Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » SOS urgente per PC lavoro

2 pages: 1 [2]
SOS urgente per PC lavoro Opzioni
Topic Precedente · Topic Sucessivo
panchoz
Inviato: Saturday, October 16, 2010 5:09:08 PM

Rank: AiutAmico

Iscritto dal : 11/6/2008
Posts: 2,452
Bravo Cbbusto Applause
Torna in alto
 
giovanitasca
Inviato: Sunday, October 17, 2010 11:01:20 AM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
Fatto. In realtà mi ero confuso perchè mi aveva chiesto se vovlevo una versione aggiornata di Combofix.
Ho fatto così: ho disinstallato il vecchio Combofix, ho scaricato quello nuovo e, senza installarlo, ho portato sulla sua icona il file .txt che mi hai detto. Il programma ha fatto il suolavoro, il PC si è riavviato ed è venuto fuori il log che posto. Ho fatto bene?

ComboFix 10-10-16.03 - ortopediamedici 17/10/2010 10.32.56.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.546 [GMT 2:00]
Eseguito da: c:\documents and settings\ortopediamedici\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\ortopediamedici\Desktop\CFScript.txt.txt

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\system32\wmttmaq.dll"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BNEOIMMQV
-------\Legacy_CCJHKYSJ
-------\Legacy_CTZZWLJUI
-------\Legacy_DFRTP
-------\Legacy_DXJVDIZY
-------\Legacy_FINYZ
-------\Legacy_FKGWV
-------\Legacy_HNKGMO
-------\Legacy_JOXLGT
-------\Legacy_KQUYT
-------\Legacy_KXNSC
-------\Legacy_LOFUBTB
-------\Legacy_LRZFHQKMK
-------\Legacy_OYGYSHC
-------\Legacy_PNXGY
-------\Legacy_QGIDY
-------\Legacy_QSCBRJV
-------\Legacy_QVOUILS
-------\Legacy_RSHHQGOT
-------\Legacy_SFDFSXJ
-------\Legacy_SNBRTX
-------\Legacy_USPYJVEX
-------\Legacy_WAFTNXXIS
-------\Legacy_XCFWNUED
-------\Legacy_XNWRBCKCF
-------\Legacy_YJXMLDUOJ
-------\Legacy_ZCETJ
-------\Service_bneoimmqv
-------\Service_ccjhkysj
-------\Service_ctzzwljui
-------\Service_dfrtp
-------\Service_dxjvdizy
-------\Service_finyz
-------\Service_fkgwv
-------\Service_hnkgmo
-------\Service_joxlgt
-------\Service_kquyt
-------\Service_kxnsc
-------\Service_lofubtb
-------\Service_lrzfhqkmk
-------\Service_oygyshc
-------\Service_pnxgy
-------\Service_qgidy
-------\Service_qscbrjv
-------\Service_qvouils
-------\Service_rshhqgot
-------\Service_sfdfsxj
-------\Service_snbrtx
-------\Service_uspyjvex
-------\Service_waftnxxis
-------\Service_xcfwnued
-------\Service_xnwrbckcf
-------\Service_yjxmlduoj
-------\Service_zcetj


((((((((((((((((((((((((( Files Creati Da 2010-09-17 al 2010-10-17 )))))))))))))))))))))))))))))))))))
.

2010-10-16 11:22 . 2010-10-16 11:22 7680 ----a-w- c:\windows\system32\drivers\RKL93.tmp.sys
2010-10-16 11:22 . 2010-10-16 11:22 7680 ----a-w- c:\windows\system32\drivers\RKL92.tmp.sys
2010-10-13 11:29 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 11:29 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 11:27 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-11 17:00 . 2010-10-11 17:00 -------- d-----w- C:\$AVG
2010-10-11 16:55 . 2010-10-11 16:55 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-10-11 15:46 . 2010-10-11 16:55 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-10-11 15:46 . 2010-10-11 16:55 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-10-11 15:46 . 2010-10-11 16:55 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-10-11 15:46 . 2010-10-17 08:10 -------- d-----w- c:\windows\system32\drivers\Avg
2010-10-11 15:45 . 2010-10-11 15:45 -------- d-----w- c:\programmi\AVG
2010-10-11 15:45 . 2010-10-11 15:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-10-11 14:22 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 14:22 . 2010-10-11 14:22 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-10-11 14:22 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-11 11:58 . 2010-10-11 11:59 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Adobe
2010-10-11 11:39 . 2010-10-11 15:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-10-11 11:39 . 2010-10-11 11:39 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-10-10 08:07 . 2010-10-10 08:07 -------- d--h--w- c:\windows\PIF
2010-10-07 12:30 . 2010-10-07 12:30 -------- d-----w- C:\7e6e43c746ff89bc320b8ae0d2cd2b
2010-10-07 09:23 . 2010-10-07 09:23 14808 ----a-w- c:\programmi\Mozilla Firefox\plugin-container.exe
2010-10-07 09:23 . 2010-10-07 09:23 718296 ----a-w- c:\programmi\Mozilla Firefox\mozcpp19.dll
2010-09-21 09:25 . 2010-09-21 09:27 -------- d-----w- c:\documents and settings\ortopediamedici\Impostazioni locali\Dati applicazioni\VenditaMotori
2010-09-21 09:25 . 2010-09-21 09:25 -------- d-----w- c:\documents and settings\ortopediamedici\Impostazioni locali\Dati applicazioni\ConduitEngine
2010-09-21 09:25 . 2010-09-21 09:25 -------- d-----w- c:\programmi\ConduitEngine

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-09-12 13:02 3863136 ----a-w- c:\programmi\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programmi\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programmi\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-26 68856]
"NBJ"="c:\programmi\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 2048000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-11 2067808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-10-11 16:55 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2005-03-09 14:39 98304 ----a-w- c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 18:14 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-10-27 13:21 61952 ------w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:14 1695232 ----a-w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-12-05 00:41 8523776 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-05 00:41 81920 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-12-05 00:41 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2005-09-07 13:35 716800 ----a-w- c:\programmi\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2005-05-20 08:11 925696 ----a-r- c:\programmi\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 03:27 144784 ----a-w- c:\programmi\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-26 15:16 68856 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-10-29 11:42 185872 ----a-w- c:\programmi\File comuni\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2005-03-09 14:39 785048 ----a-w- c:\programmi\Acronis\TrueImageWorkstation\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
2006-06-18 12:56 712704 ----a-w- c:\programmi\UltraVNC\winvnc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/10/2010 17.46.15 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/10/2010 17.46.16 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\programmi\AVG\AVG9\avgemc.exe [11/10/2010 18.55.36 921952]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [11/10/2010 18.55.42 308136]
R2 ManageEngine Desktop Central 6 - Agent;ManageEngine Desktop Central 6 - Agent;c:\programmi\DesktopCentral_Agent\bin\dcagentservice.exe [31/07/2009 18.52.46 434176]
R2 ManageEngine Desktop Central 6 - Remote Control;ManageEngine Desktop Central 6 - Remote Control;c:\programmi\DesktopCentral_Agent\bin\dcrdservice.exe [31/07/2009 18.52.46 475136]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [05/08/2008 11.46.06 6016]
S2 gupdate1c98e7a6d003cfa;Servizio di Google Update (gupdate1c98e7a6d003cfa);c:\programmi\Google\Update\GoogleUpdate.exe [14/02/2009 10.01.19 133104]
S3 AntiAries;Anti Aries Helper Driver;c:\windows\system32\drivers\RKL93.tmp.sys [16/10/2010 13.22.57 7680]
S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;c:\oracle\ora81\bin\ONRSD.EXE [19/10/2000 12.55.50 411244]
.
Contenuto della cartella 'Scheduled Tasks'

2010-10-17 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-20 09:25]

2010-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-14 08:01]

2010-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-14 08:01]

2010-10-15 c:\windows\Tasks\RegCure Program Check.job
- c:\programmi\RegCure\RegCure.exe [2010-05-19 23:20]

2010-10-17 c:\windows\Tasks\RegCure Startup.job
- c:\programmi\RegCure\RegCure.exe [2010-05-19 23:20]

2010-09-16 c:\windows\Tasks\RegCure.job
- c:\programmi\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://it.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {FF0C2A40-906E-404E-A2ED-55A6A85EBA46} = 151.99.125.2,151.99.250.2
DPF: {15CAC53B-5F45-4D70-BE98-386E6F3B3328} - hxxp://192.168.0.200:8085/resources/medweb/MedstWWW.cab
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///E:/CDVIEWER/CdViewer.cab
FF - ProfilePath - c:\documents and settings\ortopediamedici\Dati applicazioni\Mozilla\Firefox\Profiles\gjrdc61c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2086743&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - PHPNukeEN Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2086743&q=
FF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}\components\FFExternalAlert.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(1252)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3396)
c:\windows\system32\WININET.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\AVG\AVG9\avgnsx.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
.
**************************************************************************
.
Ora fine scansione: 2010-10-17 10:47:33 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-10-17 08:47

Pre-Run: 38.918.295.552 byte disponibili
Post-Run: 38.919.995.392 byte disponibili

- - End Of File - - E0B72D4ECCE60FAC7D254783E560939C
Torna in alto
 
giovanitasca
Inviato: Sunday, October 17, 2010 11:30:11 AM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
Ho disinstallato il vecchio Combofix. Ho scaricato la nuova versione e, senza installarlo, in modalità normale, ho portato il file txt sulla icona del nuovo Combofix sul Desktop. Il pc ha lavorato, si è riavviato e mi ha dato il seguente log:

ComboFix 10-10-16.03 - ortopediamedici 17/10/2010 10.32.56.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.546 [GMT 2:00]
Eseguito da: c:\documents and settings\ortopediamedici\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\ortopediamedici\Desktop\CFScript.txt.txt

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\system32\wmttmaq.dll"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BNEOIMMQV
-------\Legacy_CCJHKYSJ
-------\Legacy_CTZZWLJUI
-------\Legacy_DFRTP
-------\Legacy_DXJVDIZY
-------\Legacy_FINYZ
-------\Legacy_FKGWV
-------\Legacy_HNKGMO
-------\Legacy_JOXLGT
-------\Legacy_KQUYT
-------\Legacy_KXNSC
-------\Legacy_LOFUBTB
-------\Legacy_LRZFHQKMK
-------\Legacy_OYGYSHC
-------\Legacy_PNXGY
-------\Legacy_QGIDY
-------\Legacy_QSCBRJV
-------\Legacy_QVOUILS
-------\Legacy_RSHHQGOT
-------\Legacy_SFDFSXJ
-------\Legacy_SNBRTX
-------\Legacy_USPYJVEX
-------\Legacy_WAFTNXXIS
-------\Legacy_XCFWNUED
-------\Legacy_XNWRBCKCF
-------\Legacy_YJXMLDUOJ
-------\Legacy_ZCETJ
-------\Service_bneoimmqv
-------\Service_ccjhkysj
-------\Service_ctzzwljui
-------\Service_dfrtp
-------\Service_dxjvdizy
-------\Service_finyz
-------\Service_fkgwv
-------\Service_hnkgmo
-------\Service_joxlgt
-------\Service_kquyt
-------\Service_kxnsc
-------\Service_lofubtb
-------\Service_lrzfhqkmk
-------\Service_oygyshc
-------\Service_pnxgy
-------\Service_qgidy
-------\Service_qscbrjv
-------\Service_qvouils
-------\Service_rshhqgot
-------\Service_sfdfsxj
-------\Service_snbrtx
-------\Service_uspyjvex
-------\Service_waftnxxis
-------\Service_xcfwnued
-------\Service_xnwrbckcf
-------\Service_yjxmlduoj
-------\Service_zcetj


((((((((((((((((((((((((( Files Creati Da 2010-09-17 al 2010-10-17 )))))))))))))))))))))))))))))))))))
.

2010-10-16 11:22 . 2010-10-16 11:22 7680 ----a-w- c:\windows\system32\drivers\RKL93.tmp.sys
2010-10-16 11:22 . 2010-10-16 11:22 7680 ----a-w- c:\windows\system32\drivers\RKL92.tmp.sys
2010-10-13 11:29 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 11:29 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 11:27 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-11 17:00 . 2010-10-11 17:00 -------- d-----w- C:\$AVG
2010-10-11 16:55 . 2010-10-11 16:55 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-10-11 15:46 . 2010-10-11 16:55 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-10-11 15:46 . 2010-10-11 16:55 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-10-11 15:46 . 2010-10-11 16:55 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-10-11 15:46 . 2010-10-17 08:10 -------- d-----w- c:\windows\system32\drivers\Avg
2010-10-11 15:45 . 2010-10-11 15:45 -------- d-----w- c:\programmi\AVG
2010-10-11 15:45 . 2010-10-11 15:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-10-11 14:22 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 14:22 . 2010-10-11 14:22 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-10-11 14:22 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-11 11:58 . 2010-10-11 11:59 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Adobe
2010-10-11 11:39 . 2010-10-11 15:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-10-11 11:39 . 2010-10-11 11:39 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-10-10 08:07 . 2010-10-10 08:07 -------- d--h--w- c:\windows\PIF
2010-10-07 12:30 . 2010-10-07 12:30 -------- d-----w- C:\7e6e43c746ff89bc320b8ae0d2cd2b
2010-10-07 09:23 . 2010-10-07 09:23 14808 ----a-w- c:\programmi\Mozilla Firefox\plugin-container.exe
2010-10-07 09:23 . 2010-10-07 09:23 718296 ----a-w- c:\programmi\Mozilla Firefox\mozcpp19.dll
2010-09-21 09:25 . 2010-09-21 09:27 -------- d-----w- c:\documents and settings\ortopediamedici\Impostazioni locali\Dati applicazioni\VenditaMotori
2010-09-21 09:25 . 2010-09-21 09:25 -------- d-----w- c:\documents and settings\ortopediamedici\Impostazioni locali\Dati applicazioni\ConduitEngine
2010-09-21 09:25 . 2010-09-21 09:25 -------- d-----w- c:\programmi\ConduitEngine

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-09-12 13:02 3863136 ----a-w- c:\programmi\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programmi\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programmi\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-26 68856]
"NBJ"="c:\programmi\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 2048000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-11 2067808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-10-11 16:55 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2005-03-09 14:39 98304 ----a-w- c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 18:14 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-10-27 13:21 61952 ------w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:14 1695232 ----a-w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-12-05 00:41 8523776 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-05 00:41 81920 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-12-05 00:41 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2005-09-07 13:35 716800 ----a-w- c:\programmi\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2005-05-20 08:11 925696 ----a-r- c:\programmi\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 03:27 144784 ----a-w- c:\programmi\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-26 15:16 68856 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-10-29 11:42 185872 ----a-w- c:\programmi\File comuni\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2005-03-09 14:39 785048 ----a-w- c:\programmi\Acronis\TrueImageWorkstation\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
2006-06-18 12:56 712704 ----a-w- c:\programmi\UltraVNC\winvnc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/10/2010 17.46.15 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/10/2010 17.46.16 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\programmi\AVG\AVG9\avgemc.exe [11/10/2010 18.55.36 921952]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [11/10/2010 18.55.42 308136]
R2 ManageEngine Desktop Central 6 - Agent;ManageEngine Desktop Central 6 - Agent;c:\programmi\DesktopCentral_Agent\bin\dcagentservice.exe [31/07/2009 18.52.46 434176]
R2 ManageEngine Desktop Central 6 - Remote Control;ManageEngine Desktop Central 6 - Remote Control;c:\programmi\DesktopCentral_Agent\bin\dcrdservice.exe [31/07/2009 18.52.46 475136]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [05/08/2008 11.46.06 6016]
S2 gupdate1c98e7a6d003cfa;Servizio di Google Update (gupdate1c98e7a6d003cfa);c:\programmi\Google\Update\GoogleUpdate.exe [14/02/2009 10.01.19 133104]
S3 AntiAries;Anti Aries Helper Driver;c:\windows\system32\drivers\RKL93.tmp.sys [16/10/2010 13.22.57 7680]
S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;c:\oracle\ora81\bin\ONRSD.EXE [19/10/2000 12.55.50 411244]
.
Contenuto della cartella 'Scheduled Tasks'

2010-10-17 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-20 09:25]

2010-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-14 08:01]

2010-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-14 08:01]

2010-10-15 c:\windows\Tasks\RegCure Program Check.job
- c:\programmi\RegCure\RegCure.exe [2010-05-19 23:20]

2010-10-17 c:\windows\Tasks\RegCure Startup.job
- c:\programmi\RegCure\RegCure.exe [2010-05-19 23:20]

2010-09-16 c:\windows\Tasks\RegCure.job
- c:\programmi\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://it.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {FF0C2A40-906E-404E-A2ED-55A6A85EBA46} = 151.99.125.2,151.99.250.2
DPF: {15CAC53B-5F45-4D70-BE98-386E6F3B3328} - hxxp://192.168.0.200:8085/resources/medweb/MedstWWW.cab
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///E:/CDVIEWER/CdViewer.cab
FF - ProfilePath - c:\documents and settings\ortopediamedici\Dati applicazioni\Mozilla\Firefox\Profiles\gjrdc61c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2086743&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - PHPNukeEN Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2086743&q=
FF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}\components\FFExternalAlert.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(1252)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3396)
c:\windows\system32\WININET.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\AVG\AVG9\avgnsx.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
.
**************************************************************************
.
Ora fine scansione: 2010-10-17 10:47:33 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-10-17 08:47

Pre-Run: 38.918.295.552 byte disponibili
Post-Run: 38.919.995.392 byte disponibili

- - End Of File - - E0B72D4ECCE60FAC7D254783E560939C
Torna in alto
 
r16
Inviato: Sunday, October 17, 2010 1:49:22 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ok, adesso si ragiona.
Per concludere, puoi eseguire queste pulizie:

Disattiva il ripristino configurazione di sistema,
http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Scarica TFC by OldTimer sul desktop
http://oldtimer.geekstogo.com/TFC.exe
chiudi tutti i programmi
avvia TFC, clicca su "start"
al termine della scansione ti chiederà il riavvio, dai ok.

Per eliminare i vari Tooll scaricati:
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.

Dai una pulita (registro compreso)con CCleaner http://www.aiutamici.com/software?ID=11223

Segui questo percorso e svuota la cartella Prefetch : (non eliminare la cartella)
C:\Windows\Prefetch

SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:(esclusivamente, su partizioni in NTFS):
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected

Fai uno ScanDisk, e una deframmentazione del HD.
Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.

Il pc dovrebbe funzionare meglio.
Ciao.
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: 1 [2]

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » SOS urgente per PC lavoro


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.