MegaLab.it

Inviato: **sab lug 11, 2009 12:24 pm**

Mi controllate il log per favore????Il pc da stamttina se apro alcune cose tipo webcam,skipe ecc nn va.Cioè appare una schermata blu d'errore parlando di modifiche hardware(mai fatte).Vipo posto il log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.15.58, on 11/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\sub.exe
C:\WINDOWS\dllcache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\winmgrs.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe
C:\WINDOWS\twain_32\CIS600X\WATCH.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
D:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Programmi\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Dynamic Library Cache] dllcache.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winmgrs.exe
O4 - HKLM\..\Run: [PromoReg] C:\sub.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LiveSearchNotification] "C:\Programmi\Techno Design IP\LiveSearch Notification.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Utilità adattatore wireless ZyXEL G-202.lnk = ?
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\CIS600X\WATCH.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF78D79F-4AAF-4551-9C95-BDF9EAA4D278}: NameServer = 213.156.54.80,213.156.54.81
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 5765 bytes

Inviato: **sab lug 11, 2009 12:27 pm**

Non uno, ma forse tre
O4 - HKLM\..\Run: [Windows Dynamic Library Cache] dllcache.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winmgrs.exe
O4 - HKLM\..\Run: [PromoReg] C:\sub.exe

Falli analizzare sul sito www.virustotal.com prima di vaporizzarli.

Inviato: **sab lug 11, 2009 12:42 pm**

Grazie provvedo subito e ti faccio sapere.

Inviato: **sab lug 11, 2009 1:25 pm**

Li ho eliminatiti.Ora post il nuovo Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.28.59, on 11/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe
C:\WINDOWS\twain_32\CIS600X\WATCH.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
D:\Programmi\Opera\opera.exe
D:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Programmi\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LiveSearchNotification] "C:\Programmi\Techno Design IP\LiveSearch Notification.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Utilità adattatore wireless ZyXEL G-202.lnk = ?
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\CIS600X\WATCH.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF78D79F-4AAF-4551-9C95-BDF9EAA4D278}: NameServer = 213.156.54.80,213.156.54.81
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 5502 bytes

Ora è ok??

Inviato: **sab lug 11, 2009 1:58 pm**

Nessun problema visibile. [^]

Inviato: **sab lug 11, 2009 2:05 pm**

Però mi da ancora problemi [cry+]

.Ho notato che risultano istallate 4 Unità CD [boh]

.Che devo fare???

Inviato: **sab lug 11, 2009 3:01 pm**

SUMMERBOY ha scritto:Ho notato che risultano istallate 4 Unità CD .Che devo fare???

Stai usando daemon tools o qualche virtualizzatore di cdrom?
E' meglio se fai una scansione con questo http://www.MegaLab.it/2894/kaspersky-virus-removal-tool

Inviato: **sab lug 11, 2009 4:00 pm**

Nn sto usando niente del genere.Ho inserito dei cd e risulta che le due Unità Cd sono state tipo duplicate.Lo stesso contenuto lo visualizzo su due porte.

Inviato: **sab lug 11, 2009 4:27 pm**

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:

Codice: Seleziona tutto: [LOG]qui va inserito il log[/LOG]

Inviato: **sab lug 11, 2009 5:26 pm**

Ho provato ad usare combofix,ma quando stava facendo il punto di ripristino mi è uscita la schermata blu d'errore.Mi esce la stessa schermata anche se provo ad aprire la webcam.

Inviato: **dom lug 12, 2009 12:29 pm**

Riesci a riportare l'errore della schermata blu?

Inviato: **dom lug 12, 2009 12:52 pm**

Ecco ora la metto:
Immagine

MI ESCE ANCHE QUANDO APRO ES. SKYPE.

Inviato: **dom lug 12, 2009 1:10 pm**

Lo schermo blu Driver_IRQL.... di solito si riferisce al problema/conflitto con qualche driver di perifericha o software, o perché no, anche qualche virus installati. Nel tuo caso c'è il problema che dopo lo STOP:... non viene menzionato il nome del driver colpevole. [uhm]

Per escludere la causa virus prova ad eseguire la scansione con Avira RescueCD.

Inviato: **dom lug 12, 2009 1:14 pm**

Vuoi che ti posto l'immagien rimpicciolita??comunque adesso sto facendo la scansione con AVG 8.5 e per il momento nn risulta niente.comunque io nn ho apportato nessuna modifica.Cioè io poco prima usavo il pc normalmente ,dopo 5 minuti sono iniziati i problemi.

Inviato: **dom lug 12, 2009 2:19 pm**

SUMMERBOY ha scritto:Vuoi che ti posto l'immagien rimpicciolita??

Non serve, di solito se c'è il riferimento a qualche file, quello va menzionato immediatamente sotto alla riga STOP:...

SUMMERBOY ha scritto:comunque adesso sto facendo la scansione con AVG 8.5 e per il momento nn risulta niente.

Non è granché come l'antivirus, e visto che già nel log di Hijackthis si vedevano un bel po' di schifezze, sarà meglio se ritenterai di eseguire la scansione con Combofix dalla modalità provvisoria oppure se fai la scansione con Avira RescueCD.

Inviato: **dom lug 12, 2009 3:21 pm**

Allora dopo 4 ore e mezza di scansione [XX(]

mi ha trovato 1 file infetto:
C:\\WINDOWS\temp\dfsinstall.exe e mi dice che è un Trojan Horse SHeur2.APXF.Se lo elimino dovrei risolvere qualcosa??

Inviato: **dom lug 12, 2009 3:43 pm**

SUMMERBOY ha scritto:Allora dopo 4 ore e mezza di scansione mi ha trovato 1 file infetto:C:\\WINDOWS\temp\dfsinstall.exe e mi dice che è un Trojan Horse SHeur2.APXF.

Anche se il nome di questo file non sembra tanto sospetto, eliminalo lo stesso, visto che si trova nella cartella dei file temporanei.

SUMMERBOY ha scritto:Se lo elimino dovrei risolvere qualcosa??

No saprei

, però sinceramente non credo.

Vedi comunque se riesci ad eseguiere la scansione con Combofix dalla modalità provvisoria.

Inviato: **dom lug 12, 2009 4:54 pm**

FINALMENTE sono riuscito a fare la sncasione con Combofix in modalita provvisoria [applauso+]

.
Ecco il log:

ComboFix 09-07-09.08 - User 12/07/2009 17.23.47.4.1 - NTFSx86 MINIMAL
Eseguito da: c:\documents and settings\User\Desktop\Combofix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Impostazioni locali\Temporary Internet Files\lsn_6FBA808F-2580-48c3-8C6B-C08BBB800B8E.xml
c:\windows\dllcache.exe
c:\windows\system32\drivers\hjgruixrtqhxvn.sys
c:\windows\system32\hjgruikibairyf.dat
c:\windows\system32\hjgruimqlisrtu.dat
c:\windows\system32\hjgruirjixfqxn.dll
c:\windows\system32\hjgruirkmjpqfv.dll
c:\windows\winmgrs.exe

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruiowpdwqpp

((((((((((((((((((((((((( Files Creati Da 2009-06-12 al 2009-07-12 )))))))))))))))))))))))))))))))))))
.

2009-07-11 16:27 . 2009-06-17 08:54 906520 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgemc.exe
2009-07-02 16:29 . 2009-07-02 16:29 463360 ----a-w- c:\documents and settings\User\Dati applicazioni\Techno Design IP\LiveSearch Notification.exe
2009-07-02 16:29 . 2009-07-02 16:29 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Techno Design IP
2009-06-30 10:42 . 2009-06-30 10:30 2052376 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgcorex.dll
2009-06-27 10:09 . 2009-06-27 10:12 -------- d-----w- c:\windows\system32\NtmsData
2009-06-27 09:38 . 2009-06-27 09:38 -------- d-----w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Opera
2009-06-17 09:02 . 2009-06-17 08:54 829208 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgcfgx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 16:27 . 2008-05-23 15:45 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-11 14:51 . 2008-12-20 16:05 3561743 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-11 12:37 . 2000-01-01 15:46 90112 ----a-w- c:\windows\DUMP5346.tmp
2009-07-11 10:41 . 2008-02-01 16:33 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Skype
2009-07-10 11:23 . 2008-02-01 17:05 -------- d-----w- c:\documents and settings\User\Dati applicazioni\skypePM
2009-07-06 10:27 . 2008-01-05 18:12 -------- d-----w- c:\programmi\eMule
2009-06-17 09:27 . 2008-12-02 15:11 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2008-12-02 15:11 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-17 08:54 . 2000-01-01 15:40 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-17 08:54 . 2009-06-12 11:21 3298072 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\setup.exe
2009-06-17 08:50 . 2009-06-12 11:11 1454360 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgupd.dll
2009-06-11 18:00 . 2009-06-11 18:00 248566 ----a-w- C:\cc_20090611_1959.reg
2009-06-08 19:50 . 2009-06-08 19:50 19165248 ----a-w- c:\documents and settings\User\Dati applicazioni\TomTom\HOME\Profiles\u1fppxy6.default\Updates\v2_6_2_1586_win.exe
2009-05-16 18:15 . 2008-08-02 18:58 -------- d-----w- c:\documents and settings\User\Dati applicazioni\gtk-2.0
2009-05-12 17:34 . 2008-01-06 18:19 2608 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-08 10:27 . 2008-08-07 14:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-08 10:27 . 2008-05-23 15:45 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:41 . 2004-08-19 12:00 346112 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 19:23 . 2000-01-01 15:40 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-29 19:23 . 2000-01-01 15:40 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-29 04:51 . 2004-08-19 12:00 662016 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:51 . 2004-08-19 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 20:08 . 2004-08-19 12:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 11:27 . 2004-08-19 12:00 345382 ----a-w- c:\windows\system32\perfh010.dat
2009-04-16 11:27 . 2004-08-19 12:00 47814 ----a-w- c:\windows\system32\perfc010.dat
2009-04-15 15:16 . 2004-08-19 12:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
.

------- Sigcheck -------

[7] 2005-03-02 18:20 578048 488019BFE2B0F9F8CD8394276D5B664A c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[7] 2007-03-08 15:48 579072 BAB4F995E526484A235A276E269AAF7F c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[7] 2004-08-19 12:00 578048 08447BDFCE5D1B1956F962602381F5C1 c:\windows\$NtUninstallKB890859$\user32.dll
[7] 2005-03-02 18:10 578048 14B5D6B20467DBA209853D65D1F6A124 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 02:13 579584 FA94696C0727BD59E517C674CD6E7C72 c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\user32.dll
[-] 2008-04-14 02:13 579584 FA94696C0727BD59E517C674CD6E7C72 c:\windows\system32\user32.dll

[-] 2008-04-14 02:14 510464 9259170D29B5A256735FCB8B80280857 c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\winlogon.exe
[-] 2000-01-01 16:31 504832 1DBD3966123AC2F6ADE783F7F17F8C7F c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PE2CKFNT SE"="c:\programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 25088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-12-03 413696]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-04-29 198160]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-19 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
Utilit… adattatore wireless ZyXEL G-202.lnk - c:\programmi\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe [2008-11-6 10907648]
Watch.lnk - c:\windows\twain_32\CIS600X\WATCH.exe [2008-2-2 356352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-08 10:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 3"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\DAP\\DAP.exe"=
"c:\\Programmi\\ZyXEL\\ZyXEL G-202 Wireless Adapter Utility\\ZyXEL G-202.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23/05/2008 17.45.12 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23/05/2008 17.45.12 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [07/08/2008 16.03.59 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [07/08/2008 16.03.56 298776]
R2 SFC4;SFC4;c:\windows\system32\drivers\sfc4.sys [02/02/2008 11.22.34 41472]
R3 phil2vid;Fotocamera VGA USB Philip;c:\windows\system32\drivers\philcam2.sys [05/01/2008 18.32.22 173696]
R3 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;c:\windows\system32\ZDCndis5.sys [28/10/2008 14.01.44 19072]
R3 ZY202_XP;ZyXEL 802.11g XG202 1211 Driver;c:\windows\system32\drivers\WlanUZXP.SYS [28/10/2008 14.27.18 437760]
S3 AX88178;Sitecom USB Gigabit LAN LN-028;c:\windows\system32\drivers\ax88178.sys [01/01/2000 18.50.57 22144]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [28/10/2008 14.01.44 20608]
.
Contenuto della cartella 'Scheduled Tasks'

2009-07-12 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-23 20:18]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-LiveSearchNotification - c:\programmi\Techno Design IP\LiveSearch Notification.exe

.
------- Scansione supplementare -------
.
uStart Page = hxxp://it.msn.com
IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm
TCP: {AF78D79F-4AAF-4551-9C95-BDF9EAA4D278} = 213.156.54.80,213.156.54.81
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-12 17:40
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(1960)
c:\progra~1\TEXTBR~1.0\Bin\TBMHOOK.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\wdfmgr.exe
c:\programmi\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\programmi\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
c:\windows\system32\rundll32.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
.
**************************************************************************
.
Ora fine scansione: 2009-07-12 17.49.05 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-07-12 15:48
ComboFix2.txt 2008-12-02 19:12
ComboFix3.txt 2008-12-02 14:58
ComboFix4.txt 2008-12-02 13:12

Pre-Run: 7.697.399.808 byte disponibili
Post-Run: 7.801.769.984 byte disponibili

170 --- E O F --- 2009-06-11 11:16

Inviato: **dom lug 12, 2009 5:08 pm**

Ora come va il pc?
Combofix ha rimosso un malware abbastanza insidioso che forse con il suo driver causava lo schermo blu.

Inviato: **dom lug 12, 2009 5:19 pm**

Pare meglio.Le unità cd in più sono scomparse.La webcam adesso è ok.L'unico problema è che Vlc nn mi si apre.

MegaLab.it

PROBABILE VIRUS!!!!!!!!!!

PROBABILE VIRUS!!!!!!!!!!

Re: PROBABILE VIRUS!!!!!!!!!!

Re: PROBABILE VIRUS!!!!!!!!!!

Re: PROBABILE VIRUS!!!!!!!!!!

Re: PROBABILE VIRUS!!!!!!!!!!

Re: PROBABILE VIRUS!!!!!!!!!!

Re: PROBABILE VIRUS!!!!!!!!!!

Re: PROBABILE VIRUS!!!!!!!!!!

Re: PROBABILE VIRUS!!!!!!!!!!

Re: PROBABILE VIRUS!!!!!!!!!!

Re: PROBABILE VIRUS!!!!!!!!!!

Re: PROBABILE VIRUS!!!!!!!!!!

Re: PROBABILE VIRUS!!!!!!!!!!

Re: PROBABILE VIRUS!!!!!!!!!!

Re: PROBABILE VIRUS!!!!!!!!!!

Re: PROBABILE VIRUS!!!!!!!!!!

Re: PROBABILE VIRUS!!!!!!!!!!

Re: PROBABILE VIRUS!!!!!!!!!!

Re: PROBABILE VIRUS!!!!!!!!!!

Re: PROBABILE VIRUS!!!!!!!!!!