Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiuto logfile hijackthis Opzioni
morrisdemorris
Inviato: Wednesday, August 31, 2011 8:15:08 PM
Rank: AiutAmico

Iscritto dal : 8/31/2011
Posts: 36
Salve e grazie per i prossimi aiuti..... Ho un troyan posizionato qui segnalatomi dal nod32 c:windows\temp\conhost una variante di win32/kriptik.sge troyan. questo è ciò che mi rileva nod32 e che blocca e elimina con moto perpetuo. ho provato i vari combofix cccleaner malwarebytes e in varie modalità ma non accade nulla. ho fatto il log con hijackthis e confido su un vostro aiuto. grazie infinite


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20.02.22, on 31/08/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmi\Logitech\Logitech WebCam Software\LWS.exe
C:\Programmi\Real\RealPlayer\update\realsched.exe
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Programmi\Windows Live\Toolbar\wltuser.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programmi\AutocompletePro\AutocompletePro.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Recfree toolbar helper - {D286E828-E6B9-484d-A058-D7323666DE33} - C:\Programmi\RecFree.com\RecFreeToolbar\1.0.23.0\escort.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: RecFree Toolbar - {0508F8F1-08E3-43EE-AAA8-09AD09803084} - C:\Programmi\RecFree.com\RecFreeToolbar\1.0.23.0\escorTlbr.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Programmi\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Avvio Veloce di WinZip.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.4.5.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O8 - Extra context menu item: Translate with &Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224266402890
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0E81AC4-1399-4215-AFEE-5347842DD7F7}: NameServer = 62.94.0.1,62.94.0.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 12437 bytes
Sponsor
Inviato: Wednesday, August 31, 2011 8:15:08 PM

 
r16
Inviato: Wednesday, August 31, 2011 8:44:32 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
ho provato i vari combofix cccleaner malwarebytes

I log.
Abbiamo bisogno di vedere e analizzare i log.
Alle volte, non bastano le semplici scansioni per risolvere il problema.
In molti casi, bisogna agire manualmente per eliminare delle infezioni che (per esempio Combofix) vengono rilevate, ma non eliminate.

Il Nod, è regolare?
morrisdemorris
Inviato: Thursday, September 01, 2011 9:07:58 PM
Rank: AiutAmico

Iscritto dal : 8/31/2011
Posts: 36
r16 ha scritto:
Commenta:
ho provato i vari combofix cccleaner malwarebytes

I log.
Abbiamo bisogno di vedere e analizzare i log.
Alle volte, non bastano le semplici scansioni per risolvere il problema.
In molti casi, bisogna agire manualmente per eliminare delle infezioni che (per esempio Combofix) vengono rilevate, ma non eliminate.

Il Nod, è regolare?

Grzie. Si lo è. mi scade tra una decina di giorni.
volevo sapere se ti serve qualche altro dato,, non so il log di combofix?? grazie di nuovo
r16
Inviato: Thursday, September 01, 2011 10:20:33 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
volevo sapere se ti serve qualche altro dato,, non so il log di combofix??

Perbacco......mi sembrava di avere scritto chiaro.....Think
Certo che vorrei vedere i log.
Sia di Combofix che di Malwarebytes.
E possibilmente con scansioni recenti. (non fatte 2 giorni fa)
I log di HijackThis, in questi tempi, servono a poco.


N.B:
Per favore non quotare le mie risposte.
Grazie.
RIOLOTERME
Inviato: Friday, September 02, 2011 12:55:40 AM
Rank: AiutAmico

Iscritto dal : 7/26/2007
Posts: 1,016
grande r16 uno di noi mi manchi quando prendo un virus ti avvisoApplause Applause
morrisdemorris
Inviato: Friday, September 02, 2011 11:12:24 AM
Rank: AiutAmico

Iscritto dal : 8/31/2011
Posts: 36
grazie ecco i log freschi di covata.
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Versione database: 7635

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/09/2011 11.04.10
mbam-log-2011-09-02 (11-03-59).txt

Tipo di scansione: Scansione completa (C:\|H:\|)
Elementi esaminati: 244968
Tempo impiegato: 33 minuti, 41 secondi

Processi infetti in memoria: 1
Moduli di memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 3

Processi infetti in memoria:
c:\WINDOWS\temp\conhost.exe (Trojan.Agent.BTMGen) -> 1632 -> No action taken.

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> No action taken.

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
c:\Qoobox\quarantine\C\documents and settings\all users\dati applicazioni\Adobe\sp.dll.vir (Trojan.Proxy) -> No action taken.
c:\system volume information\_restore{37de1554-17ff-473a-a721-f0fbeed907d4}\RP1\A0000029.DLL (Trojan.Proxy) -> No action taken.
c:\WINDOWS\temp\conhost.exe (Trojan.Agent.BTMGen) -> No action taken.













ComboFix 11-09-01.03 - Totero 02/09/2011 9.59.53.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1416 [GMT 2:00]
Eseguito da: c:\documents and settings\Totero\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\Adobe\sp.Dll
c:\windows\system32\lvci12101110.dll
c:\windows\system32\lvci1311021.dll
c:\windows\system32\xa12003343.exe
c:\windows\system32\xa12026343.exe
c:\windows\system32\xa864796.exe
c:\windows\system32\xa882953.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SPService
.
.
((((((((((((((((((((((((( Files Creati Da 2011-08-02 al 2011-09-02 )))))))))))))))))))))))))))))))))))
.
.
2011-09-02 07:45 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\{78758BAD-D4B3-4892-9954-455602B3B3E0}\mpengine.dll
2011-08-31 19:36 . 2011-08-31 19:36 -------- d-----w- c:\documents and settings\Totero\Impostazioni locali\Dati applicazioni\PIXELA
2011-08-31 18:01 . 2011-08-31 18:01 388096 ----a-r- c:\documents and settings\Totero\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-30 21:24 . 2011-08-30 21:24 -------- d-----w- c:\documents and settings\Totero\Dati applicazioni\thecleaner
2011-08-30 20:46 . 2011-08-30 20:46 -------- d-----w- c:\programmi\Trend Micro
2011-08-27 19:03 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-27 19:02 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-27 19:02 . 2011-08-27 19:07 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-08-27 12:47 . 2011-08-27 12:47 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-27 11:22 . 2011-08-27 18:10 -------- d-----w- c:\documents and settings\Totero\Dati applicazioni\Remote
2011-08-27 09:13 . 2011-08-27 09:13 -------- d-----r- c:\documents and settings\NetworkService\Preferiti
2011-08-27 09:02 . 2011-08-27 09:02 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2011-08-20 21:43 . 2011-08-20 21:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-19 09:32 . 2008-04-13 09:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-08-19 09:32 . 2008-04-13 09:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-08-10 08:13 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 08:13 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 02:44 . 2008-10-17 20:13 7152464 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-07-19 16:43 . 2011-07-19 16:43 29696 ----a-w- c:\windows\mickey32.dll
2011-07-19 16:43 . 2011-07-19 16:43 232784 ----a-w- c:\windows\Matrix Code.scr
2011-07-19 16:43 . 2011-07-19 16:43 2285222 ----a-w- c:\windows\Matrix Code.exe
2011-07-15 13:29 . 2004-09-07 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-09-07 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2008-10-10 12:14 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:30 . 2004-09-07 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:30 . 2004-09-07 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:30 . 2004-09-07 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-09-07 12:00 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-09-07 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35 . 2004-09-07 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2008-07-15 23:09 . 2010-12-14 11:34 2003456 ----a-w- c:\programmi\File comuni\Boris RED.msi
.
.
((((((((((((((((((((((((((((( SnapShot_2011-08-27_18.25.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-02 08:12 . 2011-09-02 08:12 16384 c:\windows\temp\Perflib_Perfdata_cc.dat
+ 2011-09-02 08:07 . 2011-09-02 08:16 267776 c:\windows\temp\conhost.exe
+ 2011-08-31 18:01 . 2011-08-31 18:01 1094656 c:\windows\Installer\456ec.msi
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D286E828-E6B9-484d-A058-D7323666DE33}]
2009-03-09 23:46 139264 ------w- c:\programmi\RecFree.com\RecFreeToolbar\1.0.23.0\escort.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0508F8F1-08E3-43EE-AAA8-09AD09803084}"= "c:\programmi\RecFree.com\RecFreeToolbar\1.0.23.0\escorTlbr.dll" [2009-03-09 172032]
.
[HKEY_CLASSES_ROOT\clsid\{0508f8f1-08e3-43ee-aaa8-09ad09803084}]
[HKEY_CLASSES_ROOT\escorTlbr.DskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\escorTlbr.DskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-18 39408]
"OM2_Monitor"="c:\programmi\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-11-07 95536]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16208384]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2007-06-01 257088]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"TkBellExe"="c:\programmi\Real\RealPlayer\update\realsched.exe" [2011-01-25 274608]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
c:\documents and settings\Totero\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio Veloce di WinZip.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2008-10-17 106560]
ImageMixer 3 SE Camera Monitor Ver.4.5.lnk - c:\programmi\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe [2010-11-12 406896]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\TipicIM\\TipicIM.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23834:TCP"= 23834:TCP:spport
"24850:TCP"= 24850:TCP:spport
"12593:TCP"= 12593:TCP:spport
"12849:TCP"= 12849:TCP:spport
"5187:TCP"= 5187:TCP:spport
"8170:TCP"= 8170:TCP:spport
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [08/10/2008 9.50.14 35168]
R2 DriverX;DriverX;c:\windows\system32\drivers\DRIVERX.SYS [12/03/1997 14.57.58 25792]
R2 ekrn;Eset Service;c:\programmi\Eset\ESET NOD32 Antivirus\ekrn.exe [07/10/2009 9.16.50 472280]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [27/08/2011 21.03.02 366640]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27/08/2011 21.02.58 22712]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [23/05/2011 9.08.41 136176]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [23/05/2011 9.08.41 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [27/08/2011 21.03.00 41272]
S3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [18/10/2008 16.43.10 34136]
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-05-23 07:08]
.
2011-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-05-23 07:08]
.
2011-09-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
2011-09-01 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
2011-09-02 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
2011-09-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-789336058-725345543-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-08-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-789336058-725345543-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Translate with &Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D0E81AC4-1399-4215-AFEE-5347842DD7F7}: NameServer = 62.94.0.1,62.94.0.2
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-02 10:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250820AS rev.3.AAD -> Harddisk0\DR0 -> \Device\00000032
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89D5E4D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89d647d0]; MOV EAX, [0x89d6484c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x89CA5AB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000069[0x89C18BA0]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x89D76030]
\Driver\nvata[0x89D0A250] -> IRP_MJ_CREATE -> 0x89D5E4D0
error: Read Funzione non corretta.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\00000068 -> \??\IDE#DiskST3250820AS_____________________________3.AAD___#2020202020202020202020205135314543524E39#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AE6D14D4-1530-9097-4BB4-B1C54F726FCB}\InProcServer32*]
"oapclnkjillkchgamcpacjckanemfa"=hex:6a,61,61,6f,63,6e,66,66,64,6d,70,68,6f,69,
6f,61,68,65,6f,6e,00,f9
"napcjndpdmhbmobbndokbkfckjil"=hex:6a,61,6a,6e,6b,6e,6d,69,6e,68,69,6e,66,66,
67,65,64,67,6d,6e,00,68
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(824)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3684)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\RTHDCPL.EXE
c:\programmi\ATI Technologies\ATI.ACE\CLI.EXE
c:\windows\eHome\ehmsas.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
c:\programmi\ATI Technologies\ATI.ACE\cli.exe
c:\programmi\ATI Technologies\ATI.ACE\cli.exe
c:\windows\TEMP\conhost.exe
.
**************************************************************************
.
Ora fine scansione: 2011-09-02 10:22:36 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-09-02 08:22
ComboFix2.txt 2011-08-30 20:02
ComboFix3.txt 2011-08-28 08:55
ComboFix4.txt 2011-08-27 22:56
ComboFix5.txt 2011-09-02 07:58
.
Pre-Run: 67.805.536.256 byte disponibili
Post-Run: 66.757.509.120 byte disponibili
.
- - End Of File - - E212A399DD51ECEA6044591FDAE2D98C









r16
Inviato: Friday, September 02, 2011 7:01:00 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.

Elimina quello che ha trovato Malwarebytes.

Disattiva il Tea Timer di SpyBot così:

Apri SpyBot in modalità avanzata (menù modalità - avanzata) poi vai in utilità - resident e togli la spunta a TeaTimer, e riavvia il pc.

Poi:

Scarica TDSSKiller.zip sul desktop:
http://support.kaspersky.com/viruses/solutions?qid=208280684
Estrai i dati in una cartella e fai doppio clik su TDSSKiller.exe
clicca su "Start Scan"
Se trova qualche infezione di default avrai l'opzione "Cure" per cui, clicca su "Continue".
Se un file sospetto viene trovato,l'azione di default sarà skip,clicca su "Continue".
Se è richiesto il riavvio,(Reboot) acconsenti. (per eliminare l'infezione è necessario riavviare il pc)
Se nessun riavvio è richiesto clicca su report e salva il contenuto in un file di testo.
Il log lo trovi in C:\
Postalo qui.

Per postare il log:
Collegati ad internet e vai alla pagina WikiSend: http://www.wikisend.com/
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.

Seguiranno ulteriori indicazioni, perchè ci sono altri rootkit da eliminare.
morrisdemorris
Inviato: Friday, September 02, 2011 10:12:59 PM
Rank: AiutAmico

Iscritto dal : 8/31/2011
Posts: 36
grazie ,,,,,, senti ti do del tu,,, la spunta che ho tolto ora la devo rimettere quella di spybot? ma poi mi serve veramente questa applicazione???



TDSSKiller.2.5.17.0_02.09.2011_21.55.04_log.txt
r16
Inviato: Friday, September 02, 2011 11:23:20 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
senti ti do del tu

E ci mancherebe....se mi dai del "Lei" ti pianto in asso. Angel
Commenta:
la spunta che ho tolto ora la devo rimettere quella di spybot?

No, assolutamente.
Tale funzione (Tea Timer) oltre a non servire a niente, crea dei conflitti con altri software in "tempo reale".

Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::

File::
c:\programmi\RecFree.com\RecFreeToolbar\1.0.23.0\escort.dll

Folder::
c:\programmi\RecFree.com\RecFreeToolbar\1.0.23.0
c:\programmi\RecFree.com\RecFreeToolbar
c:\programmi\RecFree.com

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D286E828-E6B9-484d-A058-D7323666DE33}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0508F8F1-08E3-43EE-AAA8-09AD09803084}"=-
[-HKEY_CLASSES_ROOT\clsid\{0508f8f1-08e3-43ee-aaa8-09ad09803084}]
[-HKEY_CLASSES_ROOT\escorTlbr.DskBnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_CLASSES_ROOT\escorTlbr.DskBnd]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23834:TCP"=-
"24850:TCP"=-
"12593:TCP"=-
"12849:TCP"=-
"5187:TCP"=-
"8170:TCP"=-

RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AE6D14D4-1530-9097-4BB4-B1C54F726FCB}\InProcServer32*]



e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Se il pc non si riavvia da solo, riavvialo tu.
Posta il log aggiornato di combofix
morrisdemorris
Inviato: Saturday, September 03, 2011 10:40:21 AM
Rank: AiutAmico

Iscritto dal : 8/31/2011
Posts: 36
ComboFix 11-09-02.04 - Totero 03/09/2011 10.22.13.8.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1391 [GMT 2:00]
Eseguito da: c:\documents and settings\Totero\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Creati Da 2011-08-03 al 2011-09-03 )))))))))))))))))))))))))))))))))))
.
.
2011-09-02 15:47 . 2011-09-02 16:26 -------- d-----w- c:\documents and settings\Totero\Dati applicazioni\HP
2011-09-02 15:47 . 2011-09-02 15:47 -------- d-----w- c:\documents and settings\Totero\Impostazioni locali\Dati applicazioni\HP
2011-09-02 15:46 . 2009-08-05 15:22 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2011-09-02 15:46 . 2009-08-05 15:22 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2011-09-02 15:46 . 2009-10-22 00:55 452736 ----a-r- c:\windows\system32\hpzids01.dll
2011-09-02 15:46 . 2009-10-21 13:29 125440 ----a-w- c:\windows\system32\hpf3l101.dll
2011-09-02 15:46 . 2009-10-21 13:29 320512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp101.dll
2011-09-02 15:46 . 2009-08-05 15:22 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2011-09-02 15:46 . 2009-10-30 04:15 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2011-09-02 15:46 . 2009-09-10 17:44 966656 ----a-r- c:\windows\system32\hpost_p04b.dll
2011-09-02 15:46 . 2009-09-10 17:44 887296 ----a-r- c:\windows\system32\hposwia_p04b.dll
2011-09-02 15:46 . 2009-09-10 17:44 315392 ----a-r- c:\windows\system32\hposc_p04a.dll
2011-09-02 15:46 . 2009-08-05 15:22 309760 ----a-r- c:\windows\system32\difxapi.dll
2011-09-02 15:45 . 2011-09-02 15:45 -------- d-----w- c:\programmi\MSN Toolbar
2011-09-02 15:44 . 2011-09-02 15:45 -------- d-----w- c:\programmi\MSN Toolbar Installer
2011-09-02 15:44 . 2011-09-02 15:44 -------- d-----w- c:\documents and settings\Totero\Dati applicazioni\HpUpdate
2011-09-02 15:43 . 2011-09-02 15:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP Product Assistant
2011-09-02 15:41 . 2011-09-02 15:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP
2011-09-02 15:41 . 2011-09-02 15:41 -------- d-----w- c:\programmi\File comuni\HP
2011-09-02 15:41 . 2011-09-02 15:41 -------- d-----w- c:\programmi\File comuni\Hewlett-Packard
2011-09-02 15:37 . 2011-09-02 15:44 -------- d-----w- c:\programmi\HP
2011-09-02 15:36 . 2008-04-13 09:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-09-02 15:36 . 2008-04-13 09:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-09-02 07:45 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\{78758BAD-D4B3-4892-9954-455602B3B3E0}\mpengine.dll
2011-08-31 19:36 . 2011-08-31 19:36 -------- d-----w- c:\documents and settings\Totero\Impostazioni locali\Dati applicazioni\PIXELA
2011-08-30 21:24 . 2011-08-30 21:24 -------- d-----w- c:\documents and settings\Totero\Dati applicazioni\thecleaner
2011-08-30 20:46 . 2011-08-30 20:46 -------- d-----w- c:\programmi\Trend Micro
2011-08-27 19:03 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-27 19:02 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-27 19:02 . 2011-08-27 19:07 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-08-27 12:47 . 2011-08-27 12:47 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-27 11:22 . 2011-08-27 18:10 -------- d-----w- c:\documents and settings\Totero\Dati applicazioni\Remote
2011-08-27 09:13 . 2011-08-27 09:13 -------- d-----r- c:\documents and settings\NetworkService\Preferiti
2011-08-27 09:02 . 2011-08-27 09:02 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2011-08-20 21:43 . 2011-08-20 21:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-19 09:32 . 2008-04-13 09:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-08-19 09:32 . 2008-04-13 09:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-08-10 08:13 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 08:13 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 02:44 . 2008-10-17 20:13 7152464 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-07-19 16:43 . 2011-07-19 16:43 29696 ----a-w- c:\windows\mickey32.dll
2011-07-19 16:43 . 2011-07-19 16:43 232784 ----a-w- c:\windows\Matrix Code.scr
2011-07-19 16:43 . 2011-07-19 16:43 2285222 ----a-w- c:\windows\Matrix Code.exe
2011-07-15 13:29 . 2004-09-07 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-09-07 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2008-10-10 12:14 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:30 . 2004-09-07 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:30 . 2004-09-07 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:30 . 2004-09-07 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-09-07 12:00 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-09-07 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35 . 2004-09-07 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2008-07-15 23:09 . 2010-12-14 11:34 2003456 ----a-w- c:\programmi\File comuni\Boris RED.msi
.
.
((((((((((((((((((((((((((((( SnapShot_2011-08-27_18.25.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-29 23:13 . 2010-01-29 23:13 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfcm80u.dll
+ 2010-01-29 23:13 . 2010-01-29 23:13 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfcm80.dll
+ 2010-01-29 23:13 . 2010-01-29 23:13 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_6e85597b\ATL80.dll
+ 2010-03-26 23:36 . 2010-03-26 23:36 62976 c:\windows\WinSxS\amd64_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_e2e562e3\mfc90rus.dll
+ 2010-03-26 23:36 . 2010-03-26 23:36 46080 c:\windows\WinSxS\amd64_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_e2e562e3\mfc90kor.dll
+ 2010-03-26 23:36 . 2010-03-26 23:36 46592 c:\windows\WinSxS\amd64_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_e2e562e3\mfc90jpn.dll
+ 2010-03-26 23:36 . 2010-03-26 23:36 64512 c:\windows\WinSxS\amd64_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_e2e562e3\mfc90ita.dll
+ 2010-03-26 23:36 . 2010-03-26 23:36 66048 c:\windows\WinSxS\amd64_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_e2e562e3\mfc90fra.dll
+ 2010-03-26 23:36 . 2010-03-26 23:36 65024 c:\windows\WinSxS\amd64_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_e2e562e3\mfc90esp.dll
+ 2010-03-26 23:36 . 2010-03-26 23:36 65024 c:\windows\WinSxS\amd64_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_e2e562e3\mfc90esn.dll
+ 2010-03-26 23:36 . 2010-03-26 23:36 56832 c:\windows\WinSxS\amd64_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_e2e562e3\mfc90enu.dll
+ 2010-03-26 23:36 . 2010-03-26 23:36 66560 c:\windows\WinSxS\amd64_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_e2e562e3\mfc90deu.dll
+ 2010-03-26 23:36 . 2010-03-26 23:36 39936 c:\windows\WinSxS\amd64_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_e2e562e3\mfc90cht.dll
+ 2010-03-26 23:36 . 2010-03-26 23:36 38912 c:\windows\WinSxS\amd64_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_e2e562e3\mfc90chs.dll
+ 2010-01-29 21:40 . 2010-01-29 21:40 67072 c:\windows\WinSxS\amd64_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_7264ef23\mfcm90u.dll
+ 2010-01-29 21:40 . 2010-01-29 21:40 67072 c:\windows\WinSxS\amd64_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_7264ef23\mfcm90.dll
+ 2011-09-03 08:29 . 2011-09-03 08:29 16384 c:\windows\temp\Perflib_Perfdata_780.dat
+ 2010-01-18 10:28 . 2010-01-18 10:28 20480 c:\windows\system32\hpzisn12.dll
+ 2010-01-18 10:28 . 2010-01-18 10:28 29696 c:\windows\system32\hpzipt12.dll
+ 2010-01-18 10:28 . 2010-01-18 10:28 33792 c:\windows\system32\HPZipr12.dll
+ 2010-01-18 10:28 . 2010-01-18 10:28 53760 c:\windows\system32\HPZipm12.dll
+ 2010-01-18 10:28 . 2010-01-18 10:28 44032 c:\windows\system32\HPZinw12.dll
+ 2010-01-18 10:28 . 2010-01-18 10:28 49152 c:\windows\system32\HPZidr12.dll
+ 2010-01-19 13:10 . 2010-01-19 13:10 63488 c:\windows\system32\HPBWSDR.DLL
+ 2010-01-19 13:18 . 2010-01-19 13:18 41472 c:\windows\system32\hpbpro.dll
+ 2010-01-19 13:18 . 2010-01-19 13:18 25600 c:\windows\system32\hpboid.dll
+ 2010-01-19 13:18 . 2010-01-19 13:18 24576 c:\windows\system32\hpbmiapi.dll
+ 2011-09-02 15:39 . 2009-08-05 15:22 16800 c:\windows\system32\DRVSTORE\hpzius13_8D1976013E2E7C9CB02B04985FF5761CF0F1837E\drivers\dot4\WinxP\Hppaufd0.sys
+ 2011-09-02 15:39 . 2009-08-05 15:22 21568 c:\windows\system32\DRVSTORE\hpzius13_8D1976013E2E7C9CB02B04985FF5761CF0F1837E\drivers\dot4\Win2000\HPZius12.sys
+ 2011-09-02 15:39 . 2009-08-05 15:22 16496 c:\windows\system32\DRVSTORE\hpzius13_8D1976013E2E7C9CB02B04985FF5761CF0F1837E\drivers\dot4\Win2000\hpzipr12.sys
+ 2011-09-02 15:39 . 2009-08-05 15:22 49920 c:\windows\system32\DRVSTORE\hpzius13_8D1976013E2E7C9CB02B04985FF5761CF0F1837E\drivers\dot4\Win2000\hpzid412.sys
+ 2011-09-02 15:39 . 2009-08-05 15:22 16496 c:\windows\system32\DRVSTORE\hpzipr13_2850F885EE53D2B4462EF066D31F5A4875C6CD73\drivers\dot4\Win2000\HPZipr12.sys
+ 2011-09-02 15:39 . 2009-08-05 15:22 21568 c:\windows\system32\DRVSTORE\hpzipa13_EE3CF537F4EE3307971BE58371D43829AAE8CFDE\drivers\dot4\Win2000\HPZius12.sys
+ 2011-09-02 15:39 . 2009-08-05 15:22 16496 c:\windows\system32\DRVSTORE\hpzipa13_EE3CF537F4EE3307971BE58371D43829AAE8CFDE\drivers\dot4\Win2000\HPzipr12.sys
+ 2011-09-02 15:38 . 2009-08-05 15:22 49920 c:\windows\system32\DRVSTORE\hpzipa13_EE3CF537F4EE3307971BE58371D43829AAE8CFDE\drivers\dot4\Win2000\HPZid412.sys
+ 2011-09-02 15:38 . 2009-08-05 15:22 49920 c:\windows\system32\DRVSTORE\hpzid413_901BE655A04916440384FFED97293B9BD1537C92\drivers\dot4\Win2000\HPZid412.sys
+ 2011-09-02 15:37 . 2011-09-02 15:37 66048 c:\windows\Installer\b24bd.msi
+ 2011-09-02 15:43 . 2011-09-02 15:43 65536 c:\windows\Installer\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
+ 2010-01-19 13:18 . 2010-01-19 13:18 7680 c:\windows\system32\hpbprops.dll
+ 2010-01-19 13:18 . 2010-01-19 13:18 7680 c:\windows\system32\hpboidps.dll
+ 2010-01-29 23:13 . 2010-01-29 23:13 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcr80.dll
+ 2010-01-29 23:13 . 2010-01-29 23:13 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcp80.dll
+ 2010-01-29 23:13 . 2010-01-29 23:13 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcm80.dll
+ 2010-01-29 21:40 . 2010-01-29 21:40 626688 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcr90.dll
+ 2010-01-29 21:40 . 2010-01-29 21:40 856576 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcp90.dll
+ 2010-01-29 21:40 . 2010-01-29 21:40 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcm90.dll
+ 2011-09-02 15:46 . 2009-07-14 04:37 762368 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_b110_sea82b\UNIRES.DLL
+ 2011-09-02 15:46 . 2009-07-14 04:46 747520 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_b110_sea82b\UNIDRVUI.DLL
+ 2011-09-02 15:46 . 2009-07-14 04:46 375296 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_b110_sea82b\UNIDRV.DLL
+ 2011-09-02 15:46 . 2009-10-21 13:28 636416 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_b110_sea82b\hpob1103.dll
+ 2011-09-02 15:46 . 2009-10-21 13:28 209408 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_b110_sea82b\hpfvu101.dll
+ 2011-09-02 15:46 . 2009-09-03 08:50 115712 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_b110_sea82b\hpfrs101.dll
+ 2011-09-02 15:46 . 2009-10-21 13:29 309760 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_b110_sea82b\hpfpr101.dll
+ 2011-09-02 15:46 . 2009-10-21 13:29 472064 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_b110_sea82b\hpfpa101.dll
+ 2011-09-02 15:46 . 2009-09-03 08:48 221696 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_b110_sea82b\hpfie101.dll
+ 2011-09-02 15:46 . 2009-10-21 13:29 534016 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_b110_sea82b\hpfev101.dll
+ 2008-11-01 14:04 . 2009-07-14 04:37 762368 c:\windows\system32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2008-11-01 14:04 . 2009-07-14 04:46 747520 c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
+ 2008-11-01 14:04 . 2009-07-14 04:46 375296 c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2011-09-02 15:46 . 2009-10-21 13:28 636416 c:\windows\system32\spool\drivers\w32x86\3\hpob1103.dll
+ 2011-09-02 15:46 . 2009-10-21 13:28 209408 c:\windows\system32\spool\drivers\w32x86\3\hpfvu101.dll
+ 2011-09-02 15:46 . 2009-09-03 08:50 115712 c:\windows\system32\spool\drivers\w32x86\3\hpfrs101.dll
+ 2011-09-02 15:46 . 2009-10-21 13:29 309760 c:\windows\system32\spool\drivers\w32x86\3\hpfpr101.dll
+ 2011-09-02 15:46 . 2009-10-21 13:29 472064 c:\windows\system32\spool\drivers\w32x86\3\hpfpa101.dll
+ 2011-09-02 15:46 . 2009-09-03 08:48 221696 c:\windows\system32\spool\drivers\w32x86\3\hpfie101.dll
+ 2011-09-02 15:46 . 2009-10-21 13:29 534016 c:\windows\system32\spool\drivers\w32x86\3\hpfev101.dll
+ 2009-11-27 10:16 . 2009-11-27 10:16 180224 c:\windows\system32\hplbddrv.dll
+ 2011-09-02 15:39 . 2009-08-05 15:22 282624 c:\windows\system32\DRVSTORE\hpzius13_8D1976013E2E7C9CB02B04985FF5761CF0F1837E\HPZc3212.dll
+ 2011-09-02 15:39 . 2009-10-30 04:15 372736 c:\windows\system32\DRVSTORE\hpzius13_8D1976013E2E7C9CB02B04985FF5761CF0F1837E\drivers\dot4\Win2000\hppldcoi.dll
+ 2011-09-02 15:39 . 2009-08-05 15:22 309760 c:\windows\system32\DRVSTORE\hpzius13_8D1976013E2E7C9CB02B04985FF5761CF0F1837E\drivers\dot4\Win2000\difxapi.dll
+ 2011-09-02 15:39 . 2009-08-05 15:22 282624 c:\windows\system32\DRVSTORE\hpzipa13_EE3CF537F4EE3307971BE58371D43829AAE8CFDE\HPZc3212.dll
+ 2011-09-02 15:39 . 2009-10-30 04:15 372736 c:\windows\system32\DRVSTORE\hpzipa13_EE3CF537F4EE3307971BE58371D43829AAE8CFDE\drivers\dot4\Win2000\hppldcoi.dll
+ 2011-09-02 15:39 . 2009-08-05 15:22 309760 c:\windows\system32\DRVSTORE\hpzipa13_EE3CF537F4EE3307971BE58371D43829AAE8CFDE\drivers\dot4\Win2000\difxapi.dll
+ 2011-09-02 15:39 . 2009-09-10 17:44 887296 c:\windows\system32\DRVSTORE\hpob110_sc_A949E55243CEA7576E3DAD3E7D2A083AC2EC20F1\drivers\scanner\x32\hposwia_p04b.dll
+ 2011-09-02 15:39 . 2009-09-10 17:44 966656 c:\windows\system32\DRVSTORE\hpob110_sc_A949E55243CEA7576E3DAD3E7D2A083AC2EC20F1\drivers\scanner\x32\hpost_p04b.dll
+ 2011-09-02 15:39 . 2009-09-10 17:44 315392 c:\windows\system32\DRVSTORE\hpob110_sc_A949E55243CEA7576E3DAD3E7D2A083AC2EC20F1\drivers\scanner\x32\hposc_p04a.dll
+ 2011-09-02 15:39 . 2009-10-30 04:15 372736 c:\windows\system32\DRVSTORE\hpob110_sc_A949E55243CEA7576E3DAD3E7D2A083AC2EC20F1\drivers\dot4\Win2000\hppldcoi.dll
+ 2011-09-02 15:39 . 2009-08-05 15:22 309760 c:\windows\system32\DRVSTORE\hpob110_sc_A949E55243CEA7576E3DAD3E7D2A083AC2EC20F1\drivers\dot4\Win2000\difxapi.dll
+ 2011-09-02 15:38 . 2009-10-22 00:55 452736 c:\windows\system32\DRVSTORE\hpb110_059AF5BED3758FDFEB7367E29299A6824469E7A7\hpzids01.dll
+ 2011-09-02 15:45 . 2011-09-02 15:45 164864 c:\windows\Installer\b2570.msi
+ 2011-09-02 15:45 . 2011-09-02 15:45 203776 c:\windows\Installer\b255f.msi
+ 2011-09-02 15:44 . 2011-09-02 15:44 822784 c:\windows\Installer\b2549.msi
+ 2011-09-02 15:44 . 2011-09-02 15:44 855040 c:\windows\Installer\b2541.msi
+ 2011-09-02 15:44 . 2011-09-02 15:44 482304 c:\windows\Installer\b253b.msi
+ 2011-09-02 15:43 . 2011-09-02 15:43 571904 c:\windows\Installer\b252f.msi
+ 2011-09-02 15:43 . 2011-09-02 15:43 273408 c:\windows\Installer\b2529.msi
+ 2011-09-02 15:43 . 2011-09-02 15:43 828928 c:\windows\Installer\b2523.msi
+ 2011-09-02 15:43 . 2011-09-02 15:43 697344 c:\windows\Installer\b251a.msi
+ 2011-09-02 15:42 . 2011-09-02 15:42 522752 c:\windows\Installer\b2513.msi
+ 2011-09-02 15:42 . 2011-09-02 15:42 583680 c:\windows\Installer\b250d.msi
+ 2011-09-02 15:42 . 2011-09-02 15:42 678400 c:\windows\Installer\b2507.msi
+ 2011-09-02 15:42 . 2011-09-02 15:42 241152 c:\windows\Installer\b2501.msi
+ 2011-09-02 15:42 . 2011-09-02 15:42 241664 c:\windows\Installer\b24fa.msi
+ 2011-09-02 15:42 . 2011-09-02 15:42 390144 c:\windows\Installer\b24f4.msi
+ 2011-09-02 15:41 . 2011-09-02 15:41 944640 c:\windows\Installer\b24e7.msi
+ 2011-09-02 15:41 . 2011-09-02 15:41 395264 c:\windows\Installer\b24e1.msi
+ 2011-09-02 15:41 . 2011-09-02 15:41 818688 c:\windows\Installer\b24db.msi
+ 2011-09-02 15:41 . 2011-09-02 15:41 312320 c:\windows\Installer\b24ce.msi
+ 2011-09-02 15:40 . 2011-09-02 15:40 457216 c:\windows\Installer\b24c4.msi
+ 2011-09-02 15:44 . 2011-09-02 15:44 102400 c:\windows\Installer\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}\NewShortcut1_47F36D92E58E456DB73C3382737E4C42.exe
+ 2011-09-02 15:31 . 2011-09-02 15:44 213846 c:\windows\hpoins47.dat
+ 2010-01-29 23:13 . 2010-01-29 23:13 1079808 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80u.dll
+ 2010-01-29 23:13 . 2010-01-29 23:13 1093632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80.dll
+ 2011-09-02 15:41 . 2011-09-02 15:41 1230336 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
+ 2010-01-29 21:40 . 2010-01-29 21:40 5105656 c:\windows\WinSxS\amd64_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_7264ef23\mfc90u.dll
+ 2010-01-29 21:40 . 2010-01-29 21:40 5086712 c:\windows\WinSxS\amd64_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_7264ef23\mfc90.dll
+ 2011-09-02 15:46 . 2009-10-21 13:28 1787392 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_b110_sea82b\hpfui101.dll
+ 2011-09-02 15:46 . 2009-10-21 13:27 1224192 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_b110_sea82b\hpfst101.dll
+ 2011-09-02 15:46 . 2009-10-21 13:29 1482752 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_b110_sea82b\hpf3r101.dll
+ 2011-09-02 15:46 . 2009-10-21 13:28 1787392 c:\windows\system32\spool\drivers\w32x86\3\hpfui101.dll
+ 2011-09-02 15:46 . 2009-10-21 13:27 1224192 c:\windows\system32\spool\drivers\w32x86\3\hpfst101.dll
+ 2011-09-02 15:46 . 2009-10-21 13:29 1482752 c:\windows\system32\spool\drivers\w32x86\3\hpf3r101.dll
+ 2008-10-10 12:56 . 2011-09-02 16:03 1608424 c:\windows\system32\FNTCACHE.DAT
+ 2011-09-02 15:45 . 2011-09-02 15:45 2693632 c:\windows\Installer\b2565.msp
+ 2011-09-02 15:45 . 2011-09-02 15:45 2317312 c:\windows\Installer\b2559.msi
+ 2011-09-02 15:44 . 2011-09-02 15:44 1058304 c:\windows\Installer\b2535.msi
+ 2011-09-02 15:42 . 2011-09-02 15:42 1326080 c:\windows\Installer\b24ee.msi
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D286E828-E6B9-484d-A058-D7323666DE33}]
2009-03-09 23:46 139264 ------w- c:\programmi\RecFree.com\RecFreeToolbar\1.0.23.0\escort.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0508F8F1-08E3-43EE-AAA8-09AD09803084}"= "c:\programmi\RecFree.com\RecFreeToolbar\1.0.23.0\escorTlbr.dll" [2009-03-09 172032]
.
[HKEY_CLASSES_ROOT\clsid\{0508f8f1-08e3-43ee-aaa8-09ad09803084}]
[HKEY_CLASSES_ROOT\escorTlbr.DskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\escorTlbr.DskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-18 39408]
"OM2_Monitor"="c:\programmi\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-11-07 95536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16208384]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2007-06-01 257088]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"TkBellExe"="c:\programmi\Real\RealPlayer\update\realsched.exe" [2011-01-25 274608]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-04-08 254696]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"MSN Toolbar"="c:\programmi\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe" [2009-11-16 240992]
"Microsoft Default Manager"="c:\programmi\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
c:\documents and settings\Totero\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio Veloce di WinZip.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2008-10-17 106560]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
ImageMixer 3 SE Camera Monitor Ver.4.5.lnk - c:\programmi\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe [2010-11-12 406896]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\TipicIM\\TipicIM.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Programmi\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23834:TCP"= 23834:TCP:spport
"24850:TCP"= 24850:TCP:spport
"12593:TCP"= 12593:TCP:spport
"12849:TCP"= 12849:TCP:spport
"5187:TCP"= 5187:TCP:spport
"8170:TCP"= 8170:TCP:spport
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [08/10/2008 9.50.14 35168]
R2 DriverX;DriverX;c:\windows\system32\drivers\DRIVERX.SYS [12/03/1997 14.57.58 25792]
R2 ekrn;Eset Service;c:\programmi\Eset\ESET NOD32 Antivirus\ekrn.exe [07/10/2009 9.16.50 472280]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [27/08/2011 21.03.02 366640]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27/08/2011 21.02.58 22712]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [23/05/2011 9.08.41 136176]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [23/05/2011 9.08.41 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [27/08/2011 21.03.00 41272]
S3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [18/10/2008 16.43.10 34136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-05-23 07:08]
.
2011-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-05-23 07:08]
.
2011-09-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
2011-09-02 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
2011-09-03 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
2011-09-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-789336058-725345543-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-08-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-789336058-725345543-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Translate with &Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D0E81AC4-1399-4215-AFEE-5347842DD7F7}: NameServer = 62.94.0.1,62.94.0.2
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-03 10:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AE6D14D4-1530-9097-4BB4-B1C54F726FCB}\InProcServer32*]
"oapclnkjillkchgamcpacjckanemfa"=hex:6a,61,61,6f,63,6e,66,66,64,6d,70,68,6f,69,
6f,61,68,65,6f,6e,00,f9
"napcjndpdmhbmobbndokbkfckjil"=hex:6a,61,6a,6e,6b,6e,6d,69,6e,68,69,6e,66,66,
67,65,64,67,6d,6e,00,68
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscdll.dll
.
- - - - - - - > 'explorer.exe'(7756)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programmi\ATI Technologies\ATI.ACE\CLI.EXE
c:\windows\RTHDCPL.EXE
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\ehome\mcrdsvc.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\dllhost.exe
c:\programmi\iPod\bin\iPodService.exe
c:\windows\eHome\ehmsas.exe
c:\programmi\HP\Digital Imaging\bin\hpqSTE08.exe
c:\programmi\ATI Technologies\ATI.ACE\cli.exe
c:\programmi\ATI Technologies\ATI.ACE\cli.exe
c:\programmi\HP\Digital Imaging\bin\hpqbam08.exe
c:\programmi\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Ora fine scansione: 2011-09-03 10:34:37 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-09-03 08:34
ComboFix2.txt 2011-09-02 08:22
ComboFix3.txt 2011-08-30 20:02
ComboFix4.txt 2011-08-28 08:55
ComboFix5.txt 2011-09-03 08:14
.
Pre-Run: 66.323.206.144 byte disponibili
Post-Run: 66.382.360.576 byte disponibili
.
- - End Of File - - 0A5F9CFE0FCF8ED420CB7A76BB6E1AC6
morrisdemorris
Inviato: Saturday, September 03, 2011 12:50:41 PM
Rank: AiutAmico

Iscritto dal : 8/31/2011
Posts: 36
comunque come tu ben saprai qui il nod non rileva nessuna minaccia,, quindi siamo sulla strada giusta.
della serie che prevenire è meglio che curare, ma secondo te come sono protetto,,, vero è che scarico un pò di cose e che quindi mi metto sulla dinamite,,, ma secondo te quali applicazione potrei aggiungere per evitarmi sorprese?? esempio quel programma tdsskiller ogni tanto lo devo far girare????? grazie ancora aspetto notizie,, ora si va a lavorare.
r16
Inviato: Saturday, September 03, 2011 12:52:27 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Non ci siamo.
E non ci siamo, perchè non leggi attentamente le indicazioni:
Commenta:
Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Non hai salvato lo script con il nome di CFScript e con l'estensione .txt
Per cui, i tuoi rootkit, godono ancora come ricci.
Riesegui correttamente le istruzioni.

N:B:
Il log che rilascia postalo con :
http://www.wikisend.com/
morrisdemorris
Inviato: Saturday, September 03, 2011 10:12:45 PM
Rank: AiutAmico

Iscritto dal : 8/31/2011
Posts: 36
Ciao va bene ora provo a dirti i passaggi da me fatti,, allora ho aperto start accessori blocco note,,,,, qui ho incollato il codice ( quello che sta nella finestra e lasciando fuori il titolo code,,, sbagliato dovevo mettere anche quello?? ) poi ho salvato con il nome intero con l'estensione ma questa sul deskotp spariva ofgni volta e ci provato un pò di volte a quel punto ho pensato che fosse normale,,, quindi ho trascinato il file in combofix e lui è partito subito,, un'errore potrebbe essere che ho interrotto il programma per riavviare dopodichè ho fatto partire combofix e allegato qui........
come mai ext non rimane dopo averlo salvato???
morrisdemorris
Inviato: Saturday, September 03, 2011 10:14:01 PM
Rank: AiutAmico

Iscritto dal : 8/31/2011
Posts: 36
txt
morrisdemorris
Inviato: Saturday, September 03, 2011 10:30:00 PM
Rank: AiutAmico

Iscritto dal : 8/31/2011
Posts: 36
ho riguardato il salvataggio nome file CFScript.txt che poi scompariva sul desktop il txt,,,,, salvato come documento di testo(*.txt) con codifica ANSI
sai una cosa non ricordo se lho fatto passare in wikisend ma mi sembra di si....
r16
Inviato: Saturday, September 03, 2011 10:42:07 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
sai una cosa non ricordo se lho fatto passare in wikisend ma mi sembra di si....

Non vedo nessun log, da wikisend.
Commenta:
allora ho aperto start accessori blocco note,,,,, qui ho incollato il codice ( quello che sta nella finestra e lasciando fuori il titolo code,,, sbagliato dovevo mettere anche quello?? )

No, la parola code non deve essere copiata.
Commenta:
un'errore potrebbe essere che ho interrotto il programma per riavviare

Sì quello è stato un errore.
Mai interrompere una scansione in corso.
Potrebbe fare danni irreparabili.
morrisdemorris
Inviato: Saturday, September 03, 2011 10:49:45 PM
Rank: AiutAmico

Iscritto dal : 8/31/2011
Posts: 36
e il fatto del salvataggio andava bene
il nome sul desktop deve essere scritto senza txt???
r16
Inviato: Saturday, September 03, 2011 10:54:14 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
L'importante è che tu salvi il file di testo con il nome CFScript e con l'estensione .txt
Poi, se nel desktop non compare l'estensione .txt non importa.
poi la trscini sull'icona di Combofix.
Non toccare niente durante la scansione.
Alla fine ti rilascerà il log che posterai con Wikisend.
morrisdemorris
Inviato: Saturday, September 03, 2011 10:57:41 PM
Rank: AiutAmico

Iscritto dal : 8/31/2011
Posts: 36
ok lo sto facendo girare e poi lo posto,,, mi aveva chiesto di nuovo combofix come stamane se volevo fare l'aggiornamento ma stavolta ho detto di no,,,, magari ho sbagliato.... vabè poi ti dico e grazie .
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.