è di molto rallentato e la cosa più fastidiosa è che per comodità tengo diverse pagine aperte sul desk e le richiamo in primo piano con il mouse quando occorrono e spesso la pagina richiamata rimane completamente bianca oppure mi appare con parte dell'immagine fissa della pagina precedente . . questo sia con explorer che con google chrome o firefox . . prima potevo fare più cose nello stesso momento, usare explorer o simili . . parlare su msn . . usare jdownloader e visionare pure un filmato ora posso fare solo una cosa per volta altrimenti si blocca tutto . . credendo fosse un problema di ram le ho aumentare ma non è cambiato nulla . . forse ha solo bisogno di essere formattato ma prima di farlo volevo vedere se in questo file log si rilevava qualcosa . .
è un insieme di cose. . .
spero di essermi riuscita a spiegare
grazie per l'attenzione
*_* kim

fixa e rimuovi questa voce ..... ma quale voce ? non è specificato nulla
manca qualcosa ??

di nulla . . . seguirò le indicazioni
grazie

no . . nessun software di recente
nella scansione con Malwarebytes il programma ha trovato 4 file da eliminare ma è apparsa una finestra di avg resident shield con scritto che in c:\windows\gmer.exe c'è una minaccia dal nome Trojan BackDoor.Generic13.AUDS . . . che faccio ? ignoro . . o quarantena ?

scarica rkill da uno dei seguenti link e avvialo



link 1

link 2

link 3

se durante la scansione si apre una finestra ignorala (non chiuderla)
Rifai partire rkill.com, e lascia che continui la scansione.
Se ricompare ancora la finestra, tu continui a far ripartire rkill.com . (senza MAI chiudere la finestra) la scansione deve andare fino in fondo

disattiva l'antivirus e riattivalo a fine scansione

scarica combofix sul desktop

Doppio click su combofix.exe(se hai vista o seven clik col tasto destro, esegui come aministratore)
E' probabile che ti siano inviati messaggi dall'antivirus o dallo stesso Combofix ma tu ignorali.

Se ti viene chiesto di Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

segui le instruzioni

Durante la scansione è importante non usare il PC (NE MAUSE NE TASTIERA) e attendere la fine del controllo.
Al termine, verrà creato un file log sul Desktop (C:\ComboFix.txt), postalo nel forum

come usare correttamente combofix


edit

posta anche il log della scansione fatta con malwarebytes

ci sono riuscita . .

log di Malwarebytes



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Versione database: 7820

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29/09/2011 2.33.37
mbam-log-2011-09-29 (02-33-30).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 291533
Tempo impiegato: 1 ore, 57 minuti, 14 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 26

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
c:\documents and settings\User\dati applicazioni\thinstall\avs video editor 4 4.2.1.166\4000009c00002i\IEXPLORE.EXE (Trojan.IRCBot) -> No action taken.
c:\documents and settings\User\dati applicazioni\thinstall\IE8\4000009500002i\iexplore.exe (Trojan.IRCBot) -> No action taken.
c:\documents and settings\User\dati applicazioni\thinstall\realjukebox 1.0\400000600002i\rphelperapp.exe (Trojan.IRCBot) -> No action taken.
c:\documents and settings\User\dati applicazioni\thinstall\{9b615810-7925-4e77-894d-d203740a990d}\4000009c00002i\IEXPLORE.EXE (Trojan.IRCBot) -> No action taken.
c:\documents and settings\User\Desktop\jdowspillo\microsoft office professional 2003\microsoft office word 2003.exe (Worm.VB) -> No action taken.
c:\documents and settings\User\Desktop\jdowspillo\portable office 2007 italiano\_CACHE\3000000092f00002i\MSPUB.EXE (Trojan.IRCBot) -> No action taken.
c:\documents and settings\User\documenti\programmi\lupo_pensuite_v2010.02_full\Apps\ccleaner portable\unicows.dll (Malware.Packer.Gen) -> No action taken.
c:\documents and settings\User\documenti\programmi\lupo_pensuite_v2010.02_full\Apps\Extra\wirelessnetview\wirelessnetview.exe (PUP.WirelessNetworkTool) -> No action taken.
c:\documents and settings\User\documenti\programmi\lupo_pensuite_v2010.02_full\Apps\FDM Lite\dbghelp.dll (Malware.Packer.Gen) -> No action taken.
c:\documents and settings\User\documenti\programmi\lupo_pensuite_v2010.02_full\Apps\FDM Lite\msvcp60.dll (Malware.Packer.Gen) -> No action taken.
c:\documents and settings\User\documenti\programmi\portable fotoworksxl v10.0.6\portable fotoworksxl v10.0.6.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\User\documenti\programmi\prog portabili\Avidemux\Avidemux.exe (Trojan.Backdoor) -> No action taken.
c:\documents and settings\User\documenti\programmi\prog portabili\firefox port\IT\mozilla firefox it - portable\Stubs\2d5d965bca63e847643d7bcfb59b39f9df2dbc3a\firefox.exe (Trojan.Backdoor) -> No action taken.
c:\documents and settings\User\documenti\programmi\prog portabili\portable office 2007 italiano\_CACHE\3000000092f00002i\MSPUB.EXE (Trojan.IRCBot) -> No action taken.
c:\documents and settings\User\documenti\programmi\IOb.asc\keygen\Keygen\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
c:\documents and settings\User\documenti\programmi\iob.sec.360.pr.1.50.10\keygen-ust\iobit security 360keygen-ust.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\User\documenti\programmi\yourunistaller\youninstall\youninstall\Keygen.exe (Trojan.Dropper.PGen) -> No action taken.
c:\documents and settings\User\impostazioni locali\dati applicazioni\thinstall\Cache\Stubs\2bc8d011d4dca9bd86e6a6d76480b09f4bfa7dd4\sup_internetbooster.exe (Trojan.Backdoor) -> No action taken.
c:\documents and settings\User\impostazioni locali\dati applicazioni\thinstall\Cache\Stubs\541139cda6994fce4074a66c84668a3fe9193e\contextmenu.exe (Trojan.Backdoor) -> No action taken.
c:\documents and settings\User\impostazioni locali\dati applicazioni\thinstall\Cache\Stubs\5974fb1fe89e1d67ba6a37d8d1934dbd2d6e5c7\sup_smartram.exe (Trojan.Backdoor) -> No action taken.
c:\documents and settings\User\impostazioni locali\dati applicazioni\thinstall\Cache\Stubs\725e3369deee693f96b63eef842b759a1cca2d\sup_is360.exe (Trojan.Backdoor) -> No action taken.
c:\documents and settings\User\impostazioni locali\dati applicazioni\thinstall\Cache\Stubs\73b51025e114382deb353395ec3dc557e2f6f6e\sup_diskdoctor.exe (Trojan.Backdoor) -> No action taken.
c:\documents and settings\User\impostazioni locali\dati applicazioni\thinstall\Cache\Stubs\78c8f8106f8baa47624ad69b25dfcb9707d24d\sut_sysinfo.exe (Trojan.Backdoor) -> No action taken.
c:\documents and settings\User\impostazioni locali\dati applicazioni\thinstall\Cache\Stubs\8dd8411ed320b89a3ab7fb8814bbc31b6fc3942\sus_systemfilescan.exe (Trojan.Backdoor) -> No action taken.
c:\documents and settings\User\impostazioni locali\dati applicazioni\thinstall\Cache\Stubs\dcd728a96a94c4643a0573fd16658a6462c8e0\sup_shortcutsfixer.exe (Trojan.Backdoor) -> No action taken.
c:\programmi\IObit\advanced systemcare 3\Keygen.exe (RiskWare.Tool.CK) -> No action taken.


log di rkill


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 28/09/2011 at 23.07.41.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 28/09/2011 at 23.07.49.


log di ComboFix

ComboFix 11-09-28.03 - User 28/09/2011 23.15.54.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1791.1153 [GMT 2:00]
Eseguito da: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\User\Dati applicazioni\Desktopicon
c:\documents and settings\User\Dati applicazioni\MiniDm
c:\documents and settings\User\Dati applicazioni\MiniDm\conf.ini
c:\documents and settings\User\Dati applicazioni\MiniDm\history.dat
c:\documents and settings\User\WINDOWS
c:\windows\bwUnin-6.1.4.36-8876480L.exe
c:\windows\IsUn0410.exe
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Creati Da 2011-08-28 al 2011-09-28 )))))))))))))))))))))))))))))))))))
.
.
2011-09-27 21:47 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-27 21:47 . 2011-09-27 21:47 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-09-03 10:17 . 2011-09-09 09:12 603136 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-09-02 18:57 . 2011-09-02 18:57 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-02 13:27 . 2002-06-13 12:02 32768 ----a-w- c:\windows\system32\svcmgr.ocx
2011-09-02 13:27 . 2011-09-02 13:27 -------- d-----w- c:\programmi\RefreshPC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2004-08-19 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-08-21 13:38 . 2011-06-21 22:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-19 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-19 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2004-03-11 12:27 . 2007-01-19 10:22 40960 ----a-w- c:\programmi\Uninstall_CDS.exe
2003-11-03 15:36 . 2003-12-27 12:00 1172480 -c--a-w- c:\programmi\AutoEye_PlugIn.8bf
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"="c:\programmi\Eraser\eraser.exe" [2006-12-26 643072]
"msnmsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProcessGovernor"="c:\programmi\Process Lasso\processgovernor.exe" [2010-07-28 232464]
"AVG_TRAY"="c:\programmi\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Metacafe.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Avvio^Programmi^Esecuzione automatica^Secunia PSI.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QUAD Scheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QUAD Windows service
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2004-04-29 09:59 245760 ----a-w- c:\programmi\Creative\Shared Files\CamTray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\MSN BackUp\\MSNBackup.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Documents and Settings\\User\\Documenti\\programmi\\Lupo_PenSuite_v2010.02_Full\\Apps\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Programmi\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Programmi\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Programmi\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16.27.24 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 4.48.50 32592]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [16/06/2011 17.35.34 13496]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/10/2010 16.42.38 691696]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [21/05/2010 12.06.40 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [21/05/2010 12.06.41 52224]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08/12/2010 5.12.38 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12/11/2010 14.19.38 297168]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\programmi\IObit\Advanced SystemCare 4\ASCService.exe [19/08/2011 23.50.26 328536]
R2 avgwd;AVG WatchDog;c:\programmi\AVG\AVG10\avgwdsvc.exe [08/02/2011 5.33.42 269520]
R2 RHDISK;RHDISK;c:\programmi\Rohos\rhdisk.sys [05/04/2011 23.34.07 33280]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [03/08/2010 16.23.34 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [03/08/2010 16.23.32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [03/08/2010 16.23.36 27216]
S0 Lbd;Lbd; [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18/08/2011 1.33.06 7390560]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [24/11/2008 15.15.52 8192]
S2 Rohos Disk;Rohos Disk service;c:\programmi\Rohos\agent.exe [05/04/2011 23.34.07 801080]
S3 FileObjInfo;STFileDriver;c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\fileobjinfo.sys [29/07/2009 14.20.14 5632]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'
.
2010-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1482476501-682003330-1004Core.job
- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-06-04 19:01]
.
2011-06-16 c:\windows\Tasks\User_Feed_Synchronization-{B10E55C7-E87C-4ADC-8A5A-FBFE88075134}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Download all links with IDM
IE: Download FLV video content with IDM
IE: Download with IDM
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: Interfaces\{38F8BA7F-CFF0-4C01-800B-911F268EA4AE}: NameServer = 151.99.125.2,212.216.112.112
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} - hxxp://194.244.16.123/g_bin/eng/words_2_0_0_51.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Manuale dell'utente di Creative WebCam Instant Italian - c:\windows\IsUn0410.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-28 23:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Ora fine scansione: 2011-09-28 23:27:21
ComboFix-quarantined-files.txt 2011-09-28 21:27
.
Pre-Run: 100.647.395.328 byte disponibili
Post-Run: 100.700.975.104 byte disponibili
.
- - End Of File - - 13E3943E69158AA2AC3EB4B42A358999




..... resto in attesa

grazie *_* kim

ho cliccato sul tuo link . . . mi appare una pagina di Akamai . . . se è giusto non so cosa sia mai sentito nè utilizzato
non suo più ad aware nè spyware terminator

tutto quello trovato ieri con malwarebyts l'avevo subito rimosso

non c'è fretta . .

*_*

allora . . ho fatto come richiesto ma in modalità provvisoria la scansione ad un certo punto di blocca
non so se sbaglio qualcosa io ma ho rifatto il procedimento due volte
e si ferma sempre allo stesso punto . . . quando rimane evidenziata la sigla E:
io ho fatto partire il programma evidenziando il disco locale C:
il programma lo scansiona ma poi alla fine si sposta sulla lettera E: e lì si blocca e non mi dava neppure la possibilità di salvare il file log . . al secondo tentativo ho aperto un file di testo e ho copiato tutto quello che c'era scritto nel fil log del programma . . .

file log di Viitexp


VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK

---

30/09/2011 - 15:12:07

[SCANSIONE DEL REGISTRO]
{DCE2F8B1-A520-11D4-8FD0-00D0B7730277} Infetto da Trojan.Win32.Dialer.KA
* * * RIMOSSO * * *

[C:]
MASTER BOOT RECORD (\\.\PhysicalDrive0): OK
BOOT SECTOR: OK

[SCANSIONE DELLA MEMORIA]
OK

---

30/09/2011 - 15:42:27

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD (\\.\PhysicalDrive0): OK
BOOT SECTOR: OK

[SCANSIONE DELLA MEMORIA]
OK




file log di ComboFix

ComboFix 11-09-29.06 - User 30/09/2011 0.55.51.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1791.1186 [GMT 2:00]
Eseguito da: c:\documents and settings\User\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\User\Desktop\CFScript.txt.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LBD
-------\Service_Lbd
.
.
((((((((((((((((((((((((( Files Creati Da 2011-08-28 al 2011-09-29 )))))))))))))))))))))))))))))))))))
.
.
2011-09-27 21:47 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-27 21:47 . 2011-09-27 21:47 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-09-03 10:17 . 2011-09-09 09:12 603136 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-09-02 18:57 . 2011-09-02 18:57 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-02 13:27 . 2002-06-13 12:02 32768 ----a-w- c:\windows\system32\svcmgr.ocx
2011-09-02 13:27 . 2011-09-02 13:27 -------- d-----w- c:\programmi\RefreshPC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2004-08-19 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-08-21 13:38 . 2011-06-21 22:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-19 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-19 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2004-03-11 12:27 . 2007-01-19 10:22 40960 ----a-w- c:\programmi\Uninstall_CDS.exe
2003-11-03 15:36 . 2003-12-27 12:00 1172480 -c--a-w- c:\programmi\AutoEye_PlugIn.8bf
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-28_21.23.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-29 23:05 . 2011-09-29 23:05 16384 c:\windows\Temp\Perflib_Perfdata_368.dat
+ 2007-01-19 09:04 . 2011-09-29 17:54 47369160 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"="c:\programmi\Eraser\eraser.exe" [2006-12-26 643072]
"msnmsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProcessGovernor"="c:\programmi\Process Lasso\processgovernor.exe" [2010-07-28 232464]
"AVG_TRAY"="c:\programmi\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Metacafe.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Avvio^Programmi^Esecuzione automatica^Secunia PSI.lnk]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2004-04-29 09:59 245760 ----a-w- c:\programmi\Creative\Shared Files\CamTray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\MSN BackUp\\MSNBackup.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Documents and Settings\\User\\Documenti\\programmi\\Lupo_PenSuite_v2010.02_Full\\Apps\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Programmi\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Programmi\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Programmi\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16.27.24 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 4.48.50 32592]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [16/06/2011 17.35.34 13496]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/10/2010 16.42.38 691696]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [21/05/2010 12.06.40 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [21/05/2010 12.06.41 52224]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08/12/2010 5.12.38 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12/11/2010 14.19.38 297168]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\programmi\IObit\Advanced SystemCare 4\ASCService.exe [19/08/2011 23.50.26 328536]
R2 AVGIDSAgent;AVGIDSAgent;c:\programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18/08/2011 1.33.06 7390560]
R2 avgwd;AVG WatchDog;c:\programmi\AVG\AVG10\avgwdsvc.exe [08/02/2011 5.33.42 269520]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [24/11/2008 15.15.52 8192]
R2 RHDISK;RHDISK;c:\programmi\Rohos\rhdisk.sys [05/04/2011 23.34.07 33280]
R2 Rohos Disk;Rohos Disk service;c:\programmi\Rohos\agent.exe [05/04/2011 23.34.07 801080]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [03/08/2010 16.23.34 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [03/08/2010 16.23.32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [03/08/2010 16.23.36 27216]
S3 FileObjInfo;STFileDriver;c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\fileobjinfo.sys [29/07/2009 14.20.14 5632]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1482476501-682003330-1004Core.job
- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-06-04 19:01]
.
2011-09-29 c:\windows\Tasks\User_Feed_Synchronization-{B10E55C7-E87C-4ADC-8A5A-FBFE88075134}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Download all links with IDM
IE: Download FLV video content with IDM
IE: Download with IDM
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: Interfaces\{38F8BA7F-CFF0-4C01-800B-911F268EA4AE}: NameServer = 151.99.125.2,212.216.112.112
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} - hxxp://194.244.16.123/g_bin/eng/words_2_0_0_51.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-30 01:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(2824)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Common Files\Motive\McciCMService.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\programmi\AVG\AVG10\avgnsx.exe
c:\programmi\AVG\AVG10\avgemcx.exe
c:\windows\system32\rundll32.exe
c:\programmi\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\programmi\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Ora fine scansione: 2011-09-30 01:12:14 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-09-29 23:12
ComboFix2.txt 2011-09-28 21:46
ComboFix3.txt 2011-09-28 21:27
.
Pre-Run: 102.416.683.008 byte disponibili
Post-Run: 102.281.875.456 byte disponibili
.
- - End Of File - - 2CABD4069A50F8FE6B5D466B61B4323A



*_* kim