www.MegaLab.it

[diesel73]

per un attimo avevo escluso l'antivirus e mi sono sicuramente beccato un virus (almeno credo!!) xche' non riesco ad installare nessun antivirus!! sto' facendo una scansione online spero che riesca a trovare qualcosa!!! non riesco neanche ad installare hijackthis x favore aiutatemi!!! ma mi sono beccato ancora come un anno fa' win32.bagle????

[Amantide]

Scarica FindyKill (by Chiquitine29)ed installalo (è in francese però è di facile comprensione).
Una volta installato chiudi tutte le applicazioni attive e disconnettiti dal internet, poi clicca sull'icona di FindyKill e nella finestra dos che si aprirà scrivi 1 e premi Invio. Attendi il termine della scansione e posta qui il log che trovi in C:\FindyKill.txt

[diesel73]

----------------- FindyKill V4.095 ------------------

* User : Luca - LUCA-741ED66D62
* Emplacement : C:\Programmi\FindyKill
* Outils Mis a jours le 07/11/08 par Chiquitine29
* Recherche effectuée à 22:13:30 le 09/11/2008
* Windows XP - Internet Explorer 6.0.2900.2180

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Alice ti aiuta\SmartBridge\MotiveSB.exe
C:\Programmi\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\luca\impostazioni locali\dati applicazioni\iuuwawo.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\MemoRex\MemoRex.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:

Présent ! [10/02/2008 02.04] - C:\InfoSat.txt

»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch


»»»» Presence des fichiers dans C:\WINDOWS\system32

Présent ! [09/11/2008 20.28] - C:\WINDOWS\system32\mdelk.exe
Présent ! [09/11/2008 20.28] - C:\WINDOWS\system32\wintems.exe
Présent ! [09/11/2008 21.29] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

Présent ! [09/11/2008 20.20] - C:\WINDOWS\system32\drivers\srosa.sys
Présent ! [09/11/2008 20.19] - C:\WINDOWS\system32\drivers\srosa2.sys
Présent ! [21/08/2005 06.01] - C:\WINDOWS\system32\drivers\winfilse.exe
Présent ! [09/11/2008 20.30] - "C:\WINDOWS\system32\drivers\downld"
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\112921.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\114281.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\125515.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\126562.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\128156.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\130531.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\135046.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\137187.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\138578.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\141296.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\142906.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\143562.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\144625.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\147687.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\160078.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\164281.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\168828.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\172203.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\172656.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\175546.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\177921.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\178265.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\178500.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\180109.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\181828.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\183000.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\184890.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\186375.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\187625.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\188937.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\191187.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\191984.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\193625.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\194890.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\198125.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\201265.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\205687.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\232875.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\234968.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\235656.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\236281.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\236375.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\242218.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\245609.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\246437.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\248593.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\263828.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\269984.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\277656.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\284062.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\284234.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\287718.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\289343.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\290015.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\290828.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\291890.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\296953.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\297781.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\307500.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\3132937.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\3136828.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\314281.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\3156906.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\3158125.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\3171765.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\320250.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\323000.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\323234.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\325203.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\326750.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\328906.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\329250.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\329906.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\335703.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\341593.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\385734.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\392015.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\409765.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\416156.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\420609.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\475796.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\488828.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\493875.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\537906.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\538906.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\551812.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\553015.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\578890.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\594687.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\602453.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\605312.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\610140.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\645187.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\648000.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\649234.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\686546.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\693203.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\729156.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\744078.exe
Présent ! [09/11/2008 20.30] C:\WINDOWS\system32\drivers\downld\749406.exe

»»»» Presence des fichiers dans C:\Documents and Settings\Luca\Dati applicazioni

Présent ! [09/11/2008 20.28] - "C:\Documents and Settings\Luca\Dati applicazioni\m\flec006.exe"
Présent ! [09/11/2008 20.28] - "C:\Documents and Settings\Luca\Dati applicazioni\m\list.oct"
Présent ! [09/11/2008 20.28] - "C:\Documents and Settings\Luca\Dati applicazioni\m\data.oct"
Présent ! [09/11/2008 20.28] - "C:\Documents and Settings\Luca\Dati applicazioni\m\srvlist.oct"
Présent ! [09/11/2008 20.29] - "C:\Documents and Settings\Luca\Dati applicazioni\m\shared"
Présent ! [09/11/2008 18.47] - "C:\Documents and Settings\Luca\Dati applicazioni\m"

»»»» Presence des fichiers dans C:\DOCUME~1\Luca\IMPOST~1\Temp

Présent ! - C:\DOCUME~1\Luca\IMPOST~1\Temp\7zS6.tmp\trialkey.dat
Présent ! - C:\DOCUME~1\Luca\IMPOST~1\Temp\jkos-Luca\binaries\03988373.key
Présent ! - C:\DOCUME~1\Luca\IMPOST~1\Temp\Rar$EX00.594\key_generator.exe

»»»» Presence des fichiers dans C:\Documents and Settings\Luca\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
SoundMan REG_SZ SOUNDMAN.EXE
Easy-PrintToolBox REG_SZ "C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" /logon
LogitechVideoRepair REG_SZ C:\Programmi\Logitech\Video\ISStart.exe
LogitechVideoTray REG_SZ C:\Programmi\Logitech\Video\LogiTray.exe
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
QuickTime Task REG_SZ "C:\Programmi\QuickTime\qttask.exe" -atboottime
RemoteControl REG_SZ C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
PinnacleDriverCheck REG_SZ "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg
CloneCDTray REG_SZ "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
VirtualCloneDrive REG_SZ "C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
GrooveMonitor REG_SZ "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
SSBkgdUpdate REG_SZ "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
OpwareSE4 REG_SZ "C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
MemoREX REG_SZ "C:\Programmi\MemoRex\MemoRexStart.exe"
NWEReboot REG_SZ
SunJavaUpdateSched REG_SZ "C:\Programmi\Java\jre6\bin\jusched.exe"
Motive SmartBridge REG_SZ C:\PROGRA~1\Alice ti aiuta\SmartBridge\MotiveSB.exe
basicsmssmenu REG_SZ "C:\Programmi\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
Adobe Reader Speed Launcher REG_SZ "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
AVG8_TRAY REG_SZ C:\PROGRA~1\AVG\AVG8\avgtray.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
NBJ REG_SZ "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
Google Update REG_SZ "C:\Documents and Settings\Luca\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
iuuwawo REG_SZ "c:\documents and settings\luca\impostazioni locali\dati applicazioni\iuuwawo.exe" iuuwawo
msnmsgr REG_SZ "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Disabled

--------------- [ Registre / Clés infectieuses ] ----------------


Présent ! - HKEY_USERS\S-1-5-21-839522115-1659004503-1801674531-1003\Software\Local AppWizard-Generated Applications\winfilse
Présent ! - HKEY_USERS\S-1-5-21-839522115-1659004503-1801674531-1003\Software\bisoft
Présent ! - HKEY_USERS\S-1-5-21-839522115-1659004503-1801674531-1003\Software\CHKPTR
Présent ! - HKEY_USERS\S-1-5-21-839522115-1659004503-1801674531-1003\Software\DateTime4
Présent ! - HKEY_USERS\S-1-5-21-839522115-1659004503-1801674531-1003\Software\FFC
Présent ! - HKEY_USERS\S-1-5-21-839522115-1659004503-1801674531-1003\Software\FirstRRRun
Présent ! - HKEY_USERS\S-1-5-21-839522115-1659004503-1801674531-1003\Software\FirtR
Présent ! - HKEY_USERS\S-1-5-21-839522115-1659004503-1801674531-1003\Software\MuleAppData
Présent ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Présent ! - HKEY_CURRENT_USER\Software\bisoft
Présent ! - HKEY_CURRENT_USER\Software\DateTime4
Présent ! - HKEY_CURRENT_USER\Software\FirtR
Présent ! - HKEY_CURRENT_USER\Software\FirstRRRun
Présent ! - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] | EnableLUA
Présent ! - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Security Center\Svc] | EnableLUA

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

-> Mode sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

-> Mode sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

-> Mode sans echec non fonctionnel !!



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Unit… fissa

G: - Unit… rimovibile


+- presence des fichiers :



--------------- [ Registre / Moutpoint2 ] ----------------


-> Recherche négative.


------------------- ! Fin du rapport ! --------------------

[Amantide]

Ok, ora riesegui FindyKill, però questa volta scegli opzione 2.
Posta il nuovo log seguendo queste istruzioni.

Dopo scarica ComboFix ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto.

[Seba:-)]

Purtroppo, molto probabilmente si tratta di Bagle, anche se spero di no per te... prova a seguire la guida su MagaLab, anche se la rimozione di questo virus è veramente difficilissima, anche perché si aggiorna di continuo e blocca sempre più programmi
(controlla anche nel Task Manager se ci sono processi tipici di bagle, basandoti sulla guida)
http://www.MegaLab.it/1367

Ciao buona fortuna

[Amantide]

....

Cerchiamo di non confondere le idee agli utenti con le indicazioni poco utili se non completamente errate se non si ha le conoscenze sufficienti sull'argomento.

[diesel73]

----------------- FindyKill V4.095 ------------------

* User : Luca - LUCA-741ED66D62
* Emplacement : C:\Programmi\FindyKill
* Outils Mis a jours le 07/11/08 par Chiquitine29
* Suppression effectuée à 23:10:06 le 09/11/2008
* Windows XP - Internet Explorer 7.0.5730.13


((((((((((((((( *** Suppression *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\Programmi\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\nvsvc32.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Suppression des fichiers dans C:


»»»» Suppression des fichiers dans C:\WINDOWS


»»»» Suppression des fichiers dans C:\WINDOWS\Prefetch


»»»» Suppression des fichiers dans C:\WINDOWS\system32


»»»» Suppression des fichiers dans C:\WINDOWS\system32\drivers

Supprimé ! - "C:\WINDOWS\system32\drivers\downld"

»»»» Suppression des fichiers dans C:\Documents and Settings\Luca\Dati applicazioni


»»»» Suppression des fichiers dans C:\DOCUME~1\Luca\IMPOST~1\Temp


»»»» Suppression des fichiers dans C:\Documents and Settings\Luca\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registre / Clés infectieuses ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\bisoft

--------------- [ Etat / Redémarage des services ] ----------------


+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

Ip6Fw - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2


--------------- [ Nettoyage des supports amovibles ] ----------------

+- Informations :

C: - Unit… fissa

G: - Unit… rimovibile


+- Suppression des fichiers :


--------------- [ Registre / Moutpoint2 ] ----------------


-> Recherche négative.


--------------- [ Recherche Cracks / Keygen ] ----------------

C:\Documents and Settings\Luca\Documenti\EMULE\AVG.Internet.Security.7.5.+.Firewall.(05-12-2006).Cracked.zip
C:\Documents and Settings\Luca\Documenti\EMULE\Full Version License Kaspersky Antivirus Anti-Virus Anti Virus 2009 v8.0.0.357 3 Years Subscription Key Crack Serial Torrent.key
C:\Documents and Settings\Luca\Documenti\EMULE\Kaspersky Antivirus v8.0.0.357 2009 + Crack + Keys 2012..!!.zip
C:\Documents and Settings\Luca\Recent\[Programmi] Antivirus NOD32-ITA + crack.rar.lnk
C:\Documents and Settings\All Users\Dati applicazioni\IncrediMail\Data\Animation\firecracker.ima
C:\Documents and Settings\All Users\Dati applicazioni\IncrediMail\Data\Sound\tchaikovsky_the_nutcracker.imw


---------------- ! Fin du rapport ! ------------------

[Amantide]

Attendo anche il log di Combofix.

[diesel73]

ComboFix 08-11-09.01 - Luca 2008-11-09 23.20.40.1 - NTFSx86
Eseguito da: c:\documents and settings\Luca\Desktop\ComboFix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\iuuwawo.dat
c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\iuuwawo.exe
c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\iuuwawo_nav.dat
c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\iuuwawo_navps.dat
c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\oswcqce.dat
c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\oswcqce_nav.dat
c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\oswcqce_navps.dat
c:\programmi\Ahead\Nero BackItUp\NBJ.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\config\49938630.Evt

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3550P
-------\Legacy_VFILT
-------\Service_asc3550p


((((((((((((((((((((((((( Files Creati Da 2008-10-09 al 2008-11-09 )))))))))))))))))))))))))))))))))))
.

2008-11-09 22:08 . 2008-11-09 23:12 <DIR> d-------- c:\programmi\FindyKill
2008-11-09 20:57 . 2008-11-09 20:57 <DIR> d-------- C:\fsaua.data
2008-11-09 20:16 . 2008-11-09 20:16 <DIR> d-------- c:\programmi\AVG
2008-11-09 20:07 . 2008-11-09 20:07 68,296 --a------ c:\windows\system32\drivers\GRD.sys
2008-11-09 19:55 . 2008-11-09 19:55 50,888 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys
2008-11-09 19:55 . 2008-11-09 19:55 22,272 --a------ c:\windows\system32\drivers\GDNdisIc.sys
2008-11-09 19:53 . 2008-11-09 20:15 <DIR> d-------- c:\programmi\G DATA
2008-11-09 19:10 . 2008-11-09 19:10 <DIR> d-------- c:\documents and settings\Luca\Dati applicazioni\AVGTOOLBAR
2008-11-09 18:58 . 2008-11-09 18:58 50,968 --a------ c:\windows\system32\avgfwdx.dll
2008-11-09 18:58 . 2008-11-09 18:58 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
2008-11-09 18:41 . 2008-11-09 18:41 86,016 --a------ c:\windows\system32\fhhfgnjh.dll
2008-11-01 19:39 . 2007-08-13 18:45 78,336 --a------ c:\windows\system32\ieencode.dll
2008-11-01 15:20 . 2008-11-01 15:20 <DIR> d-------- c:\programmi\TVUPlayer
2008-11-01 15:20 . 2008-11-01 15:20 <DIR> d-------- c:\documents and settings\Luca\LocalLow
2008-11-01 15:20 . 2008-11-01 15:20 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\TVU Networks
2008-10-30 11:51 . 2008-10-30 11:50 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-27 17:16 . 2008-04-11 19:50 683,520 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-10-27 17:16 . 2008-08-14 10:48 138,368 -----c--- c:\windows\system32\dllcache\afd.sys
2008-10-27 17:11 . 2008-05-01 15:31 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-10-27 17:05 . 2008-08-28 11:04 333,056 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-27 17:04 . 2008-09-15 16:38 1,846,016 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-27 17:02 . 2008-08-14 14:42 2,184,064 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-27 17:02 . 2008-08-14 14:42 2,139,648 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-27 17:02 . 2008-08-14 14:42 2,061,440 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-27 17:02 . 2008-08-14 14:42 2,019,328 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-27 16:55 . 2008-10-15 17:57 332,800 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-27 15:14 . 2008-10-28 01:56 81,920 --a------ c:\windows\clipsrv.exe
2008-10-26 13:12 . 2008-10-28 01:56 81,920 --a------ c:\windows\system32\drivers\logman.exe
2008-10-26 13:12 . 2008-10-28 01:56 81,920 --a------ c:\windows\cmstp.exe
2008-10-26 01:15 . 2008-10-26 01:15 83,952 --ah----- c:\windows\system32\mlfcache.dat
2008-10-26 01:12 . 2008-10-26 01:12 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Apple
2008-10-23 09:43 . 2008-10-23 09:43 <DIR> d-------- c:\documents and settings\Luca\DoctorWeb
2008-10-23 01:33 . 2008-10-23 01:33 <DIR> d-------- c:\documents and settings\Luca\Dati applicazioni\Malwarebytes
2008-10-23 01:32 . 2008-10-23 01:32 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-10-19 14:57 . 2008-10-19 14:57 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\wmp
2008-10-15 19:43 . 2008-10-15 19:43 <DIR> d-------- c:\programmi\Thoosje
2008-10-14 23:21 . 2008-10-03 17:58 6,066,176 --a--c--- c:\windows\system32\dllcache\ieframe.dll
2008-10-14 23:21 . 2007-04-17 10:32 2,455,488 --a--c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-10-14 23:21 . 2007-03-08 06:11 1,032,192 --a--c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-10-14 23:21 . 2008-08-26 08:57 459,264 --a--c--- c:\windows\system32\dllcache\msfeeds.dll
2008-10-14 23:21 . 2008-08-26 08:57 383,488 --a--c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-10-14 23:21 . 2008-08-26 08:57 267,776 --a--c--- c:\windows\system32\dllcache\iertutil.dll
2008-10-14 23:21 . 2008-08-26 08:57 63,488 --a--c--- c:\windows\system32\dllcache\icardie.dll
2008-10-14 23:21 . 2008-08-26 08:57 52,224 --a--c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-10-14 23:21 . 2008-08-25 09:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-10-14 17:58 . 2008-10-14 17:58 <DIR> d-------- c:\programmi\File comuni\Java
2008-10-12 21:34 . 2008-10-12 21:34 <DIR> d--hs---- c:\documents and settings\Luca\PrivacIE
2008-10-12 20:22 . 2008-10-14 17:58 <DIR> d-------- c:\programmi\File comuni\Java(2)
2008-10-11 18:30 . 2008-10-14 18:00 <DIR> d-------- c:\programmi\PokerStars.IT
2008-10-09 23:37 . 2008-10-09 23:37 <DIR> d-------- c:\programmi\M8k Produzione

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 22:01 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-11-09 21:48 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avg7
2008-11-09 19:37 --------- d-----w c:\programmi\eMule
2008-11-09 18:38 --------- d-----w c:\programmi\VS Revo Group
2008-11-09 17:31 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2008-11-02 00:06 --------- d-----w c:\programmi\Norton Save and Restore
2008-11-01 18:03 --------- d-----w c:\programmi\Opera
2008-10-30 10:50 --------- d-----w c:\programmi\Java
2008-10-28 09:05 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-10-26 09:16 --------- d-----w c:\programmi\ESET
2008-10-26 08:59 --------- d-----w c:\programmi\Kaspersky Lab
2008-10-26 00:13 --------- d-----w c:\documents and settings\Luca\Dati applicazioni\Apple Computer
2008-10-26 00:12 --------- d-----w c:\programmi\Apple Software Update
2008-10-24 21:52 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-10-24 21:52 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-10-23 00:30 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2008-10-23 00:13 --------- d-----w c:\programmi\Lavasoft
2008-10-22 07:52 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-10-14 22:09 --------- d-----w c:\programmi\RadarSync
2008-10-14 22:09 --------- d-----w c:\programmi\Conduit
2008-10-14 16:58 --------- d-----w c:\programmi\Google
2008-10-04 23:01 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\NVIDIA
2008-10-04 22:43 --------- d-----w c:\programmi\Trend Micro
2008-10-04 14:07 --------- d-----w c:\programmi\THQ
2008-10-04 14:07 --------- d-----w c:\programmi\Panda Security
2008-10-04 14:06 --------- d-----w c:\programmi\QuickTime
2008-10-04 14:06 --------- d-----w c:\programmi\PrevxCSI
2008-10-04 14:06 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2008-10-04 14:04 --------- d-----w c:\documents and settings\Luca\Dati applicazioni\Photozig Albums
2008-10-04 14:03 --------- d-----w c:\programmi\Yahoo!
2008-10-04 14:03 --------- d-----w c:\documents and settings\Luca\Dati applicazioni\Netscape(2)
2008-10-04 14:03 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2008-10-04 14:01 --------- d-----w c:\programmi\Common Files
2008-10-04 14:01 --------- d-----w c:\programmi\BearShare Applications
2008-10-04 14:01 --------- d-----w c:\documents and settings\Luca\Dati applicazioni\BearShare
2008-10-04 14:00 --------- d-----w c:\programmi\File comuni\Symantec Shared
2008-10-04 14:00 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Symantec
2008-10-04 13:59 --------- d-----w c:\programmi\IObit
2008-10-04 13:59 --------- d-----w c:\programmi\Corel
2008-10-04 13:58 --------- d-----w c:\programmi\File comuni\Real
2008-10-04 13:58 --------- d-----w c:\documents and settings\Luca\Dati applicazioni\Corel
2008-10-04 13:56 --------- d-----w c:\programmi\Sun
2008-10-04 13:56 --------- d-----w c:\programmi\IncrediMail
2008-10-04 13:52 --------- d-----w c:\programmi\OfficePowerT
2008-10-04 13:52 --------- d-----w c:\programmi\Norton Security Scan
2008-10-04 13:39 --------- d-----w c:\programmi\Photodex Presenter(2)
2008-10-04 13:13 --------- d-----w c:\programmi\PokerStars.NET
2008-10-04 13:11 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-10-04 13:11 --------- d-----w c:\programmi\Microsoft IntelliPoint 5.2
2008-10-04 09:42 --------- d-----w c:\programmi\SpeedFan
2008-09-17 07:55 6,132,576 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2008-05-16 08:21 22,328 -c--a-w c:\documents and settings\Luca\Dati applicazioni\PnkBstrK.sys
2005-06-09 20:06 56 -csh--r c:\windows\system32\B0897FE85A.sys
2005-06-09 20:06 1,682 -csha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"Google Update"="c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2008-10-27 133104]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Easy-PrintToolBox"="c:\programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"LogitechVideoRepair"="c:\programmi\Logitech\Video\ISStart.exe" [2004-02-12 188416]
"LogitechVideoTray"="c:\programmi\Logitech\Video\LogiTray.exe" [2004-02-12 77824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2005-08-16 98304]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"VirtualCloneDrive"="c:\programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2005-04-12 45056]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"MemoREX"="c:\programmi\MemoRex\MemoRexStart.exe" [2003-07-29 332288]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-10-30 136600]
"Motive SmartBridge"="c:\progra~1\Alice ti aiuta\SmartBridge\MotiveSB.exe" [2006-04-21 438359]
"basicsmssmenu"="c:\programmi\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\Luca\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-01-08 217088]
Kodak EasyShare software.lnk - c:\programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-07-23 757760]
LG SyncManager.lnk - c:\programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe [2007-03-25 311296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\.nvsvc

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\italian\\setup.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\italian\\setup.exe"=

R2 Basics Service;Basics Service;c:\programmi\Seagate\Basics\Service\SyncServicesBasics.exe [2007-10-09 124280]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [2003-04-18 8192]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-09 29208]
S1 sK9Ou0s;sK9Ou0s;c:\windows\system32\drivers\srosa2.sys [ ]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-09 29208]
S3 cpuz;cpuz;c:\docume~1\Luca\IMPOST~1\Temp\cpuz.sys [ ]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\programmi\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-05-29 4736]
.
Contenuto della cartella 'Scheduled Tasks'

2008-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-11-09 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-10-27 20:25]

2008-11-09 c:\windows\Tasks\Norton Security Scan.job
- c:\programmi\Norton Security Scan\Nss.exe []
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-NBJ - c:\programmi\Ahead\Nero BackItUp\NBJ.exe
HKCU-Run-iuuwawo - c:\documents and settings\luca\impostazioni locali\dati applicazioni\iuuwawo.exe
HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
HKLM-Run-NWEReboot - (no file)


.
------- Supplementare di scansione -------
.
FireFox -: Profile - c:\documents and settings\Luca\Dati applicazioni\Mozilla\Firefox\Profiles\lciraqw9.default\
FF -: plugin - c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\Google\Update\1.2.131.25\npGoogleOneClick6.dll
FF -: plugin - c:\programmi\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\programmi\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\programmi\Mozilla Firefox\plugins\npdeploytk.dll
.
.
------- Associazioni di file -------
.
chm.file="c:\programmi\lg pc suite\lg pc sync\hh.exe" %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 23:24:15
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\programmi\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\windows\system32\PnkBstrA.exe
c:\programmi\MemoRex\MemoRex.exe
c:\windows\system32\LVComS.exe
c:\windows\system32\rundll32.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
c:\programmi\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Ora fine scansione: 2008-11-09 23:29:58 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-11-09 22:29:54

Pre-Run: 79.955.488.768 byte disponibili
Post-Run: 79,887,810,560 byte disponibili

258 --- E O F --- 2008-11-09 21:59:05

[Amantide]

Copia ed incolla il seguente testo su blocconote e salva il file nella stessa directory di ComboFix con il nome CFScript.txt.

Codice: Seleziona tutto

File::
c:\windows\system32\fhhfgnjh.dll
c:\windows\system32\B0897FE85A.sys
c:\windows\system32\drivers\srosa2.sys

Driver::
sK9Ou0s
srosa


Ora trascina il file CFScript.txt sull'icona di ComboFix. Postami anche il nuovo log di Combofix.

[diesel73]

scusa quale e' la directory su cui devo salvare ?? scusa ma adesso mi sfugge!!

[Amantide]

Salva semplicemente il file CFScript.txt nella stessa posizione dove si trova Combofix, se si trova su Desktop - allora su Desktop ecc.

[diesel73]

ok

[diesel73]

ComboFix 08-11-09.01 - Luca 2008-11-10 0.05.52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.663 [GMT 1:00]
Eseguito da: c:\documents and settings\Luca\Desktop\ComboFix.exe
Interruttori di comando utilizzati :: c:\documents and settings\Luca\Desktop\CFScript.txt..txt
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

FILE ::
c:\windows\system32\B0897FE85A.sys
c:\windows\system32\drivers\srosa2.sys
c:\windows\system32\fhhfgnjh.dll
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\B0897FE85A.sys
c:\windows\system32\fhhfgnjh.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s


((((((((((((((((((((((((( Files Creati Da 2008-10-09 al 2008-11-09 )))))))))))))))))))))))))))))))))))
.

2008-11-09 22:08 . 2008-11-09 23:12 <DIR> d-------- c:\programmi\FindyKill
2008-11-09 20:57 . 2008-11-09 20:57 <DIR> d-------- C:\fsaua.data
2008-11-09 20:16 . 2008-11-09 20:16 <DIR> d-------- c:\programmi\AVG
2008-11-09 20:07 . 2008-11-09 20:07 68,296 --a------ c:\windows\system32\drivers\GRD.sys
2008-11-09 19:55 . 2008-11-09 19:55 50,888 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys
2008-11-09 19:55 . 2008-11-09 19:55 22,272 --a------ c:\windows\system32\drivers\GDNdisIc.sys
2008-11-09 19:53 . 2008-11-09 20:15 <DIR> d-------- c:\programmi\G DATA
2008-11-09 19:10 . 2008-11-09 19:10 <DIR> d-------- c:\documents and settings\Luca\Dati applicazioni\AVGTOOLBAR
2008-11-09 18:58 . 2008-11-09 18:58 50,968 --a------ c:\windows\system32\avgfwdx.dll
2008-11-09 18:58 . 2008-11-09 18:58 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
2008-11-01 19:39 . 2007-08-13 18:45 78,336 --a------ c:\windows\system32\ieencode.dll
2008-11-01 15:20 . 2008-11-01 15:20 <DIR> d-------- c:\programmi\TVUPlayer
2008-11-01 15:20 . 2008-11-01 15:20 <DIR> d-------- c:\documents and settings\Luca\LocalLow
2008-11-01 15:20 . 2008-11-01 15:20 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\TVU Networks
2008-10-30 11:51 . 2008-10-30 11:50 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-27 17:16 . 2008-04-11 19:50 683,520 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-10-27 17:16 . 2008-08-14 10:48 138,368 -----c--- c:\windows\system32\dllcache\afd.sys
2008-10-27 17:11 . 2008-05-01 15:31 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-10-27 17:05 . 2008-08-28 11:04 333,056 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-27 17:04 . 2008-09-15 16:38 1,846,016 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-27 17:02 . 2008-08-14 14:42 2,184,064 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-27 17:02 . 2008-08-14 14:42 2,139,648 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-27 17:02 . 2008-08-14 14:42 2,061,440 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-27 17:02 . 2008-08-14 14:42 2,019,328 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-27 16:55 . 2008-10-15 17:57 332,800 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-27 15:14 . 2008-10-28 01:56 81,920 --a------ c:\windows\clipsrv.exe
2008-10-26 13:12 . 2008-10-28 01:56 81,920 --a------ c:\windows\system32\drivers\logman.exe
2008-10-26 13:12 . 2008-10-28 01:56 81,920 --a------ c:\windows\cmstp.exe
2008-10-26 01:15 . 2008-10-26 01:15 83,952 --ah----- c:\windows\system32\mlfcache.dat
2008-10-26 01:12 . 2008-10-26 01:12 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Apple
2008-10-23 09:43 . 2008-10-23 09:43 <DIR> d-------- c:\documents and settings\Luca\DoctorWeb
2008-10-23 01:33 . 2008-10-23 01:33 <DIR> d-------- c:\documents and settings\Luca\Dati applicazioni\Malwarebytes
2008-10-23 01:32 . 2008-10-23 01:32 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-10-19 14:57 . 2008-10-19 14:57 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\wmp
2008-10-15 19:43 . 2008-10-15 19:43 <DIR> d-------- c:\programmi\Thoosje
2008-10-14 23:21 . 2008-10-03 17:58 6,066,176 --a--c--- c:\windows\system32\dllcache\ieframe.dll
2008-10-14 23:21 . 2007-04-17 10:32 2,455,488 --a--c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-10-14 23:21 . 2007-03-08 06:11 1,032,192 --a--c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-10-14 23:21 . 2008-08-26 08:57 459,264 --a--c--- c:\windows\system32\dllcache\msfeeds.dll
2008-10-14 23:21 . 2008-08-26 08:57 383,488 --a--c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-10-14 23:21 . 2008-08-26 08:57 267,776 --a--c--- c:\windows\system32\dllcache\iertutil.dll
2008-10-14 23:21 . 2008-08-26 08:57 63,488 --a--c--- c:\windows\system32\dllcache\icardie.dll
2008-10-14 23:21 . 2008-08-26 08:57 52,224 --a--c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-10-14 23:21 . 2008-08-25 09:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-10-14 17:58 . 2008-10-14 17:58 <DIR> d-------- c:\programmi\File comuni\Java
2008-10-12 21:34 . 2008-10-12 21:34 <DIR> d--hs---- c:\documents and settings\Luca\PrivacIE
2008-10-12 20:22 . 2008-10-14 17:58 <DIR> d-------- c:\programmi\File comuni\Java(2)
2008-10-11 18:30 . 2008-10-14 18:00 <DIR> d-------- c:\programmi\PokerStars.IT
2008-10-09 23:37 . 2008-10-09 23:37 <DIR> d-------- c:\programmi\M8k Produzione

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 22:01 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-11-09 21:48 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avg7
2008-11-09 19:37 --------- d-----w c:\programmi\eMule
2008-11-09 18:38 --------- d-----w c:\programmi\VS Revo Group
2008-11-09 17:31 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2008-11-02 00:06 --------- d-----w c:\programmi\Norton Save and Restore
2008-11-01 18:03 --------- d-----w c:\programmi\Opera
2008-10-30 10:50 --------- d-----w c:\programmi\Java
2008-10-28 09:05 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-10-26 09:16 --------- d-----w c:\programmi\ESET
2008-10-26 08:59 --------- d-----w c:\programmi\Kaspersky Lab
2008-10-26 00:13 --------- d-----w c:\documents and settings\Luca\Dati applicazioni\Apple Computer
2008-10-26 00:12 --------- d-----w c:\programmi\Apple Software Update
2008-10-24 21:52 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-10-24 21:52 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-10-23 00:30 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2008-10-23 00:13 --------- d-----w c:\programmi\Lavasoft
2008-10-22 07:52 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-10-14 22:09 --------- d-----w c:\programmi\RadarSync
2008-10-14 22:09 --------- d-----w c:\programmi\Conduit
2008-10-14 16:58 --------- d-----w c:\programmi\Google
2008-10-04 23:01 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\NVIDIA
2008-10-04 22:43 --------- d-----w c:\programmi\Trend Micro
2008-10-04 14:07 --------- d-----w c:\programmi\THQ
2008-10-04 14:07 --------- d-----w c:\programmi\Panda Security
2008-10-04 14:06 --------- d-----w c:\programmi\QuickTime
2008-10-04 14:06 --------- d-----w c:\programmi\PrevxCSI
2008-10-04 14:06 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2008-10-04 14:04 --------- d-----w c:\documents and settings\Luca\Dati applicazioni\Photozig Albums
2008-10-04 14:03 --------- d-----w c:\programmi\Yahoo!
2008-10-04 14:03 --------- d-----w c:\documents and settings\Luca\Dati applicazioni\Netscape(2)
2008-10-04 14:03 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2008-10-04 14:01 --------- d-----w c:\programmi\Common Files
2008-10-04 14:01 --------- d-----w c:\programmi\BearShare Applications
2008-10-04 14:01 --------- d-----w c:\documents and settings\Luca\Dati applicazioni\BearShare
2008-10-04 14:00 --------- d-----w c:\programmi\File comuni\Symantec Shared
2008-10-04 14:00 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Symantec
2008-10-04 13:59 --------- d-----w c:\programmi\IObit
2008-10-04 13:59 --------- d-----w c:\programmi\Corel
2008-10-04 13:58 --------- d-----w c:\programmi\File comuni\Real
2008-10-04 13:58 --------- d-----w c:\documents and settings\Luca\Dati applicazioni\Corel
2008-10-04 13:56 --------- d-----w c:\programmi\Sun
2008-10-04 13:56 --------- d-----w c:\programmi\IncrediMail
2008-10-04 13:52 --------- d-----w c:\programmi\OfficePowerT
2008-10-04 13:52 --------- d-----w c:\programmi\Norton Security Scan
2008-10-04 13:39 --------- d-----w c:\programmi\Photodex Presenter(2)
2008-10-04 13:13 --------- d-----w c:\programmi\PokerStars.NET
2008-10-04 13:11 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-10-04 13:11 --------- d-----w c:\programmi\Microsoft IntelliPoint 5.2
2008-10-04 09:42 --------- d-----w c:\programmi\SpeedFan
2008-09-17 07:55 6,132,576 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2008-05-16 08:21 22,328 -c--a-w c:\documents and settings\Luca\Dati applicazioni\PnkBstrK.sys
2005-06-09 20:06 1,682 -csha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-11-09_23.29.38.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-09 23:09:16 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_660.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"Google Update"="c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2008-10-27 133104]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Easy-PrintToolBox"="c:\programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"LogitechVideoRepair"="c:\programmi\Logitech\Video\ISStart.exe" [2004-02-12 188416]
"LogitechVideoTray"="c:\programmi\Logitech\Video\LogiTray.exe" [2004-02-12 77824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2005-08-16 98304]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"VirtualCloneDrive"="c:\programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2005-04-12 45056]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"MemoREX"="c:\programmi\MemoRex\MemoRexStart.exe" [2003-07-29 332288]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-10-30 136600]
"Motive SmartBridge"="c:\progra~1\Alice ti aiuta\SmartBridge\MotiveSB.exe" [2006-04-21 438359]
"basicsmssmenu"="c:\programmi\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\Luca\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-01-08 217088]
Kodak EasyShare software.lnk - c:\programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-07-23 757760]
LG SyncManager.lnk - c:\programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe [2007-03-25 311296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\italian\\setup.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\italian\\setup.exe"=

R2 Basics Service;Basics Service;c:\programmi\Seagate\Basics\Service\SyncServicesBasics.exe [2007-10-09 124280]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [2003-04-18 8192]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-09 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-09 29208]
S3 cpuz;cpuz;c:\docume~1\Luca\IMPOST~1\Temp\cpuz.sys [ ]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\programmi\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-05-29 4736]
.
Contenuto della cartella 'Scheduled Tasks'

2008-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-11-09 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-10-27 20:25]

2008-11-09 c:\windows\Tasks\Norton Security Scan.job
- c:\programmi\Norton Security Scan\Nss.exe []
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 00:09:29
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\programmi\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\LVComS.exe
c:\windows\system32\rundll32.exe
c:\programmi\MemoRex\MemoRex.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
c:\programmi\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Ora fine scansione: 2008-11-10 0:15:31 - macchina è stato riavviato [Luca]
ComboFix-quarantined-files.txt 2008-11-09 23:15:26
ComboFix2.txt 2008-11-09 22:29:59

Pre-Run: 79.557.541.888 byte disponibili
Post-Run: 79,553,613,824 byte disponibili

238 --- E O F --- 2008-11-09 21:59:05

[Amantide]

Mi rifai il log di Findykill scegliendo l'opzione 1? Vorrei vedere se è rimasto qualcos'altro di infetto.

[diesel73]

OK

[diesel73]

----------------- FindyKill V4.095 ------------------

* User : Luca - LUCA-741ED66D62
* Emplacement : C:\Programmi\FindyKill
* Outils Mis a jours le 07/11/08 par Chiquitine29
* Recherche effectuée à 0:34:11 le 10/11/2008
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\alg.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Alice ti aiuta\SmartBridge\MotiveSB.exe
C:\WINDOWS\system32\LVComS.exe
C:\Programmi\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\MemoRex\MemoRex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Luca\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\G DATA\InternetSecurity\AVK\AVKWCtl.exe
C:\Programmi\G DATA\InternetSecurity\AVK\AVKService.exe
C:\Programmi\File comuni\G DATA\AVKProxy\AVKProxy.exe
C:\Programmi\G DATA\InternetSecurity\Firewall\GDFwSvc.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch


»»»» Presence des fichiers dans C:\WINDOWS\system32


»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\Luca\Dati applicazioni


»»»» Presence des fichiers dans C:\DOCUME~1\Luca\IMPOST~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\Luca\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
SoundMan REG_SZ SOUNDMAN.EXE
Easy-PrintToolBox REG_SZ "C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" /logon
LogitechVideoRepair REG_SZ C:\Programmi\Logitech\Video\ISStart.exe
LogitechVideoTray REG_SZ C:\Programmi\Logitech\Video\LogiTray.exe
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
QuickTime Task REG_SZ "C:\Programmi\QuickTime\qttask.exe" -atboottime
RemoteControl REG_SZ C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
PinnacleDriverCheck REG_SZ "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg
CloneCDTray REG_SZ "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
VirtualCloneDrive REG_SZ "C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
GrooveMonitor REG_SZ "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
SSBkgdUpdate REG_SZ "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
OpwareSE4 REG_SZ "C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
MemoREX REG_SZ "C:\Programmi\MemoRex\MemoRexStart.exe"
SunJavaUpdateSched REG_SZ "C:\Programmi\Java\jre6\bin\jusched.exe"
Motive SmartBridge REG_SZ C:\PROGRA~1\Alice ti aiuta\SmartBridge\MotiveSB.exe
basicsmssmenu REG_SZ "C:\Programmi\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
Adobe Reader Speed Launcher REG_SZ "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
GDFirewallTray REG_SZ C:\Programmi\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
G DATA AntiVirus Trayapplication REG_SZ C:\Programmi\G DATA\InternetSecurity\AVKTray\AVKTray.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
Google Update REG_SZ "C:\Documents and Settings\Luca\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
msnmsgr REG_SZ "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Disabled

--------------- [ Registre / Clés infectieuses ] ----------------



--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

Ip6Fw - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Unit… fissa

G: - Unit… rimovibile


+- presence des fichiers :



--------------- [ Registre / Moutpoint2 ] ----------------


-> Recherche négative.


------------------- ! Fin du rapport ! --------------------

[Amantide]

Ok

Ora devi solo reinstallare l'antivirus (se necessario) ed eseguire la scansione completa magari dalla modalità provvisoria.

[diesel73]