madonialuca

Avast Scomparso

Iniziato da madonialuca,

12 messaggi in questa discussione

Inviato (modificato)

ciao ragazzi.....

e da un bel po che non mi succedeva,

proprio questa sera ho beccato un file,vista la mia curiosita' l'ho aperto,e per magia si e aperta una finestra strana

ntsb investigators ......

morale della favola avast mi e' scomparso,mi volevo portare avanti con il lavoro e ho provato a scaricare hijack....ma mi dice che non e un'aplicazione win32 valida

vi posto il report di alibegla che all'inizio pareva non funzionare ma poi per magia e' partito...

grazie in anticipo

Fri Nov 14 22:15:40 2008

EliBagle v11.96 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 14 de Noviembre del 2008)

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\DOCUMENTS AND SETTINGS\PROPRIETARIO\DATI APPLICAZIONI\M\FLEC006.EXE --> Bagle Acceso Denegado.

Restaurada Clave: "SafeBoot\Minimal y Network"

Reinicie para Completar la Limpieza.

Fri Nov 14 22:15:42 2008

EliBagle v11.96 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 14 de Noviembre del 2008)

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

Fri Nov 14 22:25:14 2008

EliBagle v11.96 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 14 de Noviembre del 2008)

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\DOCUMENTS AND SETTINGS\PROPRIETARIO\DATI APPLICAZIONI\M\FLEC006.EXE --> Bagle Acceso Denegado.

Restaurada Clave: "SafeBoot\Minimal y Network"

Reinicie para Completar la Limpieza.

Fri Nov 14 22:25:17 2008

EliBagle v11.96 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 14 de Noviembre del 2008)

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

Nº Total de Directorios: 5378

Nº Total de Ficheros: 58010

Nº de Ficheros Analizados: 10457

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

Fri Nov 14 22:43:34 2008

EliBagle v11.96 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 14 de Noviembre del 2008)

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\DOCUMENTS AND SETTINGS\PROPRIETARIO\DATI APPLICAZIONI\M\FLEC006.EXE --> Bagle Acceso Denegado.

C:\DOCUMENTS AND SETTINGS\PROPRIETARIO\DATI APPLICAZIONI\M\LIST.OCT --> Eliminado Bagle

Restaurada Clave: "SafeBoot\Minimal y Network"

Reinicie para Completar la Limpieza.

Fri Nov 14 22:43:37 2008

EliBagle v11.96 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 14 de Noviembre del 2008)

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

Nº Total de Directorios: 5383

Nº Total de Ficheros: 58181

Nº de Ficheros Analizados: 10493

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

Modificato da madonialuca

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao madonialuca

scarica Combofix sul desktop (guida)

devi rinominare il file prima di salvarlo sul desktop in abc.exe

(per rinominare il file, quando lo scarichi ti chiede dove salvarlo e ti compare la casella "nome file", cambia il nome che ti appare in abc.exe e salvalo obbligatoriamente sul desktop)

start > esegui, nel box bianco copia e incolla questo comando, virgolette comprese:

"%userprofile%\desktop\abc.exe" /killall

Premi OK

(se usi vista start > tutti i programmi accessori > esegui

se tutto va bene parte il programma che potrebbe impiegare molto

attendi pazientemente il termine delle operazioni e posta il report C:\ComboFix.txt.

:P:)

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

grazie mille.......

ecco il report.......

ComboFix 08-11-13.01 - Proprietario 2008-11-15 11:33:01.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1728 [GMT 1:00]

Interruttori di comando utilizzati :: /killall

* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Proprietario\Dati applicazioni\m

c:\documents and settings\Proprietario\Dati applicazioni\m\data.oct

c:\documents and settings\Proprietario\Dati applicazioni\m\flec006.exe

c:\documents and settings\Proprietario\Dati applicazioni\m\list.oct

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\3D Hearts and Flowers 1.0.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Active Email Monitor 2.FF.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\ActiveX_Easy_Compression_Library_1.00.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Age_of_Empires_III_The_WarChiefs_demo.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Alcyone Ephemeris 2.5.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Anagrams 2.4.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\AT&T_WorldNet_6.2.2.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Auction_Data_Retriever_1.5.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\AV_EAGLE_2.702_Key.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\AVG.Email.Server.Edition-keygen.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Avg.Rescue.Cd.7.5.czip.Archive.20061129.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Axara_AudioConverter_2.4.1_Patch.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Az_Duplicates_2006_2.3.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\B4Failure_4.50.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\BioSeqAnalyzer_1.0.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Border_Patrol_1.0.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\CD Art Display 1.0 Preview 3 Build 1.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Chinese_Checkers_Game_1.0.0.0.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\ClamWin Portable v0.88.5.updt Jan08-2007.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Command_&_Conquer_Generals_-_Lord_of_the_Three_Towers_map.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Company Directory 2.0.1.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\CompanyGate 2006.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\CrossLoop_1.11_Build_20070720164151.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Crysnet_Bandwidth_Manager_1.0.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\CSS menu beta 8.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\CyberLink_PowerDirector_Premium_5.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\CypherZIP_1.0.0_[Cracked].zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Easy CD-DA Extractor 11.5.2 Build 3.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Eclayer 1.0.1.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Egyptian_Portraits_by_Winifred_Brunton_1.0_[With_Crack].zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Email_Redemption_for_Outlook_1.61_KeyGen.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\EngCalc_(Heat_and_Mass_Transfer)_1.1.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\FaceCode_2.0_[serial].zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\form.suite4.net 1.5.0.2910 [serial].zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Formulator_2.0.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\FusionDesk Professional Edition 1.1.47.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\GatherInfo_Suite_2006_1.0.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\GCMNotes 1.3.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\GedFiliations_1.1.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\GeoDataSource_World_Cities_Database_(Gold_Edition)_July_2006.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Ham Club Organizer 1.5.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Handy_Folders_3.0.2.808_(Key+Serial).zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\HandyFind_2.0.4.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Hard Disk Sentinel 2.10.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\HourWorld_Lite_3.1.5.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\HTML-Protector 1.0 Key+Serial.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Html2JavaScript_1.2.5.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\HttpDetect (EffeTech HTTP Sniffer) 4.1.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Inspic 1.5.1.1.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\InvoLOGIC SE 1.1.4.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\IQEdit_4.7.24.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Java_Launcher_3.201.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Jit-dpr_8.5.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Jpeg2000 SDK 1.0 beta.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Kwik_Grader_5.9_(Cracked).zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\LaFemme_Plus_1.02.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Lenogo_iPod_to_PC_Transfer_4.0_(Cracked).zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Light Video Player 1.0.6.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\LingvoSoft Learning PhraseBook 2007 Turkish - Greek 2.2.75.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Lock_and_Hide_Folder_1.2.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Love Calculator Vista Gadget 1.0.0.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Macromedia_contribute_Desktop_3.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\MatrixShow_ActiveX_2.0_Key+Serial.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\mediate 1.5.0.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Microsoft 10-184 Practice Test Exam Questions.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Mountain Lake Animated ScreenSaver 5.07.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Movie_Camera_Jigsaw_Puzzle_108pc.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\MS_Powerpoint_Export_To_Multiple_HTML_Files_Software_7.0.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\MSDict_Concise_Oxford_Spanish_Dictionary_(Symbian_Series_80)_2.40.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\myFavorites_2.1.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\MySQL Remove (Delete, Replace) Text, Spaces & Characters From Fields Software 7.0.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Naruto_Video_Suite_Pro_3.1.1.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\NeoN Reminder 1.3.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Net Send Lite 2.00.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\NetScope_1.10.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\NetworkActiv Web Server 3.5.16.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\O&O MediaRecovery 4.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Odbc 4 All 2.1.1 (Key).zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\OEM Logo Stamper 2.07.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\OidView_Professional_2.8_[KeyGen].zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\OpenGL_Fireworks_1.0.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Oracle Monitoring Agent for SysPerf Framework 1.1.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Oxygen_Mobile_ActiveX_Control_3.0_(Serial).zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Password Guru 1.01.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Password_Assistant_2.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\PasswordCreator 1.9.0.0.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\PosiTweak 1.0.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\PrivacyWatcher_1.20_Crack.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Programming Editor 1.0.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\PSI-Plot_8.11a_[Patch].zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\QNote_1.0.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\QuakeMap 3.6.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Random Name 1.00.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\RolloverFX_2.1_Cracked.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\RSI_KeySwap_1.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\S.C.A.R.S._updated_demo.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Sea Floor Ship Animated Screensaver 3.11.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\SeaSolution 1.0.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\SecurityVault 1.31.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Sencesa_Free_Flash_Player_1.5.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Simple_Dictionary_Application_1.04.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Smart_PC_4.1_(Patch).zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Soundbase 2007.08.01.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\SpyStopper Pro 5.00.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\SViGio 1.298.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\SWF Lister Lite 1.5.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Takeda_demo.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\The Cooxie Toolbar 1.2.03.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\The Noteable Music Flashcards 5.05.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\The.Hacker.Antivirus.6.1.2007.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Time_Lapse_Recorder_1.1.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\TransLite_Russian-English_Dictionary_8.1.27.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Tree_MDI_3.65.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Ultra Video To Flash Converter 2.0.2007.318 (Crack).zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\uniKode for Tamil 1.00.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\V_-_The_File_Viewer_8.0_[Crack].zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Viper 1.3.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\VoMail 1.02.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\VSCalculator 1.0.2.2.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\WatchHDTV_1.92.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\WebLater_1.3_[serial].zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\WIA-Loader_1.3.3.0.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Windows_Eraser_1.1.2.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\X2Net_Contacts_1.0.0.5.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Xilisoft_YouTube_to_iPod_Converter_1.0.38.0723_[With_Crack].zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\XMPlay 3.4.2.1.zip

c:\documents and settings\Proprietario\Dati applicazioni\m\shared\zCam_Lite_1.3_(KeyGen).zip

c:\documents and settings\Proprietario\Dati applicazioni\m\srvlist.oct

C:\InfoSat.txt

c:\programmi\Windows Live\Messenger\MsnMsgr.exe

c:\windows\system32\ban_list.txt

c:\windows\system32\drivers\downld

c:\windows\system32\drivers\downld\111296.exe

c:\windows\system32\drivers\downld\121343.exe

c:\windows\system32\drivers\downld\122343.exe

c:\windows\system32\drivers\downld\127546.exe

c:\windows\system32\drivers\downld\134093.exe

c:\windows\system32\drivers\downld\134546.exe

c:\windows\system32\drivers\downld\135109.exe

c:\windows\system32\drivers\downld\139296.exe

c:\windows\system32\drivers\downld\140796.exe

c:\windows\system32\drivers\downld\143500.exe

c:\windows\system32\drivers\downld\145906.exe

c:\windows\system32\drivers\downld\150640.exe

c:\windows\system32\drivers\downld\151546.exe

c:\windows\system32\drivers\downld\153000.exe

c:\windows\system32\drivers\downld\156015.exe

c:\windows\system32\drivers\downld\160500.exe

c:\windows\system32\drivers\downld\162859.exe

c:\windows\system32\drivers\downld\165078.exe

c:\windows\system32\drivers\downld\165312.exe

c:\windows\system32\drivers\downld\168625.exe

c:\windows\system32\drivers\downld\170718.exe

c:\windows\system32\drivers\downld\171531.exe

c:\windows\system32\drivers\downld\173500.exe

c:\windows\system32\drivers\downld\175640.exe

c:\windows\system32\drivers\downld\175953.exe

c:\windows\system32\drivers\downld\185515.exe

c:\windows\system32\drivers\downld\186062.exe

c:\windows\system32\drivers\downld\1867875.exe

c:\windows\system32\drivers\downld\187031.exe

c:\windows\system32\drivers\downld\188156.exe

c:\windows\system32\drivers\downld\1894609.exe

c:\windows\system32\drivers\downld\1898593.exe

c:\windows\system32\drivers\downld\191359.exe

c:\windows\system32\drivers\downld\1939437.exe

c:\windows\system32\drivers\downld\1942718.exe

c:\windows\system32\drivers\downld\1945125.exe

c:\windows\system32\drivers\downld\1947515.exe

c:\windows\system32\drivers\downld\1957390.exe

c:\windows\system32\drivers\downld\196750.exe

c:\windows\system32\drivers\downld\197921.exe

c:\windows\system32\drivers\downld\1992515.exe

c:\windows\system32\drivers\downld\2016093.exe

c:\windows\system32\drivers\downld\2016968.exe

c:\windows\system32\drivers\downld\2058609.exe

c:\windows\system32\drivers\downld\2072640.exe

c:\windows\system32\drivers\downld\2080437.exe

c:\windows\system32\drivers\downld\212093.exe

c:\windows\system32\drivers\downld\212593.exe

c:\windows\system32\drivers\downld\221421.exe

c:\windows\system32\drivers\downld\223421.exe

c:\windows\system32\drivers\downld\226546.exe

c:\windows\system32\drivers\downld\230890.exe

c:\windows\system32\drivers\downld\231734.exe

c:\windows\system32\drivers\downld\233015.exe

c:\windows\system32\drivers\downld\234578.exe

c:\windows\system32\drivers\downld\235171.exe

c:\windows\system32\drivers\downld\238484.exe

c:\windows\system32\drivers\downld\240312.exe

c:\windows\system32\drivers\downld\246515.exe

c:\windows\system32\drivers\downld\246953.exe

c:\windows\system32\drivers\downld\250281.exe

c:\windows\system32\drivers\downld\252390.exe

c:\windows\system32\drivers\downld\255156.exe

c:\windows\system32\drivers\downld\255578.exe

c:\windows\system32\drivers\downld\263656.exe

c:\windows\system32\drivers\downld\263671.exe

c:\windows\system32\drivers\downld\266734.exe

c:\windows\system32\drivers\downld\268718.exe

c:\windows\system32\drivers\downld\270843.exe

c:\windows\system32\drivers\downld\271421.exe

c:\windows\system32\drivers\downld\276031.exe

c:\windows\system32\drivers\downld\282281.exe

c:\windows\system32\drivers\downld\290546.exe

c:\windows\system32\drivers\downld\292500.exe

c:\windows\system32\drivers\downld\294984.exe

c:\windows\system32\drivers\downld\300078.exe

c:\windows\system32\drivers\downld\304265.exe

c:\windows\system32\drivers\downld\309562.exe

c:\windows\system32\drivers\downld\311406.exe

c:\windows\system32\drivers\downld\314437.exe

c:\windows\system32\drivers\downld\315046.exe

c:\windows\system32\drivers\downld\332890.exe

c:\windows\system32\drivers\downld\333328.exe

c:\windows\system32\drivers\downld\351312.exe

c:\windows\system32\drivers\downld\360953.exe

c:\windows\system32\drivers\downld\368578.exe

c:\windows\system32\drivers\downld\372578.exe

c:\windows\system32\drivers\downld\381359.exe

c:\windows\system32\drivers\downld\388437.exe

c:\windows\system32\drivers\downld\407656.exe

c:\windows\system32\drivers\downld\417468.exe

c:\windows\system32\drivers\downld\418484.exe

c:\windows\system32\drivers\downld\452984.exe

c:\windows\system32\drivers\downld\467750.exe

c:\windows\system32\drivers\downld\471906.exe

c:\windows\system32\drivers\downld\474187.exe

c:\windows\system32\drivers\downld\476562.exe

c:\windows\system32\drivers\downld\481921.exe

c:\windows\system32\drivers\downld\516750.exe

c:\windows\system32\drivers\downld\540500.exe

c:\windows\system32\drivers\downld\540953.exe

c:\windows\system32\drivers\srosa.sys

c:\windows\system32\drivers\winfilse.exe

c:\windows\system32\lsprst7.dll

c:\windows\system32\mdelk.exe

c:\windows\system32\ssprs.dll

c:\windows\system32\wintems.exe

D:\Autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_SROSA

-------\Legacy_SROSA

((((((((((((((((((((((((( Files Creati Da 2008-10-15 al 2008-11-15 )))))))))))))))))))))))))))))))))))

.

2008-11-15 11:22 . 2008-11-15 11:22 <DIR> d-------- c:\programmi\Spybot - Search & Destroy

2008-11-14 23:39 . 2008-11-14 23:39 135,168 --a------ C:\zip.exe

2008-11-14 23:39 . 2008-11-14 23:39 61,440 --a------ c:\windows\system32\drivers\hctiwfl.sys

2008-11-14 23:33 . 2008-11-15 11:24 7,168 --a------ c:\windows\system32\drivers\srosa2.sys

2008-11-14 22:40 . 2008-11-15 11:22 <DIR> d-------- C:\SDFix

2008-11-14 21:39 . 2008-11-14 21:39 <DIR> d-------- c:\programmi\Trend Micro

2008-11-14 21:31 . 2008-11-15 11:35 0 --a------ c:\windows\system.ini

2008-11-12 19:44 . 2008-11-12 19:44 <DIR> d-------- c:\programmi\File comuni\Adobe Systems Shared

2008-11-12 19:44 . 2008-11-12 19:44 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Adobe Systems

2008-11-12 19:03 . 2008-11-12 19:03 1,393 --a------ c:\windows\imsins.BAK

2008-11-12 19:01 . 2008-11-12 19:01 0 --a------ c:\windows\ativpsrm.bin

2008-11-12 19:00 . 2008-11-12 19:00 <DIR> d-------- c:\programmi\Alcatel

2008-11-12 07:22 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2008-11-12 07:22 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-10 23:18 . 2008-11-10 23:18 <DIR> d-------- C:\ATI

2008-11-10 16:55 . 2008-11-10 16:58 <DIR> d-------- c:\documents and settings\Proprietario\Dati applicazioni\PC Suite

2008-11-10 16:55 . 2008-11-10 16:57 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\PC Suite

2008-11-10 16:52 . 2008-11-10 16:52 <DIR> d-------- c:\programmi\PC Connectivity Solution

2008-11-10 16:52 . 2008-11-10 16:52 <DIR> d-------- c:\programmi\File comuni\PCSuite

2008-11-10 16:52 . 2008-11-10 16:52 <DIR> d-------- c:\programmi\File comuni\Nokia

2008-11-10 16:52 . 2008-11-10 16:52 <DIR> d-------- c:\programmi\DIFX

2008-11-10 16:52 . 2008-05-07 07:39 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll

2008-11-10 16:52 . 2008-05-07 07:38 659,968 --a------ c:\windows\system32\nmwcdcocls.dll

2008-11-10 16:52 . 2007-09-17 15:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys

2008-11-10 16:52 . 2008-05-07 07:38 20,864 --a------ c:\windows\system32\drivers\ccdcmbo.sys

2008-11-10 16:52 . 2008-05-07 07:38 17,536 --a------ c:\windows\system32\drivers\ccdcmb.sys

2008-11-10 16:52 . 2008-06-06 09:24 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys

2008-11-10 16:51 . 2008-11-10 16:52 <DIR> d-------- c:\programmi\Nokia

2008-11-10 16:51 . 2008-05-07 07:38 90,624 --a------ c:\windows\system32\nmwcdcls.dll

2008-11-10 16:51 . 2008-11-10 16:51 19 --a------ c:\windows\SoundConverter.INI

2008-11-10 16:50 . 2008-11-10 16:50 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Installations

2008-11-10 12:52 . 2008-11-10 19:54 <DIR> d-------- c:\documents and settings\Proprietario\Dati applicazioni\Nokia

2008-11-10 12:33 . 2008-04-13 19:45 26,112 --a------ c:\windows\system32\drivers\usbser.sys

2008-11-10 12:33 . 2008-04-13 19:45 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys

2008-11-10 12:31 . 2008-11-10 12:31 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-11-10 12:31 . 2008-11-10 12:31 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2008-11-10 12:23 . 2008-11-10 12:23 <DIR> d-------- c:\documents and settings\Proprietario\Phone Browser

2008-11-08 11:00 . 2008-11-08 11:00 17,144 --a------ c:\documents and settings\Proprietario\Dati applicazioni\GDIPFONTCACHEV1.DAT

2008-11-05 18:50 . 2008-11-05 18:52 <DIR> d-------- C:\Nuova cartella

2008-11-02 09:24 . 2008-11-02 09:24 <DIR> d-------- C:\Brolo 2008 da stampare

2008-11-02 09:22 . 2008-10-29 10:25 4,791,544 --a------ C:\Eva Cassidy - Fields of Gold.Mp3

2008-11-02 09:21 . 2008-10-29 09:20 6,660,096 --a------ C:\Take That - Rule The World.mp3

2008-11-02 09:21 . 2008-09-22 12:31 4,003,840 --a------ C:\Alicia Keys - No One(2).mp3

2008-11-01 20:50 . 2008-11-01 20:52 <DIR> d-------- C:\favignana2008

2008-11-01 20:45 . 2008-11-01 20:45 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage

2008-11-01 11:54 . 2008-11-01 11:54 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Minnetonka Audio Software

2008-11-01 11:54 . 2008-11-01 11:54 1,025 --a------ c:\windows\system32\sysprs7.tgz

2008-11-01 11:54 . 2008-11-01 11:54 1,025 --a------ c:\windows\system32\sysprs7.dll

2008-11-01 11:54 . 2008-11-01 11:54 1,025 --a------ c:\windows\system32\clauth2.dll

2008-11-01 11:54 . 2008-11-01 11:54 1,025 --a------ c:\windows\system32\clauth1.dll

2008-11-01 11:54 . 2008-11-01 11:54 219 --a------ c:\windows\system32\lsprst7.tgz

2008-11-01 11:54 . 2008-11-01 11:54 87 --a------ c:\windows\system32\ssprs.tgz

2008-10-30 19:44 . 2008-11-12 19:46 <DIR> d-------- c:\programmi\File comuni\Adobe

2008-10-29 23:50 . 2008-10-29 23:50 <DIR> d-------- c:\programmi\Xvid

2008-10-29 23:50 . 2008-04-27 10:33 765,952 --a------ c:\windows\system32\xvidcore.dll

2008-10-29 23:50 . 2008-04-27 10:35 180,224 --a------ c:\windows\system32\xvidvfw.dll

2008-10-29 23:50 . 2007-06-28 18:55 77,824 --a------ c:\windows\system32\xvid.ax

2008-10-29 23:18 . 2008-10-29 23:20 <DIR> d-------- c:\documents and settings\Proprietario\Dati applicazioni\DivX

2008-10-29 23:17 . 2008-10-29 23:20 <DIR> d-------- c:\programmi\DivX

2008-10-29 20:24 . 2008-10-29 20:24 <DIR> d-------- c:\programmi\Windows Media Connect 2

2008-10-29 20:23 . 2008-10-29 20:23 <DIR> d-------- c:\windows\system32\LogFiles

2008-10-29 20:23 . 2008-11-10 16:58 <DIR> d-------- c:\windows\system32\drivers\UMDF

2008-10-29 20:16 . 2008-10-29 20:16 <DIR> d-------- c:\windows\system32\windows media

2008-10-29 20:16 . 2008-10-29 20:16 <DIR> d--h----- c:\windows\msdownld.tmp

2008-10-29 20:16 . 2008-10-29 20:16 <DIR> d-------- c:\programmi\Windows Media Components

2008-10-29 19:59 . 2008-11-15 00:18 116 --a------ c:\windows\NeroDigital.ini

2008-10-29 19:26 . 2008-10-29 19:26 <DIR> d-------- c:\documents and settings\Proprietario\Dati applicazioni\Ahead

2008-10-29 18:04 . 2008-10-29 18:04 <DIR> d-------- c:\windows\system32\it

2008-10-29 18:04 . 2008-10-29 18:04 <DIR> d-------- c:\windows\system32\bits

2008-10-29 18:04 . 2008-10-29 18:05 <DIR> d-------- c:\windows\ServicePackFiles

2008-10-29 18:04 . 2008-10-29 18:04 <DIR> d-------- c:\windows\l2schemas

2008-10-29 18:00 . 2008-10-29 18:00 <DIR> d-------- c:\windows\EHome

2008-10-29 17:00 . 2008-10-29 23:59 <DIR> d-------- c:\windows\system32\it-it

2008-10-29 16:55 . 2008-10-29 16:55 <DIR> d-------- c:\programmi\MSXML 4.0

2008-10-29 16:34 . 2007-07-30 19:19 271,224 --a------ c:\windows\system32\mucltui.dll

2008-10-29 16:34 . 2007-07-30 19:19 207,736 --a------ c:\windows\system32\muweb.dll

2008-10-29 16:34 . 2007-07-30 19:18 30,072 --a------ c:\windows\system32\mucltui.dll.mui

2008-10-29 12:58 . 2008-10-29 17:26 161,290 --a------ c:\windows\system32\PremierePro2_0Content.dat

2008-10-29 12:58 . 2008-10-29 12:58 82,432 --a------ c:\windows\system32\msxml4r.dll

2008-10-29 12:58 . 2008-09-16 01:14 43,528 --------- c:\windows\system32\drivers\pxhelp20.sys

2008-10-29 12:58 . 2008-10-29 17:26 146 --a------ c:\windows\system32\{57922B53-02D4-4DFC-AC24-A3519DC1F49A}-FunctionContent.dat

2008-10-29 12:25 . 2008-10-29 12:25 <DIR> d-------- c:\programmi\File comuni\Ahead

2008-10-29 12:25 . 2008-10-29 12:25 <DIR> d-------- c:\programmi\Ahead

2008-10-29 12:25 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll

2008-10-29 12:25 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll

2008-10-29 12:25 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll

2008-10-29 12:25 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll

2008-10-29 12:25 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe

2008-10-29 12:25 . 2004-03-02 17:37 125,184 --------- c:\windows\system32\drivers\imagesrv.sys

2008-10-29 12:25 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll

2008-10-29 12:25 . 2004-03-02 17:37 5,504 --------- c:\windows\system32\drivers\imagedrv.sys

2008-10-29 12:17 . 2008-10-29 12:17 <DIR> d-------- c:\windows\ShellNew

2008-10-29 10:09 . 2008-10-29 10:09 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!

2008-10-29 06:49 . 2008-10-29 06:49 <DIR> d-------- c:\programmi\Messenger Plus! Live

2008-10-29 06:43 . 2008-10-29 06:49 <DIR> d-------- c:\documents and settings\Proprietario\Contacts

2008-10-29 06:39 . 2008-10-29 06:43 <DIR> d-------- c:\programmi\Windows Live

2008-10-29 06:39 . 2008-10-29 06:42 <DIR> d--hsc--- c:\programmi\File comuni\WindowsLiveInstaller

2008-10-29 06:39 . 2008-10-29 06:39 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\WLInstaller

2008-10-29 06:30 . 2008-10-29 06:30 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\IM

2008-10-29 06:29 . 2008-10-29 06:29 <DIR> d-------- c:\programmi\IncrediMail

2008-10-29 06:29 . 2008-10-29 06:29 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\IncrediMail

2008-10-28 22:40 . 2008-10-28 22:40 <DIR> d-------- c:\documents and settings\Proprietario\Dati applicazioni\TMP

2008-10-28 22:21 . 2008-10-28 22:21 <DIR> d--hs---- c:\documents and settings\Proprietario\UserData

2008-10-28 22:04 . 2008-10-28 22:04 <DIR> d-------- c:\documents and settings\Proprietario\Dati applicazioni\ATI

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-15 09:07 --------- d-----w c:\programmi\eMule

2008-11-12 18:00 --------- d--h--w c:\programmi\InstallShield Installation Information

2008-11-10 11:18 --------- d-----w c:\programmi\File comuni\InstallShield

2008-10-28 21:44 --------- d-----w c:\programmi\ASUS

2008-10-28 21:40 --------- d-----w c:\programmi\Marvell

2008-10-28 21:29 --------- d-----w c:\programmi\Intel

2008-10-28 21:27 --------- d-----w c:\programmi\Analog Devices

2008-10-28 21:04 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\ATI

2008-10-28 20:54 --------- d-----w c:\programmi\ATI Technologies

2008-10-28 20:54 --------- d-----w c:\programmi\Alwil Software

2008-10-28 20:52 --------- d-----w c:\programmi\File comuni\ATI Technologies

2008-10-28 19:44 --------- d-----w c:\programmi\microsoft frontpage

2008-10-28 19:43 --------- d-----w c:\programmi\Servizi in linea

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Diagnostica SpeedTouch USB"="c:\programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-15 81000]

"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2008-03-16 1040384]

"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-05-14 5958656]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SpeedTouch USB Diagnostics"="c:\programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\

Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\

Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programmi\\eMule\\emule.exe"=

"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=

"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=

R0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2008-05-19 150568]

R1 sK9Ou0s;sK9Ou0s;c:\windows\system32\drivers\srosa2.sys [2008-11-15 7168]

R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-07-02 89600]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

\Shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea2fa71b-a568-11dd-9be5-806d6172696f}]

\Shell\AutoRun\command - e:\.\Bin\Assetup.exe

.

- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-MsnMsgr - c:\programmi\Windows Live\Messenger\MsnMsgr.Exe

.

------- Supplementare di scansione -------

.

FireFox -: Profile - c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\iffcsjhs.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.it

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-15 11:35:26

Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo

Files nascosti: 0

**************************************************************************

.

------------------------ Altri processi in esecuzione ------------------------

.

c:\programmi\Bonjour\mDNSResponder.exe

c:\windows\system32\wscntfy.exe

c:\programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\programmi\PC Connectivity Solution\ServiceLayer.exe

c:\programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe

c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe

.

**************************************************************************

.

Ora fine scansione: 2008-11-15 11:37:42 - macchina è stato riavviato

ComboFix-quarantined-files.txt 2008-11-15 10:37:40

Pre-Run: 486,441,455,616 byte disponibili

Post-Run: 486,465,400,832 byte disponibili

458 --- E O F --- 2008-11-12 18:04:30

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

salva il documento che ti allego CFScript.txt

- col mouse trascina il file CFScript.txt sull'icona rossa di combofix

cfscript08oy6.gif

riavvia il computer

finito verra creato un nuovo log combofix.txt, postalo

:P:)

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

MUSA..!! :)

avro fatto bene ???

ecco il risultato e ancora grazie... :P

ComboFix 08-11-13.01 - Proprietario 2008-11-15 16:08:28.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1551 [GMT 1:00]

Eseguito da: c:\documents and settings\Proprietario\Desktop\abc.exe

Interruttori di comando utilizzati :: c:\documents and settings\Proprietario\Desktop\CFScript.txt

* Creato nuovo punto di ripristino

FILE ::

c:\windows\imsins.BAK

c:\windows\system32\drivers\hctiwfl.sys

c:\windows\system32\drivers\srosa2.sys

C:\zip.exe

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\imsins.BAK

c:\windows\system32\drivers\hctiwfl.sys

c:\windows\system32\drivers\srosa2.sys

C:\zip.exe

.

((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_SK9OU0S

-------\Service_sK9Ou0s

((((((((((((((((((((((((( Files Creati Da 2008-10-15 al 2008-11-15 )))))))))))))))))))))))))))))))))))

.

2008-11-15 11:22 . 2008-11-15 11:22 <DIR> d-------- c:\programmi\Spybot - Search & Destroy

2008-11-14 22:40 . 2008-11-15 11:22 <DIR> d-------- C:\SDFix

2008-11-14 21:39 . 2008-11-14 21:39 <DIR> d-------- c:\programmi\Trend Micro

2008-11-14 21:31 . 2008-11-15 16:10 0 --a------ c:\windows\system.ini

2008-11-12 19:44 . 2008-11-12 19:44 <DIR> d-------- c:\programmi\File comuni\Adobe Systems Shared

2008-11-12 19:44 . 2008-11-12 19:44 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Adobe Systems

2008-11-12 19:01 . 2008-11-12 19:01 0 --a------ c:\windows\ativpsrm.bin

2008-11-12 19:00 . 2008-11-12 19:00 <DIR> d-------- c:\programmi\Alcatel

2008-11-12 07:22 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2008-11-12 07:22 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-10 23:18 . 2008-11-10 23:18 <DIR> d-------- C:\ATI

2008-11-10 16:55 . 2008-11-10 16:58 <DIR> d-------- c:\documents and settings\Proprietario\Dati applicazioni\PC Suite

2008-11-10 16:55 . 2008-11-10 16:57 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\PC Suite

2008-11-10 16:52 . 2008-11-10 16:52 <DIR> d-------- c:\programmi\PC Connectivity Solution

2008-11-10 16:52 . 2008-11-10 16:52 <DIR> d-------- c:\programmi\File comuni\PCSuite

2008-11-10 16:52 . 2008-11-10 16:52 <DIR> d-------- c:\programmi\File comuni\Nokia

2008-11-10 16:52 . 2008-11-10 16:52 <DIR> d-------- c:\programmi\DIFX

2008-11-10 16:52 . 2008-05-07 07:39 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll

2008-11-10 16:52 . 2008-05-07 07:38 659,968 --a------ c:\windows\system32\nmwcdcocls.dll

2008-11-10 16:52 . 2007-09-17 15:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys

2008-11-10 16:52 . 2008-05-07 07:38 20,864 --a------ c:\windows\system32\drivers\ccdcmbo.sys

2008-11-10 16:52 . 2008-05-07 07:38 17,536 --a------ c:\windows\system32\drivers\ccdcmb.sys

2008-11-10 16:52 . 2008-06-06 09:24 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys

2008-11-10 16:51 . 2008-11-10 16:52 <DIR> d-------- c:\programmi\Nokia

2008-11-10 16:51 . 2008-05-07 07:38 90,624 --a------ c:\windows\system32\nmwcdcls.dll

2008-11-10 16:51 . 2008-11-10 16:51 19 --a------ c:\windows\SoundConverter.INI

2008-11-10 16:50 . 2008-11-10 16:50 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Installations

2008-11-10 12:52 . 2008-11-10 19:54 <DIR> d-------- c:\documents and settings\Proprietario\Dati applicazioni\Nokia

2008-11-10 12:33 . 2008-04-13 19:45 26,112 --a------ c:\windows\system32\drivers\usbser.sys

2008-11-10 12:33 . 2008-04-13 19:45 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys

2008-11-10 12:31 . 2008-11-10 12:31 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-11-10 12:31 . 2008-11-10 12:31 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2008-11-10 12:23 . 2008-11-10 12:23 <DIR> d-------- c:\documents and settings\Proprietario\Phone Browser

2008-11-08 11:00 . 2008-11-08 11:00 17,144 --a------ c:\documents and settings\Proprietario\Dati applicazioni\GDIPFONTCACHEV1.DAT

2008-11-05 18:50 . 2008-11-05 18:52 <DIR> d-------- C:\Nuova cartella

2008-11-02 09:24 . 2008-11-02 09:24 <DIR> d-------- C:\Brolo 2008 da stampare

2008-11-02 09:22 . 2008-10-29 10:25 4,791,544 --a------ C:\Eva Cassidy - Fields of Gold.Mp3

2008-11-02 09:21 . 2008-10-29 09:20 6,660,096 --a------ C:\Take That - Rule The World.mp3

2008-11-02 09:21 . 2008-09-22 12:31 4,003,840 --a------ C:\Alicia Keys - No One(2).mp3

2008-11-01 20:50 . 2008-11-01 20:52 <DIR> d-------- C:\favignana2008

2008-11-01 20:45 . 2008-11-01 20:45 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage

2008-11-01 11:54 . 2008-11-01 11:54 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Minnetonka Audio Software

2008-11-01 11:54 . 2008-11-01 11:54 1,025 --a------ c:\windows\system32\sysprs7.tgz

2008-11-01 11:54 . 2008-11-01 11:54 1,025 --a------ c:\windows\system32\sysprs7.dll

2008-11-01 11:54 . 2008-11-01 11:54 1,025 --a------ c:\windows\system32\clauth2.dll

2008-11-01 11:54 . 2008-11-01 11:54 1,025 --a------ c:\windows\system32\clauth1.dll

2008-11-01 11:54 . 2008-11-01 11:54 219 --a------ c:\windows\system32\lsprst7.tgz

2008-11-01 11:54 . 2008-11-01 11:54 87 --a------ c:\windows\system32\ssprs.tgz

2008-10-30 19:44 . 2008-11-12 19:46 <DIR> d-------- c:\programmi\File comuni\Adobe

2008-10-29 23:50 . 2008-10-29 23:50 <DIR> d-------- c:\programmi\Xvid

2008-10-29 23:50 . 2008-04-27 10:33 765,952 --a------ c:\windows\system32\xvidcore.dll

2008-10-29 23:50 . 2008-04-27 10:35 180,224 --a------ c:\windows\system32\xvidvfw.dll

2008-10-29 23:50 . 2007-06-28 18:55 77,824 --a------ c:\windows\system32\xvid.ax

2008-10-29 23:18 . 2008-10-29 23:20 <DIR> d-------- c:\documents and settings\Proprietario\Dati applicazioni\DivX

2008-10-29 23:17 . 2008-10-29 23:20 <DIR> d-------- c:\programmi\DivX

2008-10-29 20:24 . 2008-10-29 20:24 <DIR> d-------- c:\programmi\Windows Media Connect 2

2008-10-29 20:23 . 2008-10-29 20:23 <DIR> d-------- c:\windows\system32\LogFiles

2008-10-29 20:23 . 2008-11-10 16:58 <DIR> d-------- c:\windows\system32\drivers\UMDF

2008-10-29 20:16 . 2008-10-29 20:16 <DIR> d-------- c:\windows\system32\windows media

2008-10-29 20:16 . 2008-10-29 20:16 <DIR> d--h----- c:\windows\msdownld.tmp

2008-10-29 20:16 . 2008-10-29 20:16 <DIR> d-------- c:\programmi\Windows Media Components

2008-10-29 19:59 . 2008-11-15 00:18 116 --a------ c:\windows\NeroDigital.ini

2008-10-29 19:26 . 2008-10-29 19:26 <DIR> d-------- c:\documents and settings\Proprietario\Dati applicazioni\Ahead

2008-10-29 18:04 . 2008-10-29 18:04 <DIR> d-------- c:\windows\system32\it

2008-10-29 18:04 . 2008-10-29 18:04 <DIR> d-------- c:\windows\system32\bits

2008-10-29 18:04 . 2008-10-29 18:05 <DIR> d-------- c:\windows\ServicePackFiles

2008-10-29 18:04 . 2008-10-29 18:04 <DIR> d-------- c:\windows\l2schemas

2008-10-29 18:00 . 2008-10-29 18:00 <DIR> d-------- c:\windows\EHome

2008-10-29 17:00 . 2008-10-29 23:59 <DIR> d-------- c:\windows\system32\it-it

2008-10-29 16:55 . 2008-10-29 16:55 <DIR> d-------- c:\programmi\MSXML 4.0

2008-10-29 16:34 . 2007-07-30 19:19 271,224 --a------ c:\windows\system32\mucltui.dll

2008-10-29 16:34 . 2007-07-30 19:19 207,736 --a------ c:\windows\system32\muweb.dll

2008-10-29 16:34 . 2007-07-30 19:18 30,072 --a------ c:\windows\system32\mucltui.dll.mui

2008-10-29 12:58 . 2008-10-29 17:26 161,290 --a------ c:\windows\system32\PremierePro2_0Content.dat

2008-10-29 12:58 . 2008-10-29 12:58 82,432 --a------ c:\windows\system32\msxml4r.dll

2008-10-29 12:58 . 2008-09-16 01:14 43,528 --------- c:\windows\system32\drivers\pxhelp20.sys

2008-10-29 12:58 . 2008-10-29 17:26 146 --a------ c:\windows\system32\{57922B53-02D4-4DFC-AC24-A3519DC1F49A}-FunctionContent.dat

2008-10-29 12:25 . 2008-10-29 12:25 <DIR> d-------- c:\programmi\File comuni\Ahead

2008-10-29 12:25 . 2008-10-29 12:25 <DIR> d-------- c:\programmi\Ahead

2008-10-29 12:25 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll

2008-10-29 12:25 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll

2008-10-29 12:25 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll

2008-10-29 12:25 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll

2008-10-29 12:25 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe

2008-10-29 12:25 . 2004-03-02 17:37 125,184 --------- c:\windows\system32\drivers\imagesrv.sys

2008-10-29 12:25 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll

2008-10-29 12:25 . 2004-03-02 17:37 5,504 --------- c:\windows\system32\drivers\imagedrv.sys

2008-10-29 12:17 . 2008-10-29 12:17 <DIR> d-------- c:\windows\ShellNew

2008-10-29 10:09 . 2008-10-29 10:09 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!

2008-10-29 06:49 . 2008-10-29 06:49 <DIR> d-------- c:\programmi\Messenger Plus! Live

2008-10-29 06:43 . 2008-10-29 06:49 <DIR> d-------- c:\documents and settings\Proprietario\Contacts

2008-10-29 06:39 . 2008-10-29 06:43 <DIR> d-------- c:\programmi\Windows Live

2008-10-29 06:39 . 2008-10-29 06:42 <DIR> d--hsc--- c:\programmi\File comuni\WindowsLiveInstaller

2008-10-29 06:39 . 2008-10-29 06:39 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\WLInstaller

2008-10-29 06:30 . 2008-10-29 06:30 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\IM

2008-10-29 06:29 . 2008-10-29 06:29 <DIR> d-------- c:\programmi\IncrediMail

2008-10-29 06:29 . 2008-10-29 06:29 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\IncrediMail

2008-10-28 22:40 . 2008-10-28 22:40 <DIR> d-------- c:\documents and settings\Proprietario\Dati applicazioni\TMP

2008-10-28 22:21 . 2008-10-28 22:21 <DIR> d--hs---- c:\documents and settings\Proprietario\UserData

2008-10-28 22:04 . 2008-10-28 22:04 <DIR> d-------- c:\documents and settings\Proprietario\Dati applicazioni\ATI

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-15 10:56 --------- d-----w c:\programmi\eMule

2008-11-12 18:00 --------- d--h--w c:\programmi\InstallShield Installation Information

2008-11-10 11:18 --------- d-----w c:\programmi\File comuni\InstallShield

2008-10-28 21:44 --------- d-----w c:\programmi\ASUS

2008-10-28 21:40 --------- d-----w c:\programmi\Marvell

2008-10-28 21:29 --------- d-----w c:\programmi\Intel

2008-10-28 21:27 --------- d-----w c:\programmi\Analog Devices

2008-10-28 21:04 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\ATI

2008-10-28 20:54 --------- d-----w c:\programmi\ATI Technologies

2008-10-28 20:54 --------- d-----w c:\programmi\Alwil Software

2008-10-28 20:52 --------- d-----w c:\programmi\File comuni\ATI Technologies

2008-10-28 19:44 --------- d-----w c:\programmi\microsoft frontpage

2008-10-28 19:43 --------- d-----w c:\programmi\Servizi in linea

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

.

((((((((((((((((((((((((((((( snapshot@2008-11-15_11.36.12.82 )))))))))))))))))))))))))))))))))))))))))

.

+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE

- 2008-11-15 10:27:09 58,596 ----a-w c:\windows\system32\perfc009.dat

+ 2008-11-15 10:39:15 58,596 ----a-w c:\windows\system32\perfc009.dat

- 2008-11-15 10:27:09 69,568 ----a-w c:\windows\system32\perfc010.dat

+ 2008-11-15 10:39:15 69,568 ----a-w c:\windows\system32\perfc010.dat

- 2008-11-15 10:27:09 392,296 ----a-w c:\windows\system32\perfh009.dat

+ 2008-11-15 10:39:15 392,296 ----a-w c:\windows\system32\perfh009.dat

- 2008-11-15 10:27:09 437,272 ----a-w c:\windows\system32\perfh010.dat

+ 2008-11-15 10:39:15 437,272 ----a-w c:\windows\system32\perfh010.dat

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Diagnostica SpeedTouch USB"="c:\programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-15 81000]

"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2008-03-16 1040384]

"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-05-14 5958656]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SpeedTouch USB Diagnostics"="c:\programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\

Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\

Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programmi\\eMule\\emule.exe"=

"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=

"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=

R0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2008-05-19 150568]

R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-07-02 89600]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

\Shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea2fa71b-a568-11dd-9be5-806d6172696f}]

\Shell\AutoRun\command - e:\.\Bin\Assetup.exe

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-15 16:10:48

Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo

Files nascosti: 0

**************************************************************************

.

------------------------ Altri processi in esecuzione ------------------------

.

c:\programmi\Bonjour\mDNSResponder.exe

c:\windows\system32\wscntfy.exe

c:\programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\programmi\PC Connectivity Solution\ServiceLayer.exe

c:\programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe

c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe

.

**************************************************************************

.

Ora fine scansione: 2008-11-15 16:12:00 - macchina è stato riavviato

ComboFix-quarantined-files.txt 2008-11-15 15:11:45

ComboFix2.txt 2008-11-15 10:37:43

Pre-Run: 486,459,559,936 byte disponibili

Post-Run: 486,406,803,456 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

230 --- E O F --- 2008-11-12 18:04:30

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato (modificato)

ecco il primo.......

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:51, on 2008-11-15

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Programmi\Analog Devices\Core\smax4pnp.exe

C:\Program Files\ASUS\Six Engine\SixEngine.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe

C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe

C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programmi\Internet Explorer\iexplore.exe

C:\Programmi\WinRAR\WinRAR.exe

C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\Rar$EX00.594\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Diagnostica SpeedTouch USB] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [startCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{E0ECDEEE-46F4-4DC1-918B-B94394DE9E0C}: NameServer = 193.70.152.15 193.70.152.25

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 4642 bytes

Modificato da madonialuca

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato (modificato)

ecco anche il secondo..

opss....non mi inserisce l'allegato.........

KASPERSKY ONLINE SCANNER 7 REPORT

Sunday, November 16, 2008

Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Saturday, November 15, 2008 15:59:11

Records in database: 1386080

Scan settings

Scan using the following database extended

Scan archives yes

Scan mail databases yes

Scan area My Computer

A:\

C:\

D:\

E:\

Scan statistics

Files scanned 76832

Threat name 7

Infected objects 37

Suspicious objects 0

Duration of the scan 01:21:32

File name Threat name Threats count

C:\Program Files\BPK\bpk.exe Infected: not-a-virus:Monitor.Win32.Perflogger.f 1

C:\Program Files\BPK\bpkhk.dll Infected: Trojan-Spy.Win32.Perfloger.w 1

C:\Program Files\BPK\bpkr.exe Infected: not-a-virus:Monitor.Win32.Perflogger.f 1

C:\Program Files\BPK\bpkun.exe Infected: not-a-virus:Monitor.Win32.Perflogger.f 1

C:\Program Files\BPK\bpkvw.exe Infected: not-a-virus:Monitor.Win32.Perflogger.f 1

C:\WINDOWS\system32\rinst.exe Infected: not-a-virus:Monitor.Win32.Perflogger.f 1

D:\file internet\scaricone\Mumcode Mumsms v4.16 s60 Symbian Cracked.sis Infected: Trojan-Spy.SymbOS.Kiazh.a 1

D:\file internet\scaricone\OfficeSuite 4 S60 multilanguage.zip Infected: Rootkit.Win32.Agent.ajn 1

D:\file internet\scaricone\OfficeSuite S60 3rd Edition V4.60 v1.4.8.1 cracked.rar Infected: Rootkit.Win32.Agent.ajn 1

D:\LUCHINO\ccc\Nuova cartella\Apps & Games Java Nokia 3100.3200.3300.6100.6610.7210.7250.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 2

D:\LUCHINO\ccc\Nuova cartella\Apps e games\Apps\ActiveViewer\vnc-3.3.7-x86_win32.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 2

D:\LUCHINO\ex c\keylogger attivo\Perfect Keylogger 1.74 Pro Kg(Crack) Excell.zip Infected: Trojan-Spy.Win32.Perfloger.w 5

D:\LUCHINO\ex c\keylogger attivo\Perfect Keylogger 1.74 Pro Kg(Crack) Excell.zip Infected: not-a-virus:Monitor.Win32.Perflogger.d 5

D:\LUCHINO\ex c\keylogger attivo\Perfect Keylogger 1.74 Pro Kg(Crack) Excell.zip Infected: not-a-virus:Monitor.Win32.Perflogger.f 13

D:\RECYCLER\S-1-5-21-448539723-573735546-839522115-1003\Dd1.zip Infected: Trojan-Downloader.Win32.Bagle.afy 1

The selected area was scanned.

Modificato da madonialuca

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Elimina i file infetti trovati da Kaspersky, poi svuota il cestino, reinstalla l'antivirus, il log di hijackthis è pulito.

:P:)

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato (modificato)

come li elimino......... ?

mi porto sulla directory tasto ddestro e elimono ????

:):P

---------------------------------------------------------------

si comunque ho fatto nella maniera piu classica ,che e' anche l'unica che conosco....tasto destro e elimona.....

ho reistallato avast e tutto tornato alla normalita'.....

grazie mille.......

scusami se ancora ti assillo con i miei problemi....

esiste un modo per creare una specie di punto di ripristino ,magari su un dvd,im modo da non avere in caso di attacco alcuna noia...

mi spiego meglio,mettiamo il caso che io adesso formatto reistallo tutti i programmi che solitamente uso in modo da avere una macchina pulita...salvo il tutto e al momento di un attacco inserico il dvd torna in dietro e per magia tutto pulito.....

ovviamente i file di mio interesse vengono salvati su una periferica esterna....

se e possibile togli una noia a me ,ma anche a te...perche puntualmente verrei a disturbarti.

ciao e grazie

Modificato da madonialuca

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

quindi in parole povere al momento del ripristino non dovrei piu' riattivare la copia di windows ne reistallare tutti i driver ma sopratutto tuto tornerebbe al momento del salvataggio ????

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora
Vai alla lista Discussioni Antivirus - Problemi e consigli d'uso