Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo HiJackThis

6 pages: 1 2 3 4 [5] 6
Controllo HiJackThis Opzioni
Topic Precedente · Topic Sucessivo
xpproblema
Inviato: Saturday, June 12, 2010 11:31:43 PM
Rank: AiutAmico

Iscritto dal : 6/11/2010
Posts: 119
ecco


ComboFix 10-06-11.01 - Luigi 12/06/2010 23.22.58.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2037.1489 [GMT 2:00]
Eseguito da: c:\documents and settings\Luigi\Documenti\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {0057005C-0069-006E-5300-780053005C00}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Creati Da 2010-05-12 al 2010-06-12 )))))))))))))))))))))))))))))))))))
.

2010-06-12 17:04 . 2010-06-12 17:04 503808 ----a-w- c:\documents and settings\Luigi\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-58520de1-n\msvcp71.dll
2010-06-12 17:04 . 2010-06-12 17:04 499712 ----a-w- c:\documents and settings\Luigi\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-58520de1-n\jmc.dll
2010-06-12 17:04 . 2010-06-12 17:04 348160 ----a-w- c:\documents and settings\Luigi\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-58520de1-n\msvcr71.dll
2010-06-12 17:04 . 2010-06-12 17:04 61440 ----a-w- c:\documents and settings\Luigi\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7ce469db-n\decora-sse.dll
2010-06-12 17:04 . 2010-06-12 17:04 12800 ----a-w- c:\documents and settings\Luigi\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7ce469db-n\decora-d3d.dll
2010-06-12 17:04 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-12 16:27 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-12 16:27 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-12 16:27 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-12 16:27 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-12 16:27 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-12 16:27 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-12 16:27 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-12 16:27 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-12 16:27 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-12 12:33 . 2010-06-12 13:06 -------- d-----w- C:\FyK
2010-06-12 11:27 . 2010-06-12 11:27 -------- d-----w- c:\programmi\CCleaner
2010-06-12 10:05 . 2010-06-12 10:05 315 ---ha-w- C:\fix.reg
2010-06-11 17:38 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\31675572.sys
2010-06-11 17:38 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\3167557.sys
2010-06-11 17:38 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\31675571.sys
2010-06-11 11:31 . 2010-06-11 11:31 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\Malwarebytes
2010-06-11 11:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-11 11:30 . 2010-06-11 11:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-06-11 11:30 . 2010-06-11 11:30 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-06-11 11:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-11 09:31 . 2010-05-06 10:32 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-11 09:17 . 2010-06-12 17:39 -------- d-----w- c:\programmi\Panda Security
2010-06-11 09:12 . 2010-06-11 09:12 -------- d-----w- c:\programmi\Alwil Software
2010-06-11 09:12 . 2010-06-11 09:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software
2010-06-10 16:31 . 2010-06-10 16:31 -------- d-----w- c:\programmi\Microsoft Sync Framework
2010-06-10 16:29 . 2010-06-10 16:29 -------- d-----w- c:\programmi\Microsoft
2010-06-10 15:52 . 2009-11-25 09:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-06-07 18:33 . 2010-06-07 18:34 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\8BCDD3AAC06E20C3BD22DD50F82550A1
2010-05-29 19:14 . 2010-05-29 19:14 3177 ----a-w- c:\windows\mozver.dat
2010-05-23 17:16 . 2010-05-23 17:16 -------- d-----w- c:\documents and settings\Luigi\.android
2010-05-22 15:54 . 2010-05-22 17:40 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\Pro Cycling Manager 2007 - Demo
2010-05-17 16:40 . 2010-05-17 16:40 -------- d-----w- c:\programmi\mp3DirectCut

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 17:40 . 2009-10-22 17:37 -------- d-----w- c:\programmi\Notepad++
2010-06-12 17:40 . 2009-10-22 17:37 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\Notepad++
2010-06-12 17:36 . 2009-02-10 15:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WinZip
2010-06-12 17:04 . 2009-10-27 20:30 -------- d-----w- c:\programmi\File comuni\Java
2010-06-12 17:04 . 2008-04-04 15:08 -------- d-----w- c:\programmi\Java
2010-06-12 17:03 . 2004-08-19 12:00 85132 ----a-w- c:\windows\system32\perfc010.dat
2010-06-12 17:03 . 2004-08-19 12:00 492266 ----a-w- c:\windows\system32\perfh010.dat
2010-06-12 17:00 . 2005-11-21 13:21 -------- d-----w- c:\programmi\File comuni\Adobe
2010-06-12 14:07 . 2009-03-26 21:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-06-11 10:30 . 2009-04-22 11:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-06-10 20:55 . 2007-03-24 20:45 -------- d-----w- c:\programmi\File comuni\HP
2010-06-10 20:40 . 2010-01-21 14:27 -------- d-----w- c:\programmi\Windows Live Safety Center
2010-06-10 16:31 . 2010-01-14 14:31 -------- d-----w- c:\programmi\Windows Live
2010-06-05 21:02 . 2009-11-06 16:15 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-05 13:51 . 2009-11-16 19:38 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-05-31 12:37 . 2010-02-07 16:43 -------- d-----w- c:\programmi\NoteWorthy Composer
2010-05-17 16:34 . 2009-03-18 18:17 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\GetRightToGo
2010-05-07 17:52 . 2006-08-25 18:23 -------- d-----w- c:\programmi\Google
2010-05-06 10:32 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:06 . 2004-08-19 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 18:47 . 2005-11-21 12:36 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-28 18:45 . 2010-04-28 18:41 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\Audacity
2010-04-28 18:28 . 2010-04-28 18:28 -------- d-----w- c:\programmi\File comuni\DVDVideoSoft
2010-04-20 05:30 . 2004-08-19 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-18 16:38 . 2010-04-18 15:25 -------- d-----w- c:\programmi\Notation
2010-04-18 15:17 . 2010-04-18 15:17 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\MusE
2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-06 18:30 . 2005-11-23 14:09 103752 ----a-w- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-02 15:10 . 2010-04-02 15:10 152576 ----a-w- c:\documents and settings\Luigi\Dati applicazioni\Sun\Java\jre1.6.0_16\lzma.dll
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\11130\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\11130\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\11130\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\11130\AcrobatUpdater.exe
2004-03-11 12:27 . 2005-11-21 13:16 40960 ----a-w- c:\programmi\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\programmi\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 1871872]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Luigi\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^EPSON Status Monitor 3 Environment Check 2.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\EPSON Status Monitor 3 Environment Check 2.lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-10 17:27 136176 ----atw- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3130:TCP"= 3130:TCP:Services
"4760:TCP"= 4760:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"6757:TCP"= 6757:TCP:Services
"6758:TCP"= 6758:TCP:Services
"7226:TCP"= 7226:TCP:Services
"7227:TCP"= 7227:TCP:Services

R0 31675572;31675572 Boot Guard Driver;c:\windows\system32\drivers\31675572.sys [11/06/2010 19.38.19 37392]
R1 31675571;31675571;c:\windows\system32\drivers\31675571.sys [11/06/2010 19.38.19 128016]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/06/2010 18.27.50 164048]
R1 setup_9.0.0.722_11.06.2010_19-37drv;setup_9.0.0.722_11.06.2010_19-37drv;c:\windows\system32\drivers\3167557.sys [11/06/2010 19.38.19 315408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/06/2010 18.27.50 19024]
S3 {F2AFBF83-1FF8-4D1A-972AEEFC33F0B0B6};{F2AFBF83-1FF8-4D1A-972AEEFC33F0B0B6};\??\c:\windows\TEMP\18B.tmp --> c:\windows\TEMP\18B.tmp [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fbserver.exe --> c:\programmi\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [27/06/2006 20.33.50 39048]
S3 UPnPService;UPnPService;c:\programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [15/02/2007 22.53.58 544768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-12 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-20 12:18]

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1979792683-725345543-1004Core.job
- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-06-10 17:27]

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1979792683-725345543-1004UA.job
- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-06-10 17:27]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-12 23:28
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{F2AFBF83-1FF8-4D1A-972AEEFC33F0B0B6}]
"ImagePath"="\??\c:\windows\TEMP\18B.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1123561945-1979792683-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-1123561945-1979792683-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05C0C8D3-6C60-76D2-3CD5-73FE41BA2C09}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oappkbkogpgodacjgmcpebdghpkfho"=hex:64,61,6d,62,64,6b,6b,67,00,85
"oalabhcdohdmcfekapmmcijakpcmgk"=hex:6a,61,70,62,65,6a,6e,6a,65,6c,68,6d,65,6d,
6d,6b,63,67,63,64,00,02
"nabbdglchlaccopkdgkmmbdkdgbl"=hex:6a,61,70,62,65,6a,6e,6a,65,6c,68,6d,65,6d,
6d,6b,63,67,63,64,00,02

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(2536)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-06-12 23:31:15
ComboFix-quarantined-files.txt 2010-06-12 21:31

Pre-Run: 15.463.084.032 byte disponibili
Post-Run: 15.419.904.000 byte disponibili

- - End Of File - - 39CED161AA4C9377007CC55F606641F8
Torna in alto
 
shapiro
Inviato: Saturday, June 12, 2010 11:31:46 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
....e aspettiamo il log...


intanto vorrei chiederti

come mai pur non rimuovendo l'infezione con lo script di combofix non e' stata eliminata?

ho usato l'eliminazione classica

Code:
Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-1123561945-1979792683-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05C0C8D3-6C60-76D2-3CD5-73FE41BA2C09}*]
"oappkbkogpgodacjgmcpebdghpkfho"=-
"oalabhcdohdmcfekapmmcijakpcmgk"=-
"nabbdglchlaccopkdgkmmbdkdgbl"=-
;
Torna in alto
 
xpproblema
Inviato: Saturday, June 12, 2010 11:36:40 PM
Rank: AiutAmico

Iscritto dal : 6/11/2010
Posts: 119
ho notato che il CFScript.txt di pagina tre da trascinare sul combofix non ha il puntovirgola alla fine, centra qualcosa?
Torna in alto
 
shapiro
Inviato: Saturday, June 12, 2010 11:38:15 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Commenta:
ho notato che il CFScript.txt di pagina tre da trascinare sul combofix non ha il puntovirgola alla fine, centra qualcosa?



quello di combofix deve essere senza punto e virgola
Torna in alto
 
xpproblema
Inviato: Saturday, June 12, 2010 11:39:07 PM
Rank: AiutAmico

Iscritto dal : 6/11/2010
Posts: 119
ok
Torna in alto
 
r16
Inviato: Saturday, June 12, 2010 11:46:12 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::

File::
c:\windows\system32\drivers\31675572.sys
c:\windows\system32\drivers\3167557.sys
c:\windows\system32\drivers\31675571.sys
c:\windows\system32\drivers\pavboot.sys
c:\windows\system32\drivers\avgntflt.sys

Folder::
C:\os501435.bin
c:\programmi\Panda Security

DirLook::
c:\documents and settings\Luigi\Dati applicazioni\8BCDD3AAC06E20C3BD22DD50F82550A1

Driver::
pavboot
31675571
setup_9.0.0.722_11.06.2010_19-37drv;setup_9.0.0.722_11.06.2010_19-37drv
{F2AFBF83-1FF8-4D1A-972AEEFC33F0B0B6}

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{F2AFBF83-1FF8-4D1A-972AEEFC33F0B0B6}]

RegNull::
[HKEY_USERS\S-1-5-21-1123561945-1979792683-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05C0C8D3-6C60-76D2-3CD5-73FE41BA2C09}*]


trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Se il pc non si riavvia da solo, riavvialo tu.
Posta il log aggiornato di combofix

Commenta:
quello di combofix deve essere senza punto e virgola

Non avrebbe funzionato lo stesso.
Torna in alto
 
xpproblema
Inviato: Saturday, June 12, 2010 11:46:17 PM
Rank: AiutAmico

Iscritto dal : 6/11/2010
Posts: 119
faccio notare che scrivendo control userpasswords (senza il "2") viene ancora il "guest" oltre che "luigi"
Torna in alto
 
xpproblema
Inviato: Saturday, June 12, 2010 11:48:24 PM
Rank: AiutAmico

Iscritto dal : 6/11/2010
Posts: 119
ok ora faccio
Torna in alto
 
r16
Inviato: Saturday, June 12, 2010 11:50:53 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
come mai pur non rimuovendo l'infezione con lo script di combofix non e' stata eliminata?

Perchè ci vuole un'altro comando.
Non tutte le chiavi si eliminano con il comando Registry::
Torna in alto
 
shapiro
Inviato: Saturday, June 12, 2010 11:53:29 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
su questa ho lasciato correre in quanto non era presente il file

Code:
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{F2AFBF83-1FF8-4D1A-972AEEFC33F0B0B6}]


r16 ti ho inviato un P.M.
Torna in alto
 
xpproblema
Inviato: Saturday, June 12, 2010 11:58:36 PM
Rank: AiutAmico

Iscritto dal : 6/11/2010
Posts: 119
ComboFix 10-06-11.01 - Luigi 12/06/2010 23.50.40.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2037.1429 [GMT 2:00]
Eseguito da: c:\documents and settings\Luigi\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Luigi\Desktop\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {0057005C-0069-006E-5300-780053005C00}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Creati Da 2010-05-12 al 2010-06-12 )))))))))))))))))))))))))))))))))))
.

2010-06-12 17:04 . 2010-06-12 17:04 503808 ----a-w- c:\documents and settings\Luigi\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-58520de1-n\msvcp71.dll
2010-06-12 17:04 . 2010-06-12 17:04 499712 ----a-w- c:\documents and settings\Luigi\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-58520de1-n\jmc.dll
2010-06-12 17:04 . 2010-06-12 17:04 348160 ----a-w- c:\documents and settings\Luigi\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-58520de1-n\msvcr71.dll
2010-06-12 17:04 . 2010-06-12 17:04 61440 ----a-w- c:\documents and settings\Luigi\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7ce469db-n\decora-sse.dll
2010-06-12 17:04 . 2010-06-12 17:04 12800 ----a-w- c:\documents and settings\Luigi\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7ce469db-n\decora-d3d.dll
2010-06-12 17:04 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-12 16:27 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-12 16:27 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-12 16:27 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-12 16:27 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-12 16:27 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-12 16:27 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-12 16:27 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-12 16:27 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-12 16:27 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-12 12:33 . 2010-06-12 13:06 -------- d-----w- C:\FyK
2010-06-12 11:27 . 2010-06-12 11:27 -------- d-----w- c:\programmi\CCleaner
2010-06-12 10:05 . 2010-06-12 10:05 315 ---ha-w- C:\fix.reg
2010-06-11 17:38 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\31675572.sys
2010-06-11 17:38 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\3167557.sys
2010-06-11 17:38 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\31675571.sys
2010-06-11 11:31 . 2010-06-11 11:31 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\Malwarebytes
2010-06-11 11:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-11 11:30 . 2010-06-11 11:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-06-11 11:30 . 2010-06-11 11:30 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-06-11 11:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-11 09:31 . 2010-05-06 10:32 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-11 09:17 . 2010-06-12 17:39 -------- d-----w- c:\programmi\Panda Security
2010-06-11 09:12 . 2010-06-11 09:12 -------- d-----w- c:\programmi\Alwil Software
2010-06-11 09:12 . 2010-06-11 09:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software
2010-06-10 16:31 . 2010-06-10 16:31 -------- d-----w- c:\programmi\Microsoft Sync Framework
2010-06-10 16:29 . 2010-06-10 16:29 -------- d-----w- c:\programmi\Microsoft
2010-06-10 15:52 . 2009-11-25 09:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-06-07 18:33 . 2010-06-07 18:34 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\8BCDD3AAC06E20C3BD22DD50F82550A1
2010-05-29 19:14 . 2010-05-29 19:14 3177 ----a-w- c:\windows\mozver.dat
2010-05-23 17:16 . 2010-05-23 17:16 -------- d-----w- c:\documents and settings\Luigi\.android
2010-05-22 15:54 . 2010-05-22 17:40 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\Pro Cycling Manager 2007 - Demo
2010-05-17 16:40 . 2010-05-17 16:40 -------- d-----w- c:\programmi\mp3DirectCut

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 17:40 . 2009-10-22 17:37 -------- d-----w- c:\programmi\Notepad++
2010-06-12 17:40 . 2009-10-22 17:37 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\Notepad++
2010-06-12 17:36 . 2009-02-10 15:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WinZip
2010-06-12 17:04 . 2009-10-27 20:30 -------- d-----w- c:\programmi\File comuni\Java
2010-06-12 17:04 . 2008-04-04 15:08 -------- d-----w- c:\programmi\Java
2010-06-12 17:03 . 2004-08-19 12:00 85132 ----a-w- c:\windows\system32\perfc010.dat
2010-06-12 17:03 . 2004-08-19 12:00 492266 ----a-w- c:\windows\system32\perfh010.dat
2010-06-12 17:00 . 2005-11-21 13:21 -------- d-----w- c:\programmi\File comuni\Adobe
2010-06-12 14:07 . 2009-03-26 21:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-06-11 10:30 . 2009-04-22 11:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-06-10 20:55 . 2007-03-24 20:45 -------- d-----w- c:\programmi\File comuni\HP
2010-06-10 20:40 . 2010-01-21 14:27 -------- d-----w- c:\programmi\Windows Live Safety Center
2010-06-10 16:31 . 2010-01-14 14:31 -------- d-----w- c:\programmi\Windows Live
2010-06-05 21:02 . 2009-11-06 16:15 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-05 13:51 . 2009-11-16 19:38 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-05-31 12:37 . 2010-02-07 16:43 -------- d-----w- c:\programmi\NoteWorthy Composer
2010-05-17 16:34 . 2009-03-18 18:17 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\GetRightToGo
2010-05-07 17:52 . 2006-08-25 18:23 -------- d-----w- c:\programmi\Google
2010-05-06 10:32 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:06 . 2004-08-19 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 18:47 . 2005-11-21 12:36 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-28 18:45 . 2010-04-28 18:41 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\Audacity
2010-04-28 18:28 . 2010-04-28 18:28 -------- d-----w- c:\programmi\File comuni\DVDVideoSoft
2010-04-20 05:30 . 2004-08-19 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-18 16:38 . 2010-04-18 15:25 -------- d-----w- c:\programmi\Notation
2010-04-18 15:17 . 2010-04-18 15:17 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\MusE
2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-06 18:30 . 2005-11-23 14:09 103752 ----a-w- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-02 15:10 . 2010-04-02 15:10 152576 ----a-w- c:\documents and settings\Luigi\Dati applicazioni\Sun\Java\jre1.6.0_16\lzma.dll
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\11130\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\11130\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\11130\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\11130\AcrobatUpdater.exe
2004-03-11 12:27 . 2005-11-21 13:16 40960 ----a-w- c:\programmi\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\programmi\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 1871872]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Luigi\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^EPSON Status Monitor 3 Environment Check 2.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\EPSON Status Monitor 3 Environment Check 2.lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-10 17:27 136176 ----atw- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3130:TCP"= 3130:TCP:Services
"4760:TCP"= 4760:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"6757:TCP"= 6757:TCP:Services
"6758:TCP"= 6758:TCP:Services
"7226:TCP"= 7226:TCP:Services
"7227:TCP"= 7227:TCP:Services

R0 31675572;31675572 Boot Guard Driver;c:\windows\system32\drivers\31675572.sys [11/06/2010 19.38.19 37392]
R1 31675571;31675571;c:\windows\system32\drivers\31675571.sys [11/06/2010 19.38.19 128016]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/06/2010 18.27.50 164048]
R1 setup_9.0.0.722_11.06.2010_19-37drv;setup_9.0.0.722_11.06.2010_19-37drv;c:\windows\system32\drivers\3167557.sys [11/06/2010 19.38.19 315408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/06/2010 18.27.50 19024]
S3 {F2AFBF83-1FF8-4D1A-972AEEFC33F0B0B6};{F2AFBF83-1FF8-4D1A-972AEEFC33F0B0B6};\??\c:\windows\TEMP\18B.tmp --> c:\windows\TEMP\18B.tmp [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fbserver.exe --> c:\programmi\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [27/06/2006 20.33.50 39048]
S3 UPnPService;UPnPService;c:\programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [15/02/2007 22.53.58 544768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-12 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-20 12:18]

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1979792683-725345543-1004Core.job
- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-06-10 17:27]

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1979792683-725345543-1004UA.job
- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-06-10 17:27]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-12 23:55
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{F2AFBF83-1FF8-4D1A-972AEEFC33F0B0B6}]
"ImagePath"="\??\c:\windows\TEMP\18B.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1123561945-1979792683-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-1123561945-1979792683-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05C0C8D3-6C60-76D2-3CD5-73FE41BA2C09}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oappkbkogpgodacjgmcpebdghpkfho"=hex:64,61,6d,62,64,6b,6b,67,00,85
"oalabhcdohdmcfekapmmcijakpcmgk"=hex:6a,61,70,62,65,6a,6e,6a,65,6c,68,6d,65,6d,
6d,6b,63,67,63,64,00,02
"nabbdglchlaccopkdgkmmbdkdgbl"=hex:6a,61,70,62,65,6a,6e,6a,65,6c,68,6d,65,6d,
6d,6b,63,67,63,64,00,02

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(3332)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-06-12 23:58:05
ComboFix-quarantined-files.txt 2010-06-12 21:58
ComboFix2.txt 2010-06-12 21:31

Pre-Run: 15.428.136.960 byte disponibili
Post-Run: 15.408.979.968 byte disponibili

- - End Of File - - 773620D302887E3973C09E280E0E8754
Torna in alto
 
r16
Inviato: Saturday, June 12, 2010 11:59:47 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
shapiro ha scritto:
su questa ho lasciato correre in quanto non era presente il file

Code:
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{F2AFBF83-1FF8-4D1A-972AEEFC33F0B0B6}]


r16 ti ho inviato un P.M.


E' stato un errore.
Se noti, quel valore si trova anche nei servizi.
S3 {F2AFBF83-1FF8-4D1A-972AEEFC33F0B0B6};{F2AFBF83-1FF8-4D1A-972AEEFC33F0B0B6};\??
E' un'infezione.

Scusa, non sò se la posta funziona, perchè a me non è arrivato niente.
Torna in alto
 
r16
Inviato: Sunday, June 13, 2010 12:02:09 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
@xpproblema :
Lo script è errato:
Opzioni usate :: c:\documents and settings\Luigi\Desktop\CFScript.txt.txt
L'estensione deve essere txt
Non txt.txt
Finita la scansione, se il pc non si riavvia da solo, lo devi riavviare Tu.
Torna in alto
 
shapiro
Inviato: Sunday, June 13, 2010 12:02:56 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Commenta:
Scusa, non sò se la posta funziona, perchè a me non è arrivato niente.



adesso e' arrivato
Torna in alto
 
xpproblema
Inviato: Sunday, June 13, 2010 12:04:15 AM
Rank: AiutAmico

Iscritto dal : 6/11/2010
Posts: 119
r16 ha scritto:
@xpproblema :
Lo script è errato:
Opzioni usate :: c:\documents and settings\Luigi\Desktop\CFScript.txt.txt
L'estensione deve essere txt
Non txt.txt
Finita la scansione, se il pc non si riavvia da solo, lo devi riavviare Tu.

mahhhh, mi pareva di aver fatto giusto, rifaccio
Torna in alto
 
r16
Inviato: Sunday, June 13, 2010 12:09:15 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
adesso e' arrivato

Risposto.
Torna in alto
 
shapiro
Inviato: Sunday, June 13, 2010 12:15:39 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ri-risposto
Torna in alto
 
xpproblema
Inviato: Sunday, June 13, 2010 12:19:14 AM
Rank: AiutAmico

Iscritto dal : 6/11/2010
Posts: 119
ComboFix 10-06-11.01 - Luigi 13/06/2010 0.07.38.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2037.1518 [GMT 2:00]
Eseguito da: c:\documents and settings\Luigi\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Luigi\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {0057005C-0069-006E-5300-780053005C00}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\drivers\3167557.sys"
"c:\windows\system32\drivers\31675571.sys"
"c:\windows\system32\drivers\31675572.sys"
"c:\windows\system32\drivers\avgntflt.sys"
"c:\windows\system32\drivers\pavboot.sys"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\Panda Security
c:\windows\system32\drivers\3167557.sys
c:\windows\system32\drivers\31675571.sys
c:\windows\system32\drivers\31675572.sys
c:\windows\system32\drivers\avgntflt.sys

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_31675571
-------\Legacy_PAVBOOT
-------\Service_31675571
-------\Legacy_31675572
-------\Legacy_setup_9.0.0.722_11.06.2010_19-37drv
-------\Service_31675572
-------\Service_setup_9.0.0.722_11.06.2010_19-37drv


((((((((((((((((((((((((( Files Creati Da 2010-05-12 al 2010-06-12 )))))))))))))))))))))))))))))))))))
.

2010-06-12 17:04 . 2010-06-12 17:04 503808 ----a-w- c:\documents and settings\Luigi\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-58520de1-n\msvcp71.dll
2010-06-12 17:04 . 2010-06-12 17:04 499712 ----a-w- c:\documents and settings\Luigi\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-58520de1-n\jmc.dll
2010-06-12 17:04 . 2010-06-12 17:04 348160 ----a-w- c:\documents and settings\Luigi\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-58520de1-n\msvcr71.dll
2010-06-12 17:04 . 2010-06-12 17:04 61440 ----a-w- c:\documents and settings\Luigi\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7ce469db-n\decora-sse.dll
2010-06-12 17:04 . 2010-06-12 17:04 12800 ----a-w- c:\documents and settings\Luigi\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7ce469db-n\decora-d3d.dll
2010-06-12 17:04 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-12 16:27 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-12 16:27 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-12 16:27 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-12 16:27 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-12 16:27 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-12 16:27 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-12 16:27 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-12 16:27 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-12 16:27 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-12 12:33 . 2010-06-12 13:06 -------- d-----w- C:\FyK
2010-06-12 11:27 . 2010-06-12 11:27 -------- d-----w- c:\programmi\CCleaner
2010-06-12 10:05 . 2010-06-12 10:05 315 ---ha-w- C:\fix.reg
2010-06-11 11:31 . 2010-06-11 11:31 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\Malwarebytes
2010-06-11 11:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-11 11:30 . 2010-06-11 11:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-06-11 11:30 . 2010-06-11 11:30 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-06-11 11:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-11 09:31 . 2010-05-06 10:32 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-11 09:12 . 2010-06-11 09:12 -------- d-----w- c:\programmi\Alwil Software
2010-06-11 09:12 . 2010-06-11 09:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software
2010-06-10 16:31 . 2010-06-10 16:31 -------- d-----w- c:\programmi\Microsoft Sync Framework
2010-06-10 16:29 . 2010-06-10 16:29 -------- d-----w- c:\programmi\Microsoft
2010-06-07 18:33 . 2010-06-07 18:34 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\8BCDD3AAC06E20C3BD22DD50F82550A1
2010-05-29 19:14 . 2010-05-29 19:14 3177 ----a-w- c:\windows\mozver.dat
2010-05-23 17:16 . 2010-05-23 17:16 -------- d-----w- c:\documents and settings\Luigi\.android
2010-05-22 15:54 . 2010-05-22 17:40 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\Pro Cycling Manager 2007 - Demo
2010-05-17 16:40 . 2010-05-17 16:40 -------- d-----w- c:\programmi\mp3DirectCut

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 17:40 . 2009-10-22 17:37 -------- d-----w- c:\programmi\Notepad++
2010-06-12 17:40 . 2009-10-22 17:37 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\Notepad++
2010-06-12 17:36 . 2009-02-10 15:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WinZip
2010-06-12 17:04 . 2009-10-27 20:30 -------- d-----w- c:\programmi\File comuni\Java
2010-06-12 17:04 . 2008-04-04 15:08 -------- d-----w- c:\programmi\Java
2010-06-12 17:03 . 2004-08-19 12:00 85132 ----a-w- c:\windows\system32\perfc010.dat
2010-06-12 17:03 . 2004-08-19 12:00 492266 ----a-w- c:\windows\system32\perfh010.dat
2010-06-12 17:00 . 2005-11-21 13:21 -------- d-----w- c:\programmi\File comuni\Adobe
2010-06-12 14:07 . 2009-03-26 21:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-06-11 10:30 . 2009-04-22 11:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-06-10 20:55 . 2007-03-24 20:45 -------- d-----w- c:\programmi\File comuni\HP
2010-06-10 20:40 . 2010-01-21 14:27 -------- d-----w- c:\programmi\Windows Live Safety Center
2010-06-10 16:31 . 2010-01-14 14:31 -------- d-----w- c:\programmi\Windows Live
2010-06-05 21:02 . 2009-11-06 16:15 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-05 13:51 . 2009-11-16 19:38 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-05-31 12:37 . 2010-02-07 16:43 -------- d-----w- c:\programmi\NoteWorthy Composer
2010-05-17 16:34 . 2009-03-18 18:17 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\GetRightToGo
2010-05-07 17:52 . 2006-08-25 18:23 -------- d-----w- c:\programmi\Google
2010-05-06 10:32 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:06 . 2004-08-19 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 18:47 . 2005-11-21 12:36 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-28 18:45 . 2010-04-28 18:41 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\Audacity
2010-04-28 18:28 . 2010-04-28 18:28 -------- d-----w- c:\programmi\File comuni\DVDVideoSoft
2010-04-20 05:30 . 2004-08-19 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-18 16:38 . 2010-04-18 15:25 -------- d-----w- c:\programmi\Notation
2010-04-18 15:17 . 2010-04-18 15:17 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\MusE
2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-06 18:30 . 2005-11-23 14:09 103752 ----a-w- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-02 15:10 . 2010-04-02 15:10 152576 ----a-w- c:\documents and settings\Luigi\Dati applicazioni\Sun\Java\jre1.6.0_16\lzma.dll
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\11130\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\11130\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\11130\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\11130\AcrobatUpdater.exe
2004-03-11 12:27 . 2005-11-21 13:16 40960 ----a-w- c:\programmi\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Luigi\Dati applicazioni\8BCDD3AAC06E20C3BD22DD50F82550A1 ----



((((((((((((((((((((((((((((( SnapShot@2010-06-12_21.28.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-12 22:14 . 2010-06-12 22:14 16384 c:\windows\temp\Perflib_Perfdata_758.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\programmi\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 1871872]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Luigi\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^EPSON Status Monitor 3 Environment Check 2.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\EPSON Status Monitor 3 Environment Check 2.lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-10 17:27 136176 ----atw- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3130:TCP"= 3130:TCP:Services
"4760:TCP"= 4760:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"6757:TCP"= 6757:TCP:Services
"6758:TCP"= 6758:TCP:Services
"7226:TCP"= 7226:TCP:Services
"7227:TCP"= 7227:TCP:Services

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/06/2010 18.27.50 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/06/2010 18.27.50 19024]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fbserver.exe --> c:\programmi\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [27/06/2006 20.33.50 39048]
S3 UPnPService;UPnPService;c:\programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [15/02/2007 22.53.58 544768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-12 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-20 12:18]

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1979792683-725345543-1004Core.job
- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-06-10 17:27]

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1979792683-725345543-1004UA.job
- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-06-10 17:27]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-13 00:14
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1123561945-1979792683-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\MPRAPI.dll

- - - - - - - > 'explorer.exe'(3200)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WgaTray.exe
c:\programmi\File comuni\EPSON\EBAPI\SAgent2.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Ora fine scansione: 2010-06-13 00:18:49 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-06-12 22:18
ComboFix2.txt 2010-06-12 21:31

Pre-Run: 15.427.108.864 byte disponibili
Post-Run: 15.382.208.512 byte disponibili

- - End Of File - - 7BF618429A8D10C908AD46B89957FF41
Torna in alto
 
r16
Inviato: Sunday, June 13, 2010 12:27:30 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ok.
Vado a nanna.
Ciao a tutti.
Torna in alto
 
xpproblema
Inviato: Sunday, June 13, 2010 12:28:31 AM
Rank: AiutAmico

Iscritto dal : 6/11/2010
Posts: 119
ok grazie e notte!
(io sto ancora alzato se shapiro sta alzato)
Torna in alto
 
Utenti presenti in questo topic
Guest

6 pages: 1 2 3 4 [5] 6

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo HiJackThis


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.