www.MegaLab.it

[Saluti]

Ciao a tutti.
Ogni volta che accendo il computer appare nel systray lo scudetto rosso con la x bianca del centro di protezione di Windows (Vista home premium) che mi segnala che il computer non è protetto.
Vado al centro di sicurezza è in effetti risulta che la protezione da malware dell'antivirus (AGV free 8) è disattivata, mentre quella di windows defender risulta attiva. Clicco su "attiva ora" e non succede un fico secco, o meglio appare la solita finestra che invita a continuare, clicco su continua e poi ritorna il centro di sicurezza con il malware disattivato, riprovo e tutto si ripete....
Ma io ho l'impressione che la protezione di AGV sia funzionante, infatti ogni tanto appare l'allarme, l'ultima volta per un Troyan.
Dunque, cosa posso fare?

GRAZIE!

[Amantide]

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:

Codice: Seleziona tutto

[LOG]qui va inserito il log[/LOG]

[Saluti]

Ho fatto, ma ogni due-tre minuti continua ad apparire sul destkop la scritta:
TDiskDB.exeSQL: Unable yo open the database file: Unable to open database file.
E adesso cosa faccio?

[
[code][LOG]ComboFix 09-04-01.01 - Alberto 2009-04-03 20.21.20.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.2037.1016 [GMT 1:00]
Eseguito da: C:\Users\Alberto\Desktop\x.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Alberto\FAVORI~1\Translator.url
C:\Users\Alberto\Favorites\Translator.url
C:\Windows\emMON.exe
C:\Windows\msvrc20.dll
C:\Windows\system32\system\
C:\Windows\system32\x64

.
((((((((((((((((((((((((( Files Creati Da 2009-03-03 al 2009-04-03 )))))))))))))))))))))))))))))))))))
.

2009-03-24 21:15 . 2009-03-24 21:15 <DIR> d-------- C:\Users\Alberto\AppData\Roaming\Outerspace Software
2009-03-24 21:14 . 2009-03-24 21:14 <DIR> d-------- C:\Outerspace Software
2009-03-18 09:44 . 2009-03-18 09:44 <DIR> d-------- C:\Program Files\luxor 4 Quest For The Afterlife
2009-03-12 12:51 . 2005-04-14 16:33 3,638 --ah----- C:\Windows\ps.ico
2009-03-12 00:17 . 2009-02-09 04:10 2,033,152 --a------ C:\Windows\System32\win32k.sys
2009-03-11 06:24 . 2008-12-16 04:29 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2009-03-11 06:24 . 2008-11-27 05:43 268,288 --a------ C:\Windows\System32\schannel.dll
2009-03-11 06:24 . 2008-12-16 06:31 7,680 --a------ C:\Windows\System32\spwmp.dll
2009-03-11 06:24 . 2008-12-16 06:31 4,096 --a------ C:\Windows\System32\msdxm.ocx
2009-03-11 06:24 . 2008-12-16 06:31 4,096 --a------ C:\Windows\System32\dxmasf.dll
2009-03-09 17:35 . 2009-03-12 08:10 <DIR> d-------- C:\Users\Alberto\AppData\Roaming\Thinstall

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-03 19:27 --------- d-----w C:\Program Files\cFosSpeed
2009-04-03 17:40 --------- d-----w C:\Users\Alberto\AppData\Roaming\MSGTAG
2009-04-02 19:51 --------- d-----w C:\ProgramData\Microsoft Help
2009-03-30 18:25 --------- d-----w C:\Program Files\Avant Browser
2009-03-28 13:16 --------- d-----w C:\Users\Alberto\AppData\Roaming\dvdcss
2009-03-28 11:02 --------- d-----w C:\Program Files\Java
2009-03-18 08:45 --------- d-----w C:\ProgramData\MumboJumbo
2009-03-17 21:35 --------- d-----w C:\Program Files\Power Translator 11
2009-03-17 21:25 --------- d-----w C:\Program Files\Acer GameZone
2009-03-15 16:46 --------- d---a-w C:\ProgramData\TEMP
2009-03-13 11:01 --------- d-----w C:\Program Files\Windows Mail
2009-03-09 04:19 410,984 ----a-w C:\Windows\System32\deploytk.dll
2009-03-06 20:21 --------- d-----w C:\Program Files\Creative
2009-03-06 19:16 --------- d-----w C:\Users\Alberto\AppData\Roaming\Zylom
2009-03-06 14:00 --------- d-----w C:\ProgramData\RapidSolution
2009-03-06 14:00 --------- d-----w C:\Program Files\Tunebite
2009-02-23 21:12 --------- d-----w C:\ProgramData\DrivingSpeed2
2009-02-19 07:33 --------- d-----w C:\Users\Alberto\AppData\Roaming\uTorrent
2009-02-15 18:22 --------- d-----w C:\Users\Alberto\AppData\Roaming\FixerLabs
2009-02-15 18:12 --------- d-----w C:\Program Files\FixerLabs
2009-02-14 18:18 --------- d-----w C:\Users\Alberto\AppData\Roaming\ScreenSeven
2009-02-12 13:39 --------- d-----w C:\ProgramData\Installations
2009-02-12 13:37 --------- d-----w C:\Program Files\Nokia
2009-02-12 13:33 --------- d-----w C:\Program Files\Common Files\Nokia
2009-02-10 07:52 --------- d-----w C:\ProgramData\SecTaskMan
2009-02-10 07:45 --------- d-----w C:\Program Files\Security Task Manager
2009-02-05 15:25 --------- d-----w C:\Program Files\IncrediMail
2009-01-31 09:32 10,520 ----a-w C:\Windows\System32\avgrsstx.dll
2009-01-15 06:11 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-11-12 08:57 2,530,056 ----a-w C:\Users\Alberto\RegistryEasy.exe
2008-11-12 07:36 1,089,816 ----a-w C:\Users\Alberto\abrowser.exe
2008-11-12 07:35 2,013,655 ----a-w C:\Users\Alberto\absetup1.exe
2008-11-11 20:44 2,013,655 ----a-w C:\Users\Alberto\absetup.exe
2008-07-10 19:12 399,648 ----a-w C:\Users\Alberto\Silent Runners.vbs
2008-04-20 08:22 174 --sha-w C:\Program Files\desktop.ini
2007-10-16 16:01 0 ----a-w C:\Users\Alberto\AppData\Roaming\wklnhst.dat
2008-04-07 08:27 67,696 ----a-w C:\Program Files\mozilla firefox\components\jar50.dll
2008-04-07 08:27 54,376 ----a-w C:\Program Files\mozilla firefox\components\jsd3250.dll
2008-04-07 08:27 34,952 ----a-w C:\Program Files\mozilla firefox\components\myspell.dll
2008-04-07 08:27 46,720 ----a-w C:\Program Files\mozilla firefox\components\spellchk.dll
2008-04-07 08:27 172,144 ----a-w C:\Program Files\mozilla firefox\components\xpinstal.dll
2008-12-13 19:33 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-12-13 19:33 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-12-13 19:33 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-05-15 20:10 88 --sh--r C:\Windows\System32\626EA4E9ED.sys
2008-08-23 16:48 23 --sha-w C:\Windows\System32\e2_z.dll
2008-05-15 20:10 2,828 --sha-w C:\Windows\System32\KGyGaAvL.sys
2008-11-11 20:15 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]
2008-08-04 21:44 1947080 --a------ C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL" [2008-08-04 21:44 1947080]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c39e-35f1d2a32ec8}]
[HKEY_CLASSES_ROOT\megauploadtoolbar.MEGAUPLOADTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL" [2008-08-04 21:44 1947080]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c39e-35f1d2a32ec8}]
[HKEY_CLASSES_ROOT\megauploadtoolbar.MEGAUPLOADTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"MSGTAG"="C:\Program Files\MSGTAG Status\MSGTAGStatus.exe" [2007-07-10 21:38 1820160]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41 196608]
"Google Update"="C:\Users\Alberto\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 18:57 133104]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 14:01 182808]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-04 08:02 678672]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-11-07 13:57 159744]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-03-17 10:30 102400]
"DefragTaskBar"="C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2007-08-28 16:31 169312]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2007-08-10 16:26 846800]
"Samsung PanelMgr"="C:\Windows\Samsung\PanelMgr\SSMMgr.exe" [2008-02-13 02:36 536576]
"DT HPW"="C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-04-16 17:16 81920]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 16:32 222504]
"NetWorx"="C:\Program Files\NetWorx\networx.exe" [2008-11-16 23:38 1069568]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-11-12 11:42 6687264]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-11-21 17:44 4371440]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-11-21 18:11 961208]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-11-21 18:04 165144]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-11-20 08:45 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-11-20 08:45 173592]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-11-20 08:45 150552]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-03-09 05:19 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[/LOG][/code][/quote]