Pagina 1 di 1

Non riesco ad installare antivirus

MessaggioInviato: sab mar 21, 2009 2:36 pm
da senorluca
Problema comune. Non riesco ad installare nessun antivirus.

Ho cercato in giro ed ho provato a fare un po di scansioni.
Vi allego il log di FindyKill e di Gmer.

############################## [ FindyKill V4.720 ]

# User : Annamaria (Administrators) # CASA
# Update on 19/03/09 by Chiquitine29
# Start at: 14.30.36 | 21/03/2009

# mobile AMD Athlon(tm) XP 1600+
# Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled

# A:\ # Disco floppy, 3,5 pollici
# C:\ # Disco rigido locale # 11,17 Go (2,87 Go free) # FAT32
# D:\ # Disco rigido locale # 7,42 Go (3,56 Go free) # FAT32
# E:\ # Disco CD-ROM

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\Hcontrol.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Programmi\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programmi\3Com\3Com Wireless USB Utility\Wlan.exe
C:\Programmi\Trend Micro\PC-cillin 2000\PNTIOMON.exe
C:\Programmi\Asus\Asus Hotkey\Hotkey.exe
C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
C:\Programmi\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

################## [ Infected Files / Folders C:\ ]


################## [ C:\WINDOWS ]


################## [ C:\WINDOWS\system32 ]


################## [ C:\WINDOWS\system32\drivers ]


################## [ C:\.. Application Data ... ]


################## [ Registry / Infected keys ]



################## [ Searching in removable drives ]

# Presence of files :


################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ ! End of report # FindyKill V4.720 ! ]




GMER 1.0.15.14944 - http://www.gmer.net
Rootkit scan 2009-03-21 14:29:21
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF760987E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7609C10]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat tmpreflt.sys (Trend pre-filter for XP/TrendMicro)

---- EOF - GMER 1.0.15 ----

Aiutatemi!!!

Re: Non riesco ad installare antivirus

MessaggioInviato: sab mar 21, 2009 3:33 pm
da Amantide
Ti posso solo dire che non si tratta di Bagle.

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:
Codice: Seleziona tutto
[LOG]qui va inserito il log[/LOG]

Re: Non riesco ad installare antivirus

MessaggioInviato: sab mar 21, 2009 5:19 pm
da senorluca

ComboFix 09-03-19.02 - Annamaria 2009-03-21 17.14.41.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.495.190 [GMT 1:00]
Eseguito da: c:\documents and settings\Annamaria\Desktop\Gino.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mdm.exe
c:\windows\system32\vumer.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-02-21 al 2009-03-21 )))))))))))))))))))))))))))))))))))
.

2009-03-21 14:29 . 2009-03-21 14:29 <DIR> d-------- c:\programmi\FindyKill
2009-03-21 08:39 . 2009-03-21 08:39 313,871 --------- c:\windows\system32\5edc0872dfec7672ace3714659026693.TMP
2009-03-21 08:28 . 2009-03-21 08:28 <DIR> d--hs---- C:\FOUND.001
2009-03-20 23:46 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-03-20 23:45 . 2009-03-20 23:45 <DIR> d-------- c:\programmi\Panda Security
2009-03-20 20:30 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\dllcache\bthport.sys
2009-03-20 20:28 . 2008-08-14 14:43 2,184,064 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-20 20:28 . 2008-08-14 14:42 2,139,648 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-20 20:28 . 2008-08-14 14:42 2,061,440 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-20 20:28 . 2008-08-14 14:42 2,019,328 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-20 20:27 . 2008-12-12 18:33 3,081,216 --------- c:\windows\system32\dllcache\mshtml.dll
2009-03-20 20:25 . 2008-10-24 12:10 453,632 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-20 20:25 . 2008-12-11 12:57 333,184 --------- c:\windows\system32\dllcache\srv.sys
2009-03-20 20:25 . 2008-05-01 15:31 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2009-03-20 20:24 . 2008-04-11 19:50 683,520 --------- c:\windows\system32\dllcache\inetcomm.dll
2009-03-20 20:23 . 2008-09-04 17:44 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2009-03-20 20:23 . 2008-10-15 17:57 332,800 --------- c:\windows\system32\dllcache\netapi32.dll
2009-03-20 20:23 . 2008-10-03 11:15 247,326 --------- c:\windows\system32\dllcache\strmdll.dll
2009-03-20 20:17 . 2009-03-20 20:01 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-20 20:13 . 2009-03-20 20:13 <DIR> d--h----- c:\windows\$hf_mig$
2009-03-20 20:01 . 2009-03-20 20:01 <DIR> d-------- c:\windows\system32\DRVSTORE
2009-03-20 20:01 . 2009-03-20 20:01 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-20 19:58 . 2009-03-20 19:58 <DIR> d--h----- c:\documents and settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-20 19:57 . 2009-03-20 19:57 <DIR> d-------- c:\programmi\Lavasoft
2009-03-20 19:57 . 2009-03-20 19:57 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-03-19 23:17 . 2009-03-19 23:17 313,871 --------- c:\windows\system32\7bbeb47065aecc0d61a07a6b30955f34.TMP
2009-03-19 23:17 . 2009-03-19 23:17 313,871 --------- c:\windows\system32\1164a2c10ffff7f7d3cb895843bca510.TMP
2009-03-19 15:21 . 2009-03-19 15:21 <DIR> d--h----- c:\windows\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 14:56 1,846,272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 14:56 1,846,272 ------w c:\windows\system32\dllcache\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"3COM"="c:\programmi\3Com\3Com Wireless USB Utility\Wlan.exe" [2005-03-23 409600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="c:\windows\Hcontrol.exe" [2002-01-16 53248]
"SiS Tray"="c:\windows\System32\sistray.EXE" [2001-08-13 266240]
"SiS KHooker"="c:\windows\System32\khooker.exe" [2001-09-02 294912]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2001-06-16 94208]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2001-06-16 274432]
"Pop3trap.exe"="c:\programmi\Trend Micro\PC-cillin 2000\Pop3trap.exe" [2001-09-13 294982]
"WebTrapNT.exe"="c:\programmi\Trend Micro\PC-cillin 2000\WebTrapNT.exe" [2001-09-13 235520]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Ad-Watch"="c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-20 515416]
"PCTVOICE"="pctspk.exe" [2002-02-01 c:\windows\system32\pctspk.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-20 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Real-time Monitor.lnk - c:\windows\Installer\{A839294B-70A9-11D5-9F5A-0050DAD742CD}\_A687B56.exe [2002-02-05 57344]
ASUS Hotkey.lnk - c:\programmi\Asus\Asus Hotkey\Hotkey.exe [2002-02-05 548864]
ASUS ChkMail.lnk - c:\programmi\Asus\Asus ChkMail\ChkMail.exe [2002-02-05 40960]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Corel Family & Friends Reminders.LNK - c:\programmi\Corel\Print House Magic\cffrem.exe [2008-12-16 670208]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bcfdebcefbfddab]
1993-08-23 13:31 313871 c:\windows\system32\bcfdebcefbfddab.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Trend Micro\\PC-cillin 2000\\WebTrapNT.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-20 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-20 28544]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
R2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\ousbehci.sys [2008-09-21 41088]
R2 tmfilter;tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2001-08-01 148192]
R2 Tmntsrv;Trend NT Realtime Service;c:\programmi\Trend Micro\PC-cillin 2000\TMNTSRV.EXE [2001-09-13 121856]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2001-08-01 16064]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2008-09-21 55552]
R3 SiS630;SiS630;c:\windows\system32\drivers\sis630p.sys [2002-02-05 124672]
R3 ZD1211U(3COM Corporation);3COM OfficeConnect Wireless 11g Compact USB Adapter(3COM Corporation);c:\windows\system32\drivers\ZD1211U.sys [2008-09-21 274432]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88a8df07-8da0-11dd-81a1-00e01889b1b0}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\m.exe /s

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{972eeeb0-cb60-11dd-81cc-00e01889b1b0}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\m.exe /s

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adaa3800-bfd9-11d3-8214-00e01889b1b0}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\m.exe /s
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-20 20:00]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
FF - ProfilePath - c:\documents and settings\Annamaria\Dati applicazioni\Mozilla\Firefox\Profiles\qda25yh3.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-21 17:16:14
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\bcfdebcefbfddab.dll
.
Ora fine scansione: 2009-03-21 17.17.50
ComboFix-quarantined-files.txt 2009-03-21 16:17:48

Pre-Run: 2.923.642.880 byte disponibili
Post-Run: 3,121,586,176 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

135 --- E O F --- 2009-03-20 20:02:57

Re: Non riesco ad installare antivirus

MessaggioInviato: sab mar 21, 2009 5:29 pm
da Amantide
Copia ed incolla il seguente testo su blocconote e salva il file su desktop con il nome CFScript.txt.
Codice: Seleziona tutto
File::
c:\windows\system32\bcfdebcefbfddab.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bcfdebcefbfddab]

Ora trascina il file CFScript.txt sull'icona di ComboFix. Aspetta il termine della scansione e posta il nuovo log di Combofix.

Prova anche a fare la scansione completa con Malwarebytes' Anti-Malware e posta qui anche il suo report della scansione.

Re: Non riesco ad installare antivirus

MessaggioInviato: dom mar 22, 2009 12:45 am
da senorluca
Questo è il log di combo fix. Non mi fa installare nemmeno Malware ....

ComboFix 09-03-19.02 - Annamaria 2009-03-22 0.32.00.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.495.242 [GMT 1:00]
Eseguito da: c:\documents and settings\Annamaria\Desktop\Gino.exe
Opzioni usate :: c:\documents and settings\Annamaria\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

FILE ::
c:\windows\system32\bcfdebcefbfddab.dll
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bcfdebcefbfddab.dll . . . . Eliminazione Fallita

.
((((((((((((((((((((((((( Files Creati Da 2009-02-21 al 2009-03-21 )))))))))))))))))))))))))))))))))))
.

2009-03-21 14:29 . 2009-03-21 14:29 <DIR> d-------- c:\programmi\FindyKill
2009-03-21 08:39 . 2009-03-21 08:39 313,871 --------- c:\windows\system32\5edc0872dfec7672ace3714659026693.TMP
2009-03-21 08:28 . 2009-03-21 08:28 <DIR> d--hs---- C:\FOUND.001
2009-03-20 23:46 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-03-20 23:45 . 2009-03-20 23:45 <DIR> d-------- c:\programmi\Panda Security
2009-03-20 20:30 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\dllcache\bthport.sys
2009-03-20 20:28 . 2008-08-14 14:43 2,184,064 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-20 20:28 . 2008-08-14 14:42 2,139,648 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-20 20:28 . 2008-08-14 14:42 2,061,440 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-20 20:28 . 2008-08-14 14:42 2,019,328 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-20 20:27 . 2008-12-12 18:33 3,081,216 --------- c:\windows\system32\dllcache\mshtml.dll
2009-03-20 20:25 . 2008-10-24 12:10 453,632 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-20 20:25 . 2008-12-11 12:57 333,184 --------- c:\windows\system32\dllcache\srv.sys
2009-03-20 20:25 . 2008-05-01 15:31 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2009-03-20 20:24 . 2008-04-11 19:50 683,520 --------- c:\windows\system32\dllcache\inetcomm.dll
2009-03-20 20:23 . 2008-09-04 17:44 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2009-03-20 20:23 . 2008-10-15 17:57 332,800 --------- c:\windows\system32\dllcache\netapi32.dll
2009-03-20 20:23 . 2008-10-03 11:15 247,326 --------- c:\windows\system32\dllcache\strmdll.dll
2009-03-20 20:17 . 2009-03-20 20:01 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-20 20:13 . 2009-03-20 20:13 <DIR> d--h----- c:\windows\$hf_mig$
2009-03-20 20:01 . 2009-03-20 20:01 <DIR> d-------- c:\windows\system32\DRVSTORE
2009-03-20 20:01 . 2009-03-20 20:01 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-20 19:58 . 2009-03-20 19:58 <DIR> d--h----- c:\documents and settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-20 19:57 . 2009-03-20 19:57 <DIR> d-------- c:\programmi\Lavasoft
2009-03-20 19:57 . 2009-03-20 19:57 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-03-19 23:17 . 2009-03-19 23:17 313,871 --------- c:\windows\system32\7bbeb47065aecc0d61a07a6b30955f34.TMP
2009-03-19 23:17 . 2009-03-19 23:17 313,871 --------- c:\windows\system32\1164a2c10ffff7f7d3cb895843bca510.TMP
2009-03-19 15:21 . 2009-03-19 15:21 <DIR> d--h----- c:\windows\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-21 23:34 313,871 ----a-w c:\windows\system32\bcfdebcefbfddab.dll
2009-03-21 23:34 313,871 ------w c:\windows\system32\f1b369d97c7e866c9a3604c3bea25d0e.TMP
2009-02-09 14:56 1,846,272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 14:56 1,846,272 ------w c:\windows\system32\dllcache\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"3COM"="c:\programmi\3Com\3Com Wireless USB Utility\Wlan.exe" [2005-03-23 409600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="c:\windows\Hcontrol.exe" [2002-01-16 53248]
"SiS Tray"="c:\windows\System32\sistray.EXE" [2001-08-13 266240]
"SiS KHooker"="c:\windows\System32\khooker.exe" [2001-09-02 294912]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2001-06-16 94208]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2001-06-16 274432]
"Pop3trap.exe"="c:\programmi\Trend Micro\PC-cillin 2000\Pop3trap.exe" [2001-09-13 294982]
"WebTrapNT.exe"="c:\programmi\Trend Micro\PC-cillin 2000\WebTrapNT.exe" [2001-09-13 235520]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Ad-Watch"="c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-20 515416]
"PCTVOICE"="pctspk.exe" [2002-02-01 c:\windows\system32\pctspk.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-20 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Real-time Monitor.lnk - c:\windows\Installer\{A839294B-70A9-11D5-9F5A-0050DAD742CD}\_A687B56.exe [2002-02-05 57344]
ASUS Hotkey.lnk - c:\programmi\Asus\Asus Hotkey\Hotkey.exe [2002-02-05 548864]
ASUS ChkMail.lnk - c:\programmi\Asus\Asus ChkMail\ChkMail.exe [2002-02-05 40960]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Corel Family & Friends Reminders.LNK - c:\programmi\Corel\Print House Magic\cffrem.exe [2008-12-16 670208]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bcfdebcefbfddab]
2009-03-22 00:34 313871 c:\windows\system32\bcfdebcefbfddab.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Trend Micro\\PC-cillin 2000\\WebTrapNT.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-20 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-20 28544]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
R2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\ousbehci.sys [2008-09-21 41088]
R2 tmfilter;tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2001-08-01 148192]
R2 Tmntsrv;Trend NT Realtime Service;c:\programmi\Trend Micro\PC-cillin 2000\TMNTSRV.EXE [2001-09-13 121856]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2001-08-01 16064]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2008-09-21 55552]
R3 SiS630;SiS630;c:\windows\system32\drivers\sis630p.sys [2002-02-05 124672]
R3 ZD1211U(3COM Corporation);3COM OfficeConnect Wireless 11g Compact USB Adapter(3COM Corporation);c:\windows\system32\drivers\ZD1211U.sys [2008-09-21 274432]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88a8df07-8da0-11dd-81a1-00e01889b1b0}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\m.exe /s

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{972eeeb0-cb60-11dd-81cc-00e01889b1b0}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\m.exe /s

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adaa3800-bfd9-11d3-8214-00e01889b1b0}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\m.exe /s
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-20 20:00]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
FF - ProfilePath - c:\documents and settings\Annamaria\Dati applicazioni\Mozilla\Firefox\Profiles\qda25yh3.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-22 00:35:11
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\bcfdebcefbfddab.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\SYSTEM32\WSCNTFY.EXE
c:\windows\SYSTEM32\WBEM\UNSECAPP.EXE
c:\programmi\TREND MICRO\PC-CILLIN 2000\PNTIOMON.EXE
c:\programmi\TREND MICRO\PC-CILLIN 2000\PCCNTUPD.EXE
c:\windows\ATKOSD.EXE
.
**************************************************************************
.
Ora fine scansione: 2009-03-22 0:37:56 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-03-21 23:37:54
ComboFix3.txt 2009-03-21 16:17:52
ComboFix2.txt 2009-03-21 23:28:20

Pre-Run: 3.096.641.536 byte disponibili
Post-Run: 3,085,344,768 byte disponibili

144 --- E O F --- 2009-03-20 20:02:57

Re: Non riesco ad installare antivirus

MessaggioInviato: dom mar 22, 2009 12:03 pm
da Amantide
senorluca ha scritto:Questo è il log di combo fix. Non mi fa installare nemmeno Malware ....

E ci credo...
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bcfdebcefbfddab.dll . . . . Eliminazione Fallita

[uhm]

Scarica The Avenger, estrailo in una cartella ed avvia il file avenger.exe.
Incolla il seguente spript nello spazio bianco sotto alla voce Input script here, togli la spunta alla voce Scan for rootkits e clicca su Execute.

Codice: Seleziona tutto
Files to delete:
c:\windows\system32\bcfdebcefbfddab.dll
c:\windows\system32\f1b369d97c7e866c9a3604c3bea25d0e.TMP
c:\windows\system32\1164a2c10ffff7f7d3cb895843bca510.TMP
c:\windows\system32\7bbeb47065aecc0d61a07a6b30955f34.TMP
c:\windows\system32\5edc0872dfec7672ace3714659026693.TMP

Registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bcfdebcefbfddab

Drivers to unload:
bcfdebcefbfddab


Il pc dovrebbe riavviarsi, se così non fosse, riavvialo manualmente.
Al riavvio dovrebbe apparire il log avenger.txt, posta qui il suo contenuto.