Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Che virus ho?? Aiutatemi!!

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Che virus ho?? Aiutatemi!!

Messaggioda MooKid » mar mar 24, 2009 1:31 pm

Allora da stamattina ho un virus nel pc che non riesco a identificare.

Il PC è un HP preassemblato, Intel Core 2, 4 gb di ram, Windows Vista Home premium.



Questi i sintomi:

Non si apre Avast, non si apre Windows Defender, non riesce a fare ripristino di sistema, non si apre neanche Hijackthis...

per le applicazioni citate mi viene fuori un errore del tipo nomeprogramma.exe non è un'applicazione win32 valida.

Ho provato a fare più volte un ripristino ma qualunque punto io scelga mi dice che è mancante o danneggiato.

Ho provato a reistallare Avast ma non lo apre.

Ho reistallato anche hijackthis (che era "magicamente" sparito) ma mi da l'errore sopra citato.

in pratica non posso fare niente...l'unica cosa è postarvi le applicazioni del task mamnager nella speranza che qualcuno di voi riconosca il virus che affligge il mio pc.

Immagine

Al momento dello screen stavo facendo (la sto ancora faendo in realtà) una scansione antivirus online sul sito trend micro visto che nonn posso usare nessun antivirus.


Non so che fare, e vi chiedo cortesemente una mano...

in caso se mi potete dare un link ad una guida per formattare Win Vista ve ne sarei grato.



grazie e attendo fiducioso qualche risposta.
Avatar utente
MooKid
Aficionado
Aficionado
 
Messaggi: 65
Iscritto il: ven set 17, 2004 12:43 pm

Re: Che virus ho?? Aiutatemi!!

Messaggioda stevens » mar mar 24, 2009 1:39 pm

ciao

hai un bagle nel pc

scarica http://dc108.4shared.com/download/75022 ... 1-de3379fb

Doppio click sull'icona Findykill per avviare l'installazione:
Inserisci la prima spunta per accettare la licenza e prosegui > Suivant
Clicca su "Si" per destinare una cartella al programma
Clicca su Dèmarrer > Quitter per terminare l'installazione.
Cerca l'icona del programma sul desktop o in programmi ed eseguilo
USA il tasto 2 (invio) per la pulizia.
Il report delle operazioni effettuate lo trovarai in C:\FindyKill.txt
Allega il rapporto nella tua risposta.







Appena finito, vedi se riesci ad accedere alla provvisoria

Riavvia il computer in modalità provvisoria: all'avvio del pc, prima che inizi a caricare Windows, premi ripetutamente F8. Uscirà la finestra del menu Opzioni avanzate di Windows => scegli modalità provvisoria (usa il tasto freccia ^


scarica questo programmino... il download lo trovi in fondo alla pagina http://www.zonavirus.com/datos/descarga ... ibagla.asp

lancia il programma e spunta '' ELIMINAR FICHEROS AUTOMATICAMENTE''

clicca su EXPLORAR per avviare la scansione


quando avra' finito troverai il log in C:\InfoSat.txt. - copiali in blocco note e postalo nel forum
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: Che virus ho?? Aiutatemi!!

Messaggioda MooKid » mar mar 24, 2009 1:59 pm

grazie per la risposta inanzitutto....

allora appena ho avviato la scansione con findkill, (scrivendo 2 e invaindo) mi ha fatto errore con il simpatico schermo blu di win e il pc si è riavviato da solo...
ovviamente il log della scansione non c'è...


qualche suggerimento?
Avatar utente
MooKid
Aficionado
Aficionado
 
Messaggi: 65
Iscritto il: ven set 17, 2004 12:43 pm


Re: Che virus ho?? Aiutatemi!!

Messaggioda MooKid » mar mar 24, 2009 2:00 pm

Adesso ho riavviato findkyll ma ho avviato la prima operazione (1) che sta facendo solo un search per le cartelle e i file infetti...

vediamo che mi dice.
Avatar utente
MooKid
Aficionado
Aficionado
 
Messaggi: 65
Iscritto il: ven set 17, 2004 12:43 pm

Re: Che virus ho?? Aiutatemi!!

Messaggioda MooKid » mar mar 24, 2009 2:04 pm

ecco il report di findkyll:


----------------- FindyKill V4.707 ------------------

* User: Kesson - PC-KESSON
* Executed from : C:\Program Files\FindyKill
* Update on 06/12/08 by Chiquitine29
* Start at 13:59:17 the 24/03/2009
* Windows Vista - Internet Explorer 7.0.6001.18000

((((((((((((((((( *** Searching *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\System32\svchost.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\PnkBstrB.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\Installer\MSI439E.tmp
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe

--------------- [ Infected files / folders ] ----------------


»»»» Presence Files in C:


»»»» Presence Files in C:\Windows


»»»» Presence Files in C:\Windows\Prefetch

Found ! - C:\Windows\prefetch\105.EXE-5972082D.pf
Found ! - C:\Windows\prefetch\387359.EXE-A5B6195A.pf
Found ! - C:\Windows\prefetch\495343.EXE-E867BDA7.pf
Found ! - C:\Windows\prefetch\495828.EXE-316C1747.pf
Found ! - C:\Windows\prefetch\529296.EXE-055EB040.pf
Found ! - C:\Windows\prefetch\534296.EXE-AB8FDD04.pf
Found ! - C:\Windows\prefetch\537562.EXE-34CEC41F.pf
Found ! - C:\Windows\prefetch\FLEC006.EXE-DDAAAC55.pf
Found ! - C:\Windows\prefetch\MDELK.EXE-288F7189.pf
Found ! - C:\Windows\Prefetch\CRAC.EXE-E6AF4C32.pf

»»»» Presence Files in C:\Windows\system32

Found ! [24/03/2009 12.55] - C:\Windows\system32\mdelk.exe
Found ! [24/03/2009 12.55] - C:\Windows\system32\wintems.exe
Found ! [24/03/2009 13.54] - C:\Windows\system32\ban_list.txt
Found ! [20/09/2007 02.14] - C:\Windows\system32\AutoRun.inf

»»»» Presence Files in C:\Windows\system32\drivers

Found ! [24/03/2009 07.54] - "C:\Windows\system32\drivers\down"

»»»» Presence Files in C:\Users\Kesson\AppData\Roaming

Found ! [24/03/2009 13.57] - "C:\Users\Kesson\AppData\Roaming\m\flec006.exe"
Found ! [24/03/2009 13.58] - "C:\Users\Kesson\AppData\Roaming\m\list.oct"
Found ! [24/03/2009 13.58] - "C:\Users\Kesson\AppData\Roaming\m\data.oct"
Found ! [24/03/2009 13.58] - "C:\Users\Kesson\AppData\Roaming\m\srvlist.oct"
Found ! [24/03/2009 13.59] - "C:\Users\Kesson\AppData\Roaming\m\shared"
Found ! [24/03/2009 07.57] - "C:\Users\Kesson\AppData\Roaming\m"

»»»» Presence Files in C:\Users\Kesson\AppData\Local\Temp

Found ! - C:\Users\Kesson\AppData\Local\Temp\PSE_patch_log.txt

»»»» Presence Files in C:\Users\Kesson\Local Settings\Temporary Internet Files\Content.IE5

Found ! [29/11/2006 13.47] - C:\ProgramData\Skype\Plugins\Local Cache\7B5560BB781B40259A06350E9B643B6E_more.jpg
Found ! [17/10/2008 13.28] - C:\ProgramData\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
Found ! [29/11/2006 13.47] - C:\Users\All Users\Skype\Plugins\Local Cache\7B5560BB781B40259A06350E9B643B6E_more.jpg
Found ! [17/10/2008 13.28] - C:\Users\All Users\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
Found ! [24/03/2009 12.02] - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXIIUJDI\b64_1[1].jpg
Found ! [24/03/2009 13.58] - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXIIUJDI\b64_1[2].jpg
Found ! [24/03/2009 12.03] - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXIIUJDI\b64_3[1].jpg
Found ! [24/03/2009 13.59] - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXIIUJDI\b64_3[2].jpg
Found ! [24/03/2009 07.51] - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KGVKAWDX\b64[1].jpg
Found ! [24/03/2009 07.54] - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KGVKAWDX\b64_3[1].jpg
Found ! [24/03/2009 07.56] - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KGVKAWDX\b64_3[2].jpg
Found ! [24/03/2009 12.55] - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KGVKAWDX\b64_3[3].jpg
Found ! [24/03/2009 14.02] - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KGVKAWDX\b64_3[4].jpg
Found ! [24/03/2009 12.25] - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KGVKAWDX\b64_6[1].jpg
Found ! [24/03/2009 12.50] - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYVTV8VT\b64[1].jpg
Found ! [24/03/2009 13.57] - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYVTV8VT\b64[2].jpg
Found ! [24/03/2009 07.53] - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYVTV8VT\b64_2[1].jpg
Found ! [24/03/2009 12.25] - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYVTV8VT\b64_2[2].jpg
Found ! [24/03/2009 12.05] - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYVTV8VT\b64_3[1].jpg
Found ! [24/03/2009 12.00] - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XS9CX2E9\b64[1].jpg
Found ! [24/03/2009 12.22] - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XS9CX2E9\b64[2].jpg
Found ! [24/03/2009 07.53] - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XS9CX2E9\b64_1[1].jpg
Found ! [24/03/2009 12.03] - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XS9CX2E9\b64_2[1].jpg
Found ! [24/03/2009 12.53] - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XS9CX2E9\b64_2[2].jpg
Found ! [24/03/2009 07.54] - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XS9CX2E9\b64_6[1].jpg
Found ! [24/03/2009 12.03] - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XS9CX2E9\b64_6[2].jpg
Found ! [24/03/2009 12.53] - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XS9CX2E9\b64_6[3].jpg
Found ! [24/03/2009 13.59] - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XS9CX2E9\b64_6[4].jpg
Found ! [29/11/2006 13.47] - C:\Users\Kesson\AppData\Local\VirtualStore\ProgramData\Skype\Plugins\Local Cache\7B5560BB781B40259A06350E9B643B6E_more.jpg

--------------- [ Registry / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
SmpcSys=C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
DAEMON Tools="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
ehTray.exe=C:\Windows\ehome\ehTray.exe
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
updateMgr="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
BitTorrent DNA="C:\Program Files\DNA\btdna.exe"
WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
SMSERIAL=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
RtHDVCpl=RtHDVCpl.exe
RoxWatchTray="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
ISUSPM Startup=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
NeroFilterCheck=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
GrooveMonitor="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
Google IME Autoupdater="C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
Monitor=C:\Windows\PixArt\PAC207\Monitor.exe
TkBellExe="realsched.exe" -osboot
HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
AppleSyncNotifier=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
hpqSRMon=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1

[HKEY_CURRENT_USER\software\local appwizard-generated applications\crac]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\DestComp]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\hprbui]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Samsung Media Studio]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\SmpSys]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registry / Infected keys ] ----------------


Found ! - HKEY_USERS\S-1-5-21-934733682-3541227792-4260690281-1002\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-934733682-3541227792-4260690281-1002\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-934733682-3541227792-4260690281-1002\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-934733682-3541227792-4260690281-1002\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-934733682-3541227792-4260690281-1002\Software\MuleAppData
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\FFC
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s

--------------- [ States / Services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

/!\ Ndisuio - Type of startup = 4

EapHost - Type of startup = 3

Wlansvc - Type of startup = 3

/!\ SharedAccess - Type of startup = 4

/!\ wuauserv - Type of startup = 4

/!\ wscsvc - Type of startup = 4

/!\ WinDefend - Type of startup = 4



--------------- [ Searching in removable drives ] ----------------


+- Informations :

C: - Unit… fissa

+- Presence of files :



--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


------------------- ! End of report ! --------------------
Avatar utente
MooKid
Aficionado
Aficionado
 
Messaggi: 65
Iscritto il: ven set 17, 2004 12:43 pm

Re: Che virus ho?? Aiutatemi!!

Messaggioda MooKid » mar mar 24, 2009 2:34 pm

fatta l'eliminazione con findykill ecco il log

----------------- FindyKill V4.707 ------------------

* User : Kesson - PC-KESSON
* executed from : C:\Program Files\FindyKill
* Update on 06/12/08 par Chiquitine29
* Start at 14:21:04 the 24/03/2009
* Windows Vista - Internet Explorer 7.0.6001.18000


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe
C:\Windows\Installer\MSI439E.tmp
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\Windows


»»»» Supression files in C:\Windows\Prefetch

Deleted ! - C:\Windows\prefetch\105.EXE-5972082D.pf
Deleted ! - C:\Windows\prefetch\387359.EXE-A5B6195A.pf
Deleted ! - C:\Windows\prefetch\495343.EXE-E867BDA7.pf
Deleted ! - C:\Windows\prefetch\495828.EXE-316C1747.pf
Deleted ! - C:\Windows\prefetch\529296.EXE-055EB040.pf
Deleted ! - C:\Windows\prefetch\534296.EXE-AB8FDD04.pf
Deleted ! - C:\Windows\prefetch\537562.EXE-34CEC41F.pf
Deleted ! - C:\Windows\prefetch\CRAC.EXE-E6AF4C32.pf
Deleted ! - C:\Windows\prefetch\FLEC006.EXE-DDAAAC55.pf
Deleted ! - C:\Windows\prefetch\MDELK.EXE-288F7189.pf

»»»» Supression files in C:\Windows\system32

Deleted ! - C:\Windows\system32\autorun.inf
Deleted ! - C:\Windows\system32\mdelk.exe
Deleted ! - C:\Windows\system32\wintems.exe
Deleted ! - C:\Windows\system32\ban_list.txt

»»»» Supression files in C:\Windows\system32\drivers

Deleted ! - C:\Windows\system32\drivers\srosa.sys
Deleted ! - C:\Windows\system32\drivers\srosa2.sys
Deleted ! - C:\Windows\system32\drivers\down\495828.exe
Deleted ! - C:\Windows\system32\drivers\down\535890.exe
Deleted ! - "C:\Windows\system32\drivers\down"

»»»» Supression files in C:\Users\Kesson\AppData\Roaming

Deleted ! - "C:\Users\Kesson\AppData\Roaming\m\flec006.exe"
Deleted ! - "C:\Users\Kesson\AppData\Roaming\m\list.oct"
Deleted ! - "C:\Users\Kesson\AppData\Roaming\m\data.oct"
Deleted ! - "C:\Users\Kesson\AppData\Roaming\m\srvlist.oct"
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\!3D Development Studio for Delphi 6.07.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\A Web Snatch Program 2.1.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Active Tree 1.0.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\AddressBook 2.00.896.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Ambisight Bulk Website Monitor 1.1.02.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\AnMing iPod Converter 1.0.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Asset Manager Enterprise Edition 1.0.1055.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Astro 867.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Audio Converter Pro 2.2.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Battlefield Vietnam Riverside Village map.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Beached II 1.4.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\BugCollector Web 1.0 KeyGen.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Cats Photo Screensaver 1.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\cineSync 1.2.1.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\CMailServer 5.4.2.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Conflict Vietnam patch 1.1.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Conti Software & Libraries 2.01.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Cookie Master 0.9.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Countdown Clock 1.1 (Patch).zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\CustomSync 1.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Cute MP3 Converter 2.0 [KeyGen].zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Dungeon Siege movie 1.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\DVR-Studio Pro 1.64 Key.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\DWF to DWG Converter 1.66.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\easyStockLogger 1.5.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\ecGraph 2.13.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Edovia PopShield AntiPopup 1.0.0.6.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Effective Site Studio 6 [Patch].zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Error Killer 2.6.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\ESPN Toolbar 1.0.1.8.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Eventcorder suite 2.0 KeyGen.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Exclaimer 4.30.1192.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Ezy Invoice 7 Build 4.5.3.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Feedback Assistant 1.93.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\FellaCons1.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\File And MP3 Tag Renamer 2.2 [Patch].zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Flight Simulator 2004 A Century of Flight Hawaii Hops Scenario.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Flobo Hard Disk Repair 1.5.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Foam 1.1.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Folderprint Assistant 1.0.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\FolderShine 1.01.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Gallerinator 1.5b.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\GISEYE Coordinate Converter 3.1.0.0.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Gitarrero Beginner 1.2 (Key).zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Glplotter 1.2.1.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Google Toolbar History Mate 1.10 [Patch].zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\HDTVtoMPEG2 1.11.89.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\HM Find+Rename 1.1 SP 3.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\IE5 Cached Web Credentials Vulnerability Patch.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\ImageSpace 0.5.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\infallsoft Sound Recorder SE 1.01.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Ingenus Soft DJ 1.2.2.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\IntelliAdmin LAN Edition 2.8 [KeyGen].zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Internet Form Hunter 1.2.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Islam 7.02.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Jahshaka 2.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Karma Player 1.80.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\KeyBox 1.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Keylogger Hunter 2.14.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\LanConference 1.10.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Launch Express 1.10.2 Build 57.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Legends of Might and Magic 1.1 patch.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Licencia Key Kaspersky Anti-Virus Personal v.5.0.372 Garantizado Por Luismi.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\LingvoSoft Learning PhraseBook 2008 Arabic - Japanese Kana 2.3.91.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Lisa FLV to MP3 Converter 5.0.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\MAGIX Movies on CD & DVD 4.5.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Magnifying Glass 1.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Marbleous 1.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Medinsure Magic 4.2 [Patch].zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\MEMTRACE 1.91.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Microwave Screensaver 1.0.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Midicat 1.8.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\MS Word Definition Lookup Software 7.0.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\MSN Sniffer 2.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\MSSQL-to-Oracle 1.5.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Multi Racing Countdown a.b.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Network Boot Tools 1.2.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\NetXtremeIcmp 1.2.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\norton.ghost.symantec.2003.no.serial.needed.andrea.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Occupation Finder 1.1.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Online Store Kit 3.0 Lite 3.0.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Osctoberfest 1.0.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Ovation Web Portal Software 2.0.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\PegasusApps DVD to Zune Converter 3.2.80.020.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Picture Magnifier 1.0.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Pragmatic Office 4.0.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Printer Anywhere 0.9.99.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Private Dancer Screensaver 1.0.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Program Protector 3.2.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Proxifier 2.6.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Public Folder HelpDesk for Outlook 8.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\PyroDVD 1.5.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Readiris Pro 11.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Reportizer 2.7 [Key+Serial].zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Rhyme Time 6 1.0.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Saab 2 Screensaver.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Save Images 0.3.7.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Select Edges 1.0.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Simple TTS Reader 1.0.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\SmartVB6 2.0.1 (Crack).zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Sound Converter ActiveX 1.2.13.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Split Text Files Into Multiple Files Software 7.0.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Spring Colours Screensaver 1.0.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Super Mp3 Wav Converter 1.6.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Tarantula 1.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Task Catcher 1.0.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Texas News 1.0.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\TrayIcon Pro 2.0.243 [With Crack].zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Underwater World 3D 1.0 (Key+Serial).zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Universal Table Browser 2.0 Serial.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Universal Translator Chinese 1.5.2.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Unreal Tournament 2004 All TC 1200 Mutator.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Unreal Tournament 2004 DM Egyptian Hell map.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Vault Multiple File Upload and Download Applet 2.1.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\VC Tips 1.0.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\VirtuaTennis.J2ME(Nokia N73).v1.4.4.DDJ adapted.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Whois.dll 1.0 [Cracked].zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\WinHide 1.0 [Key+Serial].zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\WordToPDF Pro 2.4 build 134.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\XPepius 3.1.0 (Key).zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\Yaldex RainbowHTML 2.00.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\You Perform 1.1.3.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\YTB Downloader 1.00.01.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\ZionEdit 2.0.16.zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\[HGame XP][AVG][jpn jpn][†ŸÆ?©‡%?‡õ~‘>÷Æ?î†?O‡ïs‡"Y].zip
Deleted ! - C:\Users\Kesson\AppData\Roaming\m\shared\[PS][SLPS-01845].Sound.Novel.Evolution.3.Machi.(J).(AVG).(Chunsoft).Š­-.-.†'«Š¨?‡s"„§Ï†ú©‡'û.A.zip
Deleted ! - "C:\Users\Kesson\AppData\Roaming\m\shared"
Deleted ! - "C:\Users\Kesson\AppData\Roaming\m"

»»»» Supression files in C:\Users\Kesson\AppData\Local\Temp

Deleted ! - C:\Users\Kesson\AppData\Local\Temp\PSE_patch_log.txt

»»»» Supression files in C:\Users\Kesson\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\ProgramData\Skype\Plugins\Local Cache\7B5560BB781B40259A06350E9B643B6E_more.jpg
Deleted ! - C:\ProgramData\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
Deleted ! - C:\Users\All Users\Skype\Plugins\Local Cache\7B5560BB781B40259A06350E9B643B6E_more.jpg
Deleted ! - C:\Users\All Users\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
Deleted ! - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXIIUJDI\b64_1[1].jpg
Deleted ! - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXIIUJDI\b64_1[2].jpg
Deleted ! - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXIIUJDI\b64_3[1].jpg
Deleted ! - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXIIUJDI\b64_3[2].jpg
Deleted ! - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KGVKAWDX\b64[1].jpg
Deleted ! - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KGVKAWDX\b64_3[1].jpg
Deleted ! - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KGVKAWDX\b64_3[2].jpg
Deleted ! - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KGVKAWDX\b64_3[3].jpg
Deleted ! - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KGVKAWDX\b64_3[4].jpg
Deleted ! - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KGVKAWDX\b64_6[1].jpg
Deleted ! - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYVTV8VT\b64[1].jpg
Deleted ! - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYVTV8VT\b64[2].jpg
Deleted ! - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYVTV8VT\b64_2[1].jpg
Deleted ! - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYVTV8VT\b64_2[2].jpg
Deleted ! - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYVTV8VT\b64_3[1].jpg
Deleted ! - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XS9CX2E9\b64[1].jpg
Deleted ! - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XS9CX2E9\b64[2].jpg
Deleted ! - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XS9CX2E9\b64_1[1].jpg
Deleted ! - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XS9CX2E9\b64_2[1].jpg
Deleted ! - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XS9CX2E9\b64_2[2].jpg
Deleted ! - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XS9CX2E9\b64_6[1].jpg
Deleted ! - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XS9CX2E9\b64_6[2].jpg
Deleted ! - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XS9CX2E9\b64_6[3].jpg
Deleted ! - C:\Users\Kesson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XS9CX2E9\b64_6[4].jpg
Deleted ! - C:\Users\Kesson\AppData\Local\VirtualStore\ProgramData\Skype\Plugins\Local Cache\7B5560BB781B40259A06350E9B643B6E_more.jpg

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S

--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Wlansvc - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

WinDefend - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Unit… fissa

+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Cracks / Keygen ] ----------------

C:\Users\Kesson\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PSCNBTEL\crackle.com
C:\Users\Kesson\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PSCNBTEL\crackle.com\crackleSettings.sol
C:\Users\Kesson\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PSCNBTEL\crackle.com\tracking.sol
C:\Users\Kesson\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#crackle.com
C:\Users\Kesson\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.sol
C:\Users\Kesson\AppData\Roaming\Microsoft\Office\Recent\Solid Pdf converter to word V3.1 + CRACK.LNK
C:\Users\Kesson\Desktop\Doc II\Office.Genuine.Advantage.Validation.v1.7.102.0_Cracked-Squiccio_Chicchedicala_.zip
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\Crack Call Of Duty 4 Patch 1.5 No-Cd Dvd Crack On-Line On Line Multiplayer Guida X Giocare Online Keygen Serial Ase Server Italiani Cod4
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\Crack Call Of Duty 4 Patch 1.5 No-Cd Dvd Crack On-Line On Line Multiplayer Guida X Giocare Online Keygen Serial Ase Server Italiani Cod4.zip
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\Knights Of The Old Republic (Kotor) Nocd Crack.rar
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\Pro.Evolution.Soccer.2009.Crack.Only-RELOADED.rar
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\Star Wars Kotor 2 - Crack + Patch Ita + Manuale.rar
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO.shared.by.pipebomb
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO.shared.by.pipebomb.rar
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\Universal Document Converter 4.1+crack.zip
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\Crack Call Of Duty 4 Patch 1.5 No-Cd Dvd Crack On-Line On Line Multiplayer Guida X Giocare Online Keygen Serial Ase Server Italiani Cod4\Call of Duty 4 Keygen.exe
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\Crack Call Of Duty 4 Patch 1.5 No-Cd Dvd Crack On-Line On Line Multiplayer Guida X Giocare Online Keygen Serial Ase Server Italiani Cod4\CRACK MULTI PLAYER
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\Crack Call Of Duty 4 Patch 1.5 No-Cd Dvd Crack On-Line On Line Multiplayer Guida X Giocare Online Keygen Serial Ase Server Italiani Cod4\CRACK SINGLE PLAYER
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\Crack Call Of Duty 4 Patch 1.5 No-Cd Dvd Crack On-Line On Line Multiplayer Guida X Giocare Online Keygen Serial Ase Server Italiani Cod4\GUIDA PER GIOCARE ONLINE.txt
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\Crack Call Of Duty 4 Patch 1.5 No-Cd Dvd Crack On-Line On Line Multiplayer Guida X Giocare Online Keygen Serial Ase Server Italiani Cod4\punk buster setup.exe
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\Crack Call Of Duty 4 Patch 1.5 No-Cd Dvd Crack On-Line On Line Multiplayer Guida X Giocare Online Keygen Serial Ase Server Italiani Cod4\server italiani cracckati cod 4.txt
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\Crack Call Of Duty 4 Patch 1.5 No-Cd Dvd Crack On-Line On Line Multiplayer Guida X Giocare Online Keygen Serial Ase Server Italiani Cod4\The All Steeing Eye_install.exe
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\Crack Call Of Duty 4 Patch 1.5 No-Cd Dvd Crack On-Line On Line Multiplayer Guida X Giocare Online Keygen Serial Ase Server Italiani Cod4\CRACK MULTI PLAYER\iw3mp.exe
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\Crack Call Of Duty 4 Patch 1.5 No-Cd Dvd Crack On-Line On Line Multiplayer Guida X Giocare Online Keygen Serial Ase Server Italiani Cod4\CRACK SINGLE PLAYER\iw3sp.exe
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO.shared.by.pipebomb\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO.shared.by.pipebomb\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO\ase260-emp
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO.shared.by.pipebomb\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO\ase260-emp.nfo
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO.shared.by.pipebomb\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO\ase260-emp.rar
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO.shared.by.pipebomb\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO\ase260-emp.sfv
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO.shared.by.pipebomb\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO\pipeshare.jpg
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO.shared.by.pipebomb\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO\ase260-emp\buddylog.txt
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO.shared.by.pipebomb\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO\ase260-emp\builtin0.dat
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO.shared.by.pipebomb\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO\ase260-emp\default.bud
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO.shared.by.pipebomb\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO\ase260-emp\default.cfl
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO.shared.by.pipebomb\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO\ase260-emp\default.chn
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO.shared.by.pipebomb\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO\ase260-emp\default.fav
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO.shared.by.pipebomb\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO\ase260-emp\default.fil
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO.shared.by.pipebomb\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO\ase260-emp\default.pld
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO.shared.by.pipebomb\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO\ase260-emp\default.plr
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO.shared.by.pipebomb\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO\ase260-emp\eye.exe
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO.shared.by.pipebomb\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO\ase260-emp\eye2.exe
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO.shared.by.pipebomb\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO\ase260-emp\eyeinst.exe
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO.shared.by.pipebomb\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO\ase260-emp\Key.reg
C:\Users\Kesson\Downloads\eMule AdunanzA\Incoming\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO.shared.by.pipebomb\The.All.Seeing.Eye.v2.6.0.WinALL.Cracked-EMPORiO\ase260-emp\servers.dat
C:\Users\Kesson\Favorites\CRACKMANWORLD.url
C:\ProgramData\GameTap\appdata\cache\gtPlayer\data\catalogmedia\CrackDown_GEN_Sega_243b0.dds
C:\ProgramData\GameTap\appdata\cache\gtPlayer\data\catalogmedia\Crackpots_2600_Act_265f3.dds


---------------- ! End of report ! ------------------
Avatar utente
MooKid
Aficionado
Aficionado
 
Messaggi: 65
Iscritto il: ven set 17, 2004 12:43 pm

Re: Che virus ho?? Aiutatemi!!

Messaggioda ste_95 » mar mar 24, 2009 2:41 pm

Scarica ComboFix ed esegui una scansione, le istruzioni le trovi in fondo a questo articolo.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Che virus ho?? Aiutatemi!!

Messaggioda MooKid » mar mar 24, 2009 3:14 pm

ecco il lof di combofix:

ComboFix 09-03-23.01 - Kesson 2009-03-24 14.55.32.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.3006.1863 [GMT 1:00]
Eseguito da: c:\users\Kesson\Desktop\Beagle\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *enabled*
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe
c:\users\Kesson\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Videos.url
c:\users\Kesson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
c:\users\Kesson\EULA.txt
c:\users\Kesson\FAVORI~1\Videos.url
c:\users\Kesson\Favorites\Videos.url

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((( Files Creati Da 2009-02-24 al 2009-03-24 )))))))))))))))))))))))))))))))))))
.

2009-03-24 13:45 . 2009-03-24 14:28 <DIR> d-------- c:\program files\FindyKill
2009-03-24 12:51 . 2009-03-24 14:17 <DIR> d-------- c:\users\Kesson\.housecall6.6
2009-03-24 12:17 . 2009-02-05 22:06 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2009-03-23 02:54 . 2009-03-23 02:54 <DIR> d-------- C:\30a74c708b885e8d56
2009-03-23 02:48 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-03-23 02:47 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-03-23 02:47 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-03-23 02:47 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-03-23 02:47 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-03-22 12:57 . 2009-03-23 07:06 <DIR> d-------- c:\users\All Users\Xfire
2009-03-22 12:57 . 2009-03-23 07:06 <DIR> d-------- c:\progra~2\Xfire
2009-03-22 12:48 . 2009-03-22 12:48 <DIR> d-------- c:\program files\AeriaGames
2009-03-21 18:07 . 2009-03-21 18:07 <DIR> d-------- c:\users\All Users\TVU Networks
2009-03-21 18:07 . 2009-03-21 18:07 <DIR> d-------- c:\progra~2\TVU Networks
2009-03-16 14:58 . 2008-12-09 19:17 21,248 --a------ c:\windows\System32\solidlocalmon.dll
2009-03-16 14:58 . 2008-12-09 19:17 13,568 --a------ c:\windows\System32\solidlocalui.dll
2009-03-16 14:20 . 2009-03-16 14:20 <DIR> d-------- c:\program files\Free PDF to Word Doc Converter
2009-03-11 08:31 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 08:31 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 08:31 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 08:31 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-11 08:27 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 08:21 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-02-26 19:46 . 2009-02-26 19:46 42,320 --a------ c:\windows\System32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 13:58 --------- d-----w c:\users\Kesson\AppData\Roaming\DNA
2009-03-24 13:42 --------- d-----w c:\users\Kesson\AppData\Roaming\Skype
2009-03-24 12:54 --------- d-----w c:\program files\DNA
2009-03-24 12:51 --------- d-----w c:\program files\Packard Bell Data Secure
2009-03-23 13:28 --------- d-----w c:\progra~2\Google Updater
2009-03-23 11:11 --------- d-----w c:\users\Kesson\AppData\Roaming\BitTorrent
2009-03-23 06:06 --------- d-----w c:\program files\Xfire
2009-03-23 00:18 --------- d-----w c:\users\Kesson\AppData\Roaming\Xfire
2009-03-21 17:11 --------- d-----w c:\program files\TVAnts
2009-03-21 17:06 --------- d-----w c:\program files\TVUPlayer
2009-03-16 17:09 --------- d-----w c:\users\Kesson\AppData\Roaming\SolidDocuments
2009-03-16 13:58 --------- d-----w c:\program files\Soliddocuments
2009-03-16 13:58 --------- d-----w c:\progra~2\SolidDocuments
2009-03-15 19:45 --------- d-----w c:\program files\Zoom Player
2009-03-12 02:06 --------- d-----w c:\program files\Windows Mail
2009-03-12 02:01 --------- d-----w c:\progra~2\Microsoft Help
2009-03-10 23:41 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-10 23:41 --------- d-----w c:\program files\Travaillons avec le Français !
2009-03-10 23:40 --------- d-----w c:\program files\MySQL
2009-02-24 03:19 --------- d---a-w c:\progra~2\TEMP
2009-02-22 13:08 --------- d-----w c:\program files\MSN Messenger
2009-02-22 13:08 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-05 16:22 --------- d-----w c:\users\Kesson\AppData\Roaming\MySQL
2009-02-05 15:53 --------- d-----w c:\progra~2\MySQL
2009-02-03 02:58 --------- d-----w c:\progra~2\NVIDIA
2009-02-03 02:27 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-01-24 12:10 --------- d-----w c:\program files\LucasArts
2008-12-24 10:58 606,848 ----a-w c:\windows\flashax.exe
2008-12-24 10:58 12,288 ----a-w c:\windows\impborl.dll
2008-12-24 01:32 194,560 ----a-w c:\windows\MesaLab_screensaver_Natale_1152.scr
2008-04-25 13:39 174 --sha-w c:\program files\desktop.ini
2008-01-03 17:07 13,413,048 ----a-w c:\users\Kesson\Google_Earth_BZXD.exe
2007-12-03 12:22 22,328 ----a-w c:\users\Kesson\AppData\Roaming\PnkBstrK.sys
2007-07-11 11:17 81,920 ----a-w c:\users\Kesson\AppData\Roaming\ezpinst.exe
2007-07-11 11:17 47,360 ----a-w c:\users\Kesson\AppData\Roaming\pcouffin.sys
2007-03-15 22:06 9,451,515 ----a-w c:\users\Kesson\vlc-0.8.6-win32.exe
2007-02-14 14:26 245,504 ----a-w c:\program files\Everest_Poker.exe
2007-02-11 01:35 4,859,480 ----a-w c:\users\Kesson\MsgPlusLive-411.exe
2007-02-11 01:22 17,938,288 ----a-w c:\users\Kesson\Install_Messenger.exe
2008-04-19 12:52 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-04-19 12:52 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-04-19 12:52 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-03-23 25268776]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-02 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"BitTorrent DNA"="c:\users\Kesson\Program Files\DNA\btdna.exe" [2009-03-24 342848]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 228088]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 81920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2009-03-24 319488]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 92704]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-03-24 81000]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]

c:\users\Kesson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-15 113664]
Avvio veloce di Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

c:\users\Kesson\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-934733682-3541227792-4260690281-1002]
"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{2A6A01FC-1440-4CB1-BEA2-D14E0E840A82}c:\\program files\\adunanza\\emule_adnza.exe"= UDP:c:\program files\adunanza\emule_adnza.exe:eMule
"UDP Query User{5A2D1D15-9568-48A2-8F9F-1056E465A80D}c:\\program files\\adunanza\\emule_adnza.exe"= TCP:c:\program files\adunanza\emule_adnza.exe:eMule
"{F87747DC-D19A-4A6E-A7D8-7F17019813D5}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{A3FBA134-2A5E-44C7-A97F-C35049E41316}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F68E6DED-DD44-4B70-9F77-6E9DA00C5013}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2B93115B-D3DC-4C12-A4CD-B9C2E6EA9EF8}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{61413D88-894C-470C-9F39-03D55A9B33C7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{93A3921D-96B4-4188-A1F8-F819B709D449}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A8E6DDB8-A501-4090-AB1C-B56BCD2A9F4C}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{7B46BAE8-BAE5-41DF-8AAE-B755312C318C}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{FB40E35A-7B74-4808-A1B3-EF576A1F90AA}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{9189F07B-19A8-450C-B8D5-2142CED91CED}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{25949722-EBC9-49ED-8CED-6ABBBC453CCC}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{5E20E50B-1D92-4F29-A324-9CE9F4808A06}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{07D32312-0749-438A-9FB3-0D0046825615}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{FE1A7BC3-6807-4714-AC1B-E324340ADFFB}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{0A913ACF-1D20-46C9-9F3B-B2CC79F31FDF}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7CDA054B-67B6-47E3-9CE4-837DE113ADEF}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{DC36FFA6-B9FA-49CA-9780-8D20E600D8AC}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{F0365DC3-97D6-4087-9799-16F5DEADE3C9}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{4BB7D4B7-E18A-4115-9694-847D00010755}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{84403CD3-8DE9-4CFF-8397-CACA27B4D3AB}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{2B350808-6840-4592-8FE9-E64164B0EFF9}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{49E849EF-5355-4FD1-9AFB-C07004925E32}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{3D88E1F9-54F9-49C3-BA40-375191CFE71D}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{144F9F3B-9713-4E1A-AC54-BC834B8FB4B0}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{BE2AE58E-5501-484F-A6EA-23D5CB6B6896}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{1E5D3B6D-2018-420A-8812-CEF504AFFFFD}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{92329EF3-A9FB-43AA-BB4D-A6B658654EE7}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{C75B3D97-9BD7-426E-9C2D-072A91DF6AD6}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{D2BADB28-4E0F-4694-94B8-FBD8EA343346}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{83188C0A-BB7C-49E0-A1FD-1E52335A2407}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{3BC9C88F-AA81-4660-8B1B-9FB36B3674B5}"= UDP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{B5E162C8-EE2F-44EF-86CC-7A13AF58F34C}"= TCP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{C2583732-D2A5-43D4-9176-5511C8975239}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{EDC1B382-E4DF-4079-8A02-3BC082EFC00F}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{A33132F5-E0A8-45B9-942F-5F46827CCA3A}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{CBD152B2-4D8B-4136-8821-2935F5314F39}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{C6580066-803D-4AAB-BB4D-BCA30A0DC16D}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{AF376828-CBAD-4D8A-85DE-085366FD9A08}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{74795389-D9D4-4239-9407-BBDC5FBFCFF5}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{C9638B36-F044-4AC3-9410-D3D6F4BC8729}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9B7C2D0E-0110-4FA5-9F26-BAD74F1D668E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{28A7187F-3598-41B7-AD3D-B9708278880B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{03A52D85-32A7-443E-BECF-49E745F1741F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{FCF098C3-30F3-4593-B673-C2F08D8D67E9}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D7933769-F93A-4807-B3D8-093E301902A2}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F7C83A3E-A5E4-4A4E-A155-1976932D771B}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{07B17AC6-E11A-45DF-AC31-23B714C108DC}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{AA2B715E-52D1-444A-AA2D-D2E09A037CD7}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{01406B19-EEBE-426A-851B-0283FE66E5D6}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{7CB33D85-E855-4523-B349-CEAB5024ECAB}"= UDP:c:\users\Kesson\AppData\Local\Temp\pes2009.exe:Pro Evolution Soccer 2009
"{29BDB2BA-2E5A-449A-9C11-F1E750222FBC}"= TCP:c:\users\Kesson\AppData\Local\Temp\pes2009.exe:Pro Evolution Soccer 2009
"{50DC3525-86DE-4960-A170-033AB1A5D09F}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"{70487ECB-18AE-442B-AAEC-BC7DE1FB1682}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"{CEBB17FC-9F00-4E87-AA45-BED81AF9B5EC}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F37E1327-52BE-44E5-91E9-80C683FF0EDD}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{50370449-7816-44C7-B45F-5988534A61DB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{624C2391-4825-4BE8-A70B-BAEBCD7A8093}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{17FC96A6-9723-40B8-896C-4D8976366FC3}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{CBA2E2FB-312A-45FD-B604-30CB8A31989E}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{9D169E49-B750-46BA-BB60-37F9EB2153FC}c:\\program files\\emule adunanza\\emule_adnza.exe"= UDP:c:\program files\emule adunanza\emule_adnza.exe:eMule
"UDP Query User{7E200040-7A05-481B-82F1-03A8A2B4156E}c:\\program files\\emule adunanza\\emule_adnza.exe"= TCP:c:\program files\emule adunanza\emule_adnza.exe:eMule
"{CAC1D4D8-0CA9-4340-A0F8-A793BE0E88F2}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{4B3F038A-8E5D-4266-92C9-8D426CF0AD55}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Program Files\\uusee\\UUSeePlayer.exe"= c:\program files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-03-24 51792]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI439E.tmp [2009-03-16 189696]
S3 PAC207;Trust WB-1200p Mini Webcam;c:\windows\System32\drivers\PFC027.SYS [2007-05-14 508288]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a359f96-f2ed-11dc-8bd2-0019db403de1}]
\shell\auto\command - Knight.exe open
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\shell\explore\command - Knight.exe open
\shell\find\command - Knight.exe open
\shell\install\command - Knight.exe open
\shell\open\command - Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a359f9b-f2ed-11dc-8bd2-0019db403de1}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b71f2fe5-ba46-11db-8ef4-0019db403de1}]
\shell\AutoRun\command - E:\Autorun.exe
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-SmpcSys - c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe
HKLM-Run-Google IME Autoupdater - c:\program files\Google\Google Pinyin\GooglePinyinDaemon.exe
HKLM-Run-TkBellExe - realsched.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Winamp Toolbar Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\program files\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\users\Kesson\AppData\Roaming\Mozilla\Firefox\Profiles\0ije2fa4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - plugin: c:\program files\GameTap\bin\Release\npgametaptool.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\users\Kesson\AppData\Roaming\Mozilla\Firefox\Profiles\0ije2fa4.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\Kesson\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 15:01:13
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\windows\TEMP\TMP0000002C81707D1F4AFCE572 524288 bytes executable

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Ora fine scansione: 2009-03-24 15:07:19 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-03-24 14:07:03

Pre-Run: 6.168.592.384 byte disponibili
Post-Run: 6,037,872,640 byte disponibili

316 --- E O F --- 2009-03-23 20:34:23
Avatar utente
MooKid
Aficionado
Aficionado
 
Messaggi: 65
Iscritto il: ven set 17, 2004 12:43 pm

Re: Che virus ho?? Aiutatemi!!

Messaggioda stevens » mar mar 24, 2009 3:18 pm

prova con l'altro programmino il download lo trovi in fondo alla pagina http://www.zonavirus.com/datos/descarga ... ibagla.asp

lancia il programma e spunta '' ELIMINAR FICHEROS AUTOMATICAMENTE''

clicca su EXPLORAR per avviare la scansione

quando avra' finito troverai il log in C:\InfoSat.txt. - copiali in blocco note e postalo nel forum

C:\InfoSat.txt.
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: Che virus ho?? Aiutatemi!!

Messaggioda MooKid » mar mar 24, 2009 5:48 pm

Allora ho usato prima eli bagle e poi combofix...


sembra che il virus non ci sia più, sono infatti riuscito a reistallare avast, e sia windows defender che hijackthis funzionano nuovamente...

ho fatto adesso uno scan con hijackthis dove non sembrano esserci problemi una volta analizzati sul sito .

comunque ve lo posto:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.47.21, on 15/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Program Files\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Selezione intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\Kesson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} (ULiveCtrl Control) - http://uc.sina.com.con/download/live/weblive2.4.0.0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resourc ... dit-it.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://valenoxvalko.spaces.live.com/Pho ... dit-it.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

--
End of file - 13211 bytes




a quanto pare sono riuscito a risolvere ...!


grazie mille a tutti voi per l'aiuto repentino ed efficacissimo!
Avatar utente
MooKid
Aficionado
Aficionado
 
Messaggi: 65
Iscritto il: ven set 17, 2004 12:43 pm

Re: Che virus ho?? Aiutatemi!!

Messaggioda lorenaino » mar mar 24, 2009 5:59 pm

ciao,aspettando la risposta degli esperti se sei veramente a posto,ti consiglio di installare avira antivir free che è decisamente migliore rispetto ad awast.
http://www.free-av.com/

[^]
Avatar utente
lorenaino
Aficionado
Aficionado
 
Messaggi: 138
Iscritto il: mar feb 17, 2009 3:43 pm
Località: Sasso Marconi

Re: Che virus ho?? Aiutatemi!!

Messaggioda stevens » mar mar 24, 2009 6:10 pm

la maggior parte delle infezioni sono state tolte da findkill

puoi postarmi il log di elibagla?

c'e' ancora questo da togliere Knight.exe

prima di procedere , fai una scansione con Malwarebytes http://www.malwarebytes.org/mbam/program/mbam-setup.exe
1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare per ora le ventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: Che virus ho?? Aiutatemi!!

Messaggioda MooKid » mar mar 24, 2009 7:28 pm

Non trovo il log di eli bagle...non so perché...


comunque ho fatto una ricerca sul pc e il file knight.exe non sembra esserci...

sto scaricando il programma da te suggeritomi, malwarebytes, e a breve ti posterò il log.


grazie ancora a tutti dell'aiuto!
Avatar utente
MooKid
Aficionado
Aficionado
 
Messaggi: 65
Iscritto il: ven set 17, 2004 12:43 pm

Re: Che virus ho?? Aiutatemi!!

Messaggioda stevens » mar mar 24, 2009 8:06 pm

prova a visualizzare i file nascosti e vedi se trovi Knight.exe

Start--Computer--Organizza--Opzioni cartella e ricerca--Visualizzazione
-Mettere la spunta a "Visualizza cartelle e files nascosti"
-Togliere la spunta a "Nascondi i files protetti di sistema"



il log di elibagla lo trovi in C:\
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: Che virus ho?? Aiutatemi!!

Messaggioda Amantide » mar mar 24, 2009 9:08 pm

Per quanto riguarda knight.exe...
Collega al pc tutte le chiavette USB ed hard disk esterni che hai ed esegui la scansione con questo tool
http://www.MegaLab.it/2899/worm-perlovg ... desiderato

Per il resto i vari log sono puliti.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: Che virus ho?? Aiutatemi!!

Messaggioda MooKid » mar mar 24, 2009 9:18 pm

allora ho cercato knight.exe anche anche vedendo i file di sistema nascosti e non c'è...


anche malwarebytes non ha trovato nulla, ecco il log:

Malwarebytes' Anti-Malware 1.34
Versione del database: 1892
Windows 6.0.6001 Service Pack 1

24/03/2009 21.17.27
mbam-log-2009-03-24 (21-17-27).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 260326
Tempo trascorso: 1 hour(s), 47 minute(s), 38 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)



che dire sembra davvero tutto ok.


ancora grazie a tutti!
Avatar utente
MooKid
Aficionado
Aficionado
 
Messaggi: 65
Iscritto il: ven set 17, 2004 12:43 pm

Re: Che virus ho?? Aiutatemi!!

Messaggioda stevens » mar mar 24, 2009 9:28 pm

segui il consiglio di Amantide

Per quanto riguarda knight.exe...
Collega al pc tutte le chiavette USB ed hard disk esterni che hai ed esegui la scansione con questo tool
http://www.MegaLab.it/2899/worm-perlovg ... desiderato
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 9 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising