Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Controllo HiJackThis Opzioni
xpproblema
Inviato: Saturday, June 12, 2010 12:43:28 PM
Rank: AiutAmico

Iscritto dal : 6/11/2010
Posts: 119
ah basta fare seleziona tutto , scusa!
xpproblema
Inviato: Saturday, June 12, 2010 12:44:04 PM
Rank: AiutAmico

Iscritto dal : 6/11/2010
Posts: 119
Autoscan: completed 2 minutes ago (events: 20, objects: 435609, time: 00.51.44)
12/06/2010 12.40.26 Task completed
12/06/2010 12.37.11 Deleted: Trojan-Downloader.Win32.Bagle.hp C:\Qoobox\Quarantine\Registry_backups\Legacy_SROSA.reg.dat
12/06/2010 12.37.10 Deleted: Trojan-Downloader.Win32.Bagle.hp C:\Qoobox\Quarantine\Registry_backups\Service_srosa.reg.dat
12/06/2010 12.20.43 Detected: Trojan-Downloader.Win32.Bagle.hp C:\Qoobox\Quarantine\Registry_backups\Service_srosa.reg.dat
12/06/2010 12.20.43 Detected: Trojan-Downloader.Win32.Bagle.hp C:\Qoobox\Quarantine\Registry_backups\Legacy_SROSA.reg.dat
12/06/2010 11.48.42 Task started
12/06/2010 11.48.14 Task stopped
12/06/2010 11.24.08 Detected: Trojan-Downloader.Win32.Bagle.hp C:\Qoobox\Quarantine\Registry_backups\Legacy_SROSA.reg.dat
12/06/2010 11.24.08 Detected: Trojan-Downloader.Win32.Bagle.hp C:\Qoobox\Quarantine\Registry_backups\Service_srosa.reg.dat
12/06/2010 11.17.35 Task started
12/06/2010 11.16.26 Task stopped
12/06/2010 11.15.46 Task started
12/06/2010 0.02.23 Task stopped
12/06/2010 0.02.21 Task started
11/06/2010 20.07.09 Task stopped
11/06/2010 19.47.08 Task started
11/06/2010 19.46.56 Task stopped
11/06/2010 19.39.40 Task started
12/06/2010 11.48.14 Untreated: Trojan-Downloader.Win32.Bagle.hp C:\Qoobox\Quarantine\Registry_backups\Service_srosa.reg.dat Skipped by user
12/06/2010 11.48.14 Untreated: Trojan-Downloader.Win32.Bagle.hp C:\Qoobox\Quarantine\Registry_backups\Legacy_SROSA.reg.dat Skipped by user
shapiro
Inviato: Saturday, June 12, 2010 12:44:56 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
le elimini come hai fatto con le altre

sempre con la visualizzazione dei file ativa cerca ed elimina ( se presente) questo file

c:\windows\system32\sbhryqduvxvit.exe
xpproblema
Inviato: Saturday, June 12, 2010 12:48:13 PM
Rank: AiutAmico

Iscritto dal : 6/11/2010
Posts: 119
no non c'è quel file
scusa cosa è che ho da eliminare come fatto con le altre?
shapiro
Inviato: Saturday, June 12, 2010 12:54:58 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
dicevo eliminare le cartelle HelpAssistant

ora vai in C:\ ed elimina il file di testo combofix.txt poi ripeti la scansione con combofix e posta il nuovo log

quando lo avrai postato, vai in C:\ ed elimina la cartella qoobox

ripeti anche la scansione con malwarebytes (completa) dopo averlo aggiornato
xpproblema
Inviato: Saturday, June 12, 2010 12:57:41 PM
Rank: AiutAmico

Iscritto dal : 6/11/2010
Posts: 119
proprio questo non ho capito:
devo eliminare quelle 2 che mi hai detto prima
C:\Documents and Settings\HelpAssistant\Impostazioni locali\Dati applicazioni\BrightBuy

C:\Documents and Settings\HelpAssistant\Impostazioni locali\Temp

oppure proprio tutta la cartella helpassistant ?

ok ora faccio combofix ecc. sempre da modalità provvisoria..
shapiro
Inviato: Saturday, June 12, 2010 12:59:29 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
certo devi eliminare le cartelle HelpAssistant seguendo quel percorso

combofix eseguilo in modalita' normale
xpproblema
Inviato: Saturday, June 12, 2010 1:01:01 PM
Rank: AiutAmico

Iscritto dal : 6/11/2010
Posts: 119
ok
shapiro
Inviato: Saturday, June 12, 2010 1:09:14 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ascolta ora devo assentarmi

ti lascio uno specchietto cosi' guadagniamo tempo

dopo aver eseguito malwarebytes fai un po' di pulizia

scarica ccleaner

durante l’installazione deseleziona l’opzione per la barra di Yahoo, lo apri, vai in Opzioni>Avanzate, togli la spunta a “Cancella file temp diwindows solo se più vecchi di 48 ore”, poi avvialo, seleziona "Analizza" ed alla fine dell'analisi premi "Avvia pulizia''


clicca su Registro, nella pagina successiva clicca Trova problemi, poi al termine dello scan clicca su Ripara selezionati , risposndi di sì alla richiesta di salvare il backup (salvalo in una cartella a piacimento) poi ripara tutti gli elementi trovati.

scarica atf cleaner

non ha bisogno di installazione

Avvia ATF Cleaner.exe con un doppio click
- clicca sul menu main
- seleziona la casella Select All
- clicca sul pulsante Empty selected
- aspetta l'avviso Done Cleaning.
(se non vuoi eliminare le password togli la spunta)
(se usi opera o firefox,spunta anche le loro sezioni)

scarica FindyKill

Una volta installato chiudi tutte le applicazioni attive e disconnettiti dal internet, poi clicca sull'icona di FindyKill e nella finestra dos che si aprirà scrivi 2 e premi Invio. Attendi il termine della scansione e posta qui il log che trovi in C:\FindyKill.txt


Ci troviamo piu' tardi








xpproblema
Inviato: Saturday, June 12, 2010 1:20:55 PM
Rank: AiutAmico

Iscritto dal : 6/11/2010
Posts: 119
ecco intanto il log di ComboFix


ComboFix 10-06-11.01 - Luigi 12/06/2010 13.09.56.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2037.1587 [GMT 2:00]
Eseguito da: c:\documents and settings\Luigi\Documenti\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {0057005C-0069-006E-5300-780053005C00}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Creati Da 2010-05-12 al 2010-06-12 )))))))))))))))))))))))))))))))))))
.

2010-06-11 17:38 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\31675572.sys
2010-06-11 17:38 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\3167557.sys
2010-06-11 17:38 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\31675571.sys
2010-06-11 16:10 . 2010-06-11 16:10 77312 ----a-w- C:\mbr.exe
2010-06-11 11:31 . 2010-06-11 11:31 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\Malwarebytes
2010-06-11 11:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-11 11:30 . 2010-06-11 11:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-06-11 11:30 . 2010-06-11 11:30 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-06-11 11:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-11 09:31 . 2010-05-06 10:32 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-11 09:18 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-06-11 09:17 . 2010-06-11 09:17 -------- d-----w- c:\programmi\Panda Security
2010-06-11 09:13 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-11 09:13 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-11 09:13 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-11 09:13 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-11 09:13 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-11 09:13 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-11 09:13 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-11 09:12 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-11 09:12 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-11 09:12 . 2010-06-11 09:12 -------- d-----w- c:\programmi\Alwil Software
2010-06-11 09:12 . 2010-06-11 09:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software
2010-06-10 16:31 . 2010-06-10 16:31 -------- d-----w- c:\programmi\Microsoft Sync Framework
2010-06-10 16:29 . 2010-06-10 16:29 -------- d-----w- c:\programmi\Microsoft
2010-06-10 15:52 . 2009-11-25 09:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-06-10 14:41 . 2010-06-10 14:41 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2010-06-10 14:41 . 2010-06-10 14:41 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-06-10 14:41 . 2010-06-10 14:41 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
2010-06-10 14:41 . 2010-06-10 14:41 -------- d-----w- c:\documents and settings\HelpAssistant\Support
2010-06-10 14:41 . 2010-06-10 14:41 -------- d-----w- c:\documents and settings\HelpAssistant\SkyliveNG
2010-06-10 14:21 . 2010-06-10 14:38 -------- d--h--w- c:\documents and settings\HelpAssistant\Impostazioni locali
2010-06-10 14:21 . 2010-06-10 14:38 -------- d-----w- c:\documents and settings\HelpAssistant\Documenti
2010-06-10 14:21 . 2008-11-10 12:56 -------- d--h--w- c:\documents and settings\HelpAssistant\Modelli
2010-06-10 14:21 . 2005-11-21 12:29 -------- d--h--w- c:\documents and settings\HelpAssistant\Risorse di stampa
2010-06-10 14:21 . 2005-11-21 12:29 -------- d--h--w- c:\documents and settings\HelpAssistant\Risorse di rete
2010-06-10 14:21 . 2005-11-21 12:29 -------- d-----r- c:\documents and settings\HelpAssistant\Menu Avvio
2010-06-10 14:21 . 2010-06-11 16:57 -------- d-----w- c:\documents and settings\HelpAssistant
2010-06-07 18:35 . 2010-06-10 12:00 -------- d-----w- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\vortbkl
2010-06-07 18:34 . 2010-06-07 18:34 -------- d-----w- c:\programmi\$NtUninstallWTF1012$
2010-06-07 18:33 . 2010-06-07 18:34 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\8BCDD3AAC06E20C3BD22DD50F82550A1
2010-05-29 19:14 . 2010-05-29 19:14 3177 ----a-w- c:\windows\mozver.dat
2010-05-23 17:16 . 2010-05-23 17:16 -------- d-----w- c:\documents and settings\Luigi\.android
2010-05-22 15:54 . 2010-05-22 17:40 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\Pro Cycling Manager 2007 - Demo
2010-05-22 15:50 . 2010-05-22 15:50 -------- d-----w- c:\programmi\Cyanide
2010-05-17 16:40 . 2010-05-17 16:40 -------- d-----w- c:\programmi\mp3DirectCut
2010-05-17 16:36 . 2010-05-17 16:36 -------- d-----w- C:\video_output

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 13:06 . 2009-03-26 21:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-06-11 10:30 . 2009-04-22 11:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-06-11 10:21 . 2004-08-19 12:00 85132 ----a-w- c:\windows\system32\perfc010.dat
2010-06-11 10:21 . 2004-08-19 12:00 492266 ----a-w- c:\windows\system32\perfh010.dat
2010-06-10 21:31 . 2009-10-21 15:50 -------- d-----w- c:\programmi\EasyPHP5.3.0
2010-06-10 20:55 . 2007-03-24 20:45 -------- d-----w- c:\programmi\File comuni\HP
2010-06-10 20:40 . 2010-01-21 14:27 -------- d-----w- c:\programmi\Windows Live Safety Center
2010-06-10 16:31 . 2010-01-14 14:31 -------- d-----w- c:\programmi\Windows Live
2010-06-05 21:02 . 2009-11-06 16:15 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-05 19:02 . 2009-12-19 13:22 -------- d-----w- c:\programmi\FreeTime
2010-06-05 13:51 . 2009-11-16 19:38 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-05-31 12:37 . 2010-02-07 16:43 -------- d-----w- c:\programmi\NoteWorthy Composer
2010-05-17 16:34 . 2009-03-18 18:17 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\GetRightToGo
2010-05-07 17:52 . 2006-08-25 18:23 -------- d-----w- c:\programmi\Google
2010-05-06 10:32 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:06 . 2004-08-19 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 18:47 . 2005-11-21 12:36 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-28 18:45 . 2010-04-28 18:41 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\Audacity
2010-04-28 18:28 . 2010-04-28 18:28 -------- d-----w- c:\programmi\File comuni\DVDVideoSoft
2010-04-28 18:28 . 2010-04-28 18:28 -------- d-----w- c:\programmi\DVDVideoSoft
2010-04-20 05:30 . 2004-08-19 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-18 16:38 . 2010-04-18 15:25 -------- d-----w- c:\programmi\Notation
2010-04-18 15:17 . 2010-04-18 15:17 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\MusE
2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-06 18:30 . 2005-11-23 14:09 103752 ----a-w- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-02 15:10 . 2009-03-13 17:54 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-02 15:10 . 2010-04-02 15:10 152576 ----a-w- c:\documents and settings\Luigi\Dati applicazioni\Sun\Java\jre1.6.0_16\lzma.dll
2010-03-14 14:38 . 2010-02-21 12:53 540 ---ha-w- C:\os501435.bin
2004-03-11 12:27 . 2005-11-21 13:16 40960 ----a-w- c:\programmi\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\programmi\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 1871872]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2010-04-02 149280]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\HelpAssistant\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\Luigi\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
setup_9.0.0.722_11.06.2010_19-37.lnk - c:\documents and settings\Luigi\Desktop\Virus Removal Tool\setup_9.0.0.722_11.06.2010_19-37\startup.exe [2010-6-11 72208]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^EPSON Status Monitor 3 Environment Check 2.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\EPSON Status Monitor 3 Environment Check 2.lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-10 17:27 136176 ----atw- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3130:TCP"= 3130:TCP:Services
"4760:TCP"= 4760:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"6757:TCP"= 6757:TCP:Services
"6758:TCP"= 6758:TCP:Services
"7226:TCP"= 7226:TCP:Services
"7227:TCP"= 7227:TCP:Services

R0 31675572;31675572 Boot Guard Driver;c:\windows\system32\drivers\31675572.sys [11/06/2010 19.38.19 37392]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [11/06/2010 11.18.24 28552]
R1 31675571;31675571;c:\windows\system32\drivers\31675571.sys [11/06/2010 19.38.19 128016]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/06/2010 11.13.44 164048]
R1 setup_9.0.0.722_11.06.2010_19-37drv;setup_9.0.0.722_11.06.2010_19-37drv;c:\windows\system32\drivers\3167557.sys [11/06/2010 19.38.19 315408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/06/2010 11.13.45 19024]
S3 {F2AFBF83-1FF8-4D1A-972AEEFC33F0B0B6};{F2AFBF83-1FF8-4D1A-972AEEFC33F0B0B6};\??\c:\windows\TEMP\18B.tmp --> c:\windows\TEMP\18B.tmp [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fbserver.exe --> c:\programmi\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [27/06/2006 20.33.50 39048]
S3 UPnPService;UPnPService;c:\programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [15/02/2007 22.53.58 544768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-12 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-20 12:18]

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1979792683-725345543-1004Core.job
- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-06-10 17:27]

2010-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1979792683-725345543-1004UA.job
- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-06-10 17:27]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-12 13:16
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{F2AFBF83-1FF8-4D1A-972AEEFC33F0B0B6}]
"ImagePath"="\??\c:\windows\TEMP\18B.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1123561945-1979792683-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-1123561945-1979792683-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05C0C8D3-6C60-76D2-3CD5-73FE41BA2C09}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oappkbkogpgodacjgmcpebdghpkfho"=hex:64,61,6d,62,64,6b,6b,67,00,85
"oalabhcdohdmcfekapmmcijakpcmgk"=hex:6a,61,70,62,65,6a,6e,6a,65,6c,68,6d,65,6d,
6d,6b,63,67,63,64,00,02
"nabbdglchlaccopkdgkmmbdkdgbl"=hex:6a,61,70,62,65,6a,6e,6a,65,6c,68,6d,65,6d,
6d,6b,63,67,63,64,00,02

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2244)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-06-12 13:19:02
ComboFix-quarantined-files.txt 2010-06-12 11:18

Pre-Run: 13.913.288.704 byte disponibili
Post-Run: 13.872.640.000 byte disponibili

- - End Of File - - D5A5F25E72E1C10758D616182719CFBF

buon pranzo!
xpproblema
Inviato: Saturday, June 12, 2010 1:51:03 PM
Rank: AiutAmico

Iscritto dal : 6/11/2010
Posts: 119
wow il pc va mooolto meglio, intanto sto facendo anche la scansione malwarebytes
shapiro
Inviato: Saturday, June 12, 2010 1:59:16 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
sempre con la visualizzazione dei file nascosti attiva(anzi lasciala cosi', senza che devo ripeterlo ogni volta) cerca nel percorso queste altre cartelle HelpAssistant ed eliminale


c:\documents and settings\HelpAssistant\WINDOWS

c:\documents and settings\HelpAssistant\UserData

c:\documents and settings\HelpAssistant\Tracing

c:\documents and settings\HelpAssistant\Support

c:\documents and settings\HelpAssistant\SkyliveNG

c:\documents and settings\HelpAssistant\Impostazioni locali

c:\documents and settings\HelpAssistant\Documenti

c:\documents and settings\HelpAssistant\Modelli

c:\documents and settings\HelpAssistant\Risorse di stampa

c:\documents and settings\HelpAssistant\Risorse di rete

c:\documents and settings\HelpAssistant\Menu Avvio

c:\documents and settings\HelpAssistant


apri una pagina del blocco note e copia incolla quanto segue


Code:
Registry::
[HKEY_USERS\S-1-5-21-1123561945-1979792683-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05C0C8D3-6C60-76D2-3CD5-73FE41BA2C09}*]
"oappkbkogpgodacjgmcpebdghpkfho"=-
"oalabhcdohdmcfekapmmcijakpcmgk"=-
"nabbdglchlaccopkdgkmmbdkdgbl"=-


salva la pagina nominandola obligatoriamente in CFScript.txt
a questo punto trascina e lascia il file CFScript.txt sull'icona di combofix
lascialo lavorare fino alla fine e riposta il suo log ...
xpproblema
Inviato: Saturday, June 12, 2010 2:05:20 PM
Rank: AiutAmico

Iscritto dal : 6/11/2010
Posts: 119
ok finisco il malwarebytes (circa altri 20 minuti) e poi trascino cfscritp.txt..
scusa l'ultimo percorso da eliminare quale è?
"c:\documents and settings\HelpAssistant"
shapiro
Inviato: Saturday, June 12, 2010 2:07:13 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Commenta:
scusa l'ultimo percorso da eliminare quale è?
"c:\documents and settings\HelpAssistant"


si, giusto

dopo malwarebytes esegui anche findykill come ti ho spiegato nell'altro post

lo script eseguilo quando finisce malwarebytes
xpproblema
Inviato: Saturday, June 12, 2010 2:09:12 PM
Rank: AiutAmico

Iscritto dal : 6/11/2010
Posts: 119
ah quindi alla fine la cancello tutta la cartella helpassistant..
shapiro
Inviato: Saturday, June 12, 2010 2:11:27 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Commenta:
ah quindi alla fine la cancello tutta la cartella helpassistant..



devi eliminare TUTTE le cartelle helpassistant che ti ho segnalato, non deve rimanere nemmeno l'ombra

se ne vedi altre eliminale
xpproblema
Inviato: Saturday, June 12, 2010 2:28:37 PM
Rank: AiutAmico

Iscritto dal : 6/11/2010
Posts: 119
ecco il log di malwarebytes


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4188

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/06/2010 14.26.03
mbam-log-2010-06-12 (14-26-03).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi esaminati: 249756
Tempo trascorso: 1 ore, 2 minuti, 12 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)
xpproblema
Inviato: Saturday, June 12, 2010 2:32:41 PM
Rank: AiutAmico

Iscritto dal : 6/11/2010
Posts: 119
ora findykill
xpproblema
Inviato: Saturday, June 12, 2010 3:10:22 PM
Rank: AiutAmico

Iscritto dal : 6/11/2010
Posts: 119
log di findykill

# Update on 10/06/2010 by El Desaparecido
# Start at: 14.43.15 | 12/06/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# Intel(R) Pentium(R) 4 CPU 3.00GHz
# Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
# AV : avast! Antivirus 5.0.83886625 [ Enabled | Updated ]
# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

# A:\ # Disco floppy, 3,5 pollici
# C:\ # Disco rigido locale # 38,09 Go (13 Go free) # NTFS
# D:\ # Disco rigido locale # 23,29 Go (22,96 Go free) [Volume] # NTFS
# E:\ # Disco CD-ROM

################## | Infected File |


################## | MD5 ... |


################## | CRC32 ... |


################## | Registry |

Deleted ! [HKLM\SYSTEM\ControlSet001\Services\srosa]
Deleted ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]
Deleted ! [HKCR\ed2k]

################## | State |

# Safe boot mode : OK


# Showing of hidden files : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | Corrupted Files |

... OK !

################## | Upload |
xpproblema
Inviato: Saturday, June 12, 2010 3:26:10 PM
Rank: AiutAmico

Iscritto dal : 6/11/2010
Posts: 119
ed ecco il log di combofix con CFScript.txt


ComboFix 10-06-11.01 - Luigi 12/06/2010 15.16.05.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2037.1522 [GMT 2:00]
Eseguito da: c:\documents and settings\Luigi\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Luigi\Desktop\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {0057005C-0069-006E-5300-780053005C00}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Creati Da 2010-05-12 al 2010-06-12 )))))))))))))))))))))))))))))))))))
.

2010-06-12 13:06 . 2010-06-12 13:06 848 ----a-w- C:\FindyKill_Upload_Me_CASADEI-7B6865B.zip
2010-06-12 12:33 . 2010-06-12 13:06 -------- d-----w- C:\FyK
2010-06-12 11:27 . 2010-06-12 11:27 -------- d-----w- c:\programmi\CCleaner
2010-06-11 17:38 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\31675572.sys
2010-06-11 17:38 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\3167557.sys
2010-06-11 17:38 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\31675571.sys
2010-06-11 16:10 . 2010-06-11 16:10 77312 ----a-w- C:\mbr.exe
2010-06-11 11:31 . 2010-06-11 11:31 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\Malwarebytes
2010-06-11 11:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-11 11:30 . 2010-06-11 11:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-06-11 11:30 . 2010-06-11 11:30 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-06-11 11:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-11 09:31 . 2010-05-06 10:32 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-11 09:18 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-06-11 09:17 . 2010-06-11 09:17 -------- d-----w- c:\programmi\Panda Security
2010-06-11 09:13 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-11 09:13 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-11 09:13 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-11 09:13 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-11 09:13 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-11 09:13 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-11 09:13 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-11 09:12 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-11 09:12 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-11 09:12 . 2010-06-11 09:12 -------- d-----w- c:\programmi\Alwil Software
2010-06-11 09:12 . 2010-06-11 09:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software
2010-06-10 16:31 . 2010-06-10 16:31 -------- d-----w- c:\programmi\Microsoft Sync Framework
2010-06-10 16:29 . 2010-06-10 16:29 -------- d-----w- c:\programmi\Microsoft
2010-06-10 15:52 . 2009-11-25 09:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-06-07 18:35 . 2010-06-10 12:00 -------- d-----w- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\vortbkl
2010-06-07 18:34 . 2010-06-07 18:34 -------- d-----w- c:\programmi\$NtUninstallWTF1012$
2010-06-07 18:33 . 2010-06-07 18:34 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\8BCDD3AAC06E20C3BD22DD50F82550A1
2010-05-29 19:14 . 2010-05-29 19:14 3177 ----a-w- c:\windows\mozver.dat
2010-05-23 17:16 . 2010-05-23 17:16 -------- d-----w- c:\documents and settings\Luigi\.android
2010-05-22 15:54 . 2010-05-22 17:40 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\Pro Cycling Manager 2007 - Demo
2010-05-22 15:50 . 2010-05-22 15:50 -------- d-----w- c:\programmi\Cyanide
2010-05-17 16:40 . 2010-05-17 16:40 -------- d-----w- c:\programmi\mp3DirectCut
2010-05-17 16:36 . 2010-05-17 16:36 -------- d-----w- C:\video_output

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 13:06 . 2009-03-26 21:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-06-11 10:30 . 2009-04-22 11:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-06-11 10:21 . 2004-08-19 12:00 85132 ----a-w- c:\windows\system32\perfc010.dat
2010-06-11 10:21 . 2004-08-19 12:00 492266 ----a-w- c:\windows\system32\perfh010.dat
2010-06-10 21:31 . 2009-10-21 15:50 -------- d-----w- c:\programmi\EasyPHP5.3.0
2010-06-10 20:55 . 2007-03-24 20:45 -------- d-----w- c:\programmi\File comuni\HP
2010-06-10 20:40 . 2010-01-21 14:27 -------- d-----w- c:\programmi\Windows Live Safety Center
2010-06-10 16:31 . 2010-01-14 14:31 -------- d-----w- c:\programmi\Windows Live
2010-06-05 21:02 . 2009-11-06 16:15 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-05 19:02 . 2009-12-19 13:22 -------- d-----w- c:\programmi\FreeTime
2010-06-05 13:51 . 2009-11-16 19:38 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-05-31 12:37 . 2010-02-07 16:43 -------- d-----w- c:\programmi\NoteWorthy Composer
2010-05-17 16:34 . 2009-03-18 18:17 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\GetRightToGo
2010-05-07 17:52 . 2006-08-25 18:23 -------- d-----w- c:\programmi\Google
2010-05-06 10:32 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:06 . 2004-08-19 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 18:47 . 2005-11-21 12:36 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-28 18:45 . 2010-04-28 18:41 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\Audacity
2010-04-28 18:28 . 2010-04-28 18:28 -------- d-----w- c:\programmi\File comuni\DVDVideoSoft
2010-04-28 18:28 . 2010-04-28 18:28 -------- d-----w- c:\programmi\DVDVideoSoft
2010-04-20 05:30 . 2004-08-19 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-18 16:38 . 2010-04-18 15:25 -------- d-----w- c:\programmi\Notation
2010-04-18 15:17 . 2010-04-18 15:17 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\MusE
2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-06 18:30 . 2005-11-23 14:09 103752 ----a-w- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-02 15:10 . 2009-03-13 17:54 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-02 15:10 . 2010-04-02 15:10 152576 ----a-w- c:\documents and settings\Luigi\Dati applicazioni\Sun\Java\jre1.6.0_16\lzma.dll
2010-03-14 14:38 . 2010-02-21 12:53 540 ---ha-w- C:\os501435.bin
2004-03-11 12:27 . 2005-11-21 13:16 40960 ----a-w- c:\programmi\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\programmi\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 1871872]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2010-04-02 149280]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Luigi\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
setup_9.0.0.722_11.06.2010_19-37.lnk - c:\documents and settings\Luigi\Desktop\Virus Removal Tool\setup_9.0.0.722_11.06.2010_19-37\startup.exe [2010-6-11 72208]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^EPSON Status Monitor 3 Environment Check 2.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\EPSON Status Monitor 3 Environment Check 2.lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-10 17:27 136176 ----atw- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3130:TCP"= 3130:TCP:Services
"4760:TCP"= 4760:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"6757:TCP"= 6757:TCP:Services
"6758:TCP"= 6758:TCP:Services
"7226:TCP"= 7226:TCP:Services
"7227:TCP"= 7227:TCP:Services

R0 31675572;31675572 Boot Guard Driver;c:\windows\system32\drivers\31675572.sys [11/06/2010 19.38.19 37392]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [11/06/2010 11.18.24 28552]
R1 31675571;31675571;c:\windows\system32\drivers\31675571.sys [11/06/2010 19.38.19 128016]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/06/2010 11.13.44 164048]
R1 setup_9.0.0.722_11.06.2010_19-37drv;setup_9.0.0.722_11.06.2010_19-37drv;c:\windows\system32\drivers\3167557.sys [11/06/2010 19.38.19 315408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/06/2010 11.13.45 19024]
S3 {F2AFBF83-1FF8-4D1A-972AEEFC33F0B0B6};{F2AFBF83-1FF8-4D1A-972AEEFC33F0B0B6};\??\c:\windows\TEMP\18B.tmp --> c:\windows\TEMP\18B.tmp [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fbserver.exe --> c:\programmi\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [27/06/2006 20.33.50 39048]
S3 UPnPService;UPnPService;c:\programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [15/02/2007 22.53.58 544768]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - EAPHOST
*NewlyCreated* - IP6FW

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-12 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-20 12:18]

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1979792683-725345543-1004Core.job
- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-06-10 17:27]

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1979792683-725345543-1004UA.job
- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-06-10 17:27]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-12 15:21
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{F2AFBF83-1FF8-4D1A-972AEEFC33F0B0B6}]
"ImagePath"="\??\c:\windows\TEMP\18B.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1123561945-1979792683-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-1123561945-1979792683-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05C0C8D3-6C60-76D2-3CD5-73FE41BA2C09}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oappkbkogpgodacjgmcpebdghpkfho"=hex:64,61,6d,62,64,6b,6b,67,00,85
"oalabhcdohdmcfekapmmcijakpcmgk"=hex:6a,61,70,62,65,6a,6e,6a,65,6c,68,6d,65,6d,
6d,6b,63,67,63,64,00,02
"nabbdglchlaccopkdgkmmbdkdgbl"=hex:6a,61,70,62,65,6a,6e,6a,65,6c,68,6d,65,6d,
6d,6b,63,67,63,64,00,02

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\ACTIVEDS.dll

- - - - - - - > 'explorer.exe'(3416)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-06-12 15:24:37
ComboFix-quarantined-files.txt 2010-06-12 13:24
ComboFix2.txt 2010-06-12 11:19

Pre-Run: 14.750.609.408 byte disponibili
Post-Run: 14.711.169.024 byte disponibili

- - End Of File - - E940E589EE5BC64A1EC246F52EAB3E72
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.