Per R16.-
Fatto. Ti posto il log aggiornato di ComboFix e hai ragione quanto dici che non avrei dovuto toccare niente, neanche il mouse, ma dopo mezz’ora che il programma era completamente fermo, bloccato, pensa che era perfino scomparso il cursore lampeggiante su fondo azzurro dallo schermo, cosa dovevo fare?
La finestra che appariva,dove era scritto che era stato rilevato uno script pericoloso, che il rischio era alto e chiedeva se volevo o meno terminare lo script, era posizionata al centro dello schermo, non era possibile spostarla e non mi permetteva di vedere se ComboFix chiedeva la creazione della console di ripristino di emergenza. Come facevo ad andare avanti? Lo ha fatto di nuovo ma una volta disconnesso da internet non è più comparso niente. Forse era questo il mio errore.
Il programma Carrefour non è un vero programma ma è li, mi sembra un account, da quanto è stato comprato il pc,a Carrefour. Forse era registrato a loro nome.
Ciao,grazie di tutto e aspetto tue nuove per eliminarlo.
ComboFix 10-01-04.01 - carrefour 09/01/2010 12.47.15.4.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.152 [GMT 1:00]
Eseguito da: c:\documents and settings\carrefour\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\carrefour\Desktop\CFScript.txt.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {B5510F6F-87E1-47F7-A411-360BC453007C}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programmi\AskBarDis
c:\programmi\AskBarDis\bar\bin\askBar.dll
c:\programmi\AskBarDis\bar\bin\askPopStp.dll
c:\programmi\AskBarDis\bar\bin\psvince.dll
c:\programmi\AskBarDis\bar\Cache\0012914B
c:\programmi\AskBarDis\bar\Cache\001295B0.bin
c:\programmi\AskBarDis\bar\Cache\00129BBB.bin
c:\programmi\AskBarDis\bar\Cache\00129D71.bin
c:\programmi\AskBarDis\bar\Cache\00129F55.bin
c:\programmi\AskBarDis\bar\Cache\0012A11A.bin
c:\programmi\AskBarDis\bar\Cache\0012A2C0.bin
c:\programmi\AskBarDis\bar\Cache\files.ini
c:\programmi\AskBarDis\bar\History\search
c:\programmi\AskBarDis\bar\Settings\config.dat
c:\programmi\AskBarDis\bar\Settings\config.dat.bak
c:\programmi\AskBarDis\bar\Settings\prevcfg.htm
c:\programmi\AskBarDis\unins000.dat
c:\programmi\AskBarDis\unins000.exe
.
((((((((((((((((((((((((( Files Creati Da 2009-12-09 al 2010-01-09 )))))))))))))))))))))))))))))))))))
.
2010-01-06 16:16 . 2010-01-06 16:16 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-12-16 17:54 . 2009-12-16 17:54 -------- d-----w- c:\documents and settings\carrefour\Dati applicazioni\GARMIN
2009-12-10 17:49 . 2009-11-21 15:54 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 14:46 . 2009-09-12 16:19 5061520 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-30 13:55 . 2009-09-05 17:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 13:54 . 2009-09-05 17:45 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-21 15:54 . 2002-09-10 11:00 471552 ----a-w- c:\windows\AppPatch\AcLayers.dll
2009-11-02 19:42 . 2009-10-02 16:48 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 17:47 . 2009-10-30 17:47 450328 ----a-w- c:\documents and settings\carrefour\Dati applicazioni\Tracker Software\LiveUpdate\Updates\LiveUpdate[1].exe
2009-10-29 07:40 . 2004-08-23 19:35 916480 ------w- c:\windows\system32\wininet.dll
2009-10-27 11:44 . 2009-10-27 11:44 16520840 ----a-w- c:\programmi\PDFXVwerSE.exe
2009-10-21 05:38 . 2004-08-19 22:39 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-19 22:39 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:33 . 2002-09-10 11:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2002-09-10 11:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2002-09-10 11:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 17:56 . 2009-10-11 17:56 71079 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-10-11 17:10 . 2006-01-24 17:11 14 ----a-w- c:\windows\popcinfo.dat
2009-10-11 15:09 . 2003-10-18 13:18 105512 ----a-w- c:\documents and settings\carrefour\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-04 11:04 . 2009-08-04 11:04 3942048 ----a-w- c:\programmi\malwarebytesAnti_malwar_-setup.exe
2009-03-25 09:27 . 2009-03-25 09:27 5649472 ----a-w- c:\programmi\gusetup.exe
2008-07-18 17:16 . 2008-07-18 17:16 5244440 ----a-w- c:\programmi\TVUPlayer2.3.7.1.exe
2008-03-28 14:51 . 2008-03-28 14:51 3199108 ----a-w- c:\programmi\Setup-SopCast-3.0.1-2008-3-28.exe
2008-01-21 21:22 . 2008-01-21 21:22 9739116 ----a-w- c:\programmi\InstSocr.exe
2008-01-15 19:57 . 2008-01-15 19:57 20907376 ----a-w- c:\programmi\aaw2007.exe
2007-08-09 07:17 . 2007-08-09 07:17 1563724 ----a-w- c:\programmi\icarbonsetup.exe
2007-03-11 11:14 . 2007-03-11 11:14 112 ----a-w- c:\programmi\Config.ini
2007-02-14 15:02 . 2007-02-14 15:02 4732416 ----a-w- c:\programmi\OnLineLiveSetup.msi
2006-10-31 16:48 . 2006-10-31 16:48 34698 ----a-w- c:\programmi\rojadirecta
2006-09-21 16:46 . 2006-09-21 16:46 1156042 ----a-w- c:\programmi\IEPrivacyKeeperSetup.exe
2006-08-04 17:19 . 2006-08-04 17:19 6227687 ----a-w- c:\programmi\Setup TvuPlayer.exe
2006-04-09 17:43 . 2006-04-09 17:43 516608 ----a-w- c:\programmi\Starter.exe
2006-01-30 17:11 . 2006-01-30 17:11 1082742 ----a-w- c:\programmi\WRar351it.exe
2005-04-28 16:21 . 2005-04-28 16:44 606666 ----a-w- c:\programmi\WinPlayer.exe
2005-04-13 16:27 . 2005-04-13 16:27 11760072 ----a-w- c:\programmi\Alice_ti_aiuta.exe
2003-04-27 14:24 . 2003-04-27 14:24 383254 ----a-w- c:\programmi\CDEX.HLP
2003-04-27 14:24 . 2003-04-27 14:24 96768 ----a-w- c:\programmi\libsndfile.dll
2003-04-27 14:23 . 2003-04-27 14:23 83456 ----a-w- c:\programmi\CDRip.dll
2003-04-27 14:23 . 2003-04-27 14:23 7051 ----a-w- c:\programmi\CDex.cnt
2003-03-24 20:25 . 2003-03-24 20:25 21652 ----a-w- c:\programmi\Changes.txt
2003-02-04 20:35 . 2003-02-04 20:35 4320 ----a-w- c:\programmi\ReadMe.txt
2002-08-07 21:07 . 2002-08-07 21:07 71680 ----a-w- c:\programmi\MACDll.dll
2002-07-06 12:25 . 2002-07-06 12:25 1007 ----a-w- c:\programmi\CDex.ini
2002-05-09 15:22 . 2002-05-09 15:22 537 ----a-w- c:\programmi\CDex.exe.manifest
2002-04-20 12:07 . 2002-04-20 12:07 69632 ----a-w- c:\programmi\WMA8Connect.dll
2001-03-10 12:18 . 2001-03-10 12:18 1044168 ----a-w- c:\programmi\vbrun60sp5.exe
.
(((((((((((((((((((((((((((((
SnapShot@2010-01-07_18.34.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-09 11:19 . 2010-01-09 11:19 16384 c:\windows\temp\Perflib_Perfdata_530.dat
+ 2002-09-10 11:00 . 2010-01-09 11:24 86984 c:\windows\system32\perfc009.dat
- 2002-09-10 11:00 . 2010-01-07 17:53 86984 c:\windows\system32\perfc009.dat
+ 2002-09-10 11:00 . 2010-01-09 11:24 516376 c:\windows\system32\perfh009.dat
- 2002-09-10 11:00 . 2010-01-07 17:53 516376 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2006-04-04 71304]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-02-15 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\MSMSGS.EXE"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\carrefour\\Dati applicazioni\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\TVAnts\\Tvants.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\sopvod.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
R2 MSSQL$VLSOLE24EXPRESS;SQL Server (VLSOLE24EXPRESS);c:\programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [27/05/2009 3.27.04 29262680]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;c:\programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe [24/10/2008 19.04.00 100032]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 18.19.58 13592]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [17/04/2008 16.56.10 8192]
.
Contenuto della cartella 'Scheduled Tasks'
2010-01-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
2009-11-06 c:\windows\Tasks\Norton AntiVirus - Scansione del computer.job
- c:\progra~1\NORTON~1\Navw32.exe [2003-08-22 20:14]
2010-01-09 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2009-02-17 11:09]
2010-01-09 c:\windows\Tasks\User_Feed_Synchronization-{EB99D812-E6C0-40EE-9A81-3FF831D3F6A9}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.ansa.it/index.shtml
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Ricerca AltaVista - file://c:\documents and settings\carrefour\Dati applicazioni\ALTAVISTA\SelectedContextSearch_Ricerca AltaVista.htm
IE: Traduci - file://c:\documents and settings\carrefour\Dati applicazioni\ALTAVISTA\SelectedContextTranslation.htm
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\programmi\AskBarDis\bar\bin\askBar.dll
AddRemove-Ask Toolbar_is1 - c:\programmi\AskBarDis\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-01-09 12:53
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Realtek\AC97 Audio]
@DACL=(02 0000)
@SACL=
"SpoutPage"=hex:01
[HKEY_LOCAL_MACHINE\software\Sensaura\Environment]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Sensaura\Speaker]
@DACL=(02 0000)
@SACL=
"ChannelConfig"=dword:00000003
"SpeakerGeometry"=dword:0000000a
.
Ora fine scansione: 2010-01-09 12:54:55
ComboFix-quarantined-files.txt 2010-01-09 11:54
ComboFix2.txt 2010-01-07 18:51
ComboFix3.txt 2010-01-07 18:40
Pre-Run: 64.069.369.856 byte disponibili
Post-Run: 64.189.464.576 byte disponibili
- - End Of File - - A831A657EE10B895A206686F4D4775D0
