s.o.s. - Sicurezza VIRUS - Aiutamici Forum

Aiutamici Forum

Benvenuto Ospite

Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » s.o.s.

5 pages: [1] 2 3 4 5

s.o.s.

Opzioni

Topic Precedente · Topic Sucessivo

mammetta

Inviato: Tuesday, July 28, 2009 10:27:04 AM

Rank: AiutAmico

Iscritto dal : 6/28/2004
Posts: 80

ciao, al momento in cui effettuo la connessione ad internet mi si riavvia il pc. ho provato in provvisoria con programmi quali cccleaner, adware, spyboot, dr alex, combo fix, hjthis, antimalware, patch varie per vundo, monder, dowloader, etc., clamantivirus, vir antivirus ed altri. il pc è aggiornato, questi programmi lo sono a una settimana fa. ho come antivirus fsecure. potrebbe essere una prova tentare di reinstallare il modem di tele2? aiutatemi sennò sono costretto alla formattazione (l'ho sempre scampata in 15 anni di pc). potrebbe essere un'idea provare il riprisitino con il cd di xp? grazie mille !!!

Sponsor

Inviato: Tuesday, July 28, 2009 10:27:04 AM

r16

Inviato: Tuesday, July 28, 2009 11:31:57 AM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Ciao.
Prova queso software:
Prova a scaricare XP TCP repair (ATTENZIONE! Vengono azzerate le impostazioni delle schede di rete).
Lo installi e lo avvii, clicca poi sui bottoni Reset TCP/IP e Repair WinSock. Chiudi il programma, [b]ti riavvierà il pc.
http://www.xp-smoker.com/downloads/xptcprep.exe

Posta un log di hijackthis

mammetta

Inviato: Tuesday, July 28, 2009 7:06:34 PM

Rank: AiutAmico

Iscritto dal : 6/28/2004
Posts: 80

ok grazie. stasera provo e poi posto il log di hijackthis. il ripristino di xp tramite cd non ha funzionato.

mammetta

Inviato: Wednesday, July 29, 2009 8:45:52 AM

Rank: AiutAmico

Iscritto dal : 6/28/2004
Posts: 80

ho provato con il programma indicatomi, ma niente. ho provato anche a disistallare e reinstallare il modem ma niente. ho cambito anche la porta usb. oggi posto il log di hijackthis. intanto aspetto indicazioni. grazie

r16

Inviato: Wednesday, July 29, 2009 11:25:10 AM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

mammetta ha scritto:

oggi posto il log di hijackthis. intanto aspetto indicazioni. grazie

Per ulteriori indicazioni, aspetto il il log di hijackthis.

mammetta

Inviato: Wednesday, July 29, 2009 4:54:24 PM

Rank: AiutAmico

Iscritto dal : 6/28/2004
Posts: 80

ciao, ti allego il log di hijackthis + altri di programmi che ho mandato. grazie

Logfile of HijackThis v1.99.0
Scan saved at 15:20, on 2009-07-29
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\Programmi\F-Secure\Anti-Virus\fsgk32st.exe
C:\Programmi\F-Secure\Common\FSMA32.EXE
C:\Programmi\F-Secure\Anti-Virus\FSGK32.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\F-Secure\Common\FSMB32.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\VEXPLITE\viritsvc.exe
C:\Programmi\F-Secure\Common\FCH32.EXE
C:\Programmi\F-Secure\Common\FAMEH32.EXE
C:\Programmi\F-Secure\Anti-Virus\fsqh.exe
C:\Programmi\F-Secure\FSAUA\program\fsaua.exe
C:\Programmi\F-Secure\Common\FNRB32.EXE
C:\Programmi\F-Secure\Anti-Virus\fssm32.exe
C:\Programmi\F-Secure\FWES\Program\fsdfwd.exe
C:\Programmi\F-Secure\Common\FIH32.EXE
C:\Programmi\F-Secure\Common\FSM32.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\F-Secure\FSGUI\fsguidll.exe
C:\Programmi\F-Secure\Anti-Virus\fsav32.exe
C:\Programmi\Filzip\Filzip.exe
C:\DOCUME~1\_Marco_\IMPOST~1\Temp\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?.intl=it&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://it.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmi\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmi\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [aol] "C:\Programmi\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Active Virus Shield - AOL - C:\Programmi\AOL\Active Virus Shield\avp.exe
O23 - Service: BrSplService - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: FSGKHS - Unknown - C:\Programmi\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: Gestione richieste di rete F-Secure - F-Secure Corporation - C:\Programmi\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent - F-Secure Corporation - C:\Programmi\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon - F-Secure Corporation - C:\Programmi\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Programmi\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client - F-Secure Corporation - C:\Programmi\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: Java Quick Starter - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Virit eXplorer Lite - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

____________________________________________________________________________________________________________

ComboFix 09-07-14.08 - _Marco_ 2009-07-16 19:59.4.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1535.901 [GMT 2:00]
Eseguito da: c:\documents and settings\_Marco_\Desktop\virus\ComboFix.exe
AV: F-Secure Client Security 8.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
AV: Panda Antivirus Platinum 7 *On-access scanning disabled* (Outdated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: F-Secure Client Security 8.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
FW: Panda Antivirus Platinum 7 *disabled* {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Marco\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Platinum.lnk
c:\windows\Installer\303977.msi
c:\windows\Installer\30397e.msi

.
((((((((((((((((((((((((( Files Creati Da 2009-06-16 al 2009-07-16 )))))))))))))))))))))))))))))))))))
.

2009-07-16 07:50 . 2009-07-16 07:50 -------- d-----w- C:\a8936f5cab14bca244

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 17:57 . 2004-08-19 12:00 50836 ----a-w- c:\windows\system32\perfc010.dat
2009-07-16 17:57 . 2004-08-19 12:00 352138 ----a-w- c:\windows\system32\perfh010.dat
2009-07-16 12:07 . 2009-03-19 22:11 -------- d-----w- c:\programmi\Navilog1
2009-07-16 11:47 . 2006-12-21 17:42 -------- d-----w- c:\programmi\F-Secure
2009-07-14 20:44 . 2007-06-29 19:41 -------- d---a-w- c:\docume~1\ALLUSE~1.WIN\DATIAP~1\TEMP
2009-07-14 20:00 . 2009-03-12 14:57 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-07-14 19:59 . 2008-10-25 07:29 -------- d-----w- c:\programmi\TeaTimer (Spybot - Search & Destroy)
2009-07-13 11:36 . 2009-03-12 14:58 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-03-12 14:58 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-08 20:09 . 2009-03-22 20:56 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-06-30 21:55 . 2006-02-12 10:45 21520 ----a-w- c:\documents and settings\_Marco_\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-30 21:55 . 2006-02-12 10:45 21520 ----a-w- c:\docume~1\_Marco_\IMPOST~1\DATIAP~1\GDIPFONTCACHEV1.DAT
2009-06-16 14:36 . 2004-08-19 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-19 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2004-08-19 12:00 1296384 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 20:20 . 2006-04-26 15:52 -------- d-----w- c:\programmi\Robin Hood
2009-05-07 15:32 . 2004-08-19 12:00 347648 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:45 . 2004-08-19 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:44 . 2004-08-19 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 19:47 . 2004-08-19 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2003-10-23 16:52 . 2005-03-22 00:24 40960 ----a-w- c:\programmi\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-02-12 10:51 . 2002-11-12 10:02 860672 c:\programmi\Alcatel\SpeedTouch USB\bak\Dragdiag.exe

2005-03-22 00:17 . 2003-05-05 07:57 143360 c:\programmi\Analog Devices\SoundMAX\bak\SMTray.exe

2006-12-21 17:43 . 2005-10-26 01:51 122929 c:\programmi\F-Secure\common\bak\FSM32.EXE
2007-10-25 20:51 . 2009-03-02 10:57 182936 c:\programmi\F-Secure\common\FSM32.EXE

2006-12-21 17:43 . 2004-05-27 08:57 684032 c:\programmi\F-Secure\TNB\bak\TNBUtil.exe
2007-10-25 20:52 . 2004-05-27 08:57 684032 c:\programmi\F-Secure\TNB\tnbutil.exe

2007-06-14 22:20 . 2007-03-14 01:43 83608 c:\programmi\Java\jre1.6.0_01\bin\bak\jusched.exe

2004-08-19 12:00 . 2004-08-19 12:00 15360 c:\windows\system32\bak\ctfmon.exe
2004-08-19 12:00 . 2008-04-14 02:14 15360 c:\windows\system32\ctfmon.exe

2006-05-03 17:05 . 2001-07-09 00:50 155648 c:\windows\system32\bak\NeroCheck.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Yahoo! Pager"="c:\programmi\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\programmi\F-Secure\Common\FSM32.EXE" [2009-03-02 182936]
"F-Secure TNB"="c:\programmi\F-Secure\FSGUI\TNBUtil.exe" [2009-03-02 1182304]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-19 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2003-07-15 34880]

c:\docume~1\ALLUSE~1.WIN\MENUAV~1\PROGRA~1\ESECUZ~1\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^_Marco_^Menu Avvio^Programmi^Esecuzione automatica^PowerReg Scheduler V3.exe]
path=c:\documents and settings\_Marco_\Menu Avvio\Programmi\Esecuzione automatica\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-03-22 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2007-10-25 79936]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\programmi\F-Secure\HIPS\drivers\fshs.sys [2009-03-22 67808]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\programmi\F-Secure\Anti-Virus\minifilter\fsgk.sys [2009-03-22 99960]
R3 FSORSPClient;F-Secure ORSP Client;c:\programmi\F-Secure\ORSP Client\fsorsp.exe [2009-03-22 55904]
S0 qdptmmqx;qdptmmqx;c:\windows\system32\drivers\ldksbehs.sys --> c:\windows\system32\drivers\ldksbehs.sys [?]
S2 CoachCap;FUJIFILM EX-10/EX-20 PC V1.00;c:\windows\system32\drivers\coachcap.sys [2002-03-03 93068]
S2 havpvhv;havpvhv;c:\windows\system32\drivers\rfzi.sys --> c:\windows\system32\drivers\rfzi.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\programmi\F-Secure\Anti-Virus\win2k\fsfilter.sys [2007-10-25 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\programmi\F-Secure\Anti-Virus\win2k\fsrec.sys [2007-10-25 25184]
S4 SrvKhm;SrvKhm;\\?\c:\programmi\Windows NT\com7.exe [2004-08-19 72812]
S4 SrvWff;SrvWff;\\?\c:\programmi\File comuni\Services\lpt5.exe [2004-08-19 79540]
.
.
------- Scansione supplementare -------
.
uStart Page = https://login.yahoo.com/config/mail?.intl=it&.src=ym
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://it.search.yahoo.com
IE: &Clean Traces - c:\programmi\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\programmi\DAP\dapextie.htm
IE: Download &all with DAP - c:\programmi\DAP\dapextie2.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\programmi\F-Secure\FSPS\program\FSLSP.DLL
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 20:07
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(576)
geyekrrflumupx.dll 10000000 36864 \\?\globalroot\systemroot\system32\geyekrrflumupx.dll
c:\programmi\F-Secure\FSPS\program\FSLSP.DLL
.
Ora fine scansione: 2009-07-16 20:11
ComboFix-quarantined-files.txt 2009-07-16 18:11
ComboFix2.txt 2009-03-17 19:58

Pre-Run: 75,685,924,864 byte disponibili
Post-Run: 75,679,727,616 byte disponibili

138 --- E O F --- 2009-07-16 07:54

_____________________________________________________________________________________________________________

Malwarebytes' Anti-Malware 1.39
Versione del database: 2421
Windows 5.1.2600 Service Pack 3

2009-07-17 20:03:32
mbam-log-2009-07-17 (20-03-32).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 107343
Tempo trascorso: 5 minute(s), 56 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 1
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
\\?\globalroot\systemroot\system32\geyekrrflumupx.dll (Trojan.TDSS) -> Delete on reboot.

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
\\?\globalroot\systemroot\system32\geyekrrflumupx.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

________________________________________________________________________________________________

[07/23/2009, 21:45:16] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\_Marco_\Desktop\Programmi\virus\monder\VirtumundoBeGone.exe" )
[07/23/2009, 21:45:24] - Detected System Information:
[07/23/2009, 21:45:24] - Windows Version: 5.1.2600, Service Pack 3
[07/23/2009, 21:45:24] - Current Username: _Marco_ (Admin)
[07/23/2009, 21:45:24] - Windows is in NORMAL mode.
[07/23/2009, 21:45:24] - Searching for Browser Helper Objects:
[07/23/2009, 21:45:24] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[07/23/2009, 21:45:24] - BHO 2: {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
[07/23/2009, 21:45:24] - BHO 3: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl Class)
[07/23/2009, 21:45:24] - Finished Searching Browser Helper Objects
[07/23/2009, 21:45:24] - Finishing up...
[07/23/2009, 21:45:24] - Nothing found! Exiting...

finito !!!

r16

Inviato: Wednesday, July 29, 2009 5:51:42 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Hai (fra le altre cose) un Dialer.

Scarica FindAWF:
http://noahdfear.geekstogo.com/FindAWF.exe 3. Esegui FindAWF,premi un tasto qualsiasi,poi premi il tasto 1 e INVIO, aspetti il log che FindAWF stamperà su un file di testo alla fine della ricerca.
Il filelog lo posti in questa discussione.

Poi scarica Avenger e aspetta istruzioni:
http://swandog46.geekstogo.com/avenger.zip

mammetta

Inviato: Wednesday, July 29, 2009 5:55:51 PM

Rank: AiutAmico

Iscritto dal : 6/28/2004
Posts: 80

già passati (il primo sicuramente, sul secondo non ne sono sicurissimo) comunque stasera riprovo e poi ti posto il log. sono sempre piu' pessimista e prossimo alla formattazione (sigh ....!)

r16

Inviato: Wednesday, July 29, 2009 6:11:24 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Senti mammetta , o fai come ti dico io, e forse (dico forse) ne usciamo.
Hai il pc super-infettato, ma di sicuro, se non segui le mie indicazioni, sarà difficile ripulirtelo.

Esegui questa operazione:

Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe\ Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

KillAll::
Driver::
qdptmmqx
havpvhv
SrvKhm
SrvWff

File::
c:\windows\system32\drivers\ldksbehs.sys
c:\windows\system32\drivers\rfzi.sys
c:\programmi\Windows NT\com7.exe
c:\programmi\File comuni\Services\lpt5.exe
c:\programmi\Uninstall_CDS.exe

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix

mammetta

Inviato: Wednesday, July 29, 2009 6:20:00 PM

Rank: AiutAmico

Iscritto dal : 6/28/2004
Posts: 80

ok, appena torno a casa lo faccio.grazie 1000

r16

Inviato: Wednesday, July 29, 2009 6:24:44 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Quando hai il pc sotto mano , disistalla Fsecure. ( è corrotto)
Vai in Installazione Applicazioni e disistalla tutte le versioni JAVA che trovi.
Disistalla TUTTI quei programmi di difesa che hai installato.
Tieni solo VIRIT, Combofix, Avenger, e FindAWF

mammetta

Inviato: Wednesday, July 29, 2009 7:04:38 PM

Rank: AiutAmico

Iscritto dal : 6/28/2004
Posts: 80

ok, mi porto il portatile cosi' posso inviarti i log ed eventualmente interagire. grazie

mammetta

Inviato: Wednesday, July 29, 2009 9:38:36 PM

Rank: AiutAmico

Iscritto dal : 6/28/2004
Posts: 80

CIAO, STO PASSANDO COMBOFIX COME MI HAI DETTO TU. QUANDO HA FINITO TI POSTO IL LOG

mammetta

Inviato: Wednesday, July 29, 2009 9:46:13 PM

Rank: AiutAmico

Iscritto dal : 6/28/2004
Posts: 80

ComboFix 09-07-14.08 - _Marco_ 2009-07-29 21:32.5.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1535.874 [GMT 2:00]
Eseguito da: c:\documents and settings\_Marco_\Desktop\Programmi\virus\ComboFix.exe
Opzioni usate :: c:\documents and settings\_Marco_\Desktop\TROJAN\CFScript.txt
AV: F-Secure Client Security 8.01 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
AV: Panda Antivirus Platinum 7 *On-access scanning disabled* (Outdated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: F-Secure Client Security 8.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
FW: Panda Antivirus Platinum 7 *disabled* {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -

FILE ::
"c:\programmi\File comuni\Services\lpt5.exe"
"c:\programmi\Uninstall_CDS.exe"
"c:\programmi\Windows NT\com7.exe"
"c:\windows\system32\drivers\ldksbehs.sys"
"c:\windows\system32\drivers\rfzi.sys"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\Uninstall_CDS.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-06-28 al 2009-07-29 )))))))))))))))))))))))))))))))))))
.

2009-07-28 19:27 . 2009-07-28 19:27 -------- d-----w- c:\programmi\XP TCPIP Repair
2009-07-27 21:20 . 2009-07-27 21:20 57836 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\AOL\AVP6\Bases\ids00118.sys
2009-07-27 21:20 . 2009-07-27 21:20 23080 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\AOL\AVP6\Bases\klfw.sys
2009-07-27 21:20 . 2009-07-27 21:20 12489 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\AOL\AVP6\Bases\klstm.sys
2009-07-27 21:20 . 2009-07-27 21:20 12264 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\AOL\AVP6\Bases\klcr.sys
2009-07-27 19:43 . 2009-07-27 19:43 1052 ----a-w- C:\prgmonsp.bin
2009-07-27 19:33 . 2009-07-27 19:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\AOL
2009-07-27 19:33 . 2009-07-29 19:35 344096 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-27 19:33 . 2009-07-29 19:33 6176 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-27 19:31 . 2009-03-07 10:53 41728 ----a-w- c:\windows\system32\drivers\VIRAGTLT.SYS
2009-07-27 19:31 . 2009-07-27 21:19 -------- d-----w- C:\VEXPLITE
2009-07-17 14:00 . 2009-07-17 14:00 -------- d-----w- C:\VundoFix Backups
2009-07-16 07:50 . 2009-07-16 07:50 -------- d-----w- C:\a8936f5cab14bca244
2009-07-14 20:00 . 2009-07-14 20:00 3775175 ----a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-13 21:08 . 2009-07-26 08:17 91 ----a-w- c:\windows\system32\geyekriqpfqxmq.dat
2009-07-13 20:54 . 2009-07-27 20:50 59005 ----a-w- c:\windows\system32\geyekrflnrdamq.dat
2009-07-13 20:54 . 2009-07-13 20:54 70144 ----a-w- c:\windows\system32\drivers\GEYEKRURLGWEXV.SYS.VIR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 19:33 . 2009-07-27 19:33 5588 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-29 19:33 . 2009-07-27 19:33 1580 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-28 19:41 . 2004-08-19 12:00 50836 ----a-w- c:\windows\system32\perfc010.dat
2009-07-28 19:41 . 2004-08-19 12:00 352138 ----a-w- c:\windows\system32\perfh010.dat
2009-07-27 19:39 . 2006-12-21 17:42 -------- d-----w- c:\programmi\F-Secure
2009-07-25 23:39 . 2007-06-29 19:41 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\TEMP
2009-07-16 12:07 . 2009-03-19 22:11 -------- d-----w- c:\programmi\Navilog1
2009-07-14 20:00 . 2009-03-12 14:57 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-07-14 19:59 . 2008-10-25 07:29 -------- d-----w- c:\programmi\TeaTimer (Spybot - Search & Destroy)
2009-07-13 11:36 . 2009-03-12 14:58 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-03-12 14:58 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-08 20:09 . 2009-03-22 20:56 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-06-30 21:55 . 2006-02-12 10:45 21520 ----a-w- c:\documents and settings\_Marco_\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-16 14:36 . 2004-08-19 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-19 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2004-08-19 12:00 1296384 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 20:20 . 2006-04-26 15:52 -------- d-----w- c:\programmi\Robin Hood
2009-05-07 15:32 . 2004-08-19 12:00 347648 ----a-w- c:\windows\system32\localspl.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-16_18.07.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-29 19:35 . 2009-07-29 19:35 16384 c:\windows\temp\Perflib_Perfdata_554.dat
- 2004-08-19 12:00 . 2009-07-16 17:57 43236 c:\windows\system32\perfc009.dat
+ 2004-08-19 12:00 . 2009-07-28 19:41 43236 c:\windows\system32\perfc009.dat
+ 2006-03-24 16:08 . 2006-03-24 16:08 28778 c:\windows\system32\klogon.dll
+ 2006-02-15 17:59 . 2006-02-15 17:59 15496 c:\windows\system32\drivers\klop.sys
+ 2006-04-24 13:22 . 2006-04-24 13:22 45352 c:\windows\system32\drivers\klin.sys
+ 2006-03-21 08:46 . 2006-03-21 08:46 44555 c:\windows\system32\drivers\klick.sys
+ 2006-02-13 13:24 . 2006-02-13 13:24 20699 c:\windows\system32\drivers\kl1.sys
+ 2006-02-11 17:45 . 2009-07-27 19:40 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
- 2006-02-11 17:45 . 2009-07-16 17:53 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2006-02-11 17:45 . 2009-07-27 19:40 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2006-02-11 17:45 . 2009-07-16 17:53 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2006-02-11 17:45 . 2009-07-16 17:53 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-02-11 17:45 . 2009-07-27 19:40 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-19 12:00 . 2009-07-28 19:41 318732 c:\windows\system32\perfh009.dat
- 2004-08-19 12:00 . 2009-07-16 17:57 318732 c:\windows\system32\perfh009.dat
+ 2006-08-24 16:23 . 2006-08-24 16:23 171792 c:\windows\system32\drivers\klif.sys
+ 2009-07-27 19:33 . 2009-07-27 19:33 1996288 c:\windows\Installer\89171.msi
- 2006-03-02 20:48 . 2009-07-07 15:10 24539592 c:\windows\system32\MRT.exe
+ 2006-03-02 20:48 . 2009-07-07 06:10 24539592 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-02-12 10:51 . 2002-11-12 10:02 860672 c:\programmi\Alcatel\SpeedTouch USB\bak\Dragdiag.exe

2005-03-22 00:17 . 2003-05-05 07:57 143360 c:\programmi\Analog Devices\SoundMAX\bak\SMTray.exe

2006-12-21 17:43 . 2005-10-26 01:51 122929 c:\programmi\F-Secure\common\bak\FSM32.EXE
2007-10-25 20:51 . 2009-03-02 10:57 182936 c:\programmi\F-Secure\common\FSM32.EXE

2006-12-21 17:43 . 2004-05-27 08:57 684032 c:\programmi\F-Secure\TNB\bak\TNBUtil.exe
2007-10-25 20:52 . 2004-05-27 08:57 684032 c:\programmi\F-Secure\TNB\tnbutil.exe

2007-06-14 22:20 . 2007-03-14 01:43 83608 c:\programmi\Java\jre1.6.0_01\bin\bak\jusched.exe

2004-08-19 12:00 . 2004-08-19 12:00 15360 c:\windows\system32\bak\ctfmon.exe
2004-08-19 12:00 . 2008-04-14 02:14 15360 c:\windows\system32\ctfmon.exe

2006-05-03 17:05 . 2001-07-09 00:50 155648 c:\windows\system32\bak\NeroCheck.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\programmi\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\programmi\F-Secure\Common\FSM32.EXE" [2009-03-02 182936]
"F-Secure TNB"="c:\programmi\F-Secure\FSGUI\TNBUtil.exe" [2009-03-02 1182304]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-19 148888]
"aol"="c:\programmi\AOL\Active Virus Shield\avp.exe" [2006-05-30 139367]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2003-07-15 34880]

c:\documents and settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^_Marco_^Menu Avvio^Programmi^Esecuzione automatica^PowerReg Scheduler V3.exe]
path=c:\documents and settings\_Marco_\Menu Avvio\Programmi\Esecuzione automatica\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-03-22 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2007-10-25 79936]
R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.SYS [2009-07-27 41728]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\programmi\F-Secure\HIPS\drivers\fshs.sys [2009-03-22 67808]
R2 viritsvclite;Virit eXplorer Lite;c:\vexplite\viritsvc.exe [2007-10-10 57344]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\programmi\F-Secure\Anti-Virus\minifilter\fsgk.sys [2009-03-22 99960]
R3 FSORSPClient;F-Secure ORSP Client;c:\programmi\F-Secure\ORSP Client\fsorsp.exe [2009-03-22 55904]
S0 qdptmmqx;qdptmmqx;c:\windows\system32\drivers\ldksbehs.sys --> c:\windows\system32\drivers\ldksbehs.sys [?]
S2 CoachCap;FUJIFILM EX-10/EX-20 PC V1.00;c:\windows\system32\drivers\coachcap.sys [2002-03-03 93068]
S2 havpvhv;havpvhv;c:\windows\system32\drivers\rfzi.sys --> c:\windows\system32\drivers\rfzi.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\programmi\F-Secure\Anti-Virus\win2k\fsfilter.sys [2007-10-25 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\programmi\F-Secure\Anti-Virus\win2k\fsrec.sys [2007-10-25 25184]
S4 SrvKhm;SrvKhm;"\\?\c:\programmi\Windows NT\com7.exe" --> \\?\c:\programmi\Windows NT\com7.exe [?]
S4 SrvWff;SrvWff;"\\?\c:\programmi\File comuni\Services\lpt5.exe" --> \\?\c:\programmi\File comuni\Services\lpt5.exe [?]
.
Contenuto della cartella 'Scheduled Tasks'

2009-07-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Scansione supplementare -------
.
uStart Page = https://login.yahoo.com/config/mail?.intl=it&.src=ym
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://it.search.yahoo.com
IE: &Clean Traces - c:\programmi\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\programmi\DAP\dapextie.htm
IE: Download &all with DAP - c:\programmi\DAP\dapextie2.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-29 21:35
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

c:\windows\TEMP\TMP0000000A9EB8C9B2908A5774 524288 bytes executable

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(420)
c:\windows\system32\klogon.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\BRSS01A.EXE
c:\programmi\F-Secure\Anti-Virus\fsgk32st.exe
c:\programmi\F-Secure\common\FSMA32.EXE
c:\programmi\F-Secure\Anti-Virus\fsgk32.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
c:\programmi\F-Secure\common\FSMB32.EXE
c:\windows\system32\HPZipm12.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\programmi\F-Secure\common\FCH32.EXE
c:\programmi\F-Secure\Anti-Virus\fsqh.exe
c:\programmi\F-Secure\common\FAMEH32.EXE
c:\programmi\F-Secure\common\FNRB32.exe
c:\programmi\F-Secure\Anti-Virus\fssm32.exe
c:\programmi\F-Secure\FSAUA\program\fsaua.exe
c:\programmi\F-Secure\common\FIH32.exe
c:\programmi\F-Secure\FWES\program\fsdfwd.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\F-Secure\FSGUI\fsguidll.exe
c:\progra~1\F-Secure\ANTI-V~1\fsav32.exe
.
**************************************************************************
.
Ora fine scansione: 2009-07-29 21:41 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-07-29 19:41
ComboFix2.txt 2009-07-16 18:11
ComboFix3.txt 2009-03-17 19:58

Pre-Run: 75,460,411,392 byte disponibili
Post-Run: 75,429,416,960 byte disponibili

216 --- E O F --- 2009-07-27 21:20

mammetta

Inviato: Wednesday, July 29, 2009 9:53:45 PM

Rank: AiutAmico

Iscritto dal : 6/28/2004
Posts: 80

sto disistallando tutti i programmi compreso f secure. e' possibile che abbia preso il virus giocando online o vedendo filmati cercati su google video?

mammetta

Inviato: Wednesday, July 29, 2009 10:13:00 PM

Rank: AiutAmico

Iscritto dal : 6/28/2004
Posts: 80

fatto. attendo notizie per eseguire avenger. sos . grazie .

mammetta

Inviato: Wednesday, July 29, 2009 10:16:38 PM

Rank: AiutAmico

Iscritto dal : 6/28/2004
Posts: 80

Find AWF report by noahdfear ©2006
Version 1.40

bak folders found
~~~~~~~~~~~

Il volume nell'unità C è Sistema
Numero di serie del volume: 2012-D564

Directory di C:\WINDOWS\SYSTEM32\BAK

2004-08-19 14:00 15,360 ctfmon.exe
2001-07-09 02:50 155,648 NeroCheck.exe
2 File 171,008 byte
2 Directory 75,773,317,120 byte disponibili
Il volume nell'unità C è Sistema
Numero di serie del volume: 2012-D564

Directory di C:\PROGRA~1\ALCATEL\SPEEDT~1\BAK

2002-11-12 12:02 860,672 Dragdiag.exe
1 File 860,672 byte
2 Directory 75,773,313,024 byte disponibili
Il volume nell'unità C è Sistema
Numero di serie del volume: 2012-D564

Directory di C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

2003-05-05 09:57 143,360 SMTray.exe
1 File 143,360 byte
2 Directory 75,773,313,024 byte disponibili
Il volume nell'unità C è Sistema
Numero di serie del volume: 2012-D564

Directory di C:\PROGRA~1\F-SECURE\COMMON\BAK

2005-10-26 03:51 122,929 FSM32.EXE
1 File 122,929 byte
2 Directory 75,773,313,024 byte disponibili
Il volume nell'unità C è Sistema
Numero di serie del volume: 2012-D564

Directory di C:\PROGRA~1\F-SECURE\TNB\BAK

2004-05-27 10:57 684,032 TNBUtil.exe
1 File 684,032 byte
2 Directory 75,773,313,024 byte disponibili
Il volume nell'unità C è Sistema
Numero di serie del volume: 2012-D564

Directory di C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

2007-03-14 03:43 83,608 jusched.exe
1 File 83,608 byte
2 Directory 75,773,313,024 byte disponibili

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

15360 14 Apr 2008 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
155648 9 Jul 2001 "C:\Programmi\Nero\Nero 6 Full\System\NeroCheck.exe"
155648 9 Jul 2001 "C:\Documents and Settings\_Marco_\Desktop\Programmi\Nero 6 Full\System\NeroCheck.exe"
860672 12 Nov 2002 "C:\Programmi\Alcatel\SpeedTouch USB\bak\Dragdiag.exe"
860672 11 Dec 2002 "C:\Programmi\Telecom Italia\AdslWizzy\Driver\SpeedTouch330USB\Programs\dragdiag.exe"
143360 5 May 2003 "C:\Programmi\Analog Devices\SoundMAX\bak\SMTray.exe"
122929 26 Oct 2005 "C:\Programmi\F-Secure\common\bak\FSM32.EXE"
684032 27 May 2004 "C:\Programmi\F-Secure\TNB\bak\TNBUtil.exe"
83608 14 Mar 2007 "C:\Programmi\Java\jre1.6.0_01\bin\bak\jusched.exe"

end of report

r16

Inviato: Wednesday, July 29, 2009 11:07:22 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Avvia AVENGER
Clicca Ok
Inserisci queste righe (fai copia-incolla) nel riquadro bianco:

Files to delete:
c:\windows\system32\ctfmon.exe

Folders to delete:
c:\programmi\Navilog1

Files to move:
c:\windows\system32\bak\ctfmon.exe|c:\windows\system32\ctfmon.exe
c:\programmi\Analog Devices\SoundMAX\bak\SMTray.exe|c:\programmi\Analog Devices\SoundMAX\SMTray.exe
c:\programmi\Alcatel\SpeedTouch USB\bak\Dragdiag.exe|c:\programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
c:\windows\system32\bak\NeroCheck.exe|c:\windows\system32\NeroCheck.exe

Togli la spunta da Scan for Rootkit
Clicca su Execute e aspetta...
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger

Fai un'altra scansione con Find AWF e posta il log.

mammetta

Inviato: Wednesday, July 29, 2009 11:09:08 PM

Rank: AiutAmico

Iscritto dal : 6/28/2004
Posts: 80

ok, procedo.

Utenti presenti in questo topic

5 pages: [1] 2 3 4 5

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » s.o.s.

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS :

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded