Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Grosso Problema con MyWebSearch non riesco a Rimuoverlo !!!!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Grosso Problema con MyWebSearch non riesco a Rimuoverlo !!!!

Postdi Mediano17 » 28/01/10 13:06

Ragazzi allora ieri accidentalmente ho scaricato da emule un file compresso e dentro c'era un file istallazione non so come si è istallato e adesso mi ritrovo sulla barra di firefox MyWebSearch,preciso che su istallazioni applicazioni non c'è nulla con questa voce da poter disistallare,l'unica cosa che ho fatto da firefox su strumenti e conponenti aggiuntivi l'unica opzione che mi fa fare è disattivare il programma e cioè la barra ma non la posso disistallare provo anche a cancellare le cartelle su programmi ma nulla non me le fa cancellare.
Mi aiutate sto scansionando con MalwareBytes e AVg vediamo che esce fuori.
Vi prego ditemi come rimuoverlo.
Mediano17
Utente Senior
 
Post: 129
Iscritto il: 05/09/08 23:12

Sponsor
 

Re: Grosso Problema con MyWebSearch non riesco a Rimuoverlo !!!!

Postdi shel » 28/01/10 13:12

CIAO

Scarica ComboFix da qui http://download.bleepingcomputer.com/sUBs/ComboFix.exe , avvialo e quindi premi 1 per avviare la scansione. Alla fine della scansione ti verrà rilasciato un file chiamato combofix.txt nella cartella c:\combofix, allegami tale file nel prossimo messaggio.
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Grosso Problema con MyWebSearch non riesco a Rimuoverlo !!!!

Postdi Mediano17 » 28/01/10 13:14

Ok lo sto facendo ma mi spieghi come funziona poi questo tipo di programma e cos'è?
Mediano17
Utente Senior
 
Post: 129
Iscritto il: 05/09/08 23:12

Re: Grosso Problema con MyWebSearch non riesco a Rimuoverlo !!!!

Postdi shel » 28/01/10 13:25

shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Grosso Problema con MyWebSearch non riesco a Rimuoverlo !!!!

Postdi Mediano17 » 28/01/10 13:31

allora si è avviato da solo,mentre scansionavo con AVG e Malwarebyte,c***o si è riavviato il pc,è partito in finestra testuale dipo in dos e in pratica mi ha trovato ed eliminato tutto del mywebsearch e poi anche alcune cose che non ho capito più altre cartelle di mywebsearch,ora aspetto il Report e ve lo posto ok?
Mediano17
Utente Senior
 
Post: 129
Iscritto il: 05/09/08 23:12

Re: Grosso Problema con MyWebSearch non riesco a Rimuoverlo !!!!

Postdi shel » 28/01/10 13:33

lascialo lavorare senza toccare niente, nemmeno il mouse

posta il rapporto che rilascia
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Grosso Problema con MyWebSearch non riesco a Rimuoverlo !!!!

Postdi Mediano17 » 28/01/10 13:43

scusa shel è molto grosso il file in txt come faccio per allegare il file???o faccio copia incolla???
Mediano17
Utente Senior
 
Post: 129
Iscritto il: 05/09/08 23:12

Re: Grosso Problema con MyWebSearch non riesco a Rimuoverlo !!!!

Postdi Mediano17 » 28/01/10 13:47

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\FunWebProducts
c:\programmi\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\programmi\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\programmi\MyWebSearch
c:\programmi\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\programmi\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3HTmlmu.dll
c:\programmi\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\programmi\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\programmi\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\programmi\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\programmi\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\programmi\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\programmi\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\programmi\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\programmi\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\programmi\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\programmi\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\programmi\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\programmi\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\programmi\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\programmi\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\programmi\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\programmi\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\programmi\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\programmi\MyWebSearch\bar\Avatar\COMMON.F3S
c:\programmi\MyWebSearch\bar\Cache\02C605BF
c:\programmi\MyWebSearch\bar\Cache\02C6303A
c:\programmi\MyWebSearch\bar\Cache\02C63DD6.bin
c:\programmi\MyWebSearch\bar\Cache\02C64B92.bin
c:\programmi\MyWebSearch\bar\Cache\02C655D3.bin
c:\programmi\MyWebSearch\bar\Cache\02C65FE5.bin
c:\programmi\MyWebSearch\bar\Cache\02C669C8.bin
c:\programmi\MyWebSearch\bar\Cache\02C8FF19
c:\programmi\MyWebSearch\bar\Cache\files.ini
c:\programmi\MyWebSearch\bar\firefox\CHROME.MANIFEST
c:\programmi\MyWebSearch\bar\firefox\chrome\M3FFXTBR.JAR
c:\programmi\MyWebSearch\bar\firefox\INSTALL.RDF
c:\programmi\MyWebSearch\bar\firefox\NPMYWEBS.DLL
c:\programmi\MyWebSearch\bar\Game\CHECKERS.F3S
c:\programmi\MyWebSearch\bar\Game\CHESS.F3S
c:\programmi\MyWebSearch\bar\Game\REVERSI.F3S
c:\programmi\MyWebSearch\bar\History\search3
c:\programmi\MyWebSearch\bar\icons\CM.ICO
c:\programmi\MyWebSearch\bar\icons\MFC.ICO
c:\programmi\MyWebSearch\bar\icons\PSS.ICO
c:\programmi\MyWebSearch\bar\icons\SMILEY.ICO
c:\programmi\MyWebSearch\bar\icons\Thumbs.db
c:\programmi\MyWebSearch\bar\icons\WB.ICO
c:\programmi\MyWebSearch\bar\icons\ZWINKY.ICO
c:\programmi\MyWebSearch\bar\Message\COMMON.F3S
c:\programmi\MyWebSearch\bar\Notifier\COMMON.F3S
c:\programmi\MyWebSearch\bar\Notifier\DOG.F3S
c:\programmi\MyWebSearch\bar\Notifier\FISH.F3S
c:\programmi\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\programmi\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\programmi\MyWebSearch\bar\Notifier\MAID.F3S
c:\programmi\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\programmi\MyWebSearch\bar\Notifier\OPERA.F3S
c:\programmi\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\programmi\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\programmi\MyWebSearch\bar\Notifier\SURFER.F3S
c:\programmi\MyWebSearch\bar\Settings\prevcfg2.htm
c:\programmi\MyWebSearch\bar\Settings\s_pid.dat
c:\programmi\MyWebSearch\bar\Settings\setting2.htm
c:\programmi\MyWebSearch\bar\Settings\setting2.htm.bak
c:\programmi\MyWebSearch\bar\Settings\settings.dat
c:\programmi\MyWebSearch\bar\Settings\settings.dat.bak
c:\windows\system32\4105062287.dat
c:\windows\system32\ehxdfdvd.ini
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\fiighquq.ini
c:\windows\system32\mkjikkbt.ini
c:\windows\system32\nflfuppl.ini
c:\windows\system32\oaahvqvl.ini
c:\windows\system32\opkxfckv.ini
c:\windows\system32\TuBabJjl.ini
c:\windows\system32\TuBabJjl.ini2
c:\windows\system32\ydpbufbd.ini

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_PODMENA
-------\Legacy_PODMENADRV
-------\Legacy_SCHEDULEHICQJ
-------\Service_MyWebSearchService
-------\Service_Schedulehicqj


((((((((((((((((((((((((( Files Creati Da 2009-12-28 al 2010-01-28 )))))))))))))))))))))))))))))))))))
.

2010-10-18 15:21 . 2008-10-21 16:10 -------- d-----w- c:\programmi\Radical Games
2010-01-27 09:32 . 2010-01-20 10:20 1260800 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgfrw.exe
2010-01-27 09:32 . 2010-01-20 10:20 3777280 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\setup.exe
2010-01-26 14:06 . 2010-01-26 14:06 503808 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-669a8eb3-n\msvcp71.dll
2010-01-26 14:06 . 2010-01-26 14:06 499712 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-669a8eb3-n\jmc.dll
2010-01-26 14:06 . 2010-01-26 14:06 348160 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-669a8eb3-n\msvcr71.dll
2010-01-26 14:05 . 2010-01-26 14:05 61440 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-21211365-n\decora-sse.dll
2010-01-26 14:05 . 2010-01-26 14:05 12800 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-21211365-n\decora-d3d.dll
2010-01-21 14:18 . 2010-01-21 14:18 61440 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-2f7dba8c-n\decora-sse.dll
2010-01-21 14:18 . 2010-01-21 14:18 503808 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-2f7dba8c-n\msvcp71.dll
2010-01-21 14:18 . 2010-01-21 14:18 499712 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-2f7dba8c-n\jmc.dll
2010-01-21 14:18 . 2010-01-21 14:18 348160 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-2f7dba8c-n\msvcr71.dll
2010-01-21 14:18 . 2010-01-21 14:18 12800 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-2f7dba8c-n\decora-d3d.dll
2010-01-21 14:18 . 2010-01-21 14:18 315392 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-79d072e5-n\jogl.dll
2010-01-21 14:18 . 2010-01-21 14:18 20480 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-79d072e5-n\jogl_awt.dll
2010-01-21 14:18 . 2010-01-21 14:18 114688 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-79d072e5-n\jogl_cg.dll
2010-01-21 14:18 . 2010-01-21 14:18 20480 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-6e0d5a6b-n\gluegen-rt.dll
2010-01-20 22:27 . 2010-01-20 22:34 -------- d-----w- C:\GTL
2010-01-12 13:52 . 2010-01-12 13:52 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-12 13:50 . 2010-01-12 13:50 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Malwarebytes
2010-01-12 13:50 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-12 13:49 . 2010-01-12 13:52 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-12 13:49 . 2010-01-12 13:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-01-12 13:49 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 08:04 . 2010-01-07 08:04 -------- d-----w- c:\programmi\FotoSketcher
2010-01-07 07:22 . 2010-01-07 07:22 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\AVG8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 12:32 . 2008-09-14 21:59 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\OpenOffice.org2
2010-01-26 16:24 . 2009-12-23 14:13 -------- d-----w- c:\programmi\rFactor
2010-01-22 08:37 . 2001-08-31 11:00 83084 ----a-w- c:\windows\system32\perfc010.dat
2010-01-22 08:37 . 2001-08-31 11:00 488230 ----a-w- c:\windows\system32\perfh010.dat
2010-01-21 14:18 . 2005-01-01 18:23 -------- d-----w- c:\programmi\File comuni\Java
2010-01-21 14:17 . 2005-01-01 18:23 -------- d-----w- c:\programmi\Java
2010-01-12 16:45 . 2008-10-21 18:00 -------- d-----w- c:\programmi\CCleaner
2009-12-31 08:04 . 2009-12-01 23:18 3966744 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcorex.dll
2009-12-28 11:18 . 2009-12-28 11:18 -------- d-----w- c:\programmi\Mio Technology
2009-12-28 11:17 . 2005-01-01 18:27 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-12-23 11:52 . 2009-12-23 11:41 -------- d-----w- c:\programmi\Relay Anticheat Client
2009-12-22 08:55 . 2009-12-01 19:30 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-22 08:55 . 2009-12-01 19:30 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-22 08:55 . 2009-12-01 19:30 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-22 08:55 . 2009-12-01 19:30 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2009-12-22 08:55 . 2009-12-01 19:30 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-22 08:55 . 2009-12-01 19:30 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-21 14:23 . 2009-12-21 14:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Trymedia
2009-12-21 11:32 . 2008-10-13 17:02 -------- d-----w- c:\programmi\Nokia
2009-12-21 11:28 . 2008-10-13 17:02 -------- d-----w- c:\programmi\File comuni\Nokia
2009-12-21 11:26 . 2009-12-21 11:26 -------- d-----w- c:\programmi\PC Connectivity Solution
2009-12-21 11:24 . 2009-12-21 11:24 77824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2009-12-21 11:24 . 2009-12-21 11:24 50000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
2009-12-21 11:23 . 2009-11-27 12:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache
2009-12-20 13:11 . 2009-12-20 13:11 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Canneverbe_Limited
2009-12-20 13:11 . 2009-12-20 13:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Canneverbe Limited
2009-12-20 13:11 . 2009-12-20 13:11 -------- d-----w- c:\programmi\CDBurnerXP
2009-12-18 07:11 . 2009-12-21 11:23 61789728 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\NokiaOviSuite2Installer.exe
2009-12-18 07:11 . 2009-12-18 07:00 61789728 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2009-12-17 16:14 . 2009-01-26 22:07 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-12-16 17:43 . 2009-12-16 17:14 -------- d-----w- c:\programmi\World Racing 2
2009-12-16 17:17 . 2008-09-16 09:19 -------- d-----w- c:\programmi\Codemasters
2009-12-15 22:45 . 2009-11-27 12:25 2432 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-12-15 12:05 . 2009-12-05 12:19 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-12-09 18:15 . 2009-12-09 18:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-12-09 18:08 . 2008-10-13 17:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-12-09 18:05 . 2009-12-09 18:05 36864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{12D6E140-AEDB-4F78-9D4A-643786772120}\Installer\CommonCustomActions\Sleep.exe
2009-12-09 18:05 . 2009-12-09 18:05 3351812 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{12D6E140-AEDB-4F78-9D4A-643786772120}\Installer\CommonCustomActions\msxml6Exec.exe
2009-12-09 18:05 . 2009-12-09 18:05 3203453 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{12D6E140-AEDB-4F78-9D4A-643786772120}\Installer\CommonCustomActions\vcredistExec.exe
2009-12-09 18:05 . 2009-12-09 18:06 24445536 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{12D6E140-AEDB-4F78-9D4A-643786772120}\NokiaSoftwareUpdaterSetup_2.4.1IT.exe
2009-12-05 13:58 . 2009-12-05 13:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-05 13:58 . 2009-12-05 13:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-12-05 13:57 . 2008-10-13 17:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2009-12-05 12:18 . 2009-12-05 12:18 -------- d-----w- c:\programmi\AoA Audio Extractor
2009-12-02 18:48 . 2009-12-02 18:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Codemasters
2009-12-02 18:40 . 2009-12-02 18:40 -------- d-----w- c:\programmi\BRS
2009-12-02 18:40 . 2009-12-02 18:40 -------- d-----w- c:\programmi\Microsoft Games for Windows - LIVE
2009-12-02 18:39 . 2009-12-02 18:39 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-02 18:39 . 2009-12-02 18:39 -------- d-----w- c:\programmi\OpenAL
2009-12-02 18:39 . 2009-12-02 18:39 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-01 19:30 . 2009-12-01 19:30 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-12-01 19:30 . 2009-12-01 19:30 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-12-01 19:30 . 2009-12-01 19:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2009-12-01 19:28 . 2009-06-18 08:42 -------- d-----w- c:\programmi\AVG
2009-12-01 18:44 . 2009-12-01 18:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Norton
2009-12-01 18:41 . 2005-01-01 18:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-12-01 18:41 . 2009-12-01 18:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2009-11-27 12:46 . 2005-01-01 14:29 28944 ----a-w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-27 12:07 . 2009-11-27 12:07 12212040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2009-11-27 12:07 . 2009-11-27 12:07 13930312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2009-11-27 12:07 . 2009-11-27 12:07 77824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2009-11-27 12:07 . 2009-11-27 12:07 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11Runx86.exe
2009-11-27 12:07 . 2009-11-27 12:07 58880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11Runx64.exe
2009-11-27 12:07 . 2009-11-27 12:07 50000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\pcswpc.exe
2009-11-27 12:07 . 2009-11-27 12:07 94628904 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Nokia_Ovi_Suite_11_update.exe
2009-11-26 15:20 . 2009-11-26 15:20 152576 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-26 15:20 . 2009-11-26 15:20 79488 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-18 17:11 . 2009-12-02 18:40 1347584 ----a-w- c:\windows\system32\rapture3d_oal.dll
2009-11-01 12:11 . 2009-12-02 18:40 17686528 ----a-w- c:\windows\system32\mkl_blueripple.dll
.

------- Sigcheck -------

[-] 2004-08-03 20:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-23 68856]
"LogitechSoftwareUpdate"="c:\programmi\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"NokiaOviSuite2"="c:\programmi\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2009-12-10 401728]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer" [X]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"lxbymon.exe"="c:\programmi\Lexmark P910 Series\lxbymon.exe" [2005-01-18 196608]
"EzPrint"="c:\programmi\Lexmark P910 Series\ezprint.exe" [2004-09-17 61440]
"LXBYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll" [2004-11-02 69632]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"WMAAD"="c:\programmi\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-16 110592]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\programmi\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\programmi\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"nwiz"="nwiz.exe" [2009-04-30 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-01-11 246504]
"NokiaMusic FastStart"="c:\programmi\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-23 2033432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.4.lnk - c:\programmi\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-22 08:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgam.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmi\\rFactor\\rFactor.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1579:TCP"= 1579:TCP:jzqjx
"53:TCP"= 53:TCP:websrvx
"4662:TCP"= 4662:TCP:emule_TCP
"4672:TCP"= 4672:TCP:emule_UDP
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [01/01/2005 19.40.40 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [01/01/2005 19.40.40 5248]
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [01/12/2009 20.30.19 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [01/12/2009 20.30.50 161800]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/09/2008 21.08.46 717296]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/12/2009 20.30.44 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/12/2009 20.30.50 360584]
R2 avg9wd;AVG WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [22/12/2009 9.55.25 285392]
R2 avgfws9;AVG Firewall;c:\programmi\AVG\AVG9\avgfws9.exe [22/12/2009 9.55.19 2304192]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [15/05/2009 16.13.01 54752]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [01/12/2009 20.30.12 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\programmi\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [01/12/2009 20.30.19 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\programmi\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [01/12/2009 20.30.19 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\programmi\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [01/12/2009 20.30.19 25736]
S2 AVGIDSAgent;AVG9IDSAgent;c:\programmi\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [22/12/2009 9.55.20 5832712]
S2 gufkk;Universal Manager;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.39.46 14336]
S2 hicqj;Server Time;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.39.46 14336]
S2 mrkbgka;System Server;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.39.46 14336]
S2 ytrxvmh;Support Security;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.39.46 14336]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [01/12/2009 20.30.12 30104]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22.48.42 704864]
S3 ICScsiSV;Image Converter SCSI Service;c:\programmi\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [26/01/2009 23.07.51 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\programmi\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [26/01/2009 23.07.50 67760]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12/01/2010 14.50.01 38224]
S3 ZD1211BU(Atheros);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [01/01/2005 19.36.28 500736]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
mrkbgka
hicqj
ytrxvmh
gufkk
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml ... n=77ce5c28
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm200YYIT
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Trasferisci mediante Image Converter 3 - c:\programmi\SONY\IMAGE CONVERTER 3\menu.htm
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\e600a54r.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - www.google.it
FF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Associazioni dei file -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{FABDB739-D383-47F3-AACF-B8B3EA1158F0} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-NavLogon - (no file)
Notify-nnnmmnlL - nnnmmnlL.dll
AddRemove-Historic GT & Touring cars mod for rFactor - c:\programmi\rFactor\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-28 13:32
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys sfsync02.sys hal.dll >>UNKNOWN [0x867D61F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7664fc3
\Driver\ACPI -> ACPI.sys @ 0xf73a7cb8
\Driver\atapi -> 0x8665dde0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
NDIS: Driver NT scheda Fast Ethernet VIA PCI 10/100Mb -> SendCompleteHandler -> NDIS.sys @ 0xf7216ba0
PacketIndicateHandler -> NDIS.sys @ 0xf7223b21
SendHandler -> NDIS.sys @ 0xf720187b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gufkk]
"ServiceDll"="c:\windows\system32\zjbtpjxu.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hicqj]
"ServiceDll"="c:\windows\system32\zjbtpjxu.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mrkbgka]
"ServiceDll"="c:\windows\system32\zjbtpjxu.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ytrxvmh]
"ServiceDll"="c:\windows\system32\zjbtpjxu.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2128)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSIT.DLL
c:\windows\system32\nvwddi.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\windows\SOUNDMAN.EXE
c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
c:\windows\system32\rundll32.exe
c:\programmi\OpenOffice.org 2.4\program\soffice.exe
c:\programmi\OpenOffice.org 2.4\program\soffice.BIN
c:\programmi\Logitech\Video\FxSvr2.exe
c:\windows\ATKKBService.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\AVG\AVG9\avgnsx.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\lxbycoms.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\File comuni\Nokia\NoA\nokiaaserver.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-28 13:36:08 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-28 12:36

Pre-Run: 3.558.604.800 byte disponibili
Post-Run: 3.527.397.376 byte disponibili

- - End Of File - - C2F87EB70F6ACB7A3E89016D5826BB49
Mediano17
Utente Senior
 
Post: 129
Iscritto il: 05/09/08 23:12

Re: Grosso Problema con MyWebSearch non riesco a Rimuoverlo !!!!

Postdi Mediano17 » 28/01/10 13:49

Da quello che è uscito non ci ho capito molto,spero non abbia intaccato altro nel mio PC.
Mediano17
Utente Senior
 
Post: 129
Iscritto il: 05/09/08 23:12

Re: Grosso Problema con MyWebSearch non riesco a Rimuoverlo !!!!

Postdi shel » 28/01/10 14:03

per maggior sicurezza voglio fare una verifica

Scarica MBR:EXE direttamente nella Directory C:\
http://www2.gmer.net/mbr/mbr.exe

riavvia il pc in provvisoria

Da Start - Esegui - digita C:\mbr.exe e clicca su OK

Posta il log che troverai in C:\ come mbr.log




apri un file di testo (dal blocco note di windows), al suo interno incollaci il seguente script:


file::
c:\windows\system32\zjbtpjxu.dll

registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gufkk]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hicqj]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mrkbgka]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ytrxvmh]


salva il file nella stessa cartella dove hai messo combofix chiamandolo obbligatoriamente CFScript.txt

Fatto ciò, con il puntatore del mouse, trascina il file sull'icona di combofix. Il programma avvierà una nuova scansione, come la precedente. Non fare e non muovere nulla. Al termine di essa, se non si riavvierà automaticamente il computer, fallo tu. Allega il nuovo file c:\combofix.txt prodotto dalla scansione.
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Grosso Problema con MyWebSearch non riesco a Rimuoverlo !!!!

Postdi Mediano17 » 28/01/10 14:27

Scusa questo passo "apri un file di testo (dal blocco note di windows), al suo interno incollaci il seguente script"
Lo faccio sempre in modalità provvisoria???
Mediano17
Utente Senior
 
Post: 129
Iscritto il: 05/09/08 23:12

Re: Grosso Problema con MyWebSearch non riesco a Rimuoverlo !!!!

Postdi Luke57 » 28/01/10 15:25

Ciao, in modalità normale ma lo script corretto da inseirre è questo:

Codice: Seleziona tutto
NetSvcs::
mrkbgka
hicqj
ytrxvmh
gufkk

Driver::
mrkbgka
hicqj
ytrxvmh
gufkk

File::
c:\windows\system32\zjbtpjxu.dll


in questo modo elimini anche le sottochiavi di registro_LEGACY.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: Grosso Problema con MyWebSearch non riesco a Rimuoverlo !!!!

Postdi Mediano17 » 28/01/10 15:27

quindi dopo aver fatto questa parte....
"Scarica MBR:EXE direttamente nella Directory C:\
http://www2.gmer.net/mbr/mbr.exe

riavvia il pc in provvisoria

Da Start - Esegui - digita C:\mbr.exe e clicca su OK

Posta il log che troverai in C:\ come mbr.log"

Poi passo in modalità normale e faccio
"apri un file di testo (dal blocco note di windows), al suo interno incollaci il seguente script:


file::
c:\windows\system32\zjbtpjxu.dll

registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gufkk]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hicqj]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mrkbgka]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ytrxvmh]



salva il file nella stessa cartella dove hai messo combofix chiamandolo obbligatoriamente CFScript.txt

Fatto ciò, con il puntatore del mouse, trascina il file sull'icona di combofix. Il programma avvierà una nuova scansione, come la precedente. Non fare e non muovere nulla. Al termine di essa, se non si riavvierà automaticamente il computer, fallo tu. Allega il nuovo file c:\combofix.txt prodotto dalla scansione."

????? giusto il processo?
Mediano17
Utente Senior
 
Post: 129
Iscritto il: 05/09/08 23:12

Re: Grosso Problema con MyWebSearch non riesco a Rimuoverlo !!!!

Postdi shel » 28/01/10 15:55

esegui il passaggio di luke 57 , elimini comunque l'infezione legata alle chiavi di registro
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Grosso Problema con MyWebSearch non riesco a Rimuoverlo !!!!

Postdi Mediano17 » 28/01/10 17:28

si ma il problema è come eliminare "l'infezione legata alle chiavi di registro"
Mediano17
Utente Senior
 
Post: 129
Iscritto il: 05/09/08 23:12

Re: Grosso Problema con MyWebSearch non riesco a Rimuoverlo !!!!

Postdi shel » 28/01/10 17:54

esegui lo script di Luke 57 dopodiche' Scarica http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Aggiornalo
Esegui una scansione completa
Posta il risultato senza rimuovere niente
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Grosso Problema con MyWebSearch non riesco a Rimuoverlo !!!!

Postdi Mediano17 » 28/01/10 17:57

Ragazzi sarò recitivo ma mi sto confondendo un po il discorso in modalità provisoria lo devo fare???
Mediano17
Utente Senior
 
Post: 129
Iscritto il: 05/09/08 23:12

Re: Grosso Problema con MyWebSearch non riesco a Rimuoverlo !!!!

Postdi shel » 28/01/10 18:10

se fai la scansione da provvisoria sara' piu' efficace

prima di farla, esegui il passaggio di prima che ti ho postato per il controllo dell' MBR
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Grosso Problema con MyWebSearch non riesco a Rimuoverlo !!!!

Postdi Mediano17 » 29/01/10 15:19

Ragazzi adesso vi posto il risultato della scanzione in modalità prov con malwarebyte,e anche il conbofix fatto con il passaggio di luke57
Mediano17
Utente Senior
 
Post: 129
Iscritto il: 05/09/08 23:12

Re: Grosso Problema con MyWebSearch non riesco a Rimuoverlo !!!!

Postdi Mediano17 » 29/01/10 15:34

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\system32\zjbtpjxu.dll"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GUFKK
-------\Legacy_HICQJ
-------\Legacy_MRKBGKA
-------\Legacy_YTRXVMH
-------\Service_gufkk
-------\Service_hicqj
-------\Service_mrkbgka
-------\Service_ytrxvmh


((((((((((((((((((((((((( Files Creati Da 2009-12-28 al 2010-01-29 )))))))))))))))))))))))))))))))))))
.

2010-10-18 15:21 . 2008-10-21 16:10 -------- d-----w- c:\programmi\Radical Games
2010-01-28 13:25 . 2010-01-28 13:25 77312 ----a-w- C:\mbr.exe
2010-01-28 12:13 . 2010-01-28 12:14 3839130 ----a-r- C:\ComboFix.exe
2010-01-27 09:32 . 2010-01-20 10:20 1260800 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgfrw.exe
2010-01-27 09:32 . 2010-01-20 10:20 3777280 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\setup.exe
2010-01-26 14:06 . 2010-01-26 14:06 503808 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-669a8eb3-n\msvcp71.dll
2010-01-26 14:06 . 2010-01-26 14:06 499712 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-669a8eb3-n\jmc.dll
2010-01-26 14:06 . 2010-01-26 14:06 348160 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-669a8eb3-n\msvcr71.dll
2010-01-26 14:05 . 2010-01-26 14:05 61440 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-21211365-n\decora-sse.dll
2010-01-26 14:05 . 2010-01-26 14:05 12800 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-21211365-n\decora-d3d.dll
2010-01-21 14:18 . 2010-01-21 14:18 61440 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-2f7dba8c-n\decora-sse.dll
2010-01-21 14:18 . 2010-01-21 14:18 503808 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-2f7dba8c-n\msvcp71.dll
2010-01-21 14:18 . 2010-01-21 14:18 499712 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-2f7dba8c-n\jmc.dll
2010-01-21 14:18 . 2010-01-21 14:18 348160 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-2f7dba8c-n\msvcr71.dll
2010-01-21 14:18 . 2010-01-21 14:18 12800 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-2f7dba8c-n\decora-d3d.dll
2010-01-21 14:18 . 2010-01-21 14:18 315392 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-79d072e5-n\jogl.dll
2010-01-21 14:18 . 2010-01-21 14:18 20480 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-79d072e5-n\jogl_awt.dll
2010-01-21 14:18 . 2010-01-21 14:18 114688 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-79d072e5-n\jogl_cg.dll
2010-01-21 14:18 . 2010-01-21 14:18 20480 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-6e0d5a6b-n\gluegen-rt.dll
2010-01-20 22:27 . 2010-01-20 22:34 -------- d-----w- C:\GTL
2010-01-12 13:52 . 2010-01-12 13:52 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-12 13:50 . 2010-01-12 13:50 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Malwarebytes
2010-01-12 13:50 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-12 13:49 . 2010-01-12 13:52 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-12 13:49 . 2010-01-12 13:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-01-12 13:49 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 08:04 . 2010-01-07 08:04 -------- d-----w- c:\programmi\FotoSketcher
2010-01-07 07:22 . 2010-01-07 07:22 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\AVG8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-29 14:28 . 2008-09-14 21:59 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\OpenOffice.org2
2010-01-28 16:29 . 2009-02-19 17:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2010-01-28 16:27 . 2009-02-19 14:45 -------- d-----w- c:\programmi\Messenger Plus! Live
2010-01-28 13:24 . 2009-12-05 12:19 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-01-26 16:24 . 2009-12-23 14:13 -------- d-----w- c:\programmi\rFactor
2010-01-22 08:37 . 2001-08-31 11:00 83084 ----a-w- c:\windows\system32\perfc010.dat
2010-01-22 08:37 . 2001-08-31 11:00 488230 ----a-w- c:\windows\system32\perfh010.dat
2010-01-21 14:18 . 2005-01-01 18:23 -------- d-----w- c:\programmi\File comuni\Java
2010-01-21 14:17 . 2005-01-01 18:23 -------- d-----w- c:\programmi\Java
2010-01-12 16:45 . 2008-10-21 18:00 -------- d-----w- c:\programmi\CCleaner
2009-12-31 08:04 . 2009-12-01 23:18 3966744 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcorex.dll
2009-12-28 11:18 . 2009-12-28 11:18 -------- d-----w- c:\programmi\Mio Technology
2009-12-28 11:17 . 2005-01-01 18:27 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-12-23 11:52 . 2009-12-23 11:41 -------- d-----w- c:\programmi\Relay Anticheat Client
2009-12-22 08:55 . 2009-12-01 19:30 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-22 08:55 . 2009-12-01 19:30 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-22 08:55 . 2009-12-01 19:30 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-22 08:55 . 2009-12-01 19:30 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2009-12-22 08:55 . 2009-12-01 19:30 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-22 08:55 . 2009-12-01 19:30 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-21 14:23 . 2009-12-21 14:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Trymedia
2009-12-21 11:32 . 2008-10-13 17:02 -------- d-----w- c:\programmi\Nokia
2009-12-21 11:28 . 2008-10-13 17:02 -------- d-----w- c:\programmi\File comuni\Nokia
2009-12-21 11:26 . 2009-12-21 11:26 -------- d-----w- c:\programmi\PC Connectivity Solution
2009-12-21 11:24 . 2009-12-21 11:24 77824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2009-12-21 11:24 . 2009-12-21 11:24 50000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
2009-12-21 11:23 . 2009-11-27 12:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache
2009-12-20 13:11 . 2009-12-20 13:11 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Canneverbe_Limited
2009-12-20 13:11 . 2009-12-20 13:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Canneverbe Limited
2009-12-20 13:11 . 2009-12-20 13:11 -------- d-----w- c:\programmi\CDBurnerXP
2009-12-18 07:11 . 2009-12-21 11:23 61789728 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\NokiaOviSuite2Installer.exe
2009-12-18 07:11 . 2009-12-18 07:00 61789728 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2009-12-17 16:14 . 2009-01-26 22:07 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-12-16 17:43 . 2009-12-16 17:14 -------- d-----w- c:\programmi\World Racing 2
2009-12-16 17:17 . 2008-09-16 09:19 -------- d-----w- c:\programmi\Codemasters
2009-12-15 22:45 . 2009-11-27 12:25 2432 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-12-09 18:15 . 2009-12-09 18:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-12-09 18:08 . 2008-10-13 17:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-12-09 18:05 . 2009-12-09 18:05 36864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{12D6E140-AEDB-4F78-9D4A-643786772120}\Installer\CommonCustomActions\Sleep.exe
2009-12-09 18:05 . 2009-12-09 18:05 3351812 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{12D6E140-AEDB-4F78-9D4A-643786772120}\Installer\CommonCustomActions\msxml6Exec.exe
2009-12-09 18:05 . 2009-12-09 18:05 3203453 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{12D6E140-AEDB-4F78-9D4A-643786772120}\Installer\CommonCustomActions\vcredistExec.exe
2009-12-09 18:05 . 2009-12-09 18:06 24445536 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{12D6E140-AEDB-4F78-9D4A-643786772120}\NokiaSoftwareUpdaterSetup_2.4.1IT.exe
2009-12-05 13:58 . 2009-12-05 13:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-05 13:58 . 2009-12-05 13:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-12-05 13:57 . 2008-10-13 17:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2009-12-05 12:18 . 2009-12-05 12:18 -------- d-----w- c:\programmi\AoA Audio Extractor
2009-12-02 18:48 . 2009-12-02 18:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Codemasters
2009-12-02 18:40 . 2009-12-02 18:40 -------- d-----w- c:\programmi\BRS
2009-12-02 18:40 . 2009-12-02 18:40 -------- d-----w- c:\programmi\Microsoft Games for Windows - LIVE
2009-12-02 18:39 . 2009-12-02 18:39 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-02 18:39 . 2009-12-02 18:39 -------- d-----w- c:\programmi\OpenAL
2009-12-02 18:39 . 2009-12-02 18:39 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-01 19:30 . 2009-12-01 19:30 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-12-01 19:30 . 2009-12-01 19:30 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-12-01 19:30 . 2009-12-01 19:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2009-12-01 19:28 . 2009-06-18 08:42 -------- d-----w- c:\programmi\AVG
2009-12-01 18:44 . 2009-12-01 18:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Norton
2009-12-01 18:41 . 2005-01-01 18:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-12-01 18:41 . 2009-12-01 18:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2009-11-27 12:46 . 2005-01-01 14:29 28944 ----a-w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-27 12:07 . 2009-11-27 12:07 12212040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2009-11-27 12:07 . 2009-11-27 12:07 13930312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2009-11-27 12:07 . 2009-11-27 12:07 77824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2009-11-27 12:07 . 2009-11-27 12:07 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11Runx86.exe
2009-11-27 12:07 . 2009-11-27 12:07 58880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11Runx64.exe
2009-11-27 12:07 . 2009-11-27 12:07 50000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\pcswpc.exe
2009-11-27 12:07 . 2009-11-27 12:07 94628904 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Nokia_Ovi_Suite_11_update.exe
2009-11-26 15:20 . 2009-11-26 15:20 152576 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-26 15:20 . 2009-11-26 15:20 79488 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-18 17:11 . 2009-12-02 18:40 1347584 ----a-w- c:\windows\system32\rapture3d_oal.dll
2009-11-01 12:11 . 2009-12-02 18:40 17686528 ----a-w- c:\windows\system32\mkl_blueripple.dll
.

------- Sigcheck -------

[-] 2004-08-03 20:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-01-28_12.31.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-29 14:27 . 2010-01-29 14:27 16384 c:\windows\Temp\Perflib_Perfdata_b2c.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-23 68856]
"LogitechSoftwareUpdate"="c:\programmi\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"NokiaOviSuite2"="c:\programmi\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2009-12-10 401728]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer" [X]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"lxbymon.exe"="c:\programmi\Lexmark P910 Series\lxbymon.exe" [2005-01-18 196608]
"EzPrint"="c:\programmi\Lexmark P910 Series\ezprint.exe" [2004-09-17 61440]
"LXBYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll" [2004-11-02 69632]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"WMAAD"="c:\programmi\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-16 110592]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\programmi\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\programmi\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"nwiz"="nwiz.exe" [2009-04-30 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-01-11 246504]
"NokiaMusic FastStart"="c:\programmi\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-23 2033432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.4.lnk - c:\programmi\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-22 08:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgam.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmi\\rFactor\\rFactor.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1579:TCP"= 1579:TCP:jzqjx
"53:TCP"= 53:TCP:websrvx
"4662:TCP"= 4662:TCP:emule_TCP
"4672:TCP"= 4672:TCP:emule_UDP
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [01/01/2005 19.40.40 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [01/01/2005 19.40.40 5248]
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [01/12/2009 20.30.19 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [01/12/2009 20.30.50 161800]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/09/2008 21.08.46 717296]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/12/2009 20.30.44 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/12/2009 20.30.50 360584]
R2 avg9wd;AVG WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [22/12/2009 9.55.25 285392]
R2 avgfws9;AVG Firewall;c:\programmi\AVG\AVG9\avgfws9.exe [22/12/2009 9.55.19 2304192]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [15/05/2009 16.13.01 54752]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [01/12/2009 20.30.12 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\programmi\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [01/12/2009 20.30.19 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\programmi\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [01/12/2009 20.30.19 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\programmi\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [01/12/2009 20.30.19 25736]
S2 AVGIDSAgent;AVG9IDSAgent;c:\programmi\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [22/12/2009 9.55.20 5832712]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [01/12/2009 20.30.12 30104]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22.48.42 704864]
S3 ICScsiSV;Image Converter SCSI Service;c:\programmi\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [26/01/2009 23.07.51 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\programmi\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [26/01/2009 23.07.50 67760]
S3 ZD1211BU(Atheros);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [01/01/2005 19.36.28 500736]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml ... n=77ce5c28
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Search
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Trasferisci mediante Image Converter 3 - c:\programmi\SONY\IMAGE CONVERTER 3\menu.htm
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\e600a54r.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - www.google.it
FF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-29 15:28
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys sfsync02.sys hal.dll >>UNKNOWN [0x867D61F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7664fc3
\Driver\ACPI -> ACPI.sys @ 0xf73a7cb8
\Driver\atapi -> 0x86727f00
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
NDIS: Driver NT scheda Fast Ethernet VIA PCI 10/100Mb -> SendCompleteHandler -> NDIS.sys @ 0xf7216ba0
PacketIndicateHandler -> NDIS.sys @ 0xf7223b21
SendHandler -> NDIS.sys @ 0xf720187b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(752)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSIT.DLL
c:\windows\system32\nvwddi.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
c:\windows\system32\rundll32.exe
c:\programmi\OpenOffice.org 2.4\program\soffice.exe
c:\programmi\OpenOffice.org 2.4\program\soffice.BIN
c:\windows\ATKKBService.exe
c:\programmi\Logitech\Video\FxSvr2.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\AVG\AVG9\avgnsx.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\lxbycoms.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\programmi\File comuni\Nokia\NoA\nokiaaserver.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-29 15:31:58 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-29 14:31
ComboFix2.txt 2010-01-28 12:36

Pre-Run: 3.280.211.968 byte disponibili
Post-Run: 3.246.583.808 byte disponibili

- - End Of File - - 8D029CC6DFF70627DD76E6F346110BF7
Mediano17
Utente Senior
 
Post: 129
Iscritto il: 05/09/08 23:12

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "Grosso Problema con MyWebSearch non riesco a Rimuoverlo !!!!":

Problema Windows 10
Autore: asso1998
Forum: Software Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 7 ospiti