Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » debellare virus malware-gen

2 pages: [1] 2
debellare virus malware-gen Opzioni
Topic Precedente · Topic Sucessivo
peppinho78
Inviato: Saturday, December 06, 2008 4:42:29 PM
Rank: AiutAmico

Iscritto dal : 12/6/2008
Posts: 30
Salve!Ho anke io un problema con il virus malware-gen.
Ringrazio anticipatamente ki mi darà un consiglio x risolverlo
Questo è il log di hijack:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.40.14, on 06/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [campactive] C:\DOCUME~1\Giuseppe\DATIAP~1\THUNKB~1\tray dog.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Detector.lnk = C:\WINDOWS\twain_32\Flatbed\Epp\Detector.exe
O4 - Global Startup: Digisoft AntiDialer.lnk = C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {F4CB2891-826B-4C63-ABD9-D9F4615C404C} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FBA4B7C-7F70-4D86-A563-CFEDEA92C0E2}: NameServer = 85.37.17.49 85.38.28.91
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6787 bytes
Torna in alto
 
Sponsor
Inviato: Saturday, December 06, 2008 4:42:29 PM

 
Torna in alto
 
r16
Inviato: Saturday, December 06, 2008 10:47:49 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Elimina questa voce di HJT:
O4 - HKCU\..\Run: [campactive] C:\DOCUME~1\Giuseppe\DATIAP~1\THUNKB~1\tray dog.exe
Installa Super Antispyware :
http://www.aiutaamici.com/software?ID=11397
Al termine della scansione avrai la possibilità di salvare il relativo log
salva il log che verrà rilasciato e postalo qui.
Terminate le scansioni, devi riavviare il sistema .
N.B: Prima della scansione Aggiornalo cliccando su "Check for Updates"
Posta un nuovo log di HijackThis, e dimmi se il problema è risolto.
Torna in alto
 
peppinho78
Inviato: Sunday, December 07, 2008 1:17:06 AM
Rank: AiutAmico

Iscritto dal : 12/6/2008
Posts: 30
Ho seguito passo passo quello ke hai scritto ,x un po sembrava risolto,infatti inserendo un floppy nn mi dava più il virus.
Poi come ho inserito una pen drive mi rifà lo stesso difetto,mi dice : I:\autorun.inf , mentre prima era A:\autorun .inf infetto.Come devo fare? AIUTOOOOOOOOO
Cmq Questo è il posto di HJT


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1.08.44, on 07/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Detector.lnk = C:\WINDOWS\twain_32\Flatbed\Epp\Detector.exe
O4 - Global Startup: Digisoft AntiDialer.lnk = C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {F4CB2891-826B-4C63-ABD9-D9F4615C404C} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FBA4B7C-7F70-4D86-A563-CFEDEA92C0E2}: NameServer = 85.37.17.49 85.38.28.91
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6880 bytes
Torna in alto
 
r16
Inviato: Sunday, December 07, 2008 11:33:15 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Chissà perchè non posti i log che chiedo.......Anxious
E' inutile urlare AIUTO!!!!!!!! se non mi aiuti neache tu.
Ti ho chiesto anche il log di Superantispyware.
Comunque hai le chiavette USB infettate.
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.malwarebytes.org/
esegui una scansione completa del sistema e, una volta terminata la scansione, posta il log che verrà rilasciato in questa discussione.
Prima di fare la scansione AGGIORNALO.
*********************************************************************************************************
Esegui ALLA LETTERA queste indicazioni:
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Torna in alto
 
peppinho78
Inviato: Sunday, December 07, 2008 9:55:17 PM
Rank: AiutAmico

Iscritto dal : 12/6/2008
Posts: 30
Ecco i due log ke mi hai detto:



Malwarebytes' Anti-Malware 1.31
Versione del database: 1471
Windows 5.1.2600 Service Pack 2

07/12/2008 21.34.07
mbam-log-2008-12-07 (21-33-52).txt

Tipo di scansione: Scansione completa (A:\|C:\|D:\|E:\|F:\|)
Elementi scansionati: 145291
Tempo trascorso: 30 minute(s), 52 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 3
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 4
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{db893839-10f0-4af9-92fa-b23528f530af} (Dialer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Explorer.exe (Security.Hijack) -> No action taken.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\Programmi\WinBudget (Adware.AdMedia) -> No action taken.
C:\Programmi\WinBudget\bin (Adware.AdMedia) -> No action taken.
C:\Programmi\Microsoft Common (Trojan.Agent) -> No action taken.
C:\Programmi\BitDownload (Trojan.Lop) -> No action taken.

File infetti:
(Nessun elemento malevolo rilevato)



ComboFix 08-12-06.06 - Giuseppe 2008-12-07 21.43.10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.196 [GMT 1:00]
Eseguito da: c:\documents and settings\Giuseppe\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Giuseppe\IMPOST~1\Temp\Del2.tmp

.
((((((((((((((((((((((((( Files Creati Da 2008-11-07 al 2008-12-07 )))))))))))))))))))))))))))))))))))
.

2008-12-07 20:42 . 2008-12-07 20:42 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-12-07 20:42 . 2008-12-07 20:42 <DIR> d-------- c:\documents and settings\Giuseppe\Dati applicazioni\Malwarebytes
2008-12-07 20:42 . 2008-12-07 20:42 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-12-07 20:42 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-07 20:42 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-06 23:29 . 2008-12-06 23:29 <DIR> d-------- c:\programmi\SUPERAntiSpyware
2008-12-06 23:29 . 2008-12-06 23:29 <DIR> d-------- c:\documents and settings\Giuseppe\Dati applicazioni\SUPERAntiSpyware.com
2008-12-06 23:29 . 2008-12-06 23:29 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-12-06 23:28 . 2008-12-06 23:28 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2008-12-06 20:31 . 2008-12-06 20:31 552 --a------ c:\windows\system32\d3d8caps.dat
2008-12-06 15:54 . 2006-11-28 22:09 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di stampa
2008-12-06 15:54 . 2006-11-28 22:09 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di rete
2008-12-06 15:54 . 2006-11-28 22:09 <DIR> d-------- c:\documents and settings\Administrator\Preferiti
2008-12-06 15:54 . 2008-12-05 20:54 <DIR> d--h----- c:\documents and settings\Administrator\Modelli
2008-12-06 15:54 . 2006-11-28 22:09 <DIR> dr------- c:\documents and settings\Administrator\Menu Avvio
2008-12-06 15:54 . 2008-12-07 21:44 <DIR> d--h----- c:\documents and settings\Administrator\Impostazioni locali
2008-12-06 15:54 . 2006-11-28 22:09 <DIR> d-------- c:\documents and settings\Administrator\Documenti
2008-12-06 15:54 . 2006-11-28 22:09 <DIR> dr-h----- c:\documents and settings\Administrator\Dati applicazioni
2008-12-06 15:54 . 2008-12-06 15:54 <DIR> d-------- c:\documents and settings\Administrator
2008-12-06 15:38 . 2008-12-06 15:39 <DIR> d-------- c:\programmi\Wise Registry Cleaner 3
2008-12-06 15:36 . 2008-12-06 15:36 <DIR> d-------- c:\programmi\CCleaner
2008-12-06 15:30 . 2008-12-06 15:30 <DIR> d-------- c:\programmi\Trend Micro
2008-12-06 15:06 . 2008-06-14 18:59 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-06 15:01 . 2008-08-14 14:42 2,184,064 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-06 15:01 . 2008-08-14 14:42 2,139,648 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-06 15:01 . 2008-08-14 14:42 2,061,440 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-06 15:01 . 2008-08-14 14:42 2,019,328 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-06 14:59 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-05 21:36 . 2001-08-31 11:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex
2008-12-05 21:35 . 2001-08-31 11:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2008-12-05 21:34 . 2004-08-19 14:39 2,134,528 --a--c--- c:\windows\system32\dllcache\smtpsnap.dll
2008-12-05 21:32 . 2008-12-05 21:32 749 -rah----- c:\windows\WindowsShell.Manifest
2008-12-05 21:32 . 2008-12-05 21:32 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2008-12-05 21:32 . 2008-12-05 21:32 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2008-12-05 21:32 . 2008-12-05 21:32 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2008-12-05 21:32 . 2008-12-05 21:32 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2008-12-05 21:32 . 2008-12-05 21:32 488 -rah----- c:\windows\system32\logonui.exe.manifest
2008-12-05 21:11 . 2004-08-19 16:15 1,086,058 -ra------ c:\windows\SETA5.tmp
2008-12-05 21:11 . 2004-08-19 16:22 1,014,202 -ra------ c:\windows\SETA2.tmp
2008-12-05 21:11 . 2004-08-19 16:14 14,043 -ra------ c:\windows\SETB1.tmp
2008-11-16 15:52 . 2008-11-16 15:52 268 --ah----- C:\sqmdata02.sqm
2008-11-16 15:52 . 2008-11-16 15:52 244 --ah----- C:\sqmnoopt02.sqm
2008-11-16 15:50 . 2008-11-16 15:50 268 --ah----- C:\sqmdata01.sqm
2008-11-16 15:50 . 2008-11-16 15:50 244 --ah----- C:\sqmnoopt01.sqm
2008-11-16 15:27 . 2008-11-16 15:27 244 --ah----- C:\sqmnoopt00.sqm
2008-11-16 15:27 . 2008-11-16 15:27 232 --ah----- C:\sqmdata00.sqm
2008-11-16 15:21 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-11-16 15:19 . 2008-11-16 15:19 <DIR> d-------- c:\programmi\Microsoft SQL Server Compact Edition
2008-11-16 15:16 . 2008-11-16 16:02 <DIR> d-------- c:\programmi\Windows Live Toolbar
2008-11-16 15:16 . 2008-11-16 15:16 <DIR> d-------- c:\documents and settings\Giuseppe\Contacts
2008-11-16 15:15 . 2008-11-16 16:01 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-11-16 15:13 . 2008-11-16 15:15 <DIR> d--hsc--- c:\programmi\File comuni\WindowsLiveInstaller
2008-11-16 15:12 . 2008-11-16 15:12 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\WLInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 10:08 --------- d-----w c:\programmi\eMule
2008-11-22 17:57 --------- d-----w c:\programmi\BitTorrent Fastest Tool
2008-11-22 15:01 --------- d-----w c:\programmi\Microsoft Works
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:38 1,846,016 ----a-w c:\windows\system32\win32k.sys
2006-12-13 12:46 56 --sha-r c:\windows\system32\C82036387E.sys
2006-12-13 12:46 1,682 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 307,200 2005-10-24 14:53:40 c:\programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe

----a-w 79,224 2007-12-04 13:00:23 c:\programmi\Alwil Software\Avast4\bak\ashDisp.exe
----a-w 81,000 2008-11-26 17:18:51 c:\programmi\Alwil Software\Avast4\ashDisp.exe

----a-w 409,600 2004-01-14 01:10:02 c:\programmi\Canon\Easy-PrintToolBox\bak\BJPSMAIN.EXE

----a-w 94,208 2005-09-03 14:18:30 c:\programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe

----a-w 1,079,792 2008-03-29 14:57:51 c:\programmi\Google\GoogleToolbarNotifier\bak\swg-3.0.1225.9868\SearchWithGoogleUpdate.exe

----a-w 37,376 1998-07-07 14:04:24 c:\programmi\TextBridge Classic 2.0\Bin\bak\INSTAN~1.EXE

----a-w 22,528 1998-07-07 14:20:30 c:\programmi\TextBridge Classic 2.0\Bin\bak\REGIST~1.EXE

----a-w 15,360 2004-08-19 13:39:36 c:\windows\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 13:39:36 c:\windows\system32\ctfmon.exe

----a-w 155,648 2001-07-09 10:50:42 c:\windows\system32\bak\NeroCheck.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" [N/A]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [N/A]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [N/A]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [N/A]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"Easy-PrintToolBox"="c:\programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [N/A]
"InstantAccess"="c:\progra~1\TEXTBR~1.0\Bin\INSTAN~1.EXE" [N/A]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]
"AdslTaskBar"="stmctrl.dll" [N/A]
"NWEReboot"="" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2007-02-10 212992]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Detector.lnk - c:\windows\twain_32\Flatbed\Epp\Detector.exe [2006-11-30 40960]
Digisoft AntiDialer.lnk - c:\programmi\Digisoft AntiDialer\AntiDialer.exe [2003-08-19 730112]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\DC++\\DCPlusPlus.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"f:\\Pro Evolution Soccer 6\\PES6.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-05 111184]
R1 SASDIFSV;SASDIFSV;\??\c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-05 20560]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2006-11-30 22400]
R3 SASENUM;SASENUM;\??\c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S3 gel90xne;gel90xne;\??\c:\docume~1\Giuseppe\IMPOST~1\Temp\gel90xne.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3aaf670-aefc-11db-8103-b7bc6ad20fc4}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - I:\system.exe
\Shell\Open\command - I:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecdeea4a-99ce-11db-80c5-a81e5a472e9b}]
\Shell\AutoRun\command - I:\setupSNK.exe

*Newly Created Service* - PROCEXP90
.
- - - - ORFÃOS REMOVIDOS - - - -

Notify-WgaLogon - (no file)


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://it.yahoo.com/
uInternet Settings,ProxyOverride = ;127.0.0.1;<local>
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FireFox -: Profile - c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\wxo4enw8.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 21:45:13
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(628)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
.
Ora fine scansione: 2008-12-07 21.46.51
ComboFix-quarantined-files.txt 2008-12-07 20:46:49

Pre-Run: 13.837.520.896 byte disponibili
Post-Run: 14,475,042,816 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

197 --- E O F --- 2008-12-07 08:30:21


Adesso provo ad usare una chiavetta e vediamo ke mi dice.
Ti faccio sapere.
Grazie
Torna in alto
 
peppinho78
Inviato: Sunday, December 07, 2008 10:08:59 PM
Rank: AiutAmico

Iscritto dal : 12/6/2008
Posts: 30
Ecco ho appena provato, ma nulla mi dà ancora quel maledetto virus.
Cosa c'è ora ke nn va nei log?
Torna in alto
 
r16
Inviato: Sunday, December 07, 2008 10:17:34 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Rifai la scansione con Malwarebytes,e Assicurati che tutti i files evidenziati siano selezionati e clicca Rimuovi Selezionati . Postami il log, è importante.
C'è che hai anche un Dialer:
Scarica FindAWF:
http://noahdfear.geekstogo.com/FindAWF.exe 3. Esegui FindAWF,premi un tasto qualsiasi,poi premi il tasto 1 e INVIO, aspetti il log che FindAWF stamperà su un file di testo alla fine della ricerca.
Il filelog lo posti in questa discussione.
*********************************************************************************************************
PULIRE CHIAVETTE USB

Bisogna disattivare momentaneamente il riconoscimento automatico delle periferiche USB;
serve il programma TweakUI scaricabile in questa pagina (lo trovi sulla destra verso metà pagina) e installalo:
http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx
Una volta installato, eseguilo e procedi con questi passaggi:

Espandi la sezione My Computer
Espandi la sottosezione Autoplay
Spostati in Types
Togli il segno di spunta a Enable Autoplay for removable drives
Clicca su Apply
Chiudi TweakUI

PS: Con Espandi intendo: clicca sul simbolo [+] di fianco alle voci che ti ho indicato.
Da questo momento tutti gli apparati USB smetteranno di avviarsi automaticamente.
Lasciamo disattivate le periferiche USB.
Poi quando avremo liberato il pc da tutte le fetecchie (sono tante) ti dirò come fare.
La priorità adesso è disinfettare il pc.
Torna in alto
 
peppinho78
Inviato: Monday, December 08, 2008 11:27:29 AM
Rank: AiutAmico

Iscritto dal : 12/6/2008
Posts: 30
Ho fatto la prima parte di quello ke mi hai detto,ecco i due log:



Malwarebytes' Anti-Malware 1.31
Versione del database: 1471
Windows 5.1.2600 Service Pack 2

08/12/2008 11.15.26
mbam-log-2008-12-08 (11-15-26).txt

Tipo di scansione: Scansione completa (A:\|C:\|D:\|E:\|F:\|)
Elementi scansionati: 126095
Tempo trascorso: 22 minute(s), 55 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 1
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Explorer.exe (Security.Hijack) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\Programmi\Microsoft Common (Trojan.Agent) -> Quarantined and deleted successfully.

File infetti:
(Nessun elemento malevolo rilevato)





Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 04C1-8DCD

Directory di C:\WINDOWS\SYSTEM32\BAK

19/08/2004 14.39 15.360 ctfmon.exe
09/07/2001 11.50 155.648 NeroCheck.exe
2 File 171.008 byte
2 Directory 14.526.984.192 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 04C1-8DCD

Directory di C:\PROGRA~1\ALWILS~1\AVAST4\BAK

04/12/2007 14.00 79.224 ashDisp.exe
1 File 79.224 byte
2 Directory 14.526.984.192 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 04C1-8DCD

Directory di C:\PROGRA~1\CANON\EASY-P~2\BAK

14/01/2004 02.10 409.600 BJPSMAIN.EXE
1 File 409.600 byte
2 Directory 14.526.980.096 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 04C1-8DCD

Directory di C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

0 File 0 byte
3 Directory 14.526.980.096 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 04C1-8DCD

Directory di C:\PROGRA~1\TEXTBR~1.0\BIN\BAK

07/07/1998 15.04 37.376 INSTAN~1.EXE
07/07/1998 15.20 22.528 REGIST~1.EXE
2 File 59.904 byte
2 Directory 14.526.980.096 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 04C1-8DCD

Directory di C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

24/10/2005 15.53 307.200 AdobeUpdateManager.exe
1 File 307.200 byte
2 Directory 14.526.980.096 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 04C1-8DCD

Directory di C:\PROGRA~1\FILECO~1\AHEAD\LIB\BAK

03/09/2005 15.18 94.208 NMBgMonitor.exe
1 File 94.208 byte
2 Directory 14.526.980.096 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
15360 14 Apr 2008 "C:\WINDOWS\SoftwareDistribution\Download\8dab4f2c899f11c2863dff51dfb836e7\ctfmon.exe"
15360 14 Apr 2008 "C:\WINDOWS\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\ctfmon.exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
153136 1 Mar 2007 "C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe"
81000 26 Nov 2008 "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"
79224 4 Dec 2007 "C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe"
409600 14 Jan 2004 "C:\Programmi\Canon\Easy-PrintToolBox\bak\BJPSMAIN.EXE"
1079792 29 Mar 2008 "C:\Programmi\Google\GoogleToolbarNotifier\bak\swg-3.0.1225.9868\SearchWithGoogleUpdate.exe"
37376 7 Jul 1998 "C:\Programmi\TextBridge Classic 2.0\Bin\bak\INSTAN~1.EXE"
22528 7 Jul 1998 "C:\Programmi\TextBridge Classic 2.0\Bin\bak\REGIST~1.EXE"
307200 24 Oct 2005 "C:\Programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
202024 3 Aug 2007 "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
94208 3 Sep 2005 "C:\Programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe"


end of report



Adesso vado a disattivareil riconoscimento automatico delle periferiche USB.
A dopo ciao
Torna in alto
 
peppinho78
Inviato: Monday, December 08, 2008 11:32:07 AM
Rank: AiutAmico

Iscritto dal : 12/6/2008
Posts: 30
Ok ho disattivato le periferiche, si può andare avanti
Torna in alto
 
r16
Inviato: Monday, December 08, 2008 12:23:24 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Adesso, (per favore) segui attentamente queste istruzioni:
Scarica questo:Avenger, scompatta Avenger all'interno di una apposita cartella.
http://swandog46.geekstogo.com/avenger.zip

Avvia AVENGER
Clicca Ok
Inserisci queste righe (fai copia-incolla) nel riquadro bianco: (quelle in neretto)

Files to delete:
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SoftwareDistribution\Download\8dab4f2c899f11c2863dff51dfb836e7\ctfmon.exe
C:\WINDOWS\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\ctfmon.exe
C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
C:\Programmi\Alwil Software\Avast4\ashDisp.exe

Files to move:
C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bak\NeroCheck.exe|C:\WINDOWS\system32\NeroCheck.exe
C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe|C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\Canon\Easy-PrintToolBox\bak\BJPSMAIN.EXE|C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
C:\Programmi\Google\GoogleToolbarNotifier\bak\swg-3.0.1225.9868\SearchWithGoogleUpdate.exe|C:\Programmi\Google\GoogleToolbarNotifier\swg-3.0.1225.9868\SearchWithGoogleUpdate.exe
C:\Programmi\TextBridge Classic 2.0\Bin\bak\INSTAN~1.EXE|C:\Programmi\TextBridge Classic 2.0\Bin\INSTAN~1.EXE
C:\Programmi\TextBridge Classic 2.0\Bin\bak\REGIST~1.EXE|C:\Programmi\TextBridge Classic 2.0\Bin\REGIST~1.EXE
C:\Programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe|C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
C:\Programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe|C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe


Togli la spunta da Scan for Rootkit
Clicca su Execute
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger

Fai un'altra scansione con FINDAWF e mi posti il log per controllarlo.
Torna in alto
 
peppinho78
Inviato: Monday, December 08, 2008 5:45:12 PM
Rank: AiutAmico

Iscritto dal : 12/6/2008
Posts: 30
Ecco i due log:


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "C:\WINDOWS\system32\ctfmon.exe" deleted successfully.
File "C:\WINDOWS\SoftwareDistribution\Download\8dab4f2c899f11c2863dff51dfb836e7\ctfmon.exe" deleted successfully.
File "C:\WINDOWS\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\ctfmon.exe" deleted successfully.
File "C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" deleted successfully.
File "C:\Programmi\Alwil Software\Avast4\ashDisp.exe" deleted successfully.
File move operation "C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe" completed successfully.
File move operation "C:\WINDOWS\system32\bak\NeroCheck.exe|C:\WINDOWS\system32\NeroCheck.exe" completed successfully.
File move operation "C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe|C:\Programmi\Alwil Software\Avast4\ashDisp.exe" completed successfully.
File move operation "C:\Programmi\Canon\Easy-PrintToolBox\bak\BJPSMAIN.EXE|C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" completed successfully.

Error: could not move file "C:\Programmi\Google\GoogleToolbarNotifier\bak\swg-3.0.1225.9868\SearchWithGoogleUpdate.exe"
File move operation "C:\Programmi\Google\GoogleToolbarNotifier\bak\swg-3.0.1225.9868\SearchWithGoogleUpdate.exe|C:\Programmi\Google\GoogleToolbarNotifier\swg-3.0.1225.9868\SearchWithGoogleUpdate.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

File move operation "C:\Programmi\TextBridge Classic 2.0\Bin\bak\INSTAN~1.EXE|C:\Programmi\TextBridge Classic 2.0\Bin\INSTAN~1.EXE" completed successfully.
File move operation "C:\Programmi\TextBridge Classic 2.0\Bin\bak\REGIST~1.EXE|C:\Programmi\TextBridge Classic 2.0\Bin\REGIST~1.EXE" completed successfully.
File move operation "C:\Programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe|C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" completed successfully.
File move operation "C:\Programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe|C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" completed successfully.

Completed script processing.

*******************

Finished! Terminate.





Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 04C1-8DCD

Directory di C:\WINDOWS\SYSTEM32\BAK

0 File 0 byte
2 Directory 14.523.080.704 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 04C1-8DCD

Directory di C:\PROGRA~1\ALWILS~1\AVAST4\BAK

0 File 0 byte
2 Directory 14.523.080.704 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 04C1-8DCD

Directory di C:\PROGRA~1\CANON\EASY-P~2\BAK

0 File 0 byte
2 Directory 14.523.076.608 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 04C1-8DCD

Directory di C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

0 File 0 byte
3 Directory 14.523.076.608 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 04C1-8DCD

Directory di C:\PROGRA~1\TEXTBR~1.0\BIN\BAK

0 File 0 byte
2 Directory 14.523.076.608 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 04C1-8DCD

Directory di C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

0 File 0 byte
2 Directory 14.523.076.608 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 04C1-8DCD

Directory di C:\PROGRA~1\FILECO~1\AHEAD\LIB\BAK

0 File 0 byte
2 Directory 14.523.076.608 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

1079792 29 Mar 2008 "C:\Programmi\Google\GoogleToolbarNotifier\bak\swg-3.0.1225.9868\SearchWithGoogleUpdate.exe"


end of report
Torna in alto
 
r16
Inviato: Monday, December 08, 2008 5:52:23 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Avvia AVENGER
Clicca Ok
Inserisci queste righe (fai copia-incolla) nel riquadro bianco: (quelle in neretto)


Files to move:
C:\Programmi\Google\GoogleToolbarNotifier\bak\swg-3.0.1225.9868\SearchWithGoogleUpdate.exe|C:\Programmi\Google\GoogleToolbarNotifier\swg-3.0.1225.9868\SearchWithGoogleUpdate.exe

Togli la spunta da Scan for Rootkit
Clicca su Execute
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger
Fai una scansione con Find AWF , e posta il log
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
*********************************************************************************************************
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Posta un nuovo log di HijackThis .Sempre in questo topic.
Torna in alto
 
peppinho78
Inviato: Monday, December 08, 2008 7:06:51 PM
Rank: AiutAmico

Iscritto dal : 12/6/2008
Posts: 30
Eccoli:


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:


Error: could not move file "C:\Programmi\Google\GoogleToolbarNotifier\bak\swg-3.0.1225.9868\SearchWithGoogleUpdate.exe"
File move operation "C:\Programmi\Google\GoogleToolbarNotifier\bak\swg-3.0.1225.9868\SearchWithGoogleUpdate.exe|C:\Programmi\Google\GoogleToolbarNotifier\swg-3.0.1225.9868\SearchWithGoogleUpdate.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Completed script processing.

*******************

Finished! Terminate.






Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 04C1-8DCD

Directory di C:\WINDOWS\SYSTEM32\BAK

0 File 0 byte
2 Directory 14.520.872.960 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 04C1-8DCD

Directory di C:\PROGRA~1\ALWILS~1\AVAST4\BAK

0 File 0 byte
2 Directory 14.520.872.960 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 04C1-8DCD

Directory di C:\PROGRA~1\CANON\EASY-P~2\BAK

0 File 0 byte
2 Directory 14.520.868.864 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 04C1-8DCD

Directory di C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

0 File 0 byte
3 Directory 14.520.868.864 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 04C1-8DCD

Directory di C:\PROGRA~1\TEXTBR~1.0\BIN\BAK

0 File 0 byte
2 Directory 14.520.868.864 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 04C1-8DCD

Directory di C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

0 File 0 byte
2 Directory 14.520.868.864 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 04C1-8DCD

Directory di C:\PROGRA~1\FILECO~1\AHEAD\LIB\BAK

0 File 0 byte
2 Directory 14.520.606.720 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

1079792 29 Mar 2008 "C:\Programmi\Google\GoogleToolbarNotifier\bak\swg-3.0.1225.9868\SearchWithGoogleUpdate.exe"


end of report





ComboFix 08-12-07.01 - Giuseppe 2008-12-08 18.40.47.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.243 [GMT 1:00]
Eseguito da: c:\documents and settings\Giuseppe\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2008-11-08 al 2008-12-08 )))))))))))))))))))))))))))))))))))
.

2008-12-08 11:30 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2008-12-08 11:30 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2008-12-07 20:42 . 2008-12-07 20:42 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-12-07 20:42 . 2008-12-07 20:42 <DIR> d-------- c:\documents and settings\Giuseppe\Dati applicazioni\Malwarebytes
2008-12-07 20:42 . 2008-12-07 20:42 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-12-07 20:42 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-07 20:42 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-06 23:29 . 2008-12-06 23:29 <DIR> d-------- c:\programmi\SUPERAntiSpyware
2008-12-06 23:29 . 2008-12-06 23:29 <DIR> d-------- c:\documents and settings\Giuseppe\Dati applicazioni\SUPERAntiSpyware.com
2008-12-06 23:29 . 2008-12-06 23:29 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-12-06 23:28 . 2008-12-06 23:28 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2008-12-06 20:31 . 2008-12-06 20:31 552 --a------ c:\windows\system32\d3d8caps.dat
2008-12-06 15:54 . 2006-11-28 22:09 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di stampa
2008-12-06 15:54 . 2006-11-28 22:09 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di rete
2008-12-06 15:54 . 2006-11-28 22:09 <DIR> d-------- c:\documents and settings\Administrator\Preferiti
2008-12-06 15:54 . 2008-12-05 20:54 <DIR> d--h----- c:\documents and settings\Administrator\Modelli
2008-12-06 15:54 . 2006-11-28 22:09 <DIR> dr------- c:\documents and settings\Administrator\Menu Avvio
2008-12-06 15:54 . 2008-12-08 18:42 <DIR> d--h----- c:\documents and settings\Administrator\Impostazioni locali
2008-12-06 15:54 . 2006-11-28 22:09 <DIR> d-------- c:\documents and settings\Administrator\Documenti
2008-12-06 15:54 . 2006-11-28 22:09 <DIR> dr-h----- c:\documents and settings\Administrator\Dati applicazioni
2008-12-06 15:54 . 2008-12-06 15:54 <DIR> d-------- c:\documents and settings\Administrator
2008-12-06 15:38 . 2008-12-06 15:39 <DIR> d-------- c:\programmi\Wise Registry Cleaner 3
2008-12-06 15:36 . 2008-12-06 15:36 <DIR> d-------- c:\programmi\CCleaner
2008-12-06 15:30 . 2008-12-06 15:30 <DIR> d-------- c:\programmi\Trend Micro
2008-12-06 15:06 . 2008-06-14 18:59 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-06 15:01 . 2008-08-14 14:42 2,184,064 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-06 15:01 . 2008-08-14 14:42 2,139,648 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-06 15:01 . 2008-08-14 14:42 2,061,440 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-06 15:01 . 2008-08-14 14:42 2,019,328 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-06 14:59 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-05 21:36 . 2001-08-31 11:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex
2008-12-05 21:35 . 2001-08-31 11:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2008-12-05 21:34 . 2004-08-19 14:39 2,134,528 --a--c--- c:\windows\system32\dllcache\smtpsnap.dll
2008-12-05 21:32 . 2008-12-05 21:32 749 -rah----- c:\windows\WindowsShell.Manifest
2008-12-05 21:32 . 2008-12-05 21:32 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2008-12-05 21:32 . 2008-12-05 21:32 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2008-12-05 21:32 . 2008-12-05 21:32 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2008-12-05 21:32 . 2008-12-05 21:32 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2008-12-05 21:32 . 2008-12-05 21:32 488 -rah----- c:\windows\system32\logonui.exe.manifest
2008-12-05 21:11 . 2004-08-19 16:15 1,086,058 -ra------ c:\windows\SETA5.tmp
2008-12-05 21:11 . 2004-08-19 16:22 1,014,202 -ra------ c:\windows\SETA2.tmp
2008-12-05 21:11 . 2004-08-19 16:14 14,043 -ra------ c:\windows\SETB1.tmp
2008-11-16 15:52 . 2008-11-16 15:52 268 --ah----- C:\sqmdata02.sqm
2008-11-16 15:52 . 2008-11-16 15:52 244 --ah----- C:\sqmnoopt02.sqm
2008-11-16 15:50 . 2008-11-16 15:50 268 --ah----- C:\sqmdata01.sqm
2008-11-16 15:50 . 2008-11-16 15:50 244 --ah----- C:\sqmnoopt01.sqm
2008-11-16 15:27 . 2008-11-16 15:27 244 --ah----- C:\sqmnoopt00.sqm
2008-11-16 15:27 . 2008-11-16 15:27 232 --ah----- C:\sqmdata00.sqm
2008-11-16 15:21 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-11-16 15:19 . 2008-11-16 15:19 <DIR> d-------- c:\programmi\Microsoft SQL Server Compact Edition
2008-11-16 15:16 . 2008-11-16 16:02 <DIR> d-------- c:\programmi\Windows Live Toolbar
2008-11-16 15:16 . 2008-11-16 15:16 <DIR> d-------- c:\documents and settings\Giuseppe\Contacts
2008-11-16 15:15 . 2008-11-16 16:01 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-11-16 15:13 . 2008-11-16 15:15 <DIR> d--hsc--- c:\programmi\File comuni\WindowsLiveInstaller
2008-11-16 15:12 . 2008-11-16 15:12 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\WLInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 10:08 --------- d-----w c:\programmi\eMule
2008-11-22 17:57 --------- d-----w c:\programmi\BitTorrent Fastest Tool
2008-11-22 15:01 --------- d-----w c:\programmi\Microsoft Works
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:38 1,846,016 ----a-w c:\windows\system32\win32k.sys
2006-12-13 12:46 56 --sha-r c:\windows\system32\C82036387E.sys
2006-12-13 12:46 1,682 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-07_21.45.38,23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-07 00:12:32 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-07 21:08:18 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-07 00:12:32 32,768 ----a-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2008-12-07 21:08:18 32,768 ----a-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2008-12-07 00:12:32 32,768 ----a-w c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-07 21:08:18 32,768 ----a-w c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2001-07-09 10:50:42 155,648 ----a-w c:\windows\system32\NeroCheck.exe
+ 2008-12-08 17:27:21 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_610.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"Easy-PrintToolBox"="c:\programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"InstantAccess"="c:\progra~1\TEXTBR~1.0\Bin\INSTAN~1.EXE" [1998-07-07 37376]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2007-02-10 212992]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Detector.lnk - c:\windows\twain_32\Flatbed\Epp\Detector.exe [2006-11-30 40960]
Digisoft AntiDialer.lnk - c:\programmi\Digisoft AntiDialer\AntiDialer.exe [2003-08-19 730112]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\DC++\\DCPlusPlus.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"f:\\Pro Evolution Soccer 6\\PES6.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-05 111184]
R1 SASDIFSV;SASDIFSV;\??\c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-05 20560]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2006-11-30 22400]
R3 SASENUM;SASENUM;\??\c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S3 gel90xne;gel90xne;\??\c:\docume~1\Giuseppe\IMPOST~1\Temp\gel90xne.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecdeea4a-99ce-11db-80c5-a81e5a472e9b}]
\Shell\AutoRun\command - I:\setupSNK.exe
.
- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-AdslTaskBar - stmctrl.dll
HKLM-Run-NWEReboot - (no file)


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://it.yahoo.com/
uInternet Settings,ProxyOverride = ;127.0.0.1;<local>
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FireFox -: Profile - c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\wxo4enw8.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 18:42:19
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\CLBCATQ.DLL
.
Ora fine scansione: 2008-12-08 18.43.20
ComboFix-quarantined-files.txt 2008-12-08 17:43:17
ComboFix2.txt 2008-12-07 20:46:52

Pre-Run: 14.505.660.416 byte disponibili
Post-Run: 14,490,259,456 byte disponibili

178 --- E O F --- 2008-12-07 08:30:21





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.46.11, on 08/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Detector.lnk = C:\WINDOWS\twain_32\Flatbed\Epp\Detector.exe
O4 - Global Startup: Digisoft AntiDialer.lnk = C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {F4CB2891-826B-4C63-ABD9-D9F4615C404C} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6630 bytes
Torna in alto
 
r16
Inviato: Monday, December 08, 2008 10:01:44 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ok.
Il log di HJT è pulito.
Adesso, se hai le periferiche disabilitate,inserisci le tue chiavette o HD esterni e fai una scansione delle stesse, con il tuo antivirus.
Quando sei sicuro che tutto è a posto, puoi riabilitare l'avvio automatico, rifacendo lo stesso percorso che ti ho indicato.
Dimmi come funziona il pc.
Torna in alto
 
peppinho78
Inviato: Monday, December 08, 2008 10:25:44 PM
Rank: AiutAmico

Iscritto dal : 12/6/2008
Posts: 30
Ho inserito una chiavetta e l'antivirus avast mi ha segnalato il virus rootkin.
L'ho spostato nel cestino e ho reinserito la chiavetta ma nn me la apre, mi dice con quale programma voglio aprirla nonostante abbia riattivano il riconoscimento antomatico delle periferiche USB
Torna in alto
 
r16
Inviato: Monday, December 08, 2008 10:34:54 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Dammi il nome, o meglio, il percorso di questo Rootkit.
Torna in alto
 
peppinho78
Inviato: Monday, December 08, 2008 10:46:47 PM
Rank: AiutAmico

Iscritto dal : 12/6/2008
Posts: 30
Nome file originale rdl7.tmp
Cartella originale C:\DOCUM-1\Giuseppe\IMPOST-1|Temp
Descrizione virus Win32:Rootkit-gen
Torna in alto
 
r16
Inviato: Monday, December 08, 2008 10:49:33 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121
Riavvia il pc.
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Fai una scansione on-line con Panda, e postami il log.
http://www.pandasecurity.com/activescan/index/
Dimenticavo:
Fai :
Start\Esegui\copia-incolla questo comando: %temp% svuota la cartella TEMP.
Scusa se ho scritto in ritardo.
Torna in alto
 
peppinho78
Inviato: Tuesday, December 09, 2008 12:08:10 AM
Rank: AiutAmico

Iscritto dal : 12/6/2008
Posts: 30
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-12-09 00:03:33
PROTECTIONS: 1
MALWARE: 2
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1296 [VPS 081208-0] 4.8.1296 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
01895149 Malicious Packer SecRisk No 0 No No C:\Documents and Settings\Giuseppe\Documenti\Backup programmi\codicefiscale.msi[unk_0069][CodiceFiscale_SE.exe]
01895149 Malicious Packer SecRisk No 0 Yes No C:\Programmi\Info2000\CodiceFiscale\SingleEXE\CodiceFiscale_SE.exe
04199772 Generic Worm Virus/Worm No 0 Yes No C:\Documents and Settings\Giuseppe\Documenti\Backup programmi\Avast! Antivirus 4.6.691 Professional Edition Crack.zip[avast! Virus Cleaner 1.0.207.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location r
;===================================================================================================================================================================================
No C:\Documents and Settings\Giuseppe\Desktop\ComboFix.exe r
No C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\E083CSJF\kdrk[1].exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description r
;===================================================================================================================================================================================
184380 MEDIUM MS08-002 r
184379 MEDIUM MS08-001 r
182048 HIGH MS07-069 r
182046 HIGH MS07-067 r
182043 HIGH MS07-064 r
179553 HIGH MS07-061 r
176382 HIGH MS07-057 r
176383 HIGH MS07-058 r
170911 HIGH MS07-050 r
170907 HIGH MS07-046 r
170906 HIGH MS07-045 r
170904 HIGH MS07-043 r
164915 HIGH MS07-035 r
164913 HIGH MS07-033 r
164911 HIGH MS07-031 r
160623 HIGH MS07-027 r
157262 HIGH MS07-022 r
157261 HIGH MS07-021 r
157260 HIGH MS07-020 r
157259 HIGH MS07-019 r
156477 HIGH MS07-017 r
150253 HIGH MS07-016 r
150249 HIGH MS07-013 r
150248 HIGH MS07-012 r
150247 HIGH MS07-011 r
150243 HIGH MS07-008 r
150242 HIGH MS07-007 r
150241 MEDIUM MS07-006 r
141034 HIGH MS06-076 r
141033 MEDIUM MS06-075 r
141030 HIGH MS06-072 r
137571 HIGH MS06-070 r
137568 HIGH MS06-067 r
133387 MEDIUM MS06-065 r
133386 MEDIUM MS06-064 r
133385 MEDIUM MS06-063 r
133379 HIGH MS06-057 r
131654 HIGH MS06-055 r
129977 MEDIUM MS06-053 r
129976 MEDIUM MS06-052 r
126093 HIGH MS06-051 r
126092 MEDIUM MS06-050 r
126087 HIGH MS06-046 r
126086 MEDIUM MS06-045 r
126083 HIGH MS06-042 r
126082 HIGH MS06-041 r
126081 HIGH MS06-040 r
123421 HIGH MS06-036 r
123420 HIGH MS06-035 r
120825 MEDIUM MS06-032 r
120823 MEDIUM MS06-030 r
120818 HIGH MS06-025 r
120815 HIGH MS06-022 r
120814 HIGH MS06-021 r
117384 MEDIUM MS06-018 r
114666 HIGH MS06-015 r
114664 HIGH MS06-013 r
108744 MEDIUM MS06-008 r
108743 MEDIUM MS06-007 r
108742 MEDIUM MS06-006 r
104567 HIGH MS06-002 r
104237 HIGH MS06-001 r
96574 HIGH MS05-053 r
93395 HIGH MS05-051 r
93394 HIGH MS05-050 r
93454 MEDIUM MS05-049 r
;===================================================================================================================================================================================
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » debellare virus malware-gen


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.