PlugPlay
>>> displayname: Plug and Play
>>> Name: PolicyAgent
>>> displayname: Servizi IPSEC
>>> Name: ProtectedStorage
>>> displayname: Archiviazione protetta
>>> Name: RasMan
>>> displayname: Connection Manager di Accesso remoto
>>> Name: RegSrvc
>>> displayname: RegSrvc
>>> Name: RpcSs
>>> displayname: RPC (Remote Procedure Call)
>>> Name: S24EventMonitor
>>> displayname: Spectrum24 Event Monitor
>>> Name: SamSs
>>> displayname: Gestione account di protezione (SAM)
>>> Name: Schedule
>>> displayname: Utilità di pianificazione
>>> Name: seclogon
>>> displayname: Accesso secondario
>>> Name: SENS
>>> displayname: Notifica eventi di sistema
>>> Name: SharedAccess
>>> displayname: Windows Firewall / Condivisione connessione Internet (ICS)
>>> Name: ShellHWDetection
>>> displayname: Rilevamento hardware shell
>>> Name: spmgr
>>> displayname: spmgr
>>> Name: Spooler
>>> displayname: Spooler di stampa
>>> Name: srservice
>>> displayname: Servizio Ripristino configurazione di sistema
>>> Name: SSDPSRV
>>> displayname: Servizio di rilevamento SSDP
>>> Name: stisvc
>>> displayname: Acquisizione di immagini di Windows (WIA)
>>> Name: TapiSrv
>>> displayname: Telefonia
>>> Name: TermService
>>> displayname: Servizi terminal
>>> Name: Themes
>>> displayname: Temi
>>> Name: TrkWks
>>> displayname: Manutenzione collegamenti distribuiti client
>>> Name: W32Time
>>> displayname: Ora di Windows
>>> Name: WebClient
>>> displayname: WebClient
>>> Name: winmgmt
>>> displayname: Strumentazione gestione Windows
>>> Name: wuauserv
>>> displayname: Aggiornamenti automatici
>>>
>>>

[Luke57]

Ciao, esegui in ordine queste operazioni:
apri hijackthis, premi "open the misc tools section", "open process manager", cerca tra i vari processi:

C:\DOCUME~1\MASSIMO\IMPOST~1\Temp\richtx64.exe

evidenzialo e premi kill process

Torna alla pagina centrale del menu con "back", premi "scan", cerca e spunta la voce seguente:
O4 - HKCU\..\Run: [richtx64.exe] C:\DOCUME~1\MASSIMO\IMPOST~1\Temp\richtx64.exe

premi fix checked
2) scarica ccleaner da qui:
http://www.ccleaner.com/download/downloading
(ultima versione)
installalo, aprilo e da opzioni>avanzate togli la spunta a "cancella file di windows più vecchi di 48 ore", poi eseguilo con avvia pulizia.
Eseguilo due volte di fila.

3) scarica malwarebytes da qui:
http://www.malwarebytes.org/mbam-download.php

installalo, aggiornalo. Fai una scansione completa del computer mettendo in quarantena le infezioni trovate.
Al termine di queste operazioni posta il report di combofix e di malwarebytes.

[tixxy82]

ciao Luke,
ho seguito le indicazioni di shel e ho già rimosso il file che mi hai indicato, anche se con una procedura diversa, ma non è cambiato nulla.
Ccleaner purtroppo l'ho eseguito stamattina e malwarebytes non funziona e nemmeno combofix. l'unico che parte è ad aware e sopra ho riportato il suo log.

[shel]

DA UNA PROCEDURA DI Luke57

copia questo codice

@echo off
regedit.exe /e C:\file1.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run"
regedit.exe /e C:\file2.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run"
regedit.exe /e C:\file3.txt "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run"
regedit.exe /e C:\file4.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows"
regedit.exe /e C:\file5.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad"
regedit.exe /e C:\file6.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
regedit.exe /e C:\file7.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe"
regedit.exe /e C:\file8.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"
regedit.exe /e C:\file9.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy"
regedit.exe /e C:\file10.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center"



salvalo sul desktop come:
nome: 1.bat (cambiando ovviamente l'estensione da .txt a .bat).
tipo di file: tutti i file

Poi lo esegui con doppio click, successivamente in C dovresti trovare i file .txt da 1 a 10 o perlomeno quelli che sono stati individuati, Inseriscili tutti in una cartella .zip e allegali a un post.

[tixxy82]

ehm...scusa l'ignoranza come faccio ad allegare il file?

[shel]

caricalo qui

www.wikisend.com

[tixxy82]

ecco qui
file4.rar

[tixxy82]

non so se ti può essere utile ma ho trovato anche il log del processo che ad aware ha fatto al riavvio:

================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-26 10:13
[~] Preparing to execute queued commands
[~] Deleting file: c:\docume~1\massimo\impost~1\temp\wscsvc32.exe
[~] Finished processing queued commands


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-26 10:33


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-26 11:26


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-26 11:33


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-26 13:53


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-12-26 13:57

[shel]

vedi se riesci a lanciare virit

http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e fai la scansione in Modalità Provvisoria
Posta anche il log. (lo trovi sull'icona in alto, con raffigurato un block notes ,con una penna)

nel frattempo sto' controllando l'altra scansione

[tixxy82]

non ho fatto in tempo ad avviare virit in modalità provvisoria che mi è comparsa subito una schermata chiedendomi se voglio rimuovere il:
TROJAN.WIN32.rootkit.GG
Che devo fare lo elimino e faccio partire la scansione ?

[shel]

si eliminalo

[tixxy82]

ok,la situazione è già un po' migliorata, sono riuscita a far partire mc afee anche se sembra darmi dei problemi nell'attivare la protezione.
Ora faccio lo scan in modalità provvisoria e ti invio il log.

[shel]

prova ad eseguire prima combofix

[tixxy82]

ecco il log di combofix:


ComboFix 09-12-25.04 - MASSIMO 2009-12-26 21:18:40.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1023.530 [GMT 1:00]
Eseguito da: c:\programmi\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\H8SRTKLLLOTPQLA.SYS.VIR
c:\windows\system32\H8SRTgrxtmfqhtp.dat
c:\windows\system32\H8SRTkomolimxdq.dll
c:\windows\system32\H8SRTuroumujexs.dll
c:\windows\system32\krl32mainweq.dll
c:\windows\system32\srcr.dat

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_H8SRTd.sys
-------\Service_H8SRTd.sys


((((((((((((((((((((((((( Files Creati Da 2009-11-26 al 2009-12-26 )))))))))))))))))))))))))))))))))))
.

2009-12-26 20:10 . 2009-12-26 20:04 398336 ----a-w- c:\windows\system32\CF22640.exe
2009-12-26 18:27 . 2009-12-26 18:27 1052 ----a-w- C:\prgmonsp.bin
2009-12-26 18:03 . 2009-12-26 18:03 -------- d-----w- c:\documents and settings\MASSIMO\Impostazioni locali\Dati applicazioni\PackageAware
2009-12-26 18:03 . 2009-12-26 18:03 6422072 ----a-w- c:\programmi\vnlt6551.exe
2009-12-26 16:39 . 2009-12-26 16:39 3357024 ----a-w- c:\programmi\ccsetup227.exe
2009-12-26 14:08 . 2009-12-26 14:09 3865929 ----a-r- c:\programmi\ComboFix.exe
2009-12-26 11:19 . 2009-12-26 11:19 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\SACore
2009-12-26 11:17 . 2009-12-26 11:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SiteAdvisor
2009-12-26 11:06 . 2009-11-04 15:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-12-26 11:06 . 2009-11-04 15:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-12-26 11:06 . 2009-11-04 15:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-12-26 11:06 . 2009-07-16 11:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-12-26 10:54 . 2009-12-26 11:06 -------- d-----w- c:\programmi\File comuni\McAfee
2009-12-26 10:54 . 2009-12-26 11:00 -------- d-----w- c:\programmi\McAfee.com
2009-12-26 10:54 . 2009-12-26 13:53 -------- d-----w- c:\programmi\McAfee
2009-12-26 10:47 . 2009-11-04 15:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-12-26 10:39 . 2009-12-26 18:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2009-12-26 10:39 . 2009-12-26 10:39 1296288 ----a-w- c:\programmi\DMSetup.exe
2009-12-26 10:18 . 2009-12-26 10:19 -------- d-----w- c:\documents and settings\MASSIMO\Dati applicazioni\QuickScan
2009-12-26 10:14 . 2009-12-26 10:14 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-26 10:11 . 2009-10-05 21:03 15688 ----a-w- c:\windows\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-26 18:04 . 2009-12-26 18:04 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{5EE5232A-BD09-4BCA-91DC-774E5F3CFFA9}
2009-12-23 11:28 . 2009-03-21 15:26 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-12-23 11:28 . 2009-03-28 16:28 4844296 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-21 16:35 . 2009-12-26 18:04 2856006 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{5EE5232A-BD09-4BCA-91DC-774E5F3CFFA9}\vnlt6551.exe
2009-12-18 10:18 . 2009-12-26 18:04 122880 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{5EE5232A-BD09-4BCA-91DC-774E5F3CFFA9}\OFFLINE\361580F9\76AC2E42\viritupg.dll
2009-12-15 13:34 . 2009-12-26 18:04 274432 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{5EE5232A-BD09-4BCA-91DC-774E5F3CFFA9}\OFFLINE\D89A54DE\76AC2E42\MONLITE.exe
2009-12-11 19:44 . 2006-09-30 17:16 -------- d-----w- c:\documents and settings\MASSIMO\Dati applicazioni\Skype
2009-12-11 18:27 . 2008-11-30 10:40 -------- d-----w- c:\documents and settings\MASSIMO\Dati applicazioni\skypePM
2009-12-11 18:26 . 2004-09-16 14:31 80688 ----a-w- c:\windows\system32\perfc010.dat
2009-12-11 18:26 . 2004-09-16 14:31 482274 ----a-w- c:\windows\system32\perfh010.dat
2009-12-11 10:38 . 2009-12-26 18:04 352256 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{5EE5232A-BD09-4BCA-91DC-774E5F3CFFA9}\OFFLINE\BB22A901\76AC2E42\Scan.dll
2009-12-10 22:03 . 2009-05-29 18:24 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-03 15:14 . 2009-03-21 15:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-03-21 15:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-30 22:03 . 2009-10-05 21:03 3695616 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-27 23:46 . 2006-01-13 14:01 -------- d-----w- c:\programmi\File comuni\Adobe
2009-11-27 14:10 . 2009-12-26 18:04 69632 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{5EE5232A-BD09-4BCA-91DC-774E5F3CFFA9}\OFFLINE\__Nas01_sviluppo_varie\Setup\VIRITLite\Files\viritsvc.exe
2009-11-27 14:06 . 2009-12-26 18:04 815104 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{5EE5232A-BD09-4BCA-91DC-774E5F3CFFA9}\OFFLINE\5BF53870\76AC2E42\viritexp.exe
2009-11-13 17:26 . 2006-02-24 16:29 55848 ----a-w- c:\documents and settings\MASSIMO\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-13 17:25 . 2009-11-13 17:25 -------- d-----w- c:\programmi\MSECache
2009-11-13 17:25 . 2009-11-13 17:24 28868320 ----a-w- c:\programmi\FileFormatConverters.exe
2009-11-11 23:03 . 2009-11-11 23:03 3310608 ----a-w- c:\programmi\ccsetup225.exe
2009-11-11 07:53 . 2009-12-26 18:04 45312 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{5EE5232A-BD09-4BCA-91DC-774E5F3CFFA9}\OFFLINE\931FE753\76AC2E42\VIRAGTLT.sys
2009-11-11 07:53 . 2009-12-26 18:04 45312 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{5EE5232A-BD09-4BCA-91DC-774E5F3CFFA9}\OFFLINE\277632B2\76AC2E42\VIRAGTLT.sys
2009-11-11 07:53 . 2009-11-11 07:53 45312 --s-a-w- c:\windows\system32\drivers\VIRAGTLT.sys
2009-11-10 20:37 . 2009-11-10 20:37 -------- d-----w- c:\programmi\Microsoft
2009-11-08 15:40 . 2009-12-26 18:04 49152 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{5EE5232A-BD09-4BCA-91DC-774E5F3CFFA9}\OFFLINE\22028FD3\76AC2E42\tgdlg.dll
2009-11-04 15:54 . 2009-11-04 15:54 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-10-29 07:40 . 2004-09-16 14:31 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-24 21:03 . 2009-06-27 21:05 2353992 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-10-21 05:38 . 2004-09-16 14:31 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-09-16 14:31 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 22:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:33 . 2004-09-16 14:31 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-09-16 14:31 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-09-16 14:31 79872 ----a-w- c:\windows\system32\raschap.dll
2009-06-30 14:11 . 2009-04-28 19:28 1878888 ----a-w- c:\programmi\install_flash_player.exe
2009-05-29 18:18 . 2009-05-29 18:18 30113824 ----a-w- c:\programmi\avira_antivir_personal_it.exe
2009-05-12 09:03 . 2009-05-12 09:03 3227248 ----a-w- c:\programmi\ccsetup219.exe
2009-04-04 14:33 . 2009-04-04 14:33 3342809 ----a-w- c:\programmi\eMule0.49c-Installer.exe
2009-03-28 23:33 . 2009-03-28 23:32 3190688 ----a-w- c:\programmi\ccsetup218.exe
2009-03-21 15:25 . 2009-03-21 15:25 2876720 ----a-w- c:\programmi\mbam-setup.exe
2009-03-21 12:39 . 2006-09-30 17:15 2267944 ----a-w- c:\programmi\SkypeSetup.exe
2009-03-20 17:30 . 2009-03-20 17:30 977683 ----a-w- c:\programmi\tesseract-2.00.ita.tar.gz
2009-03-20 17:27 . 2009-03-20 17:27 171008 ----a-w- c:\programmi\freeocr26.exe
2009-03-18 14:21 . 2009-03-18 14:21 812344 ----a-w- c:\programmi\HJTInstall.exe
2009-03-11 17:30 . 2009-03-11 17:30 1159512 ----a-w- c:\programmi\wlsetup-custom.exe
2009-02-14 21:56 . 2009-02-14 21:48 34543112 ----a-w- c:\programmi\Ad-AwareAE.exe
2009-02-13 23:02 . 2009-02-13 23:02 3171208 ----a-w- c:\programmi\ccsetup216.exe
2008-11-21 18:13 . 2008-11-21 18:13 3231826 ----a-w- c:\programmi\eMule0.49b-Installer1.exe
2008-11-01 12:03 . 2008-11-01 12:02 1355112 ----a-w- c:\programmi\msnemoticons4.exe
2008-09-29 19:50 . 2008-09-29 19:49 21431024 ----a-w- c:\programmi\VeohSetup-3.9.8.1077.exe
2008-09-26 21:39 . 2008-09-26 21:39 1440832 ----a-w- c:\programmi\Silverlight.exe
2008-08-31 18:19 . 2008-08-31 18:17 63530280 ----a-w- c:\programmi\iTunesSetup.exe
2008-08-26 11:05 . 2008-08-26 11:04 2928600 ----a-w- c:\programmi\ccsetup211.exe
2008-07-17 18:06 . 2008-07-17 18:07 382352 ----a-w- c:\programmi\xpiinstall.exe
2008-06-22 08:52 . 2008-06-22 08:51 454336 ----a-w- c:\programmi\msnemoticons3.exe
2008-06-20 13:43 . 2008-06-20 13:43 2914296 ----a-w- c:\programmi\ccsetup208.exe
2008-06-20 13:38 . 2008-06-20 13:38 9547110 ----a-w- c:\programmi\FirefoxPortableUnibo-2.0.0.5.exe
2008-05-17 14:18 . 2008-05-17 14:17 21031280 ----a-w- c:\programmi\Lavasoft_Adaware_multi.exe
2008-05-16 20:50 . 2008-05-16 20:50 2897456 ----a-w- c:\programmi\ccsetup207.exe
2008-05-15 17:13 . 2008-05-15 17:13 3309160 ----a-w- c:\programmi\eMule0.49a-Installer11.exe
2008-04-23 18:36 . 2008-04-23 18:36 2600640 ----a-w- c:\programmi\msnemoticons2.exe
2008-03-28 20:47 . 2008-03-28 20:47 2751368 ----a-w- c:\programmi\ccsetup206.exe
2008-02-06 15:08 . 2008-02-06 15:07 3526336 ----a-w- c:\programmi\msnemoticons.exe
2007-12-28 17:09 . 2007-12-28 17:09 13413048 ----a-w- c:\programmi\Google_Earth_BZXD.exe
2007-12-22 18:10 . 2007-12-22 18:10 4722512 ----a-w- c:\programmi\MsgPlusLive-450.exe
2007-12-21 17:10 . 2007-12-21 17:10 2402320 ----a-w- c:\programmi\WLinstaller.exe
2007-12-13 22:31 . 2007-12-13 22:31 17788920 ----a-w- c:\programmi\antivir_workstation_win7u_en_h.exe
2007-12-13 21:26 . 2007-12-13 21:26 5152256 ----a-w- c:\programmi\WindowsDefender.msi
2007-12-09 18:00 . 2007-12-09 18:00 2724328 ----a-w- c:\programmi\ccsetup203.exe
2007-12-08 09:17 . 2008-07-19 19:20 184449 ----a-w- c:\programmi\mp3DC207.exe
2007-11-28 20:29 . 2007-11-28 20:28 2592448 ----a-w- c:\programmi\emoticons2.exe
2007-10-27 12:06 . 2007-10-27 11:46 51422520 ----a-w- c:\programmi\iTunes743Setup.exe
2007-09-13 18:54 . 2007-09-13 18:53 2600640 ----a-w- c:\programmi\emoticons.exe
2007-06-04 21:59 . 2007-06-04 21:59 14874584 ----a-w- c:\programmi\setupita.exe
2006-11-26 13:57 . 2006-11-26 13:57 17515272 ----a-w- c:\programmi\avg75free_430a848.exe
2006-11-25 14:46 . 2006-11-25 14:45 24074080 ----a-w- c:\programmi\AdbeRdr708_it_IT.exe
2006-10-03 13:59 . 2006-10-03 13:59 5197088 ----a-w- c:\programmi\SUPERAntiSpyware.exe
2006-10-03 13:25 . 2006-10-03 13:25 92672 ----a-w- c:\programmi\KillBox.exe
2006-10-02 22:20 . 2006-10-02 22:20 212849 ----a-w- c:\programmi\hijackthis.zip
2006-09-28 18:25 . 2006-09-28 18:25 2855080 ----a-w- c:\programmi\aawsepersonal.exe
2006-04-30 18:37 . 2006-04-30 18:37 1094021 ----a-w- c:\programmi\dvdshrink32setup.zip
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
"NBJ"="c:\programmi\Ahead\Nero BackItUp\NBJ.exe" [2005-01-04 1937408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2005-05-12 102400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-23 7286784]
"nwiz"="nwiz.exe" [2005-09-23 1519616]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-06 14850560]
"NB Probe"="c:\programmi\ASUS\NB Probe\NBProbe.exe" [2005-07-27 765952]
"Wireless Console"="c:\programmi\ASUS\Wireless Console\wcourier.exe" [2005-07-22 57344]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-12-22 98394]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-12-22 688218]
"IntelZeroConfig"="c:\programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 401408]
"IntelWireless"="c:\programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 385024]
"EOUApp"="c:\programmi\Intel\Wireless\Bin\EOUWiz.exe" [2005-05-31 356352]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"Power_Gear"="c:\programmi\ASUS\Power4 Gear\BatteryLife.exe" [2007-06-05 86016]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Ad-Watch"="c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2009-10-05 520024]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"mcagent_exe"="c:\programmi\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-05-27 413696]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2009-12-26 274432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
ASUS ChkMail.lnk - c:\programmi\Asus\Asus ChkMail\ChkMail.exe [2006-1-13 32768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-06-22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-23 12:58 356352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-05-31 21:46 110592 ----a-w- c:\programmi\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\MSMSGS.EXE"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Asus\\ASUS Live Update\\LiveUpdt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\File comuni\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:127.0.0.1
"4672:UDP"= 4672:UDP:127.0.0.1

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-14 64160]
R0 R592;R592;c:\windows\system32\drivers\R592.sys [2004-10-15 57088]
R0 risdpntk;risdpntk;c:\windows\system32\drivers\risdpntk.sys [2004-10-15 27264]
R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.sys [2009-11-11 45312]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [2006-02-16 8944]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [2006-06-09 55024]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 1028432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programmi\McAfee\SiteAdvisor\McSACore.exe [2009-12-26 203280]
R2 viritsvclite;VirIT eXplorer Lite;c:\vexplite\VIRITSVC.EXE [2009-11-27 69632]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [2006-04-14 5824]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.libero.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Yahoo! Poker - hxxp://origin.games.yahoo.net/games/clients/y/pt3_x.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

SafeBoot-AVG Anti-Spyware Driver
AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966 - c:\programmi\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966\HXFSETUP.EXE -U -IHDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_10431966



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 21:30
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1060)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\programmi\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(3912)
c:\windows\system32\WININET.dll
c:\programmi\McAfee\SiteAdvisor\saHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\FILECO~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\progra~1\mcafee\msk\msksrver.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Intel\Wireless\Bin\OProtSvc.exe
c:\programmi\Raxco\PerfectDisk\PDAgent.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\programmi\ASUS\NB Probe\SPM\spmgr.exe
c:\programmi\Raxco\PerfectDisk\PDEngine.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WgaTray.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\RTHDCPL.EXE
c:\windows\ATK0100\ATKOSD.exe
.
**************************************************************************
.
Ora fine scansione: 2009-12-26 21:37:01 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-12-26 20:36

Pre-Run: 19,532,658,176 byte disponibili
Post-Run: 19,413,393,408 byte disponibili

- - End Of File - - 2D51F936148986E6FAED34F7A6A9284E