www.MegaLab.it

[rogernemo]

salve ho avuto qualche problema con qualche virus, i problemi che si sono verificati sono principalmente due: internet explorer non funziona spesso, s'era disabilitato il centro sicurezza pc, non riesco a connettermi con il wireless.

ho fatto la scansione del sistema con kaspersky online:

KASPERSKY ONLINE SCANNER 7 REPORT
Monday, March 2, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, March 01, 2009 21:53:25
Records in database: 1860452
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 135307
Threat name 3
Infected objects 6
Suspicious objects 0
Duration of the scan 02:30:03

File name Threat name Threats count
C:\Users\Barzin\AppData\Local\Microsoft\Messenger\rogernemo@msn.com\ObjectStore\CustomEmoticons\7q6FbK5PmJVaLTY4rDKlWNhvwB0=.dt2 Infected: Trojan-Clicker.HTML.IFrame.rp 1
C:\Users\Barzin\AppData\Local\Temp\evmwwufeyi.tmp Infected: Trojan-Dropper.Win32.Pakes.s 1
C:\Users\Barzin\AppData\Local\Temp\ixdapcqtlm.tmp Infected: Trojan-Dropper.Win32.Pakes.s 1
C:\Users\Barzin\AppData\Local\Temp\qwnvvismic.tmp Infected: Trojan-Dropper.Win32.Pakes.s 1
C:\Users\Barzin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7a75380a-1a4a0949 Infected: Trojan-Downloader.Java.OpenConnection.aq 1
C:\Users\Barzin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\3c07b9fe-6e0349c8 Infected: Trojan-Downloader.Java.OpenConnection.aq 1
The selected area was scanned.

ho utilizzato The Avenger per eliminare i file che sono usciti nel report di kaspersky e questo è il report:

Logfile of The Avenger Version 2.0, (c) by

Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File

"C:\Users\Barzin\AppData\Local\Microsoft\Messenger\

rogernemo@msn.com\ObjectStore\CustomEmoticons\7q6Fb

K5PmJVaLTY4rDKlWNhvwB0=.dt2" deleted successfully.

Error: file

"C:\Users\Barzin\AppData\Local\Temp\evmwwufeyi.tmp"

not found!
Deletion of file

"C:\Users\Barzin\AppData\Local\Temp\evmwwufeyi.tmp"

failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file

"C:\Users\Barzin\AppData\Local\Temp\ixdapcqtlm.tmp"

not found!
Deletion of file

"C:\Users\Barzin\AppData\Local\Temp\ixdapcqtlm.tmp"

failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file

"C:\Users\Barzin\AppData\Local\Temp\qwnvvismic.tmp"

not found!
Deletion of file

"C:\Users\Barzin\AppData\Local\Temp\qwnvvismic.tmp"

failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist

File

"C:\Users\Barzin\AppData\LocalLow\Sun\Java\Deployme

nt\cache\6.0\10\7a75380a-1a4a0949" deleted

successfully.
File

"C:\Users\Barzin\AppData\LocalLow\Sun\Java\Deployme

nt\cache\6.0\62\3c07b9fe-6e0349c8" deleted

successfully.

Completed script processing.

*******************

Finished! Terminate.

ora cos'altro devo fare per essere certo di aver debellato i virus???
E cosa devo fare per riabilitare tutte le funzioni che mi sono state disabilitate dai virus???

[Amantide]

Per iniziare scarica ComboFix ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:

Codice: Seleziona tutto

[LOG]qui va inserito il log[/LOG]

[rogernemo]

ecco il log di combofix:

ComboFix 09-03-01.01 - Barzin 2009-03-02 17.22.12.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.2046.1285 [GMT 1:00]
Eseguito da: c:\users\Barzin\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\Desktop_.ini
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekapmmrapum.sys
c:\windows\system32\senekackcjbnom.dll
c:\windows\system32\senekaebsiiyoq.dat
c:\windows\system32\senekawrttjfyc.dat
c:\windows\system32\senekawtsdnvgh.dll
c:\windows\system32\senekaxmnkiiqe.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_seneka


((((((((((((((((((((((((( Files Creati Da 2009-02-02 al 2009-03-02 )))))))))))))))))))))))))))))))))))
.

2009-02-28 10:31 . 2009-02-28 10:31 118 --a------ c:\windows\System32\MRT.INI
2009-02-28 10:14 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-28 10:14 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-28 10:14 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-28 10:14 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-28 10:14 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-28 10:14 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-28 10:14 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-28 10:14 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-28 10:05 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-28 10:05 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-28 10:05 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-28 10:05 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-28 10:05 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-28 10:03 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-02-28 10:03 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-02-28 10:03 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-02-28 10:03 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-02-27 21:26 . 2009-02-27 21:26 <DIR> d-------- c:\users\All Users\Adobe
2009-02-27 21:26 . 2009-02-27 21:28 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-16 00:34 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-16 00:34 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-16 00:34 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-16 00:34 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-16 00:34 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-04 11:19 . 2009-02-04 11:19 107,272 --a------ c:\windows\System32\drivers\avgtdix.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 16:28 --------- d-----w c:\users\Barzin\AppData\Roaming\OpenOffice.org2
2009-03-02 09:43 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-02 09:40 --------- d-----w c:\program files\CCleaner
2009-02-27 15:23 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-11 02:00 --------- d-----w c:\program files\Windows Mail
2009-02-04 10:21 --------- d-----w c:\programdata\avg8
2009-02-04 10:19 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-23 17:45 --------- d-----w c:\program files\Poladroid
2009-01-03 01:07 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-05-22 09:34 174 --sha-w c:\program files\desktop.ini
2006-03-20 13:37 5,689,344 ----a-w c:\program files\mplayerc.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2007-07-28 277328]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3293184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-07 858632]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-03-29 458752]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"MRT"="c:\windows\system32\MRT.exe" [2009-02-11 21244872]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-20 c:\windows\SkyTel.exe]

c:\users\Barzin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-05-22 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B8EA2B6F-8E20-4912-B07D-1DA7394890B2}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{305BD197-32FA-4591-8EE6-6DA2537FF886}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{8D040B2A-45CE-490C-8186-1A864BF190CE}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{81FCC265-72D6-4866-BE0B-81CB936BD576}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0F98B5EE-4680-4C19-885B-A5A1F2331FD2}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7913C346-2A1D-4048-BF6F-B50D6A213B77}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{95C70E01-91E2-4EB9-9429-CBBDF71CB55D}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{A1FD34E1-76E9-43A9-B76C-2E01A5E91A8A}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{89B18DF4-77F4-450E-9D66-63C17EA1ECC6}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{4CD970BB-CC37-497D-94F2-44D2D737E4CD}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AF98C15C-BB47-4911-9613-94B4EBA090DA}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0F11AA58-B197-4A93-87C5-6497B18E0D81}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{B259105E-ECBD-4386-8203-451F1292B0E9}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{91B4AA61-389D-474E-8739-9879D1216036}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2A85C07C-8CCE-47ED-9C9D-200486DD32DC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-05-22 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-02-04 107272]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-05-22 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-22 298264]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-05-22 809296]
R3 b57nd60x;%SvcDispName%;c:\windows\System32\drivers\b57nd60x.sys [2008-05-22 179712]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d11f7b2-d289-11dd-b110-000000000000}]
\shell\AutoRun\command - E:\22wcb21o.exe
\shell\explore\Command - E:\22wcb21o.exe
\shell\open\Command - E:\22wcb21o.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c226c50-7e48-11dd-8231-000000000000}]
\shell\Auto\command - E:\CSRSS.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\CSRSS.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc9e2951-9244-11dd-9506-000000000000}]
\shell\Auto\command - UFO.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-02 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
FF - ProfilePath - c:\users\Barzin\AppData\Roaming\Mozilla\Firefox\Profiles\020io55v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
1 file spostato/i.
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 17:29:30
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(5240)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\System32\drivers\XAudio.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\iashost.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\users\Barzin\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Ora fine scansione: 2009-03-02 17:35:48 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-03-02 16:35:29

Pre-Run: 32.346.755.072 byte disponibili
Post-Run: 32,002,437,120 byte disponibili

203 --- E O F --- 2009-02-28 09:49:37

[Amantide]

Unita segnalata con la lettera E:\ cos'é? E' una partizione del disco fisso oppure l'unità esterna come disco fisso o chiavetta usb?

[rogernemo]

e:/ è un unità esterna, ma al momento non è attaccato niente

[Amantide]

e:/ è un unità esterna, ma al momento non è attaccato niente

Te l'ho chiesto, perché anche questa unità è infetta.

Adesso collega questa unità al pc, copia ed incolla il seguente testo su blocconote e salva il file su desktop con il nome CFScript.txt.

Codice: Seleziona tutto

File::
c:\autorun.inf
e:\autorun.inf
E:\22wcb21o.exe
E:\CSRSS.exe
c:\UFO.exe
e:\UFO.exe
C:\Users\Barzin\AppData\Local\Temp

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d11f7b2-d289-11dd-b110-000000000000}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c226c50-7e48-11dd-8231-000000000000}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc9e2951-9244-11dd-9506-000000000000}]

Ora trascina il file CFScript.txt sull'icona di Combofix.exe ed aspetta il termine della scansione. Posta il nuovo log di Combofix.

Alla fine dovresti disinstallare Java ed installare l'ultima versione.

[rogernemo]

Te l'ho chiesto, perché anche questa unità è infetta.

Adesso collega questa unità al pc, copia ed incolla il seguente testo su blocconote e salva il file su desktop con il nome CFScript.txt.

Codice: Seleziona tutto

File::
c:\autorun.inf
e:\autorun.inf
E:\22wcb21o.exe
E:\CSRSS.exe
c:\UFO.exe
e:\UFO.exe
C:\Users\Barzin\AppData\Local\Temp

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d11f7b2-d289-11dd-b110-000000000000}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c226c50-7e48-11dd-8231-000000000000}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc9e2951-9244-11dd-9506-000000000000}]

Ora trascina il file CFScript.txt sull'icona di Combofix.exe ed aspetta il termine della scansione. Posta il nuovo log di Combofix.

Alla fine dovresti disinstallare Java ed installare l'ultima versione.

ma a seconda di cosa attacco E:\ è il mio hard disk, la mia penna USB, la penna USB del mio coinquilino, uno degli Hard Disk di due amici.

considerando poi che a portata di città c'ho solo la mia penna USB, qual è che devo attaccare???

[Amantide]

Guarda, la cosa ideale sarebbe quella di scansionare tutte le unità esterne che hanno avuto il contatto con il tuo pc ultimamente.
Intanto esegui questa scansione con la chiavetta usb collegata, per quanto riguarda altre unità, dovresti poi abilitare la visualizzazione dei file nascosti e di sistema e vedere se contengono i file che io ho indicato tra quelli da rimuovere.

[rogernemo]

ecco il nuovo log di combofix:

ComboFix 09-03-02.01 - Barzin 2009-03-02 19.04.00.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.2046.1282 [GMT 1:00]
Eseguito da: c:\users\Barzin\Downloads\ComboFix.exe
Opzioni usate :: c:\users\Barzin\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Creato nuovo punto di ripristino

FILE ::
c:\autorun.inf
c:\UFO.exe
c:\users\Barzin\AppData\Local\Temp
E:\22wcb21o.exe
e:\autorun.inf
E:\CSRSS.exe
e:\UFO.exe
.

((((((((((((((((((((((((( Files Creati Da 2009-02-02 al 2009-03-02 )))))))))))))))))))))))))))))))))))
.

2009-02-28 10:31 . 2009-02-28 10:31 118 --a------ c:\windows\System32\MRT.INI
2009-02-28 10:14 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-28 10:14 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-28 10:14 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-28 10:14 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-28 10:14 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-28 10:14 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-28 10:14 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-28 10:14 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-28 10:05 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-28 10:05 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-28 10:05 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-28 10:05 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-28 10:05 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-28 10:03 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-02-28 10:03 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-02-28 10:03 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-02-28 10:03 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-02-27 21:26 . 2009-02-27 21:26 <DIR> d-------- c:\users\All Users\Adobe
2009-02-27 21:26 . 2009-02-27 21:28 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-16 00:34 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-16 00:34 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-16 00:34 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-16 00:34 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-16 00:34 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-04 11:19 . 2009-02-04 11:19 107,272 --a------ c:\windows\System32\drivers\avgtdix.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 17:59 --------- d-----w c:\users\Barzin\AppData\Roaming\OpenOffice.org2
2009-03-02 09:43 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-02 09:40 --------- d-----w c:\program files\CCleaner
2009-02-27 15:23 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-11 02:00 --------- d-----w c:\program files\Windows Mail
2009-02-04 10:21 --------- d-----w c:\programdata\avg8
2009-02-04 10:19 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-04 10:19 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2009-01-23 17:45 --------- d-----w c:\program files\Poladroid
2009-01-15 10:05 911,872 ----a-w c:\windows\System32\wininet.dll
2009-01-15 10:05 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-01-15 10:04 18,944 ----a-w c:\windows\System32\corpol.dll
2009-01-15 10:04 132,096 ----a-w c:\windows\System32\ieUnatt.exe
2009-01-15 10:04 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-01-15 10:04 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-01-15 10:04 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-01-15 10:04 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-01-15 10:04 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-01-15 10:03 72,704 ----a-w c:\windows\System32\admparse.dll
2009-01-15 10:03 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 10:03 66,560 ----a-w c:\windows\System32\wextract.exe
2009-01-15 10:03 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-01-15 10:02 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-01-15 10:01 34,304 ----a-w c:\windows\System32\imgutil.dll
2009-01-15 10:00 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-01-15 10:00 45,568 ----a-w c:\windows\System32\mshta.exe
2009-01-15 09:50 156,160 ----a-w c:\windows\System32\msls31.dll
2009-01-03 01:07 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-16 11:50 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-05-22 09:34 174 --sha-w c:\program files\desktop.ini
2006-03-20 13:37 5,689,344 ----a-w c:\program files\mplayerc.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-03-02_17.33.02.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-02 16:26:55 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-02 16:38:14 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-03-02 16:26:55 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-03-02 16:38:14 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-03-02 16:29:20 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-02 16:39:50 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-03-02 16:29:27 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-02 18:06:20 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-02 18:06:20 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-03-02 16:21:57 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-03-02 18:03:21 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2009-02-28 10:08:00 101,250 ----a-w c:\windows\System32\perfc009.dat
+ 2009-03-02 17:58:45 101,250 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-28 10:08:00 120,326 ----a-w c:\windows\System32\perfc010.dat
+ 2009-03-02 17:58:45 120,326 ----a-w c:\windows\System32\perfc010.dat
- 2009-02-28 10:08:00 587,178 ----a-w c:\windows\System32\perfh009.dat
+ 2009-03-02 17:58:45 587,178 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-28 10:08:00 662,846 ----a-w c:\windows\System32\perfh010.dat
+ 2009-03-02 17:58:45 662,846 ----a-w c:\windows\System32\perfh010.dat
- 2009-03-02 16:28:55 8,542 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2042695977-3343395866-3773383324-1000_UserData.bin
+ 2009-03-02 16:40:17 8,574 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2042695977-3343395866-3773383324-1000_UserData.bin
- 2009-03-02 16:28:55 61,228 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-02 16:40:16 61,228 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-03-02 15:28:00 42,812 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-03-02 16:40:12 43,002 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2007-07-28 277328]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3293184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-07 858632]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-03-29 458752]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"MRT"="c:\windows\system32\MRT.exe" [2009-02-11 21244872]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-20 c:\windows\SkyTel.exe]

c:\users\Barzin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-05-22 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B8EA2B6F-8E20-4912-B07D-1DA7394890B2}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{305BD197-32FA-4591-8EE6-6DA2537FF886}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{8D040B2A-45CE-490C-8186-1A864BF190CE}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{81FCC265-72D6-4866-BE0B-81CB936BD576}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0F98B5EE-4680-4C19-885B-A5A1F2331FD2}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7913C346-2A1D-4048-BF6F-B50D6A213B77}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{95C70E01-91E2-4EB9-9429-CBBDF71CB55D}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{A1FD34E1-76E9-43A9-B76C-2E01A5E91A8A}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{89B18DF4-77F4-450E-9D66-63C17EA1ECC6}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{4CD970BB-CC37-497D-94F2-44D2D737E4CD}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AF98C15C-BB47-4911-9613-94B4EBA090DA}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0F11AA58-B197-4A93-87C5-6497B18E0D81}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{B259105E-ECBD-4386-8203-451F1292B0E9}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{91B4AA61-389D-474E-8739-9879D1216036}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2A85C07C-8CCE-47ED-9C9D-200486DD32DC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-05-22 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-02-04 107272]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-05-22 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-22 298264]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-05-22 809296]
R3 b57nd60x;%SvcDispName%;c:\windows\System32\drivers\b57nd60x.sys [2008-05-22 179712]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-02 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
FF - ProfilePath - c:\users\Barzin\AppData\Roaming\Mozilla\Firefox\Profiles\020io55v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 19:06:22
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(5772)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
Ora fine scansione: 2009-03-02 19.09.36
ComboFix-quarantined-files.txt 2009-03-02 18:09:33
ComboFix2.txt 2009-03-02 16:35:49

Pre-Run: 31.949.533.184 byte disponibili
Post-Run: 31,706,513,408 byte disponibili

205 --- E O F --- 2009-02-28 09:49:37

[Amantide]

Per il momento il pc sembra essere pulito, però non escludo che le periferiche esterne che hanno avuto il contatto con questo computer potrebbero essere infette a sua volta.
Prima di collegarle al pc per la disinfettazione, ricordati di tenere il tasto Shift premuto ( quello con la freccia rivolta all'insu).
Per la sicurezza fai anche la scansione con Malwarebytes Anti-Malware, e dimmi se ci sono ancora le opzioni e servizi bloccati di quali parlavi all'inizio.

[rogernemo]

il centro sicurezza pc, lo ho attivato tra i servizi

per quanto riguarda internet explorer non mi interessa granchè, perché uso firefox

però al momento la wlan ancora non va

[Amantide]

Prova ad abilitare il Ripristino di Zero Configuration reti senza fili seguendo questo articolo.

[rogernemo]

ho risolto, a quanto pare tutto!!!

grazie per l'aiuto

[Amantide]

Ottimo
Non ti scordare di controllare tutte le unità rimovibili appena puoi.

[rogernemo]

non so leggere il log di combofix quindi provo a sottoporlo a te:

ComboFix 09-04-04.01 - Utente 2009-04-07 12.24.19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.512.327 [GMT 2:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2009-03-07 al 2009-04-07 )))))))))))))))))))))))))))))))))))
.

2009-04-07 11:44 . 2009-04-07 11:46 <DIR> d-------- c:\programmi\Spybot - Search & Destroy
2009-04-07 11:44 . 2009-04-07 11:46 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-04-02 18:13 . 2009-04-02 18:13 <DIR> d-------- c:\windows\system32\KB905474
2009-04-02 18:13 . 2009-03-10 22:26 1,437,568 --a------ c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-04-02 18:13 . 2009-03-10 22:18 454,016 --a------ c:\windows\system32\KB905474\wgasetup.exe
2009-04-02 18:13 . 2009-02-09 18:51 17,140 --a------ c:\windows\system32\KB905474\wga_eula.txt
2009-03-29 16:47 . 2009-03-29 16:47 <DIR> d-------- c:\windows\Sun
2009-03-29 16:46 . 2009-03-29 16:45 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-29 16:46 . 2009-03-29 16:45 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-29 16:45 . 2009-03-29 16:45 <DIR> d-------- c:\programmi\Java
2009-03-29 13:28 . 2009-03-29 13:28 <DIR> d-------- c:\programmi\CCleaner
2009-03-19 19:34 . 2009-03-19 19:34 244 --ah----- C:\sqmnoopt12.sqm
2009-03-19 19:34 . 2009-03-19 19:34 232 --ah----- C:\sqmdata12.sqm
2009-03-19 19:32 . 2009-03-19 19:32 268 --ah----- C:\sqmdata11.sqm
2009-03-19 19:32 . 2009-03-19 19:32 244 --ah----- C:\sqmnoopt11.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-23 17:26 --------- d-----w c:\programmi\eMule
2009-02-28 09:55 --------- d-----w c:\programmi\Apple Software Update
2009-02-23 17:53 --------- d-----w c:\programmi\iTunes
2009-02-23 17:53 --------- d-----w c:\programmi\iPod
2009-02-23 17:53 --------- d-----w c:\programmi\File comuni\Apple
2009-02-23 17:53 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-23 17:51 --------- d-----w c:\programmi\QuickTime
2009-02-09 14:56 1,846,272 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"eMuleAutoStart"="c:\programmi\eMule\emule.exe" [2009-02-22 5668864]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-20 266497]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-29 148888]
"SoundMan"="SOUNDMAN.EXE" [2003-11-13 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2008-08-19 127488]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=

.
Contenuto della cartella 'Scheduled Tasks'

2009-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-04-07 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-10 22:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-07 12:25:32
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Ora fine scansione: 2009-04-07 12.27.08
ComboFix-quarantined-files.txt 2009-04-07 10:27:06

Pre-Run: 7.568.830.464 byte disponibili
Post-Run: 7,586,934,784 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

104 --- E O F --- 2009-04-02 16:13:45

famme sapè se vabbene

[Amantide]

Il log è pulito