Questo è il report del software combo fix:
ComboFix 09-02-08.02 - Amministratore 2009-02-10 13:38:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.511.298 [GMT 1:00]
Eseguito da: c:\documents and settings\Amministratore\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\resycled
c:\resycled\ntldr.com
c:\windows\system32\drivers\gaopdxkcpxrlng.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxsyipfvac.dll
D:\Autorun.inf
D:\resycled
d:\resycled\ntldr.com
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gaopdxserv.sys
((((((((((((((((((((((((( Files Creati Da 2009-01-10 al 2009-02-10 )))))))))))))))))))))))))))))))))))
.
2009-02-10 12:08 . 2009-02-10 13:26 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-10 11:04 . 2004-08-19 13:00 221,184 --a------ c:\windows\system32\wmpns.dll
2009-02-10 10:22 . 2001-08-30 20:41 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-02-10 10:22 . 2001-08-30 20:41 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2009-02-10 10:22 . 2001-08-17 22:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2009-02-10 10:22 . 2001-08-17 22:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2009-02-09 13:19 . 2009-02-10 10:24 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-09 13:19 . 2009-02-09 13:19 <DIR> d-------- c:\programmi\AVG
2009-02-09 13:19 . 2009-02-09 13:19 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-02-09 13:19 . 2009-02-09 13:19 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-09 13:19 . 2009-02-09 13:19 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-02-09 13:19 . 2009-02-09 13:19 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-09 13:03 . 2009-02-09 13:03 <DIR> d---s---- c:\documents and settings\Amministratore\UserData
2009-02-09 12:57 . 2007-04-05 10:44 221,184 --a------ c:\windows\system32\RICJC32.dll
2009-02-09 12:57 . 2007-04-05 10:43 155,648 --a------ c:\windows\system32\JCUI.exe
2009-02-09 12:57 . 2000-12-27 12:53 69,632 --a------ c:\windows\system32\TIFmtA.dll
2009-02-09 12:57 . 2007-02-21 18:13 61,440 --a------ c:\windows\system32\TrackID.DLL
2009-02-09 12:57 . 2002-08-06 03:47 53,248 --a------ c:\windows\system32\NRG619PI.DLL
2009-02-09 12:57 . 2007-06-22 18:01 52,224 --a------ c:\windows\system32\RIC619X.EXE
2009-02-09 12:57 . 2000-12-27 12:53 49,152 --a------ c:\windows\system32\TIBase64.dll
2009-02-09 12:26 . 2009-02-09 12:26 <DIR> d-------- c:\programmi\File comuni\Adobe
2009-02-09 12:25 . 2009-02-09 12:25 <DIR> d-------- c:\programmi\MSECache
2009-02-09 12:10 . 2009-02-09 12:10 <DIR> d-------- c:\documents and settings\Amministratore\Dati applicazioni\Malwarebytes
2009-02-09 12:10 . 2009-02-09 12:10 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 11:14 504,832 ----a-w c:\windows\system32\winlogon.exe
2009-02-09 10:53 --------- d-----w c:\programmi\Microsoft.NET
2009-02-09 10:52 --------- d-----w c:\programmi\Microsoft Works
2009-02-09 10:49 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-09 10:49 --------- d-----w c:\programmi\Java
2009-02-09 10:30 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WinZip
2009-02-09 10:29 --------- d-----w c:\programmi\Google
2009-02-09 10:26 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-02-09 10:26 --------- d-----w c:\programmi\C-Media 3D Audio
2009-02-09 10:25 --------- d-----w c:\programmi\File comuni\InstallShield
2009-02-09 10:21 --------- d-----w c:\programmi\Hemera Products
2009-02-09 10:20 --------- d-----w c:\programmi\File comuni\Hewlett-Packard
2009-02-09 10:20 --------- d-----w c:\documents and settings\Amministratore\Dati applicazioni\Cartella di caricamento Share-to-Web
2009-02-09 10:19 82,380 ----a-w c:\windows\system32\drivers\AFS2K.SYS
2009-02-09 10:19 --------- d-----w c:\programmi\Hewlett-Packard
2009-02-09 10:09 --------- d-----w c:\programmi\microsoft frontpage
2009-02-09 10:06 --------- d-----w c:\programmi\Servizi in linea
2009-01-16 17:34 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-01-16 17:34 348,160 ----a-w c:\windows\system32\msvcr71.dll
.
------- Sigcheck -------
2009-02-09 12:14 504832 1dbd3966123ac2f6ade783f7f17f8c7f c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-02-09 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Share-to-Web Namespace Daemon"="c:\programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-02-09 136600]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-09 1601304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-09 13:19 10520 c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-09 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-09 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-09 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-09 298264]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com c:
\Shell\Open\command - c:\resycled\ntldr.com c:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com d:
\Shell\Open\command - "resycled\ntldr.com d:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93b5a913-f693-11dd-a062-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com c:
\Shell\Open\command - c:\resycled\ntldr.com c:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93b5a914-f693-11dd-a062-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com d:
\Shell\Open\command - "resycled\ntldr.com d:
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uInternet Connection Wizard,ShellNext =
hxxp://www.winzip.com/instcmplt.cgi?pid ... 3pa=ggle:1uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {ECFF25FC-6128-4300-B43A-D0158D303128} = 192.168.20.1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-02-10 13:39:54
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2009-02-10 13:41:25
ComboFix-quarantined-files.txt 2009-02-10 12:41:18
Pre-Run: 16,505,323,520 byte disponibili
Post-Run: 16,512,688,128 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
143
Adesso se formatto il virus è stato eliminato?
Ho notato chee il pc è lento per questo vorrei formattarlo.
Adesso ho rimosso avg ed ho installato avira e mi ha fatto fare anche gli aggiornamenti.
Come si può eliminare all'atto della installazione virus?
grazie.
P.S. una cosa importante che mi sono dimenticato di segnalare e che avendo una partizione di questo hdd (c: e d:) non mi faceva entrare da risorse del computer ne in c e ne in d, mi usciva un errore strano tipo rycycle.dll mancante o giù di li.