www.MegaLab.it

[Jack_84]

Salve ragazzi, vi scrivo per disperazione! Sicuramente nel mio pc ci sarà un (o più di uno) virus, trojan, malware e chissà cos'altro. Vi spiego il problema: quando uso il pc ho notato che molti programmi spyware non possono funzionare (tra l'altro ho provato a scaricare spyboot ma mi di ce che l'indirizzo è inesistente); quando immetto un termine di ricerca su google e vado a cliccare sul risultato mi esce una pagina che non c'entra proprio nulla.
Ma la cosa che mi fa imbestialire è quando il pc (spesso) si blocca e devo riavviarlo.

Come posso fare una disinfestazione totale, senza dover formattare il pc?
Grazie mille

[crazy.cat]

Comincia a fare una scansione con combofix e posta poi il log che ne risulta.

[Jack_84]

Sembrerà incredibile, ma combofix l'ho scaricato ma non mi parte!

[ste_95]

Prova, mentre lo scarichi, a rinominarlo con un nome di fantasia.

[Jack_84]

Ce l'ho fatta! Ecco il log. Grazie per la pazienza!

ComboFix 09-06-23.01 - Ficco 24/06/2009 9.54.54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.631 [GMT 2:00]
Eseguito da: c:\documents and settings\Ficco\Desktop\Nino.exe
AV: Sistema Antivirus NOD32 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Menu Avvio\Programmi\InternetGameBox
c:\programmi\Common
c:\programmi\internetgamebox
c:\programmi\QUAD Utilities
c:\windows\system32\Drivers\gfyfmypjofkb.sys
c:\windows\system32\Drivers\gmetlvtxvuqa.sys
c:\windows\system32\Drivers\kvvvtvggbjqn.sys
c:\windows\system32\Drivers\lwyfbdsbxejx.sys
c:\windows\system32\drivers\MSIVXpjynmmekrculnxjadmlqlmxdndgojued.sys
c:\windows\system32\Drivers\pwedccdwmedh.sys
c:\windows\system32\Drivers\xdgiqblkjain.sys
c:\windows\system32\MSIVXiatqmvpwmanyopebbakawrykccqpyedy.dll
c:\windows\system32\MSIVXjjyrgdwfitjdkgmcgowoejbarelytnts.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\documents and settings\All Users\Desktop\InternetGameBox.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\InternetGameBox\Condizioni generali.url
c:\documents and settings\All Users\Menu Avvio\Programmi\InternetGameBox\Disinstalla.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\InternetGameBox\InternetGameBox.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\InternetGameBox\Riservatezza.url
c:\documents and settings\All Users\Menu Avvio\Programmi\InternetGameBox\Website.url
c:\programmi\internetgamebox\InternetGameBox.exe
c:\programmi\internetgamebox\language
c:\programmi\internetgamebox\ressources\AttenteOff.html
c:\programmi\internetgamebox\ressources\AttenteOn.html
c:\programmi\internetgamebox\ressources\configv2_en.xml
c:\programmi\internetgamebox\ressources\configv2_es.xml
c:\programmi\internetgamebox\ressources\configv2_fr.xml
c:\programmi\internetgamebox\ressources\favoris\defaultv2.swf
c:\programmi\internetgamebox\ressources\NoS2F.bin
c:\programmi\internetgamebox\skins\skinv2.skn
c:\windows\system32\drivers\kl1.sys
c:\windows\system32\drivers\MSIVXpjynmmekrculnxjadmlqlmxdndgojued.sys
c:\windows\system32\isoekic.dat
c:\windows\system32\isoekic.exe
c:\windows\system32\isoekic_nav.dat
c:\windows\system32\isoekic_navps.dat
c:\windows\system32\kr_done1
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXiatqmvpwmanyopebbakawrykccqpyedy.dll
c:\windows\system32\MSIVXjjyrgdwfitjdkgmcgowoejbarelytnts.dll
c:\windows\system32\nvs2.inf
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys
-------\Legacy_ASC3550P
-------\Legacy_gmetlvtxvuqa
-------\Legacy_kvvvtvggbjqn
-------\Legacy_lwyfbdsbxejx
-------\Legacy_pwedccdwmedh
-------\Legacy_xdgiqblkjain
-------\Service_gmetlvtxvuqa
-------\Service_kvvvtvggbjqn
-------\Service_lwyfbdsbxejx
-------\Service_pwedccdwmedh
-------\Service_xdgiqblkjain


((((((((((((((((((((((((( Files Creati Da 2009-05-24 al 2009-06-24 )))))))))))))))))))))))))))))))))))
.

2009-06-24 06:39 . 2009-06-24 07:27 -------- d-----w- c:\programmi\Anti Trojan Elite
2009-06-22 19:09 . 2009-06-22 19:09 201728 ----a-w- c:\windows\system32\Reason version 4 Screensaver.scr
2009-06-22 19:09 . 2009-06-22 19:10 -------- d-----w- c:\windows\system32\Reason version 4 Screensaver dir
2009-06-21 15:55 . 2009-06-21 15:55 -------- d-----w- c:\windows\Risorse del computer
2009-06-11 08:13 . 2009-04-15 14:52 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2009-06-11 08:13 . 2009-04-30 21:13 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 08:13 . 2009-04-30 21:13 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-09 07:46 . 2009-06-09 07:48 -------- d-----w- c:\programmi\File comuni\DivX Shared
2009-06-08 14:28 . 2009-06-08 14:28 -------- d-----w- c:\programmi\iPod
2009-06-08 14:27 . 2009-06-08 14:28 -------- d-----w- c:\programmi\iTunes
2009-06-08 14:25 . 2009-06-08 14:25 -------- d-----w- c:\programmi\QuickTime
2009-06-08 14:20 . 2009-06-08 14:20 75048 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-06 12:29 . 2009-06-06 12:29 -------- d-----w- c:\programmi\XdN Software
2009-06-04 16:37 . 2009-06-04 16:37 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-03 13:24 . 2009-06-03 13:24 -------- dc-h--w- c:\windows\ie8
2009-06-03 13:24 . 2009-06-03 13:25 -------- d--h--w- c:\windows\msdownld.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 08:27 . 2007-10-06 07:12 -------- d-----w- c:\programmi\PeerGuardian2
2009-06-24 08:27 . 2008-06-05 16:19 -------- d-----w- c:\documents and settings\Ficco\Dati applicazioni\Orbit
2009-06-23 15:09 . 2007-09-16 10:38 -------- d-----w- c:\programmi\Propellerhead
2009-06-22 19:39 . 2007-09-13 20:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-06-22 14:57 . 2008-11-10 13:41 -------- d-----w- c:\programmi\ESET
2009-06-22 14:23 . 2007-10-05 06:52 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-06-21 18:28 . 2007-09-16 10:38 -------- d-----w- c:\documents and settings\Ficco\Dati applicazioni\Propellerhead Software
2009-06-21 18:28 . 2007-09-16 10:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Propellerhead Software
2009-06-21 13:21 . 2009-03-27 09:37 117760 ----a-w- c:\documents and settings\Ficco\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-16 17:14 . 2008-09-05 14:53 -------- d-----w- c:\programmi\Desktop Maestro
2009-06-16 17:13 . 2008-09-05 14:54 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-06-14 13:01 . 2007-09-13 17:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-06-09 07:49 . 2007-11-07 11:40 -------- d-----w- c:\programmi\DivX
2009-06-08 14:27 . 2007-09-15 09:54 -------- d-----w- c:\programmi\File comuni\Apple
2009-05-27 15:27 . 2008-02-19 12:46 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-05-14 06:33 . 2001-08-31 11:00 73106 -c--a-w- c:\windows\system32\perfc010.dat
2009-05-14 06:33 . 2001-08-31 11:00 446756 -c--a-w- c:\windows\system32\perfh010.dat
2009-05-13 05:02 . 2007-01-03 10:56 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-08 21:35 . 2008-11-21 07:10 -------- d-----w- c:\documents and settings\Ficco\Dati applicazioni\IObit
2009-05-07 15:32 . 2004-08-19 13:39 347648 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 13:34 . 2009-01-31 12:05 -------- d-----w- c:\documents and settings\Ficco\Dati applicazioni\U3
2009-05-06 07:18 . 2009-05-06 07:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-30 08:10 . 2009-04-30 08:10 298104 ----a-w- c:\windows\system32\imon.dll
2009-04-30 08:10 . 2009-04-30 08:10 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2009-04-30 08:10 . 2009-04-30 08:10 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2009-04-19 19:47 . 2007-01-03 10:52 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-18 07:02 . 2009-04-18 07:02 152576 ----a-w- c:\documents and settings\Ficco\Dati applicazioni\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-15 14:52 . 2007-01-03 10:51 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
2009-01-31 19:28 . 2009-01-31 19:28 48 --sh--w- c:\windows\SB270FDB5.tmp
2008-02-18 10:07 . 2007-09-13 20:04 137162784 -csha-w- c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8087-36EE87E26986}]
2008-07-29 19:56 1987544 -c--a-w- c:\programmi\oovooToolbar\oovooToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"PeerGuardian"="c:\programmi\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-13 68856]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"pdfSaver3"="c:\programmi\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 380928]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2009-04-30 2329936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-06-30 2376928]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-03-24 198160]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2009-04-30 949376]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-05-30 292136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\programmi\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

c:\documents and settings\Ficco\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Orbit.lnk - c:\programmi\Orbitdownloader\orbitdm.exe [2008-6-5 1678536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-03-28 08:08 356352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0pfdnnt c:\windows\system32\pfdnnt_actions.sys

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^eBoostr Control Panel.lnk]
backup=c:\windows\pss\eBoostr Control Panel.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Google Updater.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^SECUREMAKER.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:Porta TCP ooVoo 443
"443:UDP"= 443:UDP:*:Disabled:Porta UDP ooVoo 443
"37674:TCP"= 37674:TCP:*:Disabled:Porta TCP ooVoo 37674
"37674:UDP"= 37674:UDP:*:Disabled:Porta UDP ooVoo 37674
"37675:UDP"= 37675:UDP:*:Disabled:Porta UDP ooVoo 37675

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [04/01/2008 12.11.28 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [04/01/2008 12.11.28 5248]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [30/04/2009 10.10.50 15424]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 14.53.48 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [27/02/2007 13.39.26 55024]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\programmi\Anti Trojan Elite\ATEPMon.sys c:\programmi\Anti Trojan Elite\ATEPMon.sys
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\415.tmp c:\windows\system32\415.tmp
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 18.51.08 4096]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {399150FC-EB45-1CE0-0792-1F3A23397BD4} /qb
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-06-24 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-13 13:57]

2009-06-21 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-14 17:15]

2009-06-24 c:\windows\Tasks\User_Feed_Synchronization-{2FB579CD-9B17-4CC4-BFBB-87557B0AC795}.job
- c:\windows\system32\msfeedssync.exe [2007-01-03 02:31]

2009-06-24 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-09 20:18]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{8AF51545-62C0-495C-96E0-167FDEFD6394} - (no file)
HKCU-Run-isoekic - c:\windows\system32\isoekic.exe
HKLM-Run-Anti Trojan Elite - c:\programmi\Anti Trojan Elite\TJEnder.exe
MSConfigStartUp-ooVoo - (no file)


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.yahoo.it/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Do&wnload selected by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 10:27
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\415.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\vsdatant]
"ImagePath"=""
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*–€|ÿÿÿÿ;•€|é•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6968)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\SSSensor.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Sygate\SPF\Smc.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programmi\Orbitdownloader\orbitnet.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
c:\programmi\ESET\nod32krn.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexingService.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2009-06-24 10.29.57 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-06-24 08:29

Pre-Run: 90.106.806.272 byte disponibili
Post-Run: 90.067.066.880 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

Current=5 Default=5 Failed=3 LastKnownGood=6 Sets=1,2,3,4,5,6
326 --- E O F --- 2009-06-14 13:01

[ste_95]

Anti Trojan Elite l'hai installato tu?

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto

Files to delete:
c:\windows\system32\415.tmp

Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Se Avenger riporta un errore, prova a riscrivere manualmente la prima riga (Files to delete:) ricordando i due punti.

[Jack_84]

Ecco il log di Avenger. Certo che mi state facendo risparmiare un po' di soldi


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:


Error: file "c:\windows\system32\415.tmp" not found!
Deletion of file "c:\windows\system32\415.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Completed script processing.

*******************

Finished! Terminate.

[ste_95]

Direi che ComboFix ha rimosso tutto quello che c'era. Hai ancora problemi?

[Jack_84]

Sembra che ora il pc vada bene, ma dò questo responso con riserva. Se dovessero verificarsi altre stranezze lo farò sapere. Nel frattempo ringrazio fortemente per avermi aiutato...