Ciao
Su windows 7 combofix completa la scansione con successo ma non crea il report ,appare la finesta che ho postato ,e rimane anche 30 minuti senza fare niente
Ieri sera ho provato Malwarebytes ,prima di aver letto il tuo messaggio ,ho fatto quasi tutto quello che mi hai spiegato a parte riniminarlo ,questo è il risultato :
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.orgVersione database: 8185
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
18/11/2011 05:21:43
mbam-log-2011-11-18 (05-21-43).txt
Tipo di scansione: Scansione completa (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Elementi esaminati: 729958
Tempo impiegato: 1 ore, 59 minuti, 16 secondi
Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 52
Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)
Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)
Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)
Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)
Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)
Cartelle infette:
(Non sono stati rilevati elementi nocivi)
File infetti:
c:\program files (x86)\jaksta technologies\jaksta streaming media recorder\patch.exe (PUP.Hacktool.Patcher) -> Not selected for removal.
c:\program files (x86)\replay media catcher\replay.media.catcher.v3.02-patch.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows.old\program files (x86)\dealio toolbar\FF\components\dealiotoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\Windows.old\program files (x86)\eMule10.5\eMule\incoming\cpuid.hwmonitor.pro.v1.05.incl.keymaker-core\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
c:\Windows.old\program files (x86)\eMule10.5\eMule\incoming\cpuid.hwmonitor.pro.v1.05.incl.keymaker-core\CR-CP105.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\Windows.old\program files (x86)\eMule10.5\eMule\incoming\watchtv221\hoko.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows.old\program files (x86)\eMule10.5\eMule\incoming\watchtv221\wtv221cnospy crack\hoko.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows.old\program files (x86)\relevantknowledge\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows.old\program files (x86)\replay 4\replay converter v2.0 patch.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Windows.old\program files (x86)\replay converter 2\patch.exe (Trojan.Bancos) -> Quarantined and deleted successfully.
c:\Windows.old\program files (x86)\replay converter 3\patch.exe (Trojan.Bancos) -> Quarantined and deleted successfully.
c:\Windows.old\Users\Utente\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\4TL3JKFP\testbundle23w_1254[1].exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Windows.old\Users\Utente\AppData\Local\Temp\CSMF3D8.tmp (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows.old\Users\Utente\AppData\Local\Temp\somoto_chrome.exe (Adware.BHO) -> Quarantined and deleted successfully.
c:\Windows.old\Users\Utente\AppData\Local\Temp\7zS2D1B.tmp\App\Patch.exe (PUP.Riskware.Tool.CK) -> Not selected for removal.
c:\Windows.old\Users\Utente\AppData\Local\Temp\7zS7DA0.tmp\App\Patch.exe (PUP.Riskware.Tool.CK) -> Not selected for removal.
c:\Windows.old\Users\Utente\AppData\Local\Temp\is-9LQ3K.tmp\dealio.exe (PUP.Dealio.TB) -> Not selected for removal.
c:\Windows.old\Users\Utente\AppData\Roaming\desktopicon\ebayshortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
c:\Windows.old\Users\Utente\documents\prova replay converter\nuova cartella (4)\replay converter v2.0 (flv2video) full\replay converter v2.0 patch.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Windows.old\Users\Utente\documents\speed fan\popularscreensavers n.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\Windows.old\Users\Utente\documents\speed fan\popularscreensavers.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\Windows.old\Users\Utente\downloads\download utorrent\camtasia studio 7 + keygen\camtasia_studio_7_keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Windows.old\Users\Utente\downloads\download utorrent\cyberlink.powercinema.v6.0.3316.multilingual.incl.keymaker-core\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
c:\Windows.old\Users\Utente\downloads\download utorrent\foxit pdf pro pack (creator+reader+editor) -13in1- (+ must have +) [h33t][migel]\foxit reader pro 2.3.2008.2825 - olexijl\patch.exe (Trojan.Bancos) -> Quarantined and deleted successfully.
c:\Windows.old\Users\Utente\downloads\download utorrent\reply.media.catcher.&.converter\replay converter 2.8+crack\patch.exe (Trojan.Bancos) -> Quarantined and deleted successfully.
c:\windows.old.000\Users\Utente\documents\jaksta streaming media recorder v4.3.0 incl. keygen and patch - mesmerize funzionante\patch.exe (PUP.Hacktool.Patcher) -> Not selected for removal.
c:\windows.old.000\Users\Utente\documents\replay media catcher v3.02 + patch\replay.media.catcher.v3.02-patch.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\documents and settings\all users\dati applicazioni\okfawhegytv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
d:\documents and settings\all users\dati applicazioni\x4kzz3ghxvgv1q.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
d:\documents and settings\Utente\dati applicazioni\desktopicon\ebayshortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
d:\documents and settings\Utente\documenti\downloads\Setup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
d:\documents and settings\Utente\documenti\drive windows 7\jaksta streaming media recorder v4.3.0 incl. keygen and patch - mesmerize funzionante\patch.exe (PUP.Hacktool.Patcher) -> Not selected for removal.
d:\documents and settings\Utente\documenti\icone desktop\replay media catcher v3.02 + patch\replay.media.catcher.v3.02-patch.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\documents and settings\Utente\documenti\programmi vari\patch.exe (PUP.Hacktool.Patcher) -> Not selected for removal.
d:\documents and settings\Utente\documenti\recupero windows vista\programmi\simulatori di voce\installer_av_voice_changer_gold_edition_6_0_32_italiano_italian.exe (PUP.SmsPay.pns) -> Not selected for removal.
d:\documents and settings\Utente\documenti\recupero windows vista\programmi\simulatori di voce\installer_goldwave_5_56_italiano_italian.exe (PUP.SmsPay.pns) -> Not selected for removal.
d:\documents and settings\Utente\documenti\Video\Video\Film\vari programmi\dsrecorder.3.2.exe (Rogue.BoanK) -> Quarantined and deleted successfully.
d:\documents and settings\Utente\documenti\Video\Video\Film\vari programmi\jitbit.macro.recorder.4.1.0\post setup files\macrolauncher.exe (Backdoor.Agent.PS) -> Quarantined and deleted successfully.
d:\documents and settings\Utente\documenti\Video\Video\Film\vari programmi\prova portable\bin\streaming media recorder\Stubs\95d9a1b3a9366ca1b04f64fba6b76432905567a\ffmpeg.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\documents and settings\Utente\documenti\Video\Video\Film\vari programmi\vari rephlay flv\da provare\portable_moyea_flv_editor_pro_v3.1.14.0_dgn_cw\portable moyea flv editor pro v3.1.14.0_dgn_cw\portable moyea flv editor pro v3.1.14.0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\documents and settings\Utente\documenti\Video\Video\Video xp\nuova cartella\avi mpeg joiner per unire file vob\pro.per unire i file vob\installer_simple_file_joiner_2_0_italiano_italian.exe (PUP.SmsPay.pns) -> Not selected for removal.
d:\documents and settings\Utente\impostazioni locali\temporary internet files\Content.IE5\2YLFSHK7\about[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
d:\programmi\Azureus\azureus download\jaksta streaming media recorder v4.3.0 incl. keygen and patch - mesmerize\patch.exe (PUP.Hacktool.Patcher) -> Not selected for removal.
d:\programmi\jaksta technologies\jaksta streaming media recorder\patch.exe (PUP.Hacktool.Patcher) -> Not selected for removal.
d:\programmi\jdownloader\downloads\replay.media.catcher..4.2.1.thru.4.3.0-patch.exe (PUP.Hacktool.Patcher) -> Not selected for removal.
d:\programmi\replay media catcher\replay.media.catcher.v3.02-patch.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\programmi\streaming media recorder (vmware thinapp)\user guide.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
e:\prog.da masterizzare 9 gennaio 2010\nuovi programmi clarck tech e vari\installer_rendersoft_camstudio_2_0_italiano_italian.exe (PUP.SmsPay.pns) -> Not selected for removal.
e:\prog.da masterizzare 9 gennaio 2010\prog.mouse automatico\versione con crack scaricati da utorrent i migliori\jitbit macro recorder\post setup files\macrolauncher.exe (Backdoor.Agent.PS) -> Quarantined and deleted successfully.
e:\prog.da masterizzare 9 gennaio 2010\prog.per registrare quello che avviene sul desktop\installer_rendersoft_camstudio_2_0_italiano_italian.exe (PUP.SmsPay.pns) -> Not selected for removal.
e:\prog.da masterizzare 9 gennaio 2010\programmi di vario genere\u98.exe (Adware.UltraReach) -> Quarantined and deleted successfully.
e:\prog.da masterizzare 9 gennaio 2010\ultrasurf per vedere il grande fratello\u98.exe (Adware.UltraReach) -> Quarantined and deleted successfully.
IL Malware a me sembra sparito infatti la falsa finestra non appare più ,però sono rimasti tutti i danni che ha fatto il virus ,su xp il desktop e inutilizzabile ,e ancora è tutto invisibile ,su windows 7 il desktop è apposto ma anche li non riesco a vedere i vecchi file e tutti i programmi che avevo installato
Adesso come facciamo a riparare i danni rimasti ?,penso ci vorrà qualche altro programma specifico ?
Su windows 7 mi appare questo avviso :
Catalyst Control Centre : Host application
File che contribuiscono alla descrizione del problema:
C:\Users\Utente\AppData\Local\Temp\WERDC51.tmp.WERInternalMetadata.xml
C:\Users\Utente\AppData\Local\Temp\WERE81A.tmp.appcompat.txt
C:\Users\Utente\AppData\Local\Temp\WERF356.tmp.mdmp
Leggere l'informativa sulla privacy online:
http://go.microsoft.com/fwlink/?linkid= ... cid=0x0410Se l'informativa sulla privacy online non è disponibile, leggere quella offline:
C:\Windows\system32\it-IT\erofflps.txt
Perdonami l'ultima parte non ho capito quale upload devo fare ? devo caricare Malwarebytes ? Forum link dove si trova ?