Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » SOS urgente per PC lavoro

2 pages: [1] 2
SOS urgente per PC lavoro Opzioni
Topic Precedente · Topic Sucessivo
giovanitasca
Inviato: Sunday, October 10, 2010 1:26:25 PM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
Uno sprovvedutissimo collega mi ha incasinato il Pc di lavoro che domani, al riavvio dovrò per forza di cose renrere operativo. Praticamente è stato installato un pseudo programma antivirus che blocca tutto perchè riferisce di fare fantomatiche scansioni, trovare dei virus e no aprire i programmi richiesti. Sul desktop sono apparse collegamenti (nudeporn. com, porntube.com... spam001.exe...) (A proposito si può conoscere l'ora di installazione di tali applicazioni?). Non funziona nemmeno il Task Manager. Le scansioni le ho fatte in modalità provvisoria.
SI ringrazia sentitamente: Giovanni


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.09.36, on 10/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programmi\ConduitEngine\ConduitEngine.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: VenditaMotori Toolbar - {ae335179-0533-44ab-8b59-cd68b0000006} - C:\Programmi\VenditaMotori\tbVend.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: VenditaMotori Toolbar - {ae335179-0533-44ab-8b59-cd68b0000006} - C:\Programmi\VenditaMotori\tbVend.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programmi\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SoundMax] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Xxaniyaloguj] rundll32.exe "C:\WINDOWS\axpatuti.dll",Startup
O4 - HKCU\..\Run: [dfrgsnapnt.exe] C:\DOCUME~1\ORTOPE~1\IMPOST~1\Temp\dfrgsnapnt.exe
O4 - HKCU\..\Run: [Antivirus] "C:\Programmi\AnVi\avt.exe" -noscan
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {15CAC53B-5F45-4D70-BE98-386E6F3B3328} (MedstWeb Control) - http://192.168.0.200:8085/resources/medweb/MedstWWW.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://king.it.msn.com/ctl/kingcomie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file:///E:/CDVIEWER/CdViewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aoumberto.local
O17 - HKLM\Software\..\Telephony: DomainName = aoumberto.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF0C2A40-906E-404E-A2ED-55A6A85EBA46}: NameServer = 151.99.125.2,151.99.250.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aoumberto.local
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Servizio di Google Update (gupdate1c98e7a6d003cfa) (gupdate1c98e7a6d003cfa) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ManageEngine Desktop Central 6 - Agent - Unknown owner - C:\Programmi\DesktopCentral_Agent\\bin\dcagentservice.exe
O23 - Service: ManageEngine Desktop Central 6 - Remote Control - Unknown owner - C:\Programmi\DesktopCentral_Agent\\bin\dcrdservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Programmi\UltraVNC\WinVNC.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ORTOPE~1/IMPOST~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 6858 bytes



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4747

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.11

10/10/2010 12.07.15
mbam-log-2010-10-10 (12-06-45).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 206975
Tempo trascorso: 53 minuti, 7 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 4
Valori di registro infetti: 5
Voci infette nei dati di registro: 2
Cartelle infette: 3
File infetti: 142

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pragmatrdcdxrqqm (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AnVi (Rogue.AnVi) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus (Rogue.AntiVirus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) -> No action taken.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xxaniyaloguj (Trojan.Hiloti) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dfrgsnapnt.exe (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> No action taken.

Voci infette nei dati di registro:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
C:\Programmi\AnVi (Rogue.AntiVirus) -> No action taken.
C:\Documents and Settings\ortopediamedici\Menu Avvio\Programmi\AnVi (Rogue.AntiVirus) -> No action taken.
C:\WINDOWS\PRAGMAtrdcdxrqqm (Trojan.DNSChanger) -> No action taken.

File infetti:
C:\WINDOWS\axpatuti.dll (Trojan.Hiloti) -> No action taken.
C:\Documents and Settings\ortopediamedici\Impostazioni locali\Temp\dfrgsnapnt.exe (Trojan.FakeAlert) -> No action taken.
C:\Programmi\AnVi\avt.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\baadd[1].jpg (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\baadd[1].png (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\baadd[2].jpg (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\hwaaf[1].png (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\irptrpih[1].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\rmrmgfe[1].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\rmrmgfe[1].jpg (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\rmrmgfe[1].png (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\rmrmgfe[2].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\rmrmgfe[2].jpg (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\rmrmgfe[2].png (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\rmrmgfe[3].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\rmrmgfe[3].jpg (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\rmrmgfe[4].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\rmrmgfe[4].jpg (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\rmrmgfe[5].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\rmrmgfe[5].jpg (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\rmrmgfe[6].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\vfwwhc[1].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\vfwwhc[1].gif (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\vfwwhc[1].png (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\vfwwhc[2].png (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\wflayr[1].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\wflayr[1].jpg (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\wflayr[1].png (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\wflayr[2].png (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\BJOK9BAC\wflayr[3].png (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\IRK7JHCK\baadd[1].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\IRK7JHCK\baadd[1].gif (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\IRK7JHCK\baadd[2].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\IRK7JHCK\ibmiht[1].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\IRK7JHCK\rmrmgfe[1].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\IRK7JHCK\rmrmgfe[1].gif (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\IRK7JHCK\rmrmgfe[1].png (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\IRK7JHCK\rmrmgfe[2].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\IRK7JHCK\rmrmgfe[2].gif (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\IRK7JHCK\rmrmgfe[3].gif (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\IRK7JHCK\rmrmgfe[4].gif (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\IRK7JHCK\rmrmgfe[5].gif (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\IRK7JHCK\vfwwhc[1].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\IRK7JHCK\vfwwhc[1].gif (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\IRK7JHCK\vfwwhc[1].png (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\IRK7JHCK\vfwwhc[2].gif (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\IRK7JHCK\vtjk[1].png (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\IRK7JHCK\wflayr[1].gif (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\IRK7JHCK\wflayr[1].png (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\IRK7JHCK\wflayr[2].gif (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZF094IKG\baadd[1].gif (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZF094IKG\baadd[2].gif (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZF094IKG\hwaaf[1].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZF094IKG\rmrmgfe[1].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZF094IKG\rmrmgfe[1].gif (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZF094IKG\rmrmgfe[1].jpg (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZF094IKG\rmrmgfe[1].png (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZF094IKG\rmrmgfe[2].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZF094IKG\rmrmgfe[2].gif (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZF094IKG\rmrmgfe[2].jpg (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZF094IKG\rmrmgfe[2].png (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZF094IKG\rmrmgfe[3].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZF094IKG\rmrmgfe[3].jpg (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZF094IKG\rmrmgfe[3].png (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZF094IKG\rmrmgfe[4].png (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZF094IKG\vfwwhc[1].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZF094IKG\vfwwhc[1].jpg (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZF094IKG\vfwwhc[1].png (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZF094IKG\vfwwhc[2].jpg (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZF094IKG\wflayr[1].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZF094IKG\wflayr[1].jpg (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZF094IKG\wflayr[2].jpg (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZUFUUENU\baadd[1].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZUFUUENU\baadd[1].gif (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZUFUUENU\baadd[1].jpg (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZUFUUENU\comz[1].gif (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZUFUUENU\ezvg[1].gif (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZUFUUENU\hwaaf[1].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZUFUUENU\kfqkgvlt[1].gif (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZUFUUENU\rmrmgfe[1].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZUFUUENU\rmrmgfe[1].gif (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZUFUUENU\rmrmgfe[1].jpg (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZUFUUENU\rmrmgfe[1].png (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZUFUUENU\rmrmgfe[2].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZUFUUENU\rmrmgfe[2].gif (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZUFUUENU\rmrmgfe[2].jpg (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZUFUUENU\rmrmgfe[3].jpg (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZUFUUENU\rmrmgfe[4].jpg (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZUFUUENU\vdcuys[1].png (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZUFUUENU\vfwwhc[1].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZUFUUENU\vfwwhc[1].png (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZUFUUENU\vfwwhc[2].bmp (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZUFUUENU\wflayr[1].gif (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZUFUUENU\wflayr[1].png (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\ZUFUUENU\wflayr[2].gif (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\ortopediamedici\Impostazioni locali\Temp\0.22419103889931657.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\ortopediamedici\Impostazioni locali\Temp\0.9798431820304941.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\ortopediamedici\Impostazioni locali\Temp\asd5D.tmp.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\ortopediamedici\Impostazioni locali\Temp\asd5E.tmp.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\ortopediamedici\Impostazioni locali\Temp\eapp32hst.dll (Trojan.FakeAV) -> No action taken.
C:\Documents and Settings\ortopediamedici\Impostazioni locali\Temp\fiu1.tmp (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\ortopediamedici\Impostazioni locali\Temp\JoYqXMfeAp.exe (Trojan.Hiloti) -> No action taken.
C:\Documents and Settings\ortopediamedici\Impostazioni locali\Temp\wscsvc32.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\ortopediamedici\Impostazioni locali\Temporary Internet Files\Content.IE5\MEIQCEPA\5-direct[2].ex (Trojan.DNSChanger) -> No action taken.
C:\Documents and Settings\ortopediamedici\Impostazioni locali\Temporary Internet Files\Content.IE5\MMDHJXZN\5-direct[1].ex (Trojan.DNSChanger) -> No action taken.
C:\Documents and Settings\ortopediamedici\Impostazioni locali\Temporary Internet Files\Content.IE5\W312R1HE\setup[1].exe (Trojan.Hiloti) -> No action taken.
C:\Documents and Settings\ortopediamedici\Impostazioni locali\Temporary Internet Files\Content.IE5\W312R1HE\setup[2].exe (Trojan.FakeAlert) -> No action taken.
C:\Programmi\AnVi\avtext.dll (Trojan.FakeAlert) -> No action taken.
C:\Programmi\AnVi\avthook.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\PRAGMAtrdcdxrqqm\PRAGMAc.dll (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\PRAGMAtrdcdxrqqm\PRAGMAd.sys (Trojan.DNSChanger) -> No action taken.
C:\Programmi\AnVi\about.ico (Rogue.AntiVirus) -> No action taken.
C:\Programmi\AnVi\activate.ico (Rogue.AntiVirus) -> No action taken.
C:\Programmi\AnVi\avt.db (Rogue.AntiVirus) -> No action taken.
C:\Programmi\AnVi\buy.ico (Rogue.AntiVirus) -> No action taken.
C:\Programmi\AnVi\help.ico (Rogue.AntiVirus) -> No action taken.
C:\Programmi\AnVi\scan.ico (Rogue.AntiVirus) -> No action taken.
C:\Programmi\AnVi\settings.ico (Rogue.AntiVirus) -> No action taken.
C:\Programmi\AnVi\splash.mp3 (Rogue.AntiVirus) -> No action taken.
C:\Programmi\AnVi\Uninstall.exe (Rogue.AntiVirus) -> No action taken.
C:\Programmi\AnVi\update.ico (Rogue.AntiVirus) -> No action taken.
C:\Programmi\AnVi\virus.mp3 (Rogue.AntiVirus) -> No action taken.
C:\Documents and Settings\ortopediamedici\Menu Avvio\Programmi\AnVi\About.lnk (Rogue.AntiVirus) -> No action taken.
C:\Documents and Settings\ortopediamedici\Menu Avvio\Programmi\AnVi\Activate.lnk (Rogue.AntiVirus) -> No action taken.
C:\Documents and Settings\ortopediamedici\Menu Avvio\Programmi\AnVi\Antivirus Support.lnk (Rogue.AntiVirus) -> No action taken.
C:\Documents and Settings\ortopediamedici\Menu Avvio\Programmi\AnVi\Antivirus.lnk (Rogue.AntiVirus) -> No action taken.
C:\Documents and Settings\ortopediamedici\Menu Avvio\Programmi\AnVi\Buy.lnk (Rogue.AntiVirus) -> No action taken.
C:\Documents and Settings\ortopediamedici\Menu Avvio\Programmi\AnVi\Scan.lnk (Rogue.AntiVirus) -> No action taken.
C:\Documents and Settings\ortopediamedici\Menu Avvio\Programmi\AnVi\Settings.lnk (Rogue.AntiVirus) -> No action taken.
C:\Documents and Settings\ortopediamedici\Menu Avvio\Programmi\AnVi\Update.lnk (Rogue.AntiVirus) -> No action taken.
C:\WINDOWS\PRAGMAtrdcdxrqqm\PRAGMAcfg.ini (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\PRAGMAtrdcdxrqqm\PRAGMAsrcr.dat (Trojan.DNSChanger) -> No action taken.
C:\Documents and Settings\ortopediamedici\Dati applicazioni\Bitrix Security\kahvux.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\ortopediamedici\Desktop\AntiVirus.lnk (Rogue.AntiVirus) -> No action taken.
C:\Documents and Settings\ortopediamedici\Desktop\nudetube.com.lnk (Rogue.Link) -> No action taken.
C:\Documents and Settings\ortopediamedici\Desktop\pornotube.com.lnk (Rogue.Link) -> No action taken.
C:\Documents and Settings\ortopediamedici\Desktop\spam001.exe (Malware.Trace) -> No action taken.
C:\Documents and Settings\ortopediamedici\Desktop\spam003.exe (Malware.Trace) -> No action taken.
C:\Documents and Settings\ortopediamedici\Desktop\troj000.exe (Malware.Trave) -> No action taken.
C:\Documents and Settings\ortopediamedici\Desktop\youporn.com.lnk (Rogue.Link) -> No action taken.
C:\Documents and Settings\ortopediamedici\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\Antivirus.lnk (Rogue.AntiVirus) -> No action taken.
C:\Documents and Settings\ortopediamedici\Impostazioni locali\Temp\PRAGMA61de.tmp (Trojan.DNSChanger) -> No action taken.
Torna in alto
 
Sponsor
Inviato: Sunday, October 10, 2010 1:26:25 PM

 
Torna in alto
 
old_bilodiego
Inviato: Sunday, October 10, 2010 1:40:24 PM

Rank: AiutAmico

Iscritto dal : 3/2/2010
Posts: 2,994
iN modalita provvisoria prova A fare il ripristino del sistema ad un punto in cui funzionava bene,e disinstalla quel programma.
Bilodiego
Torna in alto
 
giovanitasca
Inviato: Sunday, October 10, 2010 1:57:53 PM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
Lo farò domattina.
Grazie
Torna in alto
 
r16
Inviato: Sunday, October 10, 2010 2:59:49 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Sconsiglio il ripristino, in quanto ci sono moltissime probabilità che il virus, abbia infettato i punti di ripristino.
Per cui, ti ritroveresti ancora infetto.

Comincia ad eliminare quello che ha trovato Malwarebytes.

Poi:
1)Scarica TDSSKiller.zip sul desktop:
http://support.kaspersky.com/viruses/solutions?qid=208280684
Estrai i dati in una cartella e fai doppio clik su TDSSKiller.exe
Per eliminare i file infetti, è necessario riavviare il pc

2) Scarica ed avvia rkill.com per terminare i processi in esecuzione del malware
http://download.bleepingcomputer.com/grinler/rkill.com

Poi esegui questa scansione:
Scarica Combofix (usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop. (è obligatorio)

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (se usi Vista: tasto destro su Combofix.exe e clicca su: "Esegui come Amministratore" )

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.
Torna in alto
 
old_bilodiego
Inviato: Sunday, October 10, 2010 4:03:26 PM

Rank: AiutAmico

Iscritto dal : 3/2/2010
Posts: 2,994
Non ho considerato che proprio quel pseudoprogramma potrebbe essere una applicazione maligna,
senza dubbio è da seguire il consiglio di R16
Bilodiego
Torna in alto
 
giovanitasca
Inviato: Friday, October 15, 2010 9:06:07 AM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
Mi scuso per il ritardo, ma sono dovuto andare fuori e non ho potuto rispondere. Ho fatto tutto. Pare che i problemi si siano risolti. Posto il Log del Combofix anche perchè mi pari che questo programma vada poi rimosso. Porgo sempre infiniti ringraziamenti:

ComboFix 10-10-09.06 - ortopediamedici 11/10/2010 17.18.45.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.658 [GMT 2:00]
Eseguito da: c:\documents and settings\ortopediamedici\Desktop\ComboFix.exe

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ortopediamedici\Dati applicazioni\Bitrix Security
c:\documents and settings\ortopediamedici\Dati applicazioni\Bitrix Security\ircix
c:\documents and settings\ortopediamedici\Dati applicazioni\Bitrix Security\jje.txt
c:\documents and settings\ortopediamedici\Dati applicazioni\Bitrix Security\kahvux_shrd
c:\documents and settings\ortopediamedici\Dati applicazioni\Bitrix Security\ljgh.txt
c:\documents and settings\ortopediamedici\Dati applicazioni\Bitrix Security\mxd1.txt
c:\documents and settings\ortopediamedici\Dati applicazioni\Bitrix Security\qnf.txt
c:\documents and settings\ortopediamedici\Dati applicazioni\Bitrix Security\rty.txt
c:\documents and settings\ortopediamedici\Dati applicazioni\inst.exe
c:\documents and settings\ortopediamedici\Impostazioni locali\Dati applicazioni\uwami.dat
c:\documents and settings\ortopediamedici\Impostazioni locali\Dati applicazioni\uwami_nav.dat
c:\documents and settings\ortopediamedici\Impostazioni locali\Dati applicazioni\uwami_navps.dat
c:\documents and settings\ortopediamedici\Logo.png
c:\windows\install.exe
c:\windows\system32\drivers\cmijik.sys
c:\windows\system32\drivers\liub.sys

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_foblyqcq
-------\Legacy_kpfwjjfp
-------\Service_foblyqcq
-------\Service_kpfwjjfp


((((((((((((((((((((((((( Files Creati Da 2010-09-11 al 2010-10-11 )))))))))))))))))))))))))))))))))))
.

2010-10-11 14:22 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 14:22 . 2010-10-11 14:22 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-10-11 14:22 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-11 11:58 . 2010-10-11 11:59 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Adobe
2010-10-11 11:39 . 2010-10-11 15:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-10-11 11:39 . 2010-10-11 11:39 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-10-10 08:07 . 2010-10-10 08:07 -------- d--h--w- c:\windows\PIF
2010-10-07 12:30 . 2010-10-07 12:30 -------- d-----w- C:\7e6e43c746ff89bc320b8ae0d2cd2b
2010-10-07 09:23 . 2010-10-07 09:23 14808 ----a-w- c:\programmi\Mozilla Firefox\plugin-container.exe
2010-10-07 09:23 . 2010-10-07 09:23 718296 ----a-w- c:\programmi\Mozilla Firefox\mozcpp19.dll
2010-09-21 09:25 . 2010-09-21 09:27 -------- d-----w- c:\documents and settings\ortopediamedici\Impostazioni locali\Dati applicazioni\VenditaMotori
2010-09-21 09:25 . 2010-09-21 09:25 -------- d-----w- c:\documents and settings\ortopediamedici\Impostazioni locali\Dati applicazioni\ConduitEngine
2010-09-21 09:25 . 2010-09-21 09:25 -------- d-----w- c:\programmi\ConduitEngine

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-09-12 13:02 3863136 ----a-w- c:\programmi\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programmi\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programmi\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-26 68856]
"NBJ"="c:\programmi\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 2048000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2005-03-09 14:39 98304 ----a-w- c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 18:14 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-10-27 13:21 61952 ------w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:14 1695232 ----a-w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-12-05 00:41 8523776 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-05 00:41 81920 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-12-05 00:41 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2005-09-07 13:35 716800 ----a-w- c:\programmi\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2005-05-20 08:11 925696 ----a-r- c:\programmi\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 03:27 144784 ----a-w- c:\programmi\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-26 15:16 68856 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-10-29 11:42 185872 ----a-w- c:\programmi\File comuni\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2005-03-09 14:39 785048 ----a-w- c:\programmi\Acronis\TrueImageWorkstation\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
2006-06-18 12:56 712704 ----a-w- c:\programmi\UltraVNC\winvnc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=

R2 ManageEngine Desktop Central 6 - Agent;ManageEngine Desktop Central 6 - Agent;c:\programmi\DesktopCentral_Agent\bin\dcagentservice.exe [31/07/2009 18.52.46 434176]
R2 ManageEngine Desktop Central 6 - Remote Control;ManageEngine Desktop Central 6 - Remote Control;c:\programmi\DesktopCentral_Agent\bin\dcrdservice.exe [31/07/2009 18.52.46 475136]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [05/08/2008 11.46.06 6016]
S2 bneoimmqv;Image Network;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 ccjhkysj;Universal Image;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 ctzzwljui;Image Helper;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 dfrtp;Manager Universal;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 dxjvdizy;Microsoft Security;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 finyz;Time System;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 fkgwv;Manager Installer;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 gupdate1c98e7a6d003cfa;Servizio di Google Update (gupdate1c98e7a6d003cfa);c:\programmi\Google\Update\GoogleUpdate.exe [14/02/2009 10.01.19 133104]
S2 hnkgmo;Center Monitor;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 joxlgt;Helper Security;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 kquyt;Network Universal;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 kxnsc;Windows Manager;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 lofubtb;Time Microsoft;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 lrzfhqkmk;Microsoft Task;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 oygyshc;Support Installer;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 pnxgy;Config Windows;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 qgidy;Driver Boot;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 qscbrjv;Security Update;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 qvouils;jxrvclq;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 rshhqgot;Shell Task;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 sfdfsxj;Image Universal;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 snbrtx;Network Driver;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 uspyjvex;Manager Image;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 waftnxxis;Security Time;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 xcfwnued;Image Server;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 xnwrbckcf;System Network;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 yjxmlduoj;Windows Task;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 zcetj;Universal Shell;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;c:\oracle\ora81\bin\ONRSD.EXE [19/10/2000 12.55.50 411244]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
rshhqgot
snbrtx
qvouils
finyz
dfrtp
qscbrjv
sfdfsxj
xcfwnued
yjxmlduoj
xnwrbckcf
lofubtb
kxnsc
oygyshc
ccjhkysj
dxjvdizy
kquyt
waftnxxis
uspyjvex
fkgwv
qgidy
pnxgy
ctzzwljui
joxlgt
hnkgmo
bneoimmqv
zcetj
lrzfhqkmk
.
Contenuto della cartella 'Scheduled Tasks'

2010-10-11 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-20 09:25]

2010-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-14 08:01]

2010-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-14 08:01]

2010-10-09 c:\windows\Tasks\RegCure Program Check.job
- c:\programmi\RegCure\RegCure.exe [2010-05-19 23:20]

2010-10-11 c:\windows\Tasks\RegCure Startup.job
- c:\programmi\RegCure\RegCure.exe [2010-05-19 23:20]

2010-09-16 c:\windows\Tasks\RegCure.job
- c:\programmi\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://it.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {FF0C2A40-906E-404E-A2ED-55A6A85EBA46} = 151.99.125.2,151.99.250.2
DPF: {15CAC53B-5F45-4D70-BE98-386E6F3B3328} - hxxp://192.168.0.200:8085/resources/medweb/MedstWWW.cab
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///E:/CDVIEWER/CdViewer.cab
FF - ProfilePath - c:\documents and settings\ortopediamedici\Dati applicazioni\Mozilla\Firefox\Profiles\gjrdc61c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2086743&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - PHPNukeEN Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2086743&q=
FF - component: c:\programmi\Mozilla Firefox\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}\components\FFExternalAlert.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{AE335179-0533-44AB-8B59-CD68B0000006} - (no file)
SafeBoot-klmdb.sys
MSConfigStartUp-AVP - c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
MSConfigStartUp-lsqweci - c:\documents and settings\ortopediamedici\impostazioni locali\dati applicazioni\lsqweci.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\programmi\Yahoo!\Messenger\YahooMessenger.exe
ActiveSetup-{B89AE310-10ED-48D5-A3F3-B59367EE1F1B} - c:\documents and settings\ortopediamedici\Dati applicazioni\Bitrix Security\kahvux.dll
AddRemove-VenditaMotori Toolbar - c:\progra~1\VENDIT~1\UNWISE.EXE



[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xcfwnued]
"ServiceDll"="c:\windows\system32\wmttmaq.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(1032)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(2652)
c:\windows\system32\WININET.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\DesktopCentral_Agent\dcconfig.exe
.
**************************************************************************
.
Ora fine scansione: 2010-10-11 17:30:13 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-10-11 15:30

Pre-Run: 39.694.970.880 byte disponibili
Post-Run: 39.884.910.592 byte disponibili

- - End Of File - - 2B1315E4EAC3BDDADD7368ECDEA1961D
Torna in alto
 
r16
Inviato: Friday, October 15, 2010 6:23:25 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
giovanitasca ha scritto:
Pare che i problemi si siano risolti. Posto il Log del Combofix anche perchè mi pari che questo programma vada poi rimosso. Porgo sempre infiniti ringraziamenti:

Guarda, per me quel pc è strapieno di virus.
Per cui, è impossibile che funzioni bene. (per me)
Però trattandosi del pc di lavoro, prima di iniziare la strage che ho in mente, è meglio che io aspetti il tuo benestare.
Sei veramente sicuro che quel pc funzioni bene?
Torna in alto
 
giovanitasca
Inviato: Friday, October 15, 2010 9:03:25 PM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
I quattro programmi istituzionali... funzionano. Per altro, lascia un pò a desiderare, per cui suggerisci pure quel che devo fare. L'azienda, per risparmiare, ha disdetto l'abbonamento con Kaspersky antivirus. Io ho installato AVG Free.
Sono in attesa di inizare le pulizie. A presto
Torna in alto
 
panchoz
Inviato: Friday, October 15, 2010 9:22:33 PM

Rank: AiutAmico

Iscritto dal : 11/6/2008
Posts: 2,452
giovanitasca ha scritto:
I quattro programmi istituzionali... funzionano. Per altro, lascia un pò a desiderare, per cui suggerisci pure quel che devo fare. L'azienda, per risparmiare, ha disdetto l'abbonamento con Kaspersky antivirus. Io ho installato AVG Free.
Sono in attesa di inizare le pulizie. A presto



...che NON può essere utilizzato su un pc aziendale!!!!!!!!!!!!! ...in quanto FREE

Gio, renditi conto di quanto stai affermando Whistle



Torna in alto
 
r16
Inviato: Friday, October 15, 2010 10:06:56 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Prima di cominciare, crea un punto di ripristino.

Poi:

Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::
Driver::
bneoimmqv
ccjhkysj
ctzzwljui
dfrtp
dxjvdizy
finyz
fkgwv
hnkgmo
joxlgt
kquyt
kxnsc
lofubtb
lrzfhqkmk
oygyshc
pnxgy
qgidy
qscbrjv
qvouils
rshhqgot
sfdfsxj
snbrtx
uspyjvex
waftnxxis
xcfwnued
xnwrbckcf
yjxmlduoj
zcetj

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xcfwnued]

File::
c:\windows\system32\wmttmaq.dll

NetSvcs::
rshhqgot
snbrtx
qvouils
finyz
dfrtp
qscbrjv
sfdfsxj
xcfwnued
yjxmlduoj
xnwrbckcf
lofubtb
kxnsc
oygyshc
ccjhkysj
dxjvdizy
kquyt
waftnxxis
uspyjvex
fkgwv
qgidy
pnxgy
ctzzwljui
joxlgt
hnkgmo
bneoimmqv
zcetj
lrzfhqkmk

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Folder::
c:\windows\Tasks


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Se il pc non si riavvia da solo, riavvialo tu.
Posta il log aggiornato di combofix
Torna in alto
 
shapiro
Inviato: Friday, October 15, 2010 10:34:39 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
scusate l'intrusione

r16 ti ho inviato un m.P.
Torna in alto
 
giovanitasca
Inviato: Friday, October 15, 2010 11:15:55 PM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
Ok. E' la prima cosa che farò domattina. Non capisco una cosa: su un PC anche se aziendale, non può essere installato un programma free?
Torna in alto
 
ecofive
Inviato: Friday, October 15, 2010 11:26:23 PM

Rank: AiutAmico

Iscritto dal : 6/20/2008
Posts: 7,111
Confermo quanto detto da Panchoz: AVG, nella versione free, può essere legalmente installato solo sul personal computer di casa (quindi per uso privato).

Ciao.
Torna in alto
 
r16
Inviato: Friday, October 15, 2010 11:34:53 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
@shapiro :
Ti ho risposto.

@giovanitasca
Ricorda di fare un punto di ripristino.
Quando si ha a che fare con un pc aziendale, le sorprese sono all'ordine del giorno.
Torna in alto
 
giovanitasca
Inviato: Friday, October 15, 2010 11:55:10 PM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
Non lo sapevo. Devo allora disinstallarlo? C'è una soluzione considerato che non è stato rinnovato l'abbonamento con Kaspersky e il PC si trova in balia di tutto?
Torna in alto
 
r16
Inviato: Saturday, October 16, 2010 12:06:30 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
C'è una soluzione considerato che non è stato rinnovato l'abbonamento con Kaspersky e il PC si trova in balia di tutto?

Questo conferma, il perchè, quel pc è pieno come un uovo. (di Rootkit)
La soluzione, è quella di installare un antivirus a pagamento. (con tanto di assistenza personalizzata)
Di solito, quando si perdono dei dati in un pc aziendale, possono esserci danni di migliaia di euro.
Non lo capiscono in azienda, che è meglio spendere 50 euro, invece di correre il rischio, di spenderne migliaia?
Torna in alto
 
giovanitasca
Inviato: Saturday, October 16, 2010 12:56:25 PM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
Ho fatto quanto suggerito:

ComboFix 10-10-09.06 - ortopediamedici 16/10/2010 11.32.14.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.594 [GMT 2:00]
Eseguito da: c:\documents and settings\ortopediamedici\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\ortopediamedici\Desktop\CFScript.txt

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -

FILE ::
"c:\windows\system32\wmttmaq.dll"
.

((((((((((((((((((((((((( Files Creati Da 2010-09-16 al 2010-10-16 )))))))))))))))))))))))))))))))))))
.

2010-10-13 11:29 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 11:29 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 11:27 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-11 17:00 . 2010-10-11 17:00 -------- d-----w- C:\$AVG
2010-10-11 16:55 . 2010-10-11 16:55 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-10-11 15:46 . 2010-10-11 16:55 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-10-11 15:46 . 2010-10-11 16:55 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-10-11 15:46 . 2010-10-11 16:55 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-10-11 15:46 . 2010-10-16 07:04 -------- d-----w- c:\windows\system32\drivers\Avg
2010-10-11 15:45 . 2010-10-11 15:45 -------- d-----w- c:\programmi\AVG
2010-10-11 15:45 . 2010-10-11 15:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-10-11 14:22 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 14:22 . 2010-10-11 14:22 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-10-11 14:22 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-11 11:58 . 2010-10-11 11:59 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Adobe
2010-10-11 11:39 . 2010-10-11 15:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-10-11 11:39 . 2010-10-11 11:39 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-10-10 08:07 . 2010-10-10 08:07 -------- d--h--w- c:\windows\PIF
2010-10-07 12:30 . 2010-10-07 12:30 -------- d-----w- C:\7e6e43c746ff89bc320b8ae0d2cd2b
2010-10-07 09:23 . 2010-10-07 09:23 14808 ----a-w- c:\programmi\Mozilla Firefox\plugin-container.exe
2010-10-07 09:23 . 2010-10-07 09:23 718296 ----a-w- c:\programmi\Mozilla Firefox\mozcpp19.dll
2010-09-21 09:25 . 2010-09-21 09:27 -------- d-----w- c:\documents and settings\ortopediamedici\Impostazioni locali\Dati applicazioni\VenditaMotori
2010-09-21 09:25 . 2010-09-21 09:25 -------- d-----w- c:\documents and settings\ortopediamedici\Impostazioni locali\Dati applicazioni\ConduitEngine
2010-09-21 09:25 . 2010-09-21 09:25 -------- d-----w- c:\programmi\ConduitEngine

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-09-12 13:02 3863136 ----a-w- c:\programmi\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programmi\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programmi\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-26 68856]
"NBJ"="c:\programmi\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 2048000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-11 2067808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-10-11 16:55 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2005-03-09 14:39 98304 ----a-w- c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 18:14 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-10-27 13:21 61952 ------w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:14 1695232 ----a-w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-12-05 00:41 8523776 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-05 00:41 81920 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-12-05 00:41 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2005-09-07 13:35 716800 ----a-w- c:\programmi\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2005-05-20 08:11 925696 ----a-r- c:\programmi\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 03:27 144784 ----a-w- c:\programmi\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-26 15:16 68856 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-10-29 11:42 185872 ----a-w- c:\programmi\File comuni\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2005-03-09 14:39 785048 ----a-w- c:\programmi\Acronis\TrueImageWorkstation\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
2006-06-18 12:56 712704 ----a-w- c:\programmi\UltraVNC\winvnc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/10/2010 17.46.15 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/10/2010 17.46.16 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\programmi\AVG\AVG9\avgemc.exe [11/10/2010 18.55.36 921952]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [11/10/2010 18.55.42 308136]
R2 ManageEngine Desktop Central 6 - Agent;ManageEngine Desktop Central 6 - Agent;c:\programmi\DesktopCentral_Agent\bin\dcagentservice.exe [31/07/2009 18.52.46 434176]
R2 ManageEngine Desktop Central 6 - Remote Control;ManageEngine Desktop Central 6 - Remote Control;c:\programmi\DesktopCentral_Agent\bin\dcrdservice.exe [31/07/2009 18.52.46 475136]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [05/08/2008 11.46.06 6016]
S2 bneoimmqv;Image Network;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 ccjhkysj;Universal Image;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 ctzzwljui;Image Helper;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 dfrtp;Manager Universal;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 dxjvdizy;Microsoft Security;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 finyz;Time System;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 fkgwv;Manager Installer;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 gupdate1c98e7a6d003cfa;Servizio di Google Update (gupdate1c98e7a6d003cfa);c:\programmi\Google\Update\GoogleUpdate.exe [14/02/2009 10.01.19 133104]
S2 hnkgmo;Center Monitor;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 joxlgt;Helper Security;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 kquyt;Network Universal;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 kxnsc;Windows Manager;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 lofubtb;Time Microsoft;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 lrzfhqkmk;Microsoft Task;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 oygyshc;Support Installer;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 pnxgy;Config Windows;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 qgidy;Driver Boot;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 qscbrjv;Security Update;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 qvouils;jxrvclq;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 rshhqgot;Shell Task;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 sfdfsxj;Image Universal;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 snbrtx;Network Driver;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 uspyjvex;Manager Image;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 waftnxxis;Security Time;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 xcfwnued;Image Server;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 xnwrbckcf;System Network;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 yjxmlduoj;Windows Task;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 zcetj;Universal Shell;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;c:\oracle\ora81\bin\ONRSD.EXE [19/10/2000 12.55.50 411244]
.
Contenuto della cartella 'Scheduled Tasks'

2010-10-16 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-20 09:25]

2010-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-14 08:01]

2010-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-14 08:01]

2010-10-15 c:\windows\Tasks\RegCure Program Check.job
- c:\programmi\RegCure\RegCure.exe [2010-05-19 23:20]

2010-10-16 c:\windows\Tasks\RegCure Startup.job
- c:\programmi\RegCure\RegCure.exe [2010-05-19 23:20]

2010-09-16 c:\windows\Tasks\RegCure.job
- c:\programmi\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://it.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {FF0C2A40-906E-404E-A2ED-55A6A85EBA46} = 151.99.125.2,151.99.250.2
DPF: {15CAC53B-5F45-4D70-BE98-386E6F3B3328} - hxxp://192.168.0.200:8085/resources/medweb/MedstWWW.cab
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///E:/CDVIEWER/CdViewer.cab
FF - ProfilePath - c:\documents and settings\ortopediamedici\Dati applicazioni\Mozilla\Firefox\Profiles\gjrdc61c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2086743&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - PHPNukeEN Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2086743&q=
FF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}\components\FFExternalAlert.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xcfwnued]
"ServiceDll"="c:\windows\system32\wmttmaq.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(1264)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(2088)
c:\windows\system32\WININET.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
c:\programmi\AVG\AVG9\avgnsx.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
.
**************************************************************************
.
Ora fine scansione: 2010-10-16 11:42:55 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-10-16 09:42
ComboFix2.txt 2010-10-11 15:30

Pre-Run: 38.618.509.312 byte disponibili
Post-Run: 38.982.213.632 byte disponibili

- - End Of File - - EF0EE1BCEAF2F99CE076C2617D7F4096
Torna in alto
 
r16
Inviato: Saturday, October 16, 2010 1:26:36 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Per caso hai eseguito lo script in Modalità provvisoria?

Si deve eliminare Combofix, e riscaricare una versione fresca:

Per eliminare Combofix:

Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca .

Poi scarica sul Desktop questa versione di Combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Una volta scaricato sul desktop, rifai questo script: (in Modalità normale)

Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::

File::
c:\windows\system32\wmttmaq.dll

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_xcfwnued]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_xcfwnued]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_xcfwnued]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_xcfwnued]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_xcfwnued]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xcfwnued]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xcfwnued]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\xcfwnued]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\xcfwnued]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\xcfwnued]

Driver::
bneoimmqv
ccjhkysj
ctzzwljui
dfrtp
dxjvdizy
finyz
fkgwv
hnkgmo
joxlgt
kquyt
kxnsc
lofubtb
lrzfhqkmk
oygyshc
pnxgy
qgidy
qscbrjv
qvouils
rshhqgot
sfdfsxj
snbrtx
uspyjvex
waftnxxis
xcfwnued
xnwrbckcf
yjxmlduoj
zcetj



e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
Torna in alto
 
cbbusto
Inviato: Saturday, October 16, 2010 4:18:06 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
giovanitasca ha scritto:
Non lo sapevo. Devo allora disinstallarlo? C'è una soluzione considerato che non è stato rinnovato l'abbonamento con Kaspersky e il PC si trova in balia di tutto?


Scusate l'intromissione, comunicazione importante.

Visto che usi Windows una soluzione c'è, dal 7/10 in Italia è disponibile la versione di Microsoft Security Essentials (MSE) resa ora gratuitamente installabile anche dalle piccole imprese fino a 10 PC. LEGGI QUI, si tratta di uno fra i migliori antivirus in circolazione, essendo anche antispyware e antimalware non occorrono altri sw di protezione. Ciao
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » SOS urgente per PC lavoro


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.