Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » problema virus

2 pages: [1] 2
problema virus Opzioni
Topic Precedente · Topic Sucessivo
maura50
Inviato: Friday, September 18, 2009 5:54:20 PM
Rank: Member

Iscritto dal : 9/8/2009
Posts: 16
un po' sprovveduta ho riempito di virus il mio pc grazie ad una chiavetta infettata a scuola... Ho provato a ripulirlo (ho antivirus AVg free), ma ad ogni scansione continua a segnalarmi un Win 32/heur... e un Trojan Cript FQT...
Qualcuno mi aiuta a trovare un modo per eliminarli (possibilmente senza dover far riformattare il computer)?
Torna in alto
 
Sponsor
Inviato: Friday, September 18, 2009 5:54:20 PM

 
Torna in alto
 
r16
Inviato: Friday, September 18, 2009 6:16:38 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Per prima cosa:
Scarica Panda Research USB Vaccine:
http://acs.pandasoftware.com/marketing/promo/USBVaccine.zip
Il tool è standalone, quindi non necessita di installazione
estrai l'archivio sul Deskop
lancia il tool
per disattivare l'autorun è sufficiente cliccare sul tasto Vaccinate computer
per riattivare l'autorun, basterà riavviare il programma e cliccare sul tasto Remove vaccine

Note:
1) scaricalo solo se utilizzi pendrive o altre periferiche di archiviazione dati esterne
2) riabilita gli autorun, solo dopo aver avuto la certezza che il problema esposto è stato risolto

Poi:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.
Poi posta un log di HijackThis
http://www.aiutaamici.com/software?ID=11175
Torna in alto
 
maura50
Inviato: Saturday, September 19, 2009 5:16:34 PM
Rank: Member

Iscritto dal : 9/8/2009
Posts: 16
Malwarebytes' Anti-Malware 1.41
Versione del database: 2820
Windows 5.1.2600 Service Pack 2

19/09/2009 17.01.57
mbam-log-2009-09-19 (17-01-34).txt

Tipo di scansione: Scansione completa (A:\|C:\|D:\|)
Elementi scansionati: 117428
Tempo trascorso: 14 minute(s), 8 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\WINDOWS\system32\1C43AE\RegEx.fnr (Worm.AutoRun) -> No action taken.
Malwarebytes' Anti-Malware 1.41
Versione del database: 2820
Windows 5.1.2600 Service Pack 2

19/09/2009 17.01.57
mbam-log-2009-09-19 (17-01-34).txt

Tipo di scansione: Scansione completa (A:\|C:\|D:\|)
Elementi scansionati: 117428
Tempo trascorso: 14 minute(s), 8 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\WINDOWS\system32\1C43AE\RegEx.fnr (Worm.AutoRun) -> No action taken.
appena completata manderò anche il log di Hijack ..
mi scuso, ma io fino ad ora ho usato quasi solo Word...
Torna in alto
 
maura50
Inviato: Saturday, September 19, 2009 5:46:16 PM
Rank: Member

Iscritto dal : 9/8/2009
Posts: 16
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.40.22, on 19/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\File comuni\DeviceHelper\DeviceManager.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\05CB30\C8714E.EXE
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Programmi\Nikon\NkView5\NkvMon.exe
C:\Programmi\HSPA USB MODEM\HSPA USB MODEM.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [C8714E] C:\WINDOWS\system32\05CB30\C8714E.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: C8714E.lnk = C:\WINDOWS\system32\05CB30\C8714E.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D02F5800-BF9F-42DE-81A8-A16F453D5D62}: NameServer = 193.70.152.25 193.70.152.15
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DeviceManager - Unknown owner - C:\Programmi\File comuni\DeviceHelper\DeviceManager.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 6139 bytes
Torna in alto
 
ecofive
Inviato: Saturday, September 19, 2009 7:01:18 PM

Rank: AiutAmico

Iscritto dal : 6/20/2008
Posts: 7,111
O.T. : solo oggi mi sono accorto che c'eri anche tu in questo Forum (dove c'è un certo Paolopa che mi sembra tu conosca ...). Benvenuta tra noi.

Ciao.
Torna in alto
 
monsee
Inviato: Saturday, September 19, 2009 8:07:58 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Benvenuta, Maura!
Vedrai che l'ottimo r16 saprà come aiutarti.
Torna in alto
 
r16
Inviato: Saturday, September 19, 2009 10:46:59 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Elimina quello che ha trovato Malwarebytes.

Poi fai questa scansione:
Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di Combofix e (qoobox)
Torna in alto
 
maura50
Inviato: Thursday, September 24, 2009 4:39:18 PM
Rank: Member

Iscritto dal : 9/8/2009
Posts: 16
ComboFix 09-09-23.02 - Maura 24/09/2009 16.24.34.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.511.144 [GMT 2:00]
Eseguito da: c:\documents and settings\Maura\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Maura\IMPOST~1\Temp\E_N4
c:\docume~1\Maura\IMPOST~1\Temp\E_N4\cnvpe.fne
c:\docume~1\Maura\IMPOST~1\Temp\E_N4\dp1.fne
c:\docume~1\Maura\IMPOST~1\Temp\E_N4\eAPI.fne
c:\docume~1\Maura\IMPOST~1\Temp\E_N4\HtmlView.fne
c:\docume~1\Maura\IMPOST~1\Temp\E_N4\internet.fne
c:\docume~1\Maura\IMPOST~1\Temp\E_N4\krnln.fnr
c:\docume~1\Maura\IMPOST~1\Temp\E_N4\shell.fne
c:\docume~1\Maura\IMPOST~1\Temp\E_N4\spec.fne
c:\windows\AUTOLNCH.REG
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\system32\SYSInfo.ocx

.
((((((((((((((((((((((((( Files Creati Da 2009-08-24 al 2009-09-24 )))))))))))))))))))))))))))))))))))
.

2009-09-19 15:39 . 2009-09-19 15:39 -------- d-----w- c:\programmi\Trend Micro
2009-09-08 17:06 . 2009-09-08 20:46 -------- d-----w- c:\documents and settings\Maura\Dati applicazioni\Desktopicon
2009-09-08 17:06 . 2009-09-08 17:06 -------- d-----w- c:\programmi\Unlocker
2009-09-08 15:31 . 2009-09-08 15:31 -------- d-----w- c:\programmi\CCleaner
2009-09-08 13:48 . 2009-09-08 13:48 -------- d-----w- c:\documents and settings\Maura\Dati applicazioni\Malwarebytes
2009-09-08 13:48 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 13:48 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 13:48 . 2009-09-08 13:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-09-08 13:48 . 2009-09-18 16:54 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-08-30 07:20 . 2009-08-30 07:34 -------- d-----w- c:\windows\BDOSCAN8
2009-08-27 14:01 . 2009-08-27 14:01 -------- d-----w- c:\windows\ServicePackFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-18 18:32 . 2009-06-20 11:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-09-15 16:11 . 2009-06-20 12:23 -------- d-----w- c:\programmi\FotoStation Easy
2009-08-05 09:05 . 2004-08-19 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:56 . 2004-08-19 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 00:18 . 2004-08-19 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-27 07:02 . 2004-08-19 12:00 345010 ----a-w- c:\windows\system32\perfh010.dat
2009-06-27 07:02 . 2004-08-19 12:00 47592 ----a-w- c:\windows\system32\perfc010.dat
2009-06-26 20:30 . 2009-06-20 11:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-26 20:30 . 2009-06-20 11:39 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-26 20:30 . 2009-06-20 11:39 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-26 20:30 . 2009-06-20 11:39 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-26 16:17 . 2004-08-19 12:00 662016 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:16 . 2004-08-19 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-20 11:35 . 2009-06-20 11:35 1405607 --sh--r- c:\windows\system32\05CB30\C8714E.EXE
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 14:07 1004800 ----a-w- c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-26 1948440]
"C8714E"="c:\windows\system32\05CB30\C8714E.EXE" [2009-06-20 1405607]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\Maura\Menu Avvio\Programmi\Esecuzione automatica\
C8714E.lnk - c:\windows\system32\05CB30\C8714E.EXE [2009-6-20 1405607]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2009-6-20 127488]
FotoStation Easy AutoLaunch.lnk - c:\programmi\FotoStation Easy\FotoStation Easy AutoLaunch.exe [2009-6-20 49152]
NkvMon.exe.lnk - c:\programmi\Nikon\NkView5\NkvMon.exe [2009-6-20 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-26 20:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/06/2009 13.39.10 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20/06/2009 13.39.16 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [26/06/2009 22.30.01 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [26/06/2009 22.30.03 298776]
S2 DeviceManager;DeviceManager;c:\programmi\File comuni\DeviceHelper\DeviceManager.exe -start --> c:\programmi\File comuni\DeviceHelper\DeviceManager.exe -start [?]
S3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [20/06/2009 13.53.06 103552]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-24 16:27
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2009-09-24 16.28.04
ComboFix-quarantined-files.txt 2009-09-24 14:28

Pre-Run: 116.508.573.696 byte disponibili
Post-Run: 116.550.275.072 byte disponibili

128 --- E O F --- 2009-09-13 14:01
ecco il log di Combofix che mi era stato richiesto.. mi scuso per il ritardo... ma io sono una maestra e quest'anno ho una classe prima che mi distrugge...
Torna in alto
 
r16
Inviato: Thursday, September 24, 2009 5:13:34 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
maura50 ha scritto:
mi scuso per il ritardo... ma io sono una maestra e quest'anno ho una classe prima che mi distrugge...

Non servono le scuse.
Io ne ho uno solo,e mi disintrega..... figuriamoci una classe intera. Sick

Disistalla Combofix.
Fai una scansione con il tuo antivirus, e vedi se rileva ancora quelle infezioni.
Dimmi se rilevi ancora problemi.
Posta un log di HijackThis .
Torna in alto
 
maura50
Inviato: Friday, September 25, 2009 6:03:12 PM
Rank: Member

Iscritto dal : 9/8/2009
Posts: 16
la scansione con AVG ha rilevato:
Avviso: TrackingCooke.Doubleclick in C:\Documents and Setting\Maura\Cookies\maura@doubleclik(1).txt
Avviso: TrackingCooke.Yeldmanager in C:\Documents and Setting\Maura\Cookies\maura@adyeldmanager
(1).txt
Infezione; Virus Win32/Heur in C:\Docume^1\Maura\IMPOST^1\Temp\E_N4\dp1.fne
Infezione; Virus TrojanCryptFQT in C:\Docume^1\Maura\IMPOST^1\Temp\E_N4\shell.fne

ecco il log di HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.54.26, on 25/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\File comuni\DeviceHelper\DeviceManager.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\05CB30\C8714E.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Programmi\Nikon\NkView5\NkvMon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [C8714E] C:\WINDOWS\system32\05CB30\C8714E.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: C8714E.lnk = C:\WINDOWS\system32\05CB30\C8714E.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DeviceManager - Unknown owner - C:\Programmi\File comuni\DeviceHelper\DeviceManager.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 5842 bytes

C'è speranza? Grazie per la disponibilità e le consulenze!
DOPO... avrei ancora qualche domanda su come trattare un little disk (con materiale di archivio) e un paio di chiavette... probablmente infetti (che non sto ovviamente usando)
Torna in alto
 
r16
Inviato: Friday, September 25, 2009 6:30:49 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Mai perdere la speranza.

Scarica Avenger, e scompattalo in una sua cartella non temporanea e non sul desktop: http://swandog46.geekstogo.com/avenger.zip

Avvia AVENGER
Clicca Ok
Inserisci queste righe (fai copia-incolla) nel riquadro bianco: (quelle in neretto)

Files to delete:
C:\Docume^1\Maura\IMPOST^1\Temp\E_N4\dp1.fne
C:\Docume^1\Maura\IMPOST^1\Temp\E_N4\shell.fne
C:\Documents and Setting\Maura\Cookies\maura@doubleclik(1).txt
C:\Documents and Setting\Maura\Cookies\maura@adyeldmanager


Togli la spunta da Scan for Rootkit
Clicca su Execute e aspetta...
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger
Rifai la scansione con AVG, e vedi se rileva ancora qualcosa.

P. S:
Ti sei ricordata di eliminare i file infetti che aveva trovato Malwarebytes?
Torna in alto
 
maura50
Inviato: Friday, September 25, 2009 9:10:05 PM
Rank: Member

Iscritto dal : 9/8/2009
Posts: 16
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:


Error: could not open file "C:\Docume^1\Maura\IMPOST^1\Temp\E_N4\dp1.fne"
Deletion of file "C:\Docume^1\Maura\IMPOST^1\Temp\E_N4\dp1.fne" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Docume^1\Maura\IMPOST^1\Temp\E_N4\shell.fne"
Deletion of file "C:\Docume^1\Maura\IMPOST^1\Temp\E_N4\shell.fne" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Documents and Setting\Maura\Cookies\maura@doubleclik(1).txt"
Deletion of file "C:\Documents and Setting\Maura\Cookies\maura@doubleclik(1).txt" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Documents and Setting\Maura\Cookies\maura@adyeldmanager"
Deletion of file "C:\Documents and Setting\Maura\Cookies\maura@adyeldmanager" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Completed script processing.

*******************

Finished! Terminate.
ecco il log richiesto.
La scansione con AVG ha dato di nuovo i dueTemp\E_N4 e poi c'è scritto anche:
C:windows\sistem32\05C830\C8714E.exe(1756) virus rilevato Trojan Cript FQT

I file infetti sono in quarantena.
Torna in alto
 
r16
Inviato: Friday, September 25, 2009 10:46:26 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Se sono in quarantena non possono nuocere.
Se hai disistallato Combofix,(errore mio dirti di disistallarlo) devi reistallarlo, e fare una scansione nelle modalità che ho descritto nel post sopra.
Scarica questa versione di Combofix, e scaricala sul Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Posta il log.
Torna in alto
 
maura50
Inviato: Saturday, September 26, 2009 8:41:48 PM
Rank: Member

Iscritto dal : 9/8/2009
Posts: 16
cco il log richiesto
ComboFix 09-09-25.01 - Maura 26/09/2009 20.33.15.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.511.145 [GMT 2:00]
Eseguito da: c:\documents and settings\Maura\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Maura\IMPOST~1\Temp\E_N4
c:\docume~1\Maura\IMPOST~1\Temp\E_N4\cnvpe.fne
c:\docume~1\Maura\IMPOST~1\Temp\E_N4\dp1.fne
c:\docume~1\Maura\IMPOST~1\Temp\E_N4\eAPI.fne
c:\docume~1\Maura\IMPOST~1\Temp\E_N4\HtmlView.fne
c:\docume~1\Maura\IMPOST~1\Temp\E_N4\internet.fne
c:\docume~1\Maura\IMPOST~1\Temp\E_N4\krnln.fnr
c:\docume~1\Maura\IMPOST~1\Temp\E_N4\shell.fne
c:\docume~1\Maura\IMPOST~1\Temp\E_N4\spec.fne
c:\documents and settings\Maura\Dati applicazioni\Desktopicon
c:\documents and settings\Maura\Dati applicazioni\Desktopicon\config.ini
c:\documents and settings\Maura\Dati applicazioni\Desktopicon\eBayShortcuts.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-08-26 al 2009-09-26 )))))))))))))))))))))))))))))))))))
.

2009-09-19 15:39 . 2009-09-19 15:39 -------- d-----w- c:\programmi\Trend Micro
2009-09-08 17:06 . 2009-09-08 17:06 -------- d-----w- c:\programmi\Unlocker
2009-09-08 15:31 . 2009-09-08 15:31 -------- d-----w- c:\programmi\CCleaner
2009-09-08 13:48 . 2009-09-08 13:48 -------- d-----w- c:\documents and settings\Maura\Dati applicazioni\Malwarebytes
2009-09-08 13:48 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 13:48 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 13:48 . 2009-09-08 13:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-09-08 13:48 . 2009-09-18 16:54 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-08-30 07:20 . 2009-08-30 07:34 -------- d-----w- c:\windows\BDOSCAN8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-26 18:08 . 2009-06-20 11:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-09-15 16:11 . 2009-06-20 12:23 -------- d-----w- c:\programmi\FotoStation Easy
2009-08-05 09:05 . 2004-08-19 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:56 . 2004-08-19 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 00:18 . 2004-08-19 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-20 11:35 . 2009-06-20 11:35 1405607 --sh--r- c:\windows\system32\05CB30\C8714E.EXE
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 14:07 1004800 ----a-w- c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-26 1948440]
"C8714E"="c:\windows\system32\05CB30\C8714E.EXE" [2009-06-20 1405607]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\Maura\Menu Avvio\Programmi\Esecuzione automatica\
C8714E.lnk - c:\windows\system32\05CB30\C8714E.EXE [2009-6-20 1405607]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2009-6-20 127488]
FotoStation Easy AutoLaunch.lnk - c:\programmi\FotoStation Easy\FotoStation Easy AutoLaunch.exe [2009-6-20 49152]
NkvMon.exe.lnk - c:\programmi\Nikon\NkView5\NkvMon.exe [2009-6-20 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-26 20:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/06/2009 13.39.10 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20/06/2009 13.39.16 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [26/06/2009 22.30.01 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [26/06/2009 22.30.03 298776]
R3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [20/06/2009 13.53.06 103552]
S2 DeviceManager;DeviceManager;c:\programmi\File comuni\DeviceHelper\DeviceManager.exe -start --> c:\programmi\File comuni\DeviceHelper\DeviceManager.exe -start [?]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-26 20:35
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2009-09-26 20.36.39
ComboFix-quarantined-files.txt 2009-09-26 18:36

Pre-Run: 116.497.276.928 byte disponibili
Post-Run: 116.500.582.400 byte disponibili

115 --- E O F --- 2009-09-25 12:33
Torna in alto
 
r16
Inviato: Saturday, September 26, 2009 10:21:00 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Continua a replicarsi.
Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe\ Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt (Non incollare la parola Code)

Code:
File::
c:\windows\system32\05CB30\C8714E.EXE
c:\documents and settings\Maura\Menu Avvio\Programmi\Esecuzione automatica\C8714E.lnk
c:\windows\system32\05CB30

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C8714E"=-

Folder::
c:\windows\BDOSCAN8
c:\windows\system32\05CB30



e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
Torna in alto
 
maura50
Inviato: Sunday, September 27, 2009 8:44:25 AM
Rank: Member

Iscritto dal : 9/8/2009
Posts: 16
ecco il nuovo log:
ComboFix 09-09-25.01 - Maura 27/09/2009 8.22.39.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.511.228 [GMT 2:00]
Eseguito da: c:\documents and settings\Maura\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Maura\Desktop\CFScript.exe.TXT
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\documents and settings\Maura\Menu Avvio\Programmi\Esecuzione automatica\C8714E.lnk"
"c:\windows\system32\05CB30"
"c:\windows\system32\05CB30\C8714E.EXE"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Maura\IMPOST~1\Temp\E_N4
c:\docume~1\Maura\IMPOST~1\Temp\E_N4\cnvpe.fne
c:\docume~1\Maura\IMPOST~1\Temp\E_N4\dp1.fne
c:\docume~1\Maura\IMPOST~1\Temp\E_N4\eAPI.fne
c:\docume~1\Maura\IMPOST~1\Temp\E_N4\HtmlView.fne
c:\docume~1\Maura\IMPOST~1\Temp\E_N4\internet.fne
c:\docume~1\Maura\IMPOST~1\Temp\E_N4\krnln.fnr
c:\docume~1\Maura\IMPOST~1\Temp\E_N4\shell.fne
c:\docume~1\Maura\IMPOST~1\Temp\E_N4\spec.fne
c:\documents and settings\Maura\Menu Avvio\Programmi\Esecuzione automatica\C8714E.lnk
c:\windows\BDOSCAN8
c:\windows\BDOSCAN8\avxdisk.dll
c:\windows\BDOSCAN8\avxs.dll
c:\windows\BDOSCAN8\avxt.dll
c:\windows\BDOSCAN8\bdcore.dll
c:\windows\BDOSCAN8\bdoscan.ini
c:\windows\BDOSCAN8\bdoscan.log
c:\windows\BDOSCAN8\boot.xmd
c:\windows\BDOSCAN8\ipsupd.dll
c:\windows\BDOSCAN8\lang.ini
c:\windows\BDOSCAN8\libfn.dll
c:\windows\BDOSCAN8\librtvr.dll
c:\windows\BDOSCAN8\live.ini
c:\windows\BDOSCAN8\oscan82.ocx
c:\windows\BDOSCAN8\plugins.htm
c:\windows\BDOSCAN8\Plugins\7zip.xmd
c:\windows\BDOSCAN8\Plugins\access.xmd
c:\windows\BDOSCAN8\Plugins\ace.xmd
c:\windows\BDOSCAN8\Plugins\adsntfs.xmd
c:\windows\BDOSCAN8\Plugins\alz.xmd
c:\windows\BDOSCAN8\Plugins\arc.xmd
c:\windows\BDOSCAN8\Plugins\arj.xmd
c:\windows\BDOSCAN8\Plugins\aspy_emu.cvd
c:\windows\BDOSCAN8\Plugins\bach.xmd
c:\windows\BDOSCAN8\Plugins\boot.xmd
c:\windows\BDOSCAN8\Plugins\bzip2.xmd
c:\windows\BDOSCAN8\Plugins\cab.xmd
c:\windows\BDOSCAN8\Plugins\ceva_dll.cvd
c:\windows\BDOSCAN8\Plugins\ceva_emu.cvd
c:\windows\BDOSCAN8\Plugins\ceva_vfs.cvd
c:\windows\BDOSCAN8\Plugins\ceva_vfs.ivd
c:\windows\BDOSCAN8\Plugins\cevakrnl.cvd
c:\windows\BDOSCAN8\Plugins\cevakrnl.ivd
c:\windows\BDOSCAN8\Plugins\cevakrnl.rv0
c:\windows\BDOSCAN8\Plugins\cevakrnl.rvd
c:\windows\BDOSCAN8\Plugins\cevakrnl.xmd
c:\windows\BDOSCAN8\Plugins\chm.xmd
c:\windows\BDOSCAN8\Plugins\cookie.cvd
c:\windows\BDOSCAN8\Plugins\cookie.xmd
c:\windows\BDOSCAN8\Plugins\cpio.xmd
c:\windows\BDOSCAN8\Plugins\cran.cvd
c:\windows\BDOSCAN8\Plugins\cran.ivd
c:\windows\BDOSCAN8\Plugins\cran.xmd
c:\windows\BDOSCAN8\Plugins\dbx.xmd
c:\windows\BDOSCAN8\Plugins\docfile.xmd
c:\windows\BDOSCAN8\Plugins\dummyarch.xmd
c:\windows\BDOSCAN8\Plugins\dummyscan.xmd
c:\windows\BDOSCAN8\Plugins\e_spyw.cvd
c:\windows\BDOSCAN8\Plugins\e_spyw.i01
c:\windows\BDOSCAN8\Plugins\e_spyw.i02
c:\windows\BDOSCAN8\Plugins\e_spyw.i03
c:\windows\BDOSCAN8\Plugins\e_spyw.i04
c:\windows\BDOSCAN8\Plugins\e_spyw.i05
c:\windows\BDOSCAN8\Plugins\e_spyw.i06
c:\windows\BDOSCAN8\Plugins\e_spyw.i07
c:\windows\BDOSCAN8\Plugins\e_spyw.i08
c:\windows\BDOSCAN8\Plugins\e_spyw.i09
c:\windows\BDOSCAN8\Plugins\e_spyw.i10
c:\windows\BDOSCAN8\Plugins\e_spyw.i11
c:\windows\BDOSCAN8\Plugins\e_spyw.i12
c:\windows\BDOSCAN8\Plugins\e_spyw.i13
c:\windows\BDOSCAN8\Plugins\e_spyw.i14
c:\windows\BDOSCAN8\Plugins\e_spyw.i15
c:\windows\BDOSCAN8\Plugins\e_spyw.i16
c:\windows\BDOSCAN8\Plugins\e_spyw.i17
c:\windows\BDOSCAN8\Plugins\e_spyw.i18
c:\windows\BDOSCAN8\Plugins\e_spyw.i19
c:\windows\BDOSCAN8\Plugins\e_spyw.i20
c:\windows\BDOSCAN8\Plugins\e_spyw.i21
c:\windows\BDOSCAN8\Plugins\e_spyw.i22
c:\windows\BDOSCAN8\Plugins\e_spyw.i23
c:\windows\BDOSCAN8\Plugins\e_spyw.i24
c:\windows\BDOSCAN8\Plugins\e_spyw.i25
c:\windows\BDOSCAN8\Plugins\e_spyw.i26
c:\windows\BDOSCAN8\Plugins\e_spyw.i27
c:\windows\BDOSCAN8\Plugins\e_spyw.i28
c:\windows\BDOSCAN8\Plugins\e_spyw.i29
c:\windows\BDOSCAN8\Plugins\e_spyw.i30
c:\windows\BDOSCAN8\Plugins\e_spyw.i31
c:\windows\BDOSCAN8\Plugins\e_spyw.i32
c:\windows\BDOSCAN8\Plugins\e_spyw.i33
c:\windows\BDOSCAN8\Plugins\e_spyw.i34
c:\windows\BDOSCAN8\Plugins\e_spyw.i35
c:\windows\BDOSCAN8\Plugins\e_spyw.i36
c:\windows\BDOSCAN8\Plugins\e_spyw.i37
c:\windows\BDOSCAN8\Plugins\e_spyw.i38
c:\windows\BDOSCAN8\Plugins\e_spyw.i39
c:\windows\BDOSCAN8\Plugins\e_spyw.i40
c:\windows\BDOSCAN8\Plugins\e_spyw.i41
c:\windows\BDOSCAN8\Plugins\e_spyw.i42
c:\windows\BDOSCAN8\Plugins\e_spyw.i43
c:\windows\BDOSCAN8\Plugins\e_spyw.i44
c:\windows\BDOSCAN8\Plugins\e_spyw.i45
c:\windows\BDOSCAN8\Plugins\e_spyw.i46
c:\windows\BDOSCAN8\Plugins\e_spyw.i47
c:\windows\BDOSCAN8\Plugins\e_spyw.i48
c:\windows\BDOSCAN8\Plugins\e_spyw.i49
c:\windows\BDOSCAN8\Plugins\e_spyw.ivd
c:\windows\BDOSCAN8\Plugins\emalware.001
c:\windows\BDOSCAN8\Plugins\emalware.002
c:\windows\BDOSCAN8\Plugins\emalware.003
c:\windows\BDOSCAN8\Plugins\emalware.004
c:\windows\BDOSCAN8\Plugins\emalware.005
c:\windows\BDOSCAN8\Plugins\emalware.006
c:\windows\BDOSCAN8\Plugins\emalware.007
c:\windows\BDOSCAN8\Plugins\emalware.008
c:\windows\BDOSCAN8\Plugins\emalware.009
c:\windows\BDOSCAN8\Plugins\emalware.010
c:\windows\BDOSCAN8\Plugins\emalware.011
c:\windows\BDOSCAN8\Plugins\emalware.012
c:\windows\BDOSCAN8\Plugins\emalware.013
c:\windows\BDOSCAN8\Plugins\emalware.014
c:\windows\BDOSCAN8\Plugins\emalware.015
c:\windows\BDOSCAN8\Plugins\emalware.016
c:\windows\BDOSCAN8\Plugins\emalware.017
c:\windows\BDOSCAN8\Plugins\emalware.018
c:\windows\BDOSCAN8\Plugins\emalware.019
c:\windows\BDOSCAN8\Plugins\emalware.020
c:\windows\BDOSCAN8\Plugins\emalware.021
c:\windows\BDOSCAN8\Plugins\emalware.022
c:\windows\BDOSCAN8\Plugins\emalware.023
c:\windows\BDOSCAN8\Plugins\emalware.024
c:\windows\BDOSCAN8\Plugins\emalware.025
c:\windows\BDOSCAN8\Plugins\emalware.026
c:\windows\BDOSCAN8\Plugins\emalware.027
c:\windows\BDOSCAN8\Plugins\emalware.028
c:\windows\BDOSCAN8\Plugins\emalware.029
c:\windows\BDOSCAN8\Plugins\emalware.030
c:\windows\BDOSCAN8\Plugins\emalware.031
c:\windows\BDOSCAN8\Plugins\emalware.032
c:\windows\BDOSCAN8\Plugins\emalware.033
c:\windows\BDOSCAN8\Plugins\emalware.034
c:\windows\BDOSCAN8\Plugins\emalware.035
c:\windows\BDOSCAN8\Plugins\emalware.036
c:\windows\BDOSCAN8\Plugins\emalware.037
c:\windows\BDOSCAN8\Plugins\emalware.038
c:\windows\BDOSCAN8\Plugins\emalware.039
c:\windows\BDOSCAN8\Plugins\emalware.040
c:\windows\BDOSCAN8\Plugins\emalware.041
c:\windows\BDOSCAN8\Plugins\emalware.042
c:\windows\BDOSCAN8\Plugins\emalware.043
c:\windows\BDOSCAN8\Plugins\emalware.044
c:\windows\BDOSCAN8\Plugins\emalware.045
c:\windows\BDOSCAN8\Plugins\emalware.046
c:\windows\BDOSCAN8\Plugins\emalware.047
c:\windows\BDOSCAN8\Plugins\emalware.048
c:\windows\BDOSCAN8\Plugins\emalware.049
c:\windows\BDOSCAN8\Plugins\emalware.050
c:\windows\BDOSCAN8\Plugins\emalware.051
c:\windows\BDOSCAN8\Plugins\emalware.052
c:\windows\BDOSCAN8\Plugins\emalware.053
c:\windows\BDOSCAN8\Plugins\emalware.054
c:\windows\BDOSCAN8\Plugins\emalware.055
c:\windows\BDOSCAN8\Plugins\emalware.056
c:\windows\BDOSCAN8\Plugins\emalware.057
c:\windows\BDOSCAN8\Plugins\emalware.058
c:\windows\BDOSCAN8\Plugins\emalware.059
c:\windows\BDOSCAN8\Plugins\emalware.060
c:\windows\BDOSCAN8\Plugins\emalware.061
c:\windows\BDOSCAN8\Plugins\emalware.062
c:\windows\BDOSCAN8\Plugins\emalware.063
c:\windows\BDOSCAN8\Plugins\emalware.064
c:\windows\BDOSCAN8\Plugins\emalware.065
c:\windows\BDOSCAN8\Plugins\emalware.066
c:\windows\BDOSCAN8\Plugins\emalware.067
c:\windows\BDOSCAN8\Plugins\emalware.068
c:\windows\BDOSCAN8\Plugins\emalware.069
c:\windows\BDOSCAN8\Plugins\emalware.070
c:\windows\BDOSCAN8\Plugins\emalware.071
c:\windows\BDOSCAN8\Plugins\emalware.072
c:\windows\BDOSCAN8\Plugins\emalware.073
c:\windows\BDOSCAN8\Plugins\emalware.074
c:\windows\BDOSCAN8\Plugins\emalware.075
c:\windows\BDOSCAN8\Plugins\emalware.076
c:\windows\BDOSCAN8\Plugins\emalware.077
c:\windows\BDOSCAN8\Plugins\emalware.078
c:\windows\BDOSCAN8\Plugins\emalware.079
c:\windows\BDOSCAN8\Plugins\emalware.080
c:\windows\BDOSCAN8\Plugins\emalware.081
c:\windows\BDOSCAN8\Plugins\emalware.082
c:\windows\BDOSCAN8\Plugins\emalware.083
c:\windows\BDOSCAN8\Plugins\emalware.084
c:\windows\BDOSCAN8\Plugins\emalware.085
c:\windows\BDOSCAN8\Plugins\emalware.086
c:\windows\BDOSCAN8\Plugins\emalware.087
c:\windows\BDOSCAN8\Plugins\emalware.088
c:\windows\BDOSCAN8\Plugins\emalware.089
c:\windows\BDOSCAN8\Plugins\emalware.090
c:\windows\BDOSCAN8\Plugins\emalware.091
c:\windows\BDOSCAN8\Plugins\emalware.092
c:\windows\BDOSCAN8\Plugins\emalware.093
c:\windows\BDOSCAN8\Plugins\emalware.094
c:\windows\BDOSCAN8\Plugins\emalware.095
c:\windows\BDOSCAN8\Plugins\emalware.096
c:\windows\BDOSCAN8\Plugins\emalware.097
c:\windows\BDOSCAN8\Plugins\emalware.098
c:\windows\BDOSCAN8\Plugins\emalware.099
c:\windows\BDOSCAN8\Plugins\emalware.100
c:\windows\BDOSCAN8\Plugins\emalware.101
c:\windows\BDOSCAN8\Plugins\emalware.102
c:\windows\BDOSCAN8\Plugins\emalware.103
c:\windows\BDOSCAN8\Plugins\emalware.104
c:\windows\BDOSCAN8\Plugins\emalware.105
c:\windows\BDOSCAN8\Plugins\emalware.106
c:\windows\BDOSCAN8\Plugins\emalware.107
c:\windows\BDOSCAN8\Plugins\emalware.108
c:\windows\BDOSCAN8\Plugins\emalware.109
c:\windows\BDOSCAN8\Plugins\emalware.110
c:\windows\BDOSCAN8\Plugins\emalware.111
c:\windows\BDOSCAN8\Plugins\emalware.112
c:\windows\BDOSCAN8\Plugins\emalware.113
c:\windows\BDOSCAN8\Plugins\emalware.114
c:\windows\BDOSCAN8\Plugins\emalware.115
c:\windows\BDOSCAN8\Plugins\emalware.116
c:\windows\BDOSCAN8\Plugins\emalware.117
c:\windows\BDOSCAN8\Plugins\emalware.118
c:\windows\BDOSCAN8\Plugins\emalware.119
c:\windows\BDOSCAN8\Plugins\emalware.120
c:\windows\BDOSCAN8\Plugins\emalware.121
c:\windows\BDOSCAN8\Plugins\emalware.122
c:\windows\BDOSCAN8\Plugins\emalware.123
c:\windows\BDOSCAN8\Plugins\emalware.124
c:\windows\BDOSCAN8\Plugins\emalware.125
c:\windows\BDOSCAN8\Plugins\emalware.126
c:\windows\BDOSCAN8\Plugins\emalware.127
c:\windows\BDOSCAN8\Plugins\emalware.128
c:\windows\BDOSCAN8\Plugins\emalware.129
c:\windows\BDOSCAN8\Plugins\emalware.130
c:\windows\BDOSCAN8\Plugins\emalware.131
c:\windows\BDOSCAN8\Plugins\emalware.132
c:\windows\BDOSCAN8\Plugins\emalware.133
c:\windows\BDOSCAN8\Plugins\emalware.134
c:\windows\BDOSCAN8\Plugins\emalware.135
c:\windows\BDOSCAN8\Plugins\emalware.136
c:\windows\BDOSCAN8\Plugins\emalware.137
c:\windows\BDOSCAN8\Plugins\emalware.138
c:\windows\BDOSCAN8\Plugins\emalware.139
c:\windows\BDOSCAN8\Plugins\emalware.140
c:\windows\BDOSCAN8\Plugins\emalware.141
c:\windows\BDOSCAN8\Plugins\emalware.142
c:\windows\BDOSCAN8\Plugins\emalware.143
c:\windows\BDOSCAN8\Plugins\emalware.144
c:\windows\BDOSCAN8\Plugins\emalware.145
c:\windows\BDOSCAN8\Plugins\emalware.146
c:\windows\BDOSCAN8\Plugins\emalware.147
c:\windows\BDOSCAN8\Plugins\emalware.148
c:\windows\BDOSCAN8\Plugins\emalware.149
c:\windows\BDOSCAN8\Plugins\emalware.150
c:\windows\BDOSCAN8\Plugins\emalware.151
c:\windows\BDOSCAN8\Plugins\emalware.152
c:\windows\BDOSCAN8\Plugins\emalware.153
c:\windows\BDOSCAN8\Plugins\emalware.154
c:\windows\BDOSCAN8\Plugins\emalware.155
c:\windows\BDOSCAN8\Plugins\emalware.156
c:\windows\BDOSCAN8\Plugins\emalware.157
c:\windows\BDOSCAN8\Plugins\emalware.158
c:\windows\BDOSCAN8\Plugins\emalware.159
c:\windows\BDOSCAN8\Plugins\emalware.160
c:\windows\BDOSCAN8\Plugins\emalware.161
c:\windows\BDOSCAN8\Plugins\emalware.162
c:\windows\BDOSCAN8\Plugins\emalware.163
c:\windows\BDOSCAN8\Plugins\emalware.164
c:\windows\BDOSCAN8\Plugins\emalware.165
c:\windows\BDOSCAN8\Plugins\emalware.166
c:\windows\BDOSCAN8\Plugins\emalware.167
c:\windows\BDOSCAN8\Plugins\emalware.168
c:\windows\BDOSCAN8\Plugins\emalware.169
c:\windows\BDOSCAN8\Plugins\emalware.170
c:\windows\BDOSCAN8\Plugins\emalware.171
c:\windows\BDOSCAN8\Plugins\emalware.172
c:\windows\BDOSCAN8\Plugins\emalware.173
c:\windows\BDOSCAN8\Plugins\emalware.174
c:\windows\BDOSCAN8\Plugins\emalware.175
c:\windows\BDOSCAN8\Plugins\emalware.176
c:\windows\BDOSCAN8\Plugins\emalware.177
c:\windows\BDOSCAN8\Plugins\emalware.178
c:\windows\BDOSCAN8\Plugins\emalware.179
c:\windows\BDOSCAN8\Plugins\emalware.180
c:\windows\BDOSCAN8\Plugins\emalware.181
c:\windows\BDOSCAN8\Plugins\emalware.182
c:\windows\BDOSCAN8\Plugins\emalware.183
c:\windows\BDOSCAN8\Plugins\emalware.184
c:\windows\BDOSCAN8\Plugins\emalware.185
c:\windows\BDOSCAN8\Plugins\emalware.186
c:\windows\BDOSCAN8\Plugins\emalware.187
c:\windows\BDOSCAN8\Plugins\emalware.188
c:\windows\BDOSCAN8\Plugins\emalware.189
c:\windows\BDOSCAN8\Plugins\emalware.190
c:\windows\BDOSCAN8\Plugins\emalware.191
c:\windows\BDOSCAN8\Plugins\emalware.192
c:\windows\BDOSCAN8\Plugins\emalware.193
c:\windows\BDOSCAN8\Plugins\emalware.194
c:\windows\BDOSCAN8\Plugins\emalware.195
c:\windows\BDOSCAN8\Plugins\emalware.196
c:\windows\BDOSCAN8\Plugins\emalware.197
c:\windows\BDOSCAN8\Plugins\emalware.198
c:\windows\BDOSCAN8\Plugins\emalware.199
c:\windows\BDOSCAN8\Plugins\emalware.200
c:\windows\BDOSCAN8\Plugins\emalware.201
c:\windows\BDOSCAN8\Plugins\emalware.202
c:\windows\BDOSCAN8\Plugins\emalware.203
c:\windows\BDOSCAN8\Plugins\emalware.204
c:\windows\BDOSCAN8\Plugins\emalware.205
c:\windows\BDOSCAN8\Plugins\emalware.206
c:\windows\BDOSCAN8\Plugins\emalware.207
c:\windows\BDOSCAN8\Plugins\emalware.208
c:\windows\BDOSCAN8\Plugins\emalware.209
c:\windows\BDOSCAN8\Plugins\emalware.210
c:\windows\BDOSCAN8\Plugins\emalware.211
c:\windows\BDOSCAN8\Plugins\emalware.212
c:\windows\BDOSCAN8\Plugins\emalware.213
c:\windows\BDOSCAN8\Plugins\emalware.214
c:\windows\BDOSCAN8\Plugins\emalware.215
c:\windows\BDOSCAN8\Plugins\emalware.216
c:\windows\BDOSCAN8\Plugins\emalware.217
c:\windows\BDOSCAN8\Plugins\emalware.218
c:\windows\BDOSCAN8\Plugins\emalware.219
c:\windows\BDOSCAN8\Plugins\emalware.220
c:\windows\BDOSCAN8\Plugins\emalware.221
c:\windows\BDOSCAN8\Plugins\emalware.222
c:\windows\BDOSCAN8\Plugins\emalware.223
c:\windows\BDOSCAN8\Plugins\emalware.224
c:\windows\BDOSCAN8\Plugins\emalware.225
c:\windows\BDOSCAN8\Plugins\emalware.226
c:\windows\BDOSCAN8\Plugins\emalware.227
c:\windows\BDOSCAN8\Plugins\emalware.228
c:\windows\BDOSCAN8\Plugins\emalware.229
c:\windows\BDOSCAN8\Plugins\emalware.230
c:\windows\BDOSCAN8\Plugins\emalware.231
c:\windows\BDOSCAN8\Plugins\emalware.232
c:\windows\BDOSCAN8\Plugins\emalware.233
c:\windows\BDOSCAN8\Plugins\emalware.234
c:\windows\BDOSCAN8\Plugins\emalware.235
c:\windows\BDOSCAN8\Plugins\emalware.236
c:\windows\BDOSCAN8\Plugins\emalware.237
c:\windows\BDOSCAN8\Plugins\emalware.238
c:\windows\BDOSCAN8\Plugins\emalware.239
c:\windows\BDOSCAN8\Plugins\emalware.240
c:\windows\BDOSCAN8\Plugins\emalware.241
c:\windows\BDOSCAN8\Plugins\emalware.242
c:\windows\BDOSCAN8\Plugins\emalware.243
c:\windows\BDOSCAN8\Plugins\emalware.244
c:\windows\BDOSCAN8\Plugins\emalware.245
c:\windows\BDOSCAN8\Plugins\emalware.246
c:\windows\BDOSCAN8\Plugins\emalware.247
c:\windows\BDOSCAN8\Plugins\emalware.248
c:\windows\BDOSCAN8\Plugins\emalware.249
c:\windows\BDOSCAN8\Plugins\emalware.250
c:\windows\BDOSCAN8\Plugins\emalware.251
c:\windows\BDOSCAN8\Plugins\emalware.252
c:\windows\BDOSCAN8\Plugins\emalware.253
c:\windows\BDOSCAN8\Plugins\emalware.254
c:\windows\BDOSCAN8\Plugins\emalware.255
c:\windows\BDOSCAN8\Plugins\emalware.256
c:\windows\BDOSCAN8\Plugins\emalware.257
c:\windows\BDOSCAN8\Plugins\emalware.258
c:\windows\BDOSCAN8\Plugins\emalware.259
c:\windows\BDOSCAN8\Plugins\emalware.260
c:\windows\BDOSCAN8\Plugins\emalware.261
c:\windows\BDOSCAN8\Plugins\emalware.262
c:\windows\BDOSCAN8\Plugins\emalware.263
c:\windows\BDOSCAN8\Plugins\emalware.264
c:\windows\BDOSCAN8\Plugins\emalware.265
c:\windows\BDOSCAN8\Plugins\emalware.266
c:\windows\BDOSCAN8\Plugins\emalware.267
c:\windows\BDOSCAN8\Plugins\emalware.268
c:\windows\BDOSCAN8\Plugins\emalware.269
c:\windows\BDOSCAN8\Plugins\emalware.270
c:\windows\BDOSCAN8\Plugins\emalware.271
c:\windows\BDOSCAN8\Plugins\emalware.272
c:\windows\BDOSCAN8\Plugins\emalware.273
c:\windows\BDOSCAN8\Plugins\emalware.274
c:\windows\BDOSCAN8\Plugins\emalware.275
c:\windows\BDOSCAN8\Plugins\emalware.276
c:\windows\BDOSCAN8\Plugins\emalware.277
c:\windows\BDOSCAN8\Plugins\emalware.278
c:\windows\BDOSCAN8\Plugins\emalware.279
c:\windows\BDOSCAN8\Plugins\emalware.280
c:\windows\BDOSCAN8\Plugins\emalware.281
c:\windows\BDOSCAN8\Plugins\emalware.282
c:\windows\BDOSCAN8\Plugins\emalware.283
c:\windows\BDOSCAN8\Plugins\emalware.284
c:\windows\BDOSCAN8\Plugins\emalware.285
c:\windows\BDOSCAN8\Plugins\emalware.286
c:\windows\BDOSCAN8\Plugins\emalware.287
c:\windows\BDOSCAN8\Plugins\emalware.288
c:\windows\BDOSCAN8\Plugins\emalware.289
c:\windows\BDOSCAN8\Plugins\emalware.290
c:\windows\BDOSCAN8\Plugins\emalware.291
c:\windows\BDOSCAN8\Plugins\emalware.292
c:\windows\BDOSCAN8\Plugins\emalware.293
c:\windows\BDOSCAN8\Plugins\emalware.294
c:\windows\BDOSCAN8\Plugins\emalware.295
c:\windows\BDOSCAN8\Plugins\emalware.296
c:\windows\BDOSCAN8\Plugins\emalware.297
c:\windows\BDOSCAN8\Plugins\emalware.298
c:\windows\BDOSCAN8\Plugins\emalware.299
c:\windows\BDOSCAN8\Plugins\emalware.300
c:\windows\BDOSCAN8\Plugins\emalware.301
c:\windows\BDOSCAN8\Plugins\emalware.302
c:\windows\BDOSCAN8\Plugins\emalware.303
c:\windows\BDOSCAN8\Plugins\emalware.304
c:\windows\BDOSCAN8\Plugins\emalware.305
c:\windows\BDOSCAN8\Plugins\emalware.306
c:\windows\BDOSCAN8\Plugins\emalware.307
c:\windows\BDOSCAN8\Plugins\emalware.308
c:\windows\BDOSCAN8\Plugins\emalware.309
c:\windows\BDOSCAN8\Plugins\emalware.310
c:\windows\BDOSCAN8\Plugins\emalware.311
c:\windows\BDOSCAN8\Plugins\emalware.312
c:\windows\BDOSCAN8\Plugins\emalware.313
c:\windows\BDOSCAN8\Plugins\emalware.314
c:\windows\BDOSCAN8\Plugins\emalware.315
c:\windows\BDOSCAN8\Plugins\emalware.316
c:\windows\BDOSCAN8\Plugins\emalware.317
c:\windows\BDOSCAN8\Plugins\emalware.318
c:\windows\BDOSCAN8\Plugins\emalware.319
c:\windows\BDOSCAN8\Plugins\emalware.320
c:\windows\BDOSCAN8\Plugins\emalware.321
c:\windows\BDOSCAN8\Plugins\emalware.322
c:\windows\BDOSCAN8\Plugins\emalware.323
c:\windows\BDOSCAN8\Plugins\emalware.324
c:\windows\BDOSCAN8\Plugins\emalware.325
c:\windows\BDOSCAN8\Plugins\emalware.326
c:\windows\BDOSCAN8\Plugins\emalware.327
c:\windows\BDOSCAN8\Plugins\emalware.328
c:\windows\BDOSCAN8\Plugins\emalware.329
c:\windows\BDOSCAN8\Plugins\emalware.330
c:\windows\BDOSCAN8\Plugins\emalware.331
c:\windows\BDOSCAN8\Plugins\emalware.332
c:\windows\BDOSCAN8\Plugins\emalware.333
c:\windows\BDOSCAN8\Plugins\emalware.334
c:\windows\BDOSCAN8\Plugins\emalware.335
c:\windows\BDOSCAN8\Plugins\emalware.336
c:\windows\BDOSCAN8\Plugins\emalware.337
c:\windows\BDOSCAN8\Plugins\emalware.338
c:\windows\BDOSCAN8\Plugins\emalware.339
c:\windows\BDOSCAN8\Plugins\emalware.340
c:\windows\BDOSCAN8\Plugins\emalware.341
c:\windows\BDOSCAN8\Plugins\emalware.342
c:\windows\BDOSCAN8\Plugins\emalware.343
c:\windows\BDOSCAN8\Plugins\emalware.344
c:\windows\BDOSCAN8\Plugins\emalware.345
c:\windows\BDOSCAN8\Plugins\emalware.346
c:\windows\BDOSCAN8\Plugins\emalware.347
c:\windows\BDOSCAN8\Plugins\emalware.348
c:\windows\BDOSCAN8\Plugins\emalware.349
c:\windows\BDOSCAN8\Plugins\emalware.350
c:\windows\BDOSCAN8\Plugins\emalware.351
c:\windows\BDOSCAN8\Plugins\emalware.352
c:\windows\BDOSCAN8\Plugins\emalware.353
c:\windows\BDOSCAN8\Plugins\emalware.354
c:\windows\BDOSCAN8\Plugins\emalware.355
c:\windows\BDOSCAN8\Plugins\emalware.356
c:\windows\BDOSCAN8\Plugins\emalware.357
c:\windows\BDOSCAN8\Plugins\emalware.358
c:\windows\BDOSCAN8\Plugins\emalware.359
c:\windows\BDOSCAN8\Plugins\emalware.360
c:\windows\BDOSCAN8\Plugins\emalware.361
c:\windows\BDOSCAN8\Plugins\emalware.362
c:\windows\BDOSCAN8\Plugins\emalware.363
c:\windows\BDOSCAN8\Plugins\emalware.364
c:\windows\BDOSCAN8\Plugins\emalware.365
c:\windows\BDOSCAN8\Plugins\emalware.366
c:\windows\BDOSCAN8\Plugins\emalware.367
c:\windows\BDOSCAN8\Plugins\emalware.368
c:\windows\BDOSCAN8\Plugins\emalware.369
c:\windows\BDOSCAN8\Plugins\emalware.c00
c:\windows\BDOSCAN8\Plugins\emalware.c01
c:\windows\BDOSCAN8\Plugins\emalware.c02
c:\windows\BDOSCAN8\Plugins\emalware.c03
c:\windows\BDOSCAN8\Plugins\emalware.c04
c:\windows\BDOSCAN8\Plugins\emalware.c05
c:\windows\BDOSCAN8\Plugins\emalware.c06
c:\windows\BDOSCAN8\Plugins\emalware.c07
c:\windows\BDOSCAN8\Plugins\emalware.c08
c:\windows\BDOSCAN8\Plugins\emalware.c09
c:\windows\BDOSCAN8\Plugins\emalware.c10
c:\windows\BDOSCAN8\Plugins\emalware.c11
c:\windows\BDOSCAN8\Plugins\emalware.cvd
c:\windows\BDOSCAN8\Plugins\emalware.i01
c:\windows\BDOSCAN8\Plugins\emalware.i02
c:\windows\BDOSCAN8\Plugins\emalware.i03
c:\windows\BDOSCAN8\Plugins\emalware.i04
c:\windows\BDOSCAN8\Plugins\emalware.i05
c:\windows\BDOSCAN8\Plugins\emalware.i06
c:\windows\BDOSCAN8\Plugins\emalware.i07
c:\windows\BDOSCAN8\Plugins\emalware.i08
c:\windows\BDOSCAN8\Plugins\emalware.i09
c:\windows\BDOSCAN8\Plugins\emalware.i10
c:\windows\BDOSCAN8\Plugins\emalware.i11
c:\windows\BDOSCAN8\Plugins\emalware.i12
c:\windows\BDOSCAN8\Plugins\emalware.i13
c:\windows\BDOSCAN8\Plugins\emalware.i14
c:\windows\BDOSCAN8\Plugins\emalware.i15
c:\windows\BDOSCAN8\Plugins\emalware.i16
c:\windows\BDOSCAN8\Plugins\emalware.i17
c:\windows\BDOSCAN8\Plugins\emalware.i18
c:\windows\BDOSCAN8\Plugins\emalware.i19
c:\windows\BDOSCAN8\Plugins\emalware.i20
c:\windows\BDOSCAN8\Plugins\emalware.i21
c:\windows\BDOSCAN8\Plugins\emalware.i22
c:\windows\BDOSCAN8\Plugins\emalware.i23
c:\windows\BDOSCAN8\Plugins\emalware.i24
c:\windows\BDOSCAN8\Plugins\emalware.i25
c:\windows\BDOSCAN8\Plugins\emalware.i26
c:\windows\BDOSCAN8\Plugins\emalware.i27
c:\windows\BDOSCAN8\Plugins\emalware.i28
c:\windows\BDOSCAN8\Plugins\emalware.i29
c:\windows\BDOSCAN8\Plugins\emalware.i30
c:\windows\BDOSCAN8\Plugins\emalware.i31
c:\windows\BDOSCAN8\Plugins\emalware.i32
c:\windows\BDOSCAN8\Plugins\emalware.i33
c:\windows\BDOSCAN8\Plugins\emalware.i34
c:\windows\BDOSCAN8\Plugins\emalware.i35
c:\windows\BDOSCAN8\Plugins\emalware.i36
c:\windows\BDOSCAN8\Plugins\emalware.i37
c:\windows\BDOSCAN8\Plugins\emalware.i38
c:\windows\BDOSCAN8\Plugins\emalware.i39
c:\windows\BDOSCAN8\Plugins\emalware.i40
c:\windows\BDOSCAN8\Plugins\emalware.i41
c:\windows\BDOSCAN8\Plugins\emalware.i42
c:\windows\BDOSCAN8\Plugins\emalware.i43
c:\windows\BDOSCAN8\Plugins\emalware.i44
c:\windows\BDOSCAN8\Plugins\emalware.i45
c:\windows\BDOSCAN8\Plugins\emalware.i46
c:\windows\BDOSCAN8\Plugins\emalware.i47
c:\windows\BDOSCAN8\Plugins\emalware.i48
c:\windows\BDOSCAN8\Plugins\emalware.i49
c:\windows\BDOSCAN8\Plugins\emalware.i50
c:\windows\BDOSCAN8\Plugins\emalware.i51
c:\windows\BDOSCAN8\Plugins\emalware.i52
c:\windows\BDOSCAN8\Plugins\emalware.i53
c:\windows\BDOSCAN8\Plugins\emalware.i54
c:\windows\BDOSCAN8\Plugins\emalware.i55
c:\windows\BDOSCAN8\Plugins\emalware.i56
c:\windows\BDOSCAN8\Plugins\emalware.i57
c:\windows\BDOSCAN8\Plugins\emalware.i58
c:\windows\BDOSCAN8\Plugins\emalware.i59
c:\windows\BDOSCAN8\Plugins\emalware.i60
c:\windows\BDOSCAN8\Plugins\emalware.i61
c:\windows\BDOSCAN8\Plugins\emalware.i62
c:\windows\BDOSCAN8\Plugins\emalware.i63
c:\windows\BDOSCAN8\Plugins\emalware.i64
c:\windows\BDOSCAN8\Plugins\emalware.i65
c:\windows\BDOSCAN8\Plugins\emalware.i66
c:\windows\BDOSCAN8\Plugins\emalware.i67
c:\windows\BDOSCAN8\Plugins\emalware.i68
c:\windows\BDOSCAN8\Plugins\emalware.i69
c:\windows\BDOSCAN8\Plugins\emalware.i70
c:\windows\BDOSCAN8\Plugins\emalware.i71
c:\windows\BDOSCAN8\Plugins\emalware.i72
c:\windows\BDOSCAN8\Plugins\emalware.i73
c:\windows\BDOSCAN8\Plugins\emalware.i74
c:\windows\BDOSCAN8\Plugins\emalware.i75
c:\windows\BDOSCAN8\Plugins\emalware.i76
c:\windows\BDOSCAN8\Plugins\emalware.i77
c:\windows\BDOSCAN8\Plugins\emalware.i78
c:\windows\BDOSCAN8\Plugins\emalware.i79
c:\windows\BDOSCAN8\Plugins\emalware.i80
c:\windows\BDOSCAN8\Plugins\emalware.i81
c:\windows\BDOSCAN8\Plugins\emalware.i82
c:\windows\BDOSCAN8\Plugins\emalware.i83
c:\windows\BDOSCAN8\Plugins\emalware.i84
c:\windows\BDOSCAN8\Plugins\emalware.i85
c:\windows\BDOSCAN8\Plugins\emalware.i86
c:\windows\BDOSCAN8\Plugins\emalware.i87
c:\windows\BDOSCAN8\Plugins\emalware.i88
c:\windows\BDOSCAN8\Plugins\emalware.i89
c:\windows\BDOSCAN8\Plugins\emalware.i90
c:\windows\BDOSCAN8\Plugins\emalware.i91
c:\windows\BDOSCAN8\Plugins\emalware.i92
c:\windows\BDOSCAN8\Plugins\emalware.i93
c:\windows\BDOSCAN8\Plugins\emalware.i94
c:\windows\BDOSCAN8\Plugins\emalware.i95
c:\windows\BDOSCAN8\Plugins\emalware.i96
c:\windows\BDOSCAN8\Plugins\emalware.i97
c:\windows\BDOSCAN8\Plugins\emalware.i98
c:\windows\BDOSCAN8\Plugins\emalware.i99
c:\windows\BDOSCAN8\Plugins\emalware.ivd
c:\windows\BDOSCAN8\Plugins\emalware.xmd
c:\windows\BDOSCAN8\Plugins\epoc.xmd
c:\windows\BDOSCAN8\Plugins\gvmscripts.cvd
c:\windows\BDOSCAN8\Plugins\gzip.xmd
c:\windows\BDOSCAN8\Plugins\ha.xmd
c:\windows\BDOSCAN8\Plugins\hlp.xmd
c:\windows\BDOSCAN8\Plugins\hpe.cvd
c:\windows\BDOSCAN8\Plugins\hpe.xmd
c:\windows\BDOSCAN8\Plugins\hqx.xmd
c:\windows\BDOSCAN8\Plugins\html.xmd
c:\windows\BDOSCAN8\Plugins\imp.xmd
c:\windows\BDOSCAN8\Plugins\inno.xmd
c:\windows\BDOSCAN8\Plugins\instyler.xmd
c:\windows\BDOSCAN8\Plugins\iso.xmd
c:\windows\BDOSCAN8\Plugins\java.cvd
c:\windows\BDOSCAN8\Plugins\java.xmd
c:\windows\BDOSCAN8\Plugins\jpeg.xmd
c:\windows\BDOSCAN8\Plugins\lha.xmd
c:\windows\BDOSCAN8\Plugins\lnk.xmd
c:\windows\BDOSCAN8\Plugins\mbox.xmd
c:\windows\BDOSCAN8\Plugins\mbx.xmd
c:\windows\BDOSCAN8\Plugins\mdx.xmd
c:\windows\BDOSCAN8\Plugins\mdx_97.cvd
c:\windows\BDOSCAN8\Plugins\mdx_97.ivd
c:\windows\BDOSCAN8\Plugins\mdx_w95.cvd
c:\windows\BDOSCAN8\Plugins\mdx_x95.cvd
c:\windows\BDOSCAN8\Plugins\mdx_xf.cvd
c:\windows\BDOSCAN8\Plugins\mime.xmd
c:\windows\BDOSCAN8\Plugins\mobmalware.cvd
c:\windows\BDOSCAN8\Plugins\mobmalware.xmd
c:\windows\BDOSCAN8\Plugins\mso.xmd
c:\windows\BDOSCAN8\Plugins\na.cvd
c:\windows\BDOSCAN8\Plugins\na.xmd
c:\windows\BDOSCAN8\Plugins\nelf.cvd
c:\windows\BDOSCAN8\Plugins\nelf.xmd
c:\windows\BDOSCAN8\Plugins\nsis.xmd
c:\windows\BDOSCAN8\Plugins\objd.xmd
c:\windows\BDOSCAN8\Plugins\orice.rvd
c:\windows\BDOSCAN8\Plugins\pdf.xmd
c:\windows\BDOSCAN8\Plugins\proc.xmd
c:\windows\BDOSCAN8\Plugins\pst.xmd
c:\windows\BDOSCAN8\Plugins\rar.xmd
c:\windows\BDOSCAN8\Plugins\regarch.cvd
c:\windows\BDOSCAN8\Plugins\regarch.xmd
c:\windows\BDOSCAN8\Plugins\regscan.cvd
c:\windows\BDOSCAN8\Plugins\regscan.xmd
c:\windows\BDOSCAN8\Plugins\rpm.xmd
c:\windows\BDOSCAN8\Plugins\rtf.xmd
c:\windows\BDOSCAN8\Plugins\rup.cvd
c:\windows\BDOSCAN8\Plugins\rup.xmd
c:\windows\BDOSCAN8\Plugins\sdx.cvd
c:\windows\BDOSCAN8\Plugins\sdx.ivd
c:\windows\BDOSCAN8\Plugins\sdx.xmd
c:\windows\BDOSCAN8\Plugins\sfx.xmd
c:\windows\BDOSCAN8\Plugins\swf.xmd
c:\windows\BDOSCAN8\Plugins\tar.xmd
c:\windows\BDOSCAN8\Plugins\td0.xmd
c:\windows\BDOSCAN8\Plugins\thebat.xmd
c:\windows\BDOSCAN8\Plugins\tnef.xmd
c:\windows\BDOSCAN8\Plugins\uif.xmd
c:\windows\BDOSCAN8\Plugins\unpack.cvd
c:\windows\BDOSCAN8\Plugins\unpack.ivd
c:\windows\BDOSCAN8\Plugins\unpack.xmd
c:\windows\BDOSCAN8\Plugins\update.txt
c:\windows\BDOSCAN8\Plugins\uudecode.xmd
c:\windows\BDOSCAN8\Plugins\ve.cvd
c:\windows\BDOSCAN8\Plugins\ve.ivd
c:\windows\BDOSCAN8\Plugins\ve.xmd
c:\windows\BDOSCAN8\Plugins\vedata.cvd
c:\windows\BDOSCAN8\Plugins\viza.xmd
c:\windows\BDOSCAN8\Plugins\wise.xmd
c:\windows\BDOSCAN8\Plugins\xar.xmd
c:\windows\BDOSCAN8\Plugins\xcookies.xmd
c:\windows\BDOSCAN8\Plugins\xishield.xmd
c:\windows\BDOSCAN8\Plugins\xlmrd.cvd
c:\windows\BDOSCAN8\Plugins\xlmrd.ivd
c:\windows\BDOSCAN8\Plugins\z.xmd
c:\windows\BDOSCAN8\Plugins\zip.xmd
c:\windows\BDOSCAN8\Plugins\zoo.xmd
c:\windows\BDOSCAN8\rtvr.html
c:\windows\BDOSCAN8\rtvr2.html
c:\windows\BDOSCAN8\scanoptions.tsi
c:\windows\BDOSCAN8\scanoptions.tsk
c:\windows\BDOSCAN8\scanrep.html
c:\windows\BDOSCAN8\scanres.html
c:\windows\BDOSCAN8\scanres2.html
c:\windows\BDOSCAN8\versions.dat.E1C5D885B85ECDBC2003620A013AC736
c:\windows\BDOSCAN8\versions.dat.E658AEFE91DB8F659AA487CA0F96AD22
c:\windows\system32\05CB30
c:\windows\system32\05CB30\C8714E.EXE

.
((((((((((((((((((((((((( Files Creati Da 2009-08-27 al 2009-09-27 )))))))))))))))))))))))))))))))))))
.

2009-09-19 15:39 . 2009-09-19 15:39 -------- d-----w- c:\programmi\Trend Micro
2009-09-08 17:06 . 2009-09-08 17:06 -------- d-----w- c:\programmi\Unlocker
2009-09-08 15:31 . 2009-09-08 15:31 -------- d-----w- c:\programmi\CCleaner
2009-09-08 13:48 . 2009-09-08 13:48 -------- d-----w- c:\documents and settings\Maura\Dati applicazioni\Malwarebytes
2009-09-08 13:48 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 13:48 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 13:48 . 2009-09-08 13:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-09-08 13:48 . 2009-09-18 16:54 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-26 18:08 . 2009-06-20 11:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-09-15 16:11 . 2009-06-20 12:23 -------- d-----w- c:\programmi\FotoStation Easy
2009-08-05 09:05 . 2004-08-19 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:56 . 2004-08-19 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 00:18 . 2004-08-19 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-26_18.35.38 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 14:07 1004800 ----a-w- c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-26 1948440]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2009-6-20 127488]
FotoStation Easy AutoLaunch.lnk - c:\programmi\FotoStation Easy\FotoStation Easy AutoLaunch.exe [2009-6-20 49152]
NkvMon.exe.lnk - c:\programmi\Nikon\NkView5\NkvMon.exe [2009-6-20 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-26 20:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/06/2009 13.39.10 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20/06/2009 13.39.16 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [26/06/2009 22.30.01 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [26/06/2009 22.30.03 298776]
R3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [20/06/2009 13.53.06 103552]
S2 DeviceManager;DeviceManager;c:\programmi\File comuni\DeviceHelper\DeviceManager.exe -start --> c:\programmi\File comuni\DeviceHelper\DeviceManager.exe -start [?]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-27 08:26
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2009-09-27 8.27.58
ComboFix-quarantined-files.txt 2009-09-27 06:27
ComboFix2.txt 2009-09-26 18:36

Pre-Run: 116.464.181.248 byte disponibili
Post-Run: 116.439.846.912 byte disponibili

787 --- E O F --- 2009-09-27 05:59
spero di non aver fatto pasticci ... Quando ho trascinato sull'icona di Combofix, è subito partito il programma senza che avessi disinstallato antivirus e Firewall ( non mi aspettavo), ma il pc me l'ha comunicato, io l'ho fatto e poi è partito il programma...
Buona domenica!
Torna in alto
 
r16
Inviato: Sunday, September 27, 2009 2:59:25 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao maura50 .
Ripeti la scansione con Malwarebytes, (AGGIORNALO PRIMA) e postami il log.
Poi, fai una scansione con AVG, e vedi se rileva ancora qualcosa.
Poi posta un nuovo log di HijackThis .
Torna in alto
 
maura50
Inviato: Sunday, September 27, 2009 5:37:11 PM
Rank: Member

Iscritto dal : 9/8/2009
Posts: 16
invio il log di Malwarebytes, poi seguirà il resto.. Intanto però mi è venuto un dubbio: io vado in internet con una chiavetta Wind ... non è che può essersi infettata col mio pc (la uso solo qui) e può essere lei a riprodurre i virus? Altra cosa strana: sono SICURISSIMA di aver disinstallato il ripristino di sistema..., ma oggi l' ho trovato attivato.. può aver influito (erano almeno 4-5 giorni che non lo guardavo) sul replicarsi?
Malwarebytes' Anti-Malware 1.41
Versione del database: 2865
Windows 5.1.2600 Service Pack 2

27/09/2009 17.25.23
mbam-log-2009-09-27 (17-25-23).txt

Tipo di scansione: Scansione completa (A:\|C:\|D:\|)
Elementi scansionati: 118430
Tempo trascorso: 15 minute(s), 15 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 4

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Qoobox\Quarantine\C\Documents and Settings\Maura\Dati applicazioni\Desktopicon\eBayShortcuts.exe.vir (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FCEC666B-1035-4A07-99F0-DB010046C308}\RP3\A0000228.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FCEC666B-1035-4A07-99F0-DB010046C308}\RP3\A0000268.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1C43AE\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
Torna in alto
 
maura50
Inviato: Sunday, September 27, 2009 7:05:19 PM
Rank: Member

Iscritto dal : 9/8/2009
Posts: 16
dopo aver scritto la prima parte ho scansionato la chiavetta con Malwarebytes (nessun rilevamento malevolo), poi con AVG che ha trovato un Worm/AutoRun e l'ha eliminato.
Ho rifatto l'intera scansione con Mawarebytes e non ha rilevato nulla di malevolo, poi con AVG e non ha trovato infezioni (c'erano 2Tracking cooke Doubleclick e 1
Tracking cooke webtrends) ...
Ecco il log di HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.45.30, on 27/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\File comuni\DeviceHelper\DeviceManager.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Programmi\Nikon\NkView5\NkvMon.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DeviceManager - Unknown owner - C:\Programmi\File comuni\DeviceHelper\DeviceManager.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 5716 bytesAnxious
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » problema virus


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.