www.MegaLab.it

[Michele Grasso]

Il log contiene piu' di 400.000 caratteri ed il sistema non e lo fa postare, chi mi aiuta?

Credo che il mio pc si sia presa un'infezione multipla di Bagle. Oggi l'antivirus contento in Comodo Firewall ha trovato 23 infezioni, dopo che ieri sera o fatto la scansione con findykill, successivamente con combofix.

chi mi aiuta a postare questo megalog?

[crazy.cat]

O lo dividi in più pezzi, o carichi il file u questo sito http://www.mediafire.com/ e poi posti il link per andare a scaricarlo.
Però se hai già usato findykill e combofix la maggior parte del virus dovrebbe essere già sparita.

Ma usi l'antivirus di comodo suite?

[Michele Grasso]

frequentemente ho sempre usato avira free, ma in questa occasione ho prelevato dal web una miriade di tools e programmi vari tra cui comodo firewall che ho usato oggi stesso, ma solo in questa occasione.

[Michele Grasso]

Ecco da dove scaricare il log di GMER

http://www.mediafire.com/?dstl1qv5vft

sono nelle vostre mani

[crazy.cat]

Fai una scansione con combofix e posta il suo log, non era bagle il tuo virus ma sembra piuttosto fastidioso, si vedono ancora dei nomi di file molto sospetti.
Dopo la scansione di combofix controlla se trovi ancora alcuni di questi file nel tuo pc (systemroot è la cartella windows)
\systemroot\system32\drivers\gasfkynoejlcnq.sys
\systemroot\system32\gasfkytilyliow.dll
\systemroot\system32\gasfkyvgwqkuri.dat
\gasfkyculnpkol.dll
gasfky.dat
\systemroot\system32\gasfkyaqnkvjlg.dat
gasfkywsp8.dll
\systemroot\system32\gasfkykeaoeppt.dll

[Michele Grasso]

Ok, ho contollato come mi hai detto di fare, e non ho trovato nulla, comunque questo e' il log di combofix.

ComboFix 09-10-12.03 - Michele&Katia 10.2009 ?. 14:45.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.359.1040.18.1015.483 [GMT 2:00]
Eseguito da: c:\documents and settings\Michele&Katia\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\File comuni\xonacu._sy

.
((((((((((((((((((((((((( Files Creati Da 2009-09-13 al 2009-10-13 )))))))))))))))))))))))))))))))))))
.

2009-10-13 10:59 . 2009-10-13 12:33 -------- d-----w- c:\documents and settings\Michele&Katia\Dati applicazioni\Command & Conquer 3 Tiberium Wars
2009-10-13 09:42 . 2009-10-13 09:42 -------- d-----w- c:\documents and settings\Michele&Katia\Impostazioni locali\Dati applicazioni\COMODO
2009-10-13 08:56 . 2009-10-13 09:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Comodo
2009-10-13 08:56 . 2009-10-13 08:56 179792 ----a-w- c:\windows\system32\guard32.dll
2009-10-13 08:56 . 2009-10-13 08:56 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-10-13 08:56 . 2009-10-13 08:56 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-10-13 08:56 . 2009-10-13 08:56 132296 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-10-12 19:14 . 2009-10-12 19:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Playrix Entertainment
2009-10-12 18:13 . 2009-10-12 18:13 -------- d-----w- c:\programmi\Playrix
2009-10-12 18:00 . 2009-10-13 08:27 -------- d-----w- c:\programmi\Poppit! To Go
2009-10-12 09:54 . 2009-10-13 12:40 389169 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-10-12 09:52 . 2009-10-13 08:56 -------- d-----w- c:\programmi\COMODO
2009-10-12 08:14 . 2009-10-12 08:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Meridian93
2009-10-12 07:14 . 2009-10-12 07:16 -------- d-----w- c:\documents and settings\Michele&Katia\PetPlayground
2009-10-12 07:11 . 2009-10-12 07:13 -------- d-----w- c:\programmi\Pet Playground
2009-10-12 00:18 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-10-12 00:18 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-10-12 00:18 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-10-12 00:18 . 2009-10-12 00:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-10-11 21:10 . 2009-10-11 21:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2009-10-11 20:48 . 2009-10-13 08:27 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-10-11 09:43 . 2009-10-11 09:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ScreenSeven
2009-10-11 05:59 . 2009-10-11 05:59 -------- d-----w- c:\documents and settings\Michele&Katia\Saved Games
2009-10-10 16:01 . 2009-10-10 16:02 -------- d-----w- c:\documents and settings\Michele&Katia\Dati applicazioni\Magic Academy
2009-10-10 14:22 . 2009-10-10 14:22 -------- d-----w- c:\documents and settings\Michele&Katia\Dati applicazioni\Ulead Systems
2009-10-10 14:18 . 2009-10-10 14:22 74 ---ha-w- c:\windows\uce.dat
2009-10-10 14:18 . 2009-10-10 14:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ulead Systems
2009-10-10 14:17 . 1999-10-15 10:50 1056768 ------w- c:\windows\system32\ROBOEX32.DLL
2009-10-10 08:40 . 2009-10-10 08:40 -------- d-----w- c:\documents and settings\Michele&Katia\Dati applicazioni\Runes of Avalon 2
2009-10-10 00:44 . 2009-10-10 00:44 -------- d-----w- c:\documents and settings\Michele&Katia\Dati applicazioni\SprillBermudeEng
2009-10-09 17:23 . 2002-09-10 12:00 57398 -c--a-w- c:\windows\system32\dllcache\imjpdadm.exe
2009-10-09 17:22 . 2002-09-10 12:00 6144 -c--a-w- c:\windows\system32\dllcache\kbdth3.dll
2009-10-09 17:22 . 2002-09-10 12:00 6144 ----a-r- c:\windows\system32\kbdth3.dll
2009-10-09 17:22 . 2002-09-10 12:00 6144 -c--a-w- c:\windows\system32\dllcache\kbdth2.dll
2009-10-09 17:22 . 2002-09-10 12:00 6144 ----a-r- c:\windows\system32\kbdth2.dll
2009-10-09 17:22 . 2002-09-10 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftlx041e.dll
2009-10-09 17:22 . 2002-09-10 12:00 6144 ----a-w- c:\windows\system32\ftlx041e.dll
2009-10-09 17:22 . 2002-09-10 12:00 5632 -c--a-w- c:\windows\system32\dllcache\kbdth1.dll
2009-10-09 17:22 . 2002-09-10 12:00 5632 -c--a-w- c:\windows\system32\dllcache\kbdth0.dll
2009-10-09 17:22 . 2002-09-10 12:00 5632 ----a-r- c:\windows\system32\kbdth1.dll
2009-10-09 17:22 . 2002-09-10 12:00 5632 ----a-r- c:\windows\system32\kbdth0.dll
2009-10-09 12:56 . 2009-10-09 12:56 -------- d-----w- c:\documents and settings\Michele&Katia\Dati applicazioni\Ludia
2009-10-09 12:56 . 2009-10-09 12:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ludia
2009-10-09 09:24 . 2009-10-09 09:24 -------- d-----w- c:\windows\system32\Adobe
2009-10-09 07:20 . 2009-10-09 07:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2009-10-09 07:20 . 2009-10-09 07:20 -------- d-----w- c:\programmi\DAEMON Tools Toolbar
2009-10-09 07:17 . 2009-10-09 07:17 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-09 07:17 . 2009-10-09 07:21 -------- d-----w- c:\documents and settings\Michele&Katia\Dati applicazioni\DAEMON Tools Lite
2009-10-08 21:51 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-10-08 21:50 . 2009-10-08 21:50 -------- d-----w- c:\programmi\Panda Security
2009-10-08 18:54 . 2009-10-10 15:38 -------- d-----w- c:\programmi\Hells Kitchen
2009-10-08 17:33 . 2009-10-13 08:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-10-08 06:22 . 2009-10-10 07:10 -------- d-----w- c:\documents and settings\Michele&Katia\Dati applicazioni\DruidsBattleOfMagic
2009-10-08 04:52 . 2009-10-08 04:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Becky Brogan
2009-10-07 04:36 . 2009-10-07 04:36 -------- d-----w- c:\documents and settings\Michele&Katia\Dati applicazioni\ITTNord
2009-10-06 06:43 . 2009-10-06 06:43 -------- d-----w- c:\documents and settings\Michele&Katia\Impostazioni locali\Dati applicazioni\Astar Games
2009-10-06 05:42 . 2009-10-06 05:42 -------- d-----w- c:\documents and settings\Michele&Katia\Dati applicazioni\cerasus.media
2009-10-06 03:57 . 2009-10-06 03:57 -------- d-----w- c:\documents and settings\Michele&Katia\Dati applicazioni\ERS G-Studio
2009-10-05 04:24 . 2009-10-05 05:27 -------- d-----w- c:\programmi\Kuros
2009-10-05 04:06 . 2009-10-05 04:06 -------- d-----w- c:\documents and settings\Michele&Katia\Dati applicazioni\HSA
2009-10-04 20:32 . 2009-10-04 20:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2009-10-04 11:36 . 2009-10-04 11:36 -------- d-----w- c:\documents and settings\Michele&Katia\Dati applicazioni\BigFishGames
2009-10-04 05:39 . 2009-10-11 13:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PlayFirst
2009-10-04 04:36 . 2009-10-11 14:22 -------- d-----w- c:\documents and settings\Michele&Katia\Dati applicazioni\Playrix Entertainment
2009-10-04 03:18 . 2009-10-04 03:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Trymedia
2009-10-04 03:07 . 2009-10-05 04:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Sandlot Games
2009-10-03 19:49 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-03 19:42 . 2009-10-03 19:42 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-03 06:11 . 2009-10-03 06:11 -------- d-sh--w- c:\windows\ftpcache
2009-10-03 05:17 . 2009-10-03 05:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SaveOurSpirit
2009-10-03 04:12 . 2009-10-03 04:12 -------- d-----w- c:\documents and settings\Michele&Katia\Dati applicazioni\FlyWheelGames
2009-10-02 16:13 . 2009-10-02 16:13 -------- d-----w- c:\documents and settings\Michele&Katia\Dati applicazioni\VampireSaga
2009-10-02 13:39 . 2009-10-02 13:39 -------- d-----w- c:\documents and settings\Michele&Katia\Dati applicazioni\Magic Academy 2
2009-10-02 12:47 . 2009-10-02 12:43 405504 ----a-w- c:\windows\vncutil.exe
2009-10-02 12:47 . 2009-10-02 12:43 41472 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-10-02 12:47 . 2009-10-02 12:43 122880 ----a-w- c:\windows\RtkAudioService.exe
2009-10-02 12:46 . 2009-10-02 12:43 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2009-10-02 12:46 . 2009-10-02 12:43 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2009-10-02 12:31 . 2008-12-03 15:40 81408 ----a-w- c:\windows\system32\devcon_x64.exe
2009-10-02 12:31 . 2002-11-14 20:32 55808 ----a-w- c:\windows\system32\devcon.exe
2009-10-02 12:31 . 2009-10-02 12:51 -------- d-----w- c:\programmi\Driver Checker
2009-10-02 12:24 . 2005-01-12 09:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
2009-10-02 12:24 . 2004-09-28 09:13 526184 ----a-w- c:\windows\system32\XceedCry.dll
2009-10-02 12:24 . 2004-08-11 13:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2009-10-02 12:04 . 2009-10-02 12:04 -------- d-----w- c:\programmi\iXi Tools
2009-10-02 09:32 . 2009-10-02 09:32 -------- d-----w- c:\windows\Sun
2009-10-02 08:46 . 2009-10-02 08:46 -------- d-----w- c:\documents and settings\Michele&Katia\Impostazioni locali\Dati applicazioni\GestaltGames
2009-10-02 06:32 . 2009-10-02 09:02 -------- d-----w- c:\programmi\Asami's Sushi Shop
2009-10-02 06:28 . 2009-10-02 09:02 -------- d-----w- c:\programmi\Fashion Fortune
2009-10-02 06:15 . 2009-10-11 13:41 -------- d-----w- c:\documents and settings\Michele&Katia\Dati applicazioni\PlayFirst
2009-10-02 06:14 . 2009-10-02 09:02 -------- d-----w- c:\programmi\Gemini Lost
2009-10-01 21:01 . 2009-10-01 21:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-01 21:00 . 2009-10-01 21:00 -------- d-----w- c:\programmi\Java
2009-10-01 20:17 . 2002-02-18 08:23 46352 ----a-w- c:\windows\setdebug.exe
2009-10-01 20:16 . 2002-02-18 08:22 139536 ----a-w- c:\windows\system32\javaee.dll
2009-10-01 20:16 . 2002-02-18 05:35 6550 ----a-w- c:\windows\jautoexp.dat
2009-10-01 20:16 . 2002-02-18 05:38 113 ----a-w- c:\windows\system32\zonedon.reg
2009-10-01 20:16 . 2002-02-18 05:38 113 ----a-w- c:\windows\system32\zonedoff.reg
2009-10-01 19:02 . 2009-10-01 19:02 -------- d-----w- c:\documents and settings\Michele&Katia\Impostazioni locali\Dati applicazioni\JollyBear
2009-10-01 19:02 . 2009-10-01 19:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\JollyBear
2009-10-01 07:31 . 2009-10-01 21:04 7 ----a-w- c:\windows\sbacknt.bin
2009-10-01 07:30 . 2009-10-01 07:30 152904 ----a-w- c:\windows\system32\vghd.scr
2009-10-01 07:30 . 2009-10-02 09:03 -------- d-----w- c:\programmi\vghd
2009-10-01 07:30 . 2009-10-01 21:06 -------- d-----w- c:\documents and settings\Michele&Katia\Dati applicazioni\vghd
2009-10-01 07:26 . 2009-10-10 20:45 -------- d-----w- C:\Need for Speed Most Wanted
2009-10-01 07:24 . 2009-10-02 19:09 249856 ------w- c:\windows\Setup1.exe
2009-10-01 07:24 . 2009-10-02 19:09 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-10-01 04:46 . 2009-10-01 04:48 -------- d-----w- c:\documents and settings\Michele&Katia\Impostazioni locali\Dati applicazioni\TheLostIncaProphecy
2009-10-01 03:36 . 2009-10-01 03:36 -------- d-----w- c:\documents and settings\Michele&Katia\Dati applicazioni\funkitron
2009-09-30 04:28 . 2009-09-30 04:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\BigFishv1005
2009-09-29 21:15 . 2009-09-29 21:40 -------- d-----w- c:\documents and settings\Michele&Katia\Impostazioni locali\Dati applicazioni\Eraser
2009-09-29 20:48 . 2009-09-29 20:49 -------- d-----w- c:\programmi\TritaFile
2009-09-29 15:14 . 2009-09-29 15:14 19345 ----a-w- c:\windows\system32\yjehigi.dat
2009-09-29 15:14 . 2009-09-29 15:14 13409 ----a-w- c:\windows\dininuzupe.com
2009-09-29 15:14 . 2009-09-29 15:14 11477 ----a-w- c:\windows\alanemaq.com
2009-09-29 06:16 . 2009-09-29 06:16 -------- d-----w- c:\programmi\Legacy Interactive
2009-09-28 13:41 . 2009-09-28 13:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FarmFrenzy3
2009-09-28 11:22 . 2009-09-28 11:26 -------- d--h--w- c:\windows\msdownld.tmp
2009-09-28 11:22 . 2009-09-28 11:22 -------- d-----w- c:\windows\Logs
2009-09-27 02:37 . 2009-09-27 02:37 -------- d-----w- c:\documents and settings\Michele&Katia\Dati applicazioni\Artogon
2009-09-26 20:12 . 2009-10-10 20:26 -------- d-----w- c:\documents and settings\Michele&Katia\Dati applicazioni\BitTorrent
2009-09-26 16:03 . 2009-09-26 16:04 -------- d-----w- c:\programmi\eMule
2009-09-26 15:29 . 2009-09-26 15:29 233243 ----a-w- c:\windows\Burn4Free_Toolbar_Uninstaller_9645.exe
2009-09-26 15:29 . 2009-09-26 15:29 -------- d-----w- c:\programmi\Burn4Free Toolbar
2009-09-26 15:29 . 2009-09-26 15:52 -------- d-----w- c:\programmi\Burn4Free

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 12:44 . 2002-09-10 12:00 347058 ----a-w- c:\windows\system32\perfh010.dat
2009-10-13 12:44 . 2002-09-10 12:00 48530 ----a-w- c:\windows\system32\perfc010.dat
2009-10-13 08:27 . 2009-09-19 16:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\BigFishGamesCache
2009-10-13 07:10 . 2009-09-19 16:43 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-10-11 22:34 . 2009-09-19 16:44 37048 ----a-w- c:\documents and settings\Michele&Katia\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-10 14:17 . 2009-09-19 16:17 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-10 14:17 . 2009-09-19 16:17 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-10-02 12:43 . 2009-09-19 16:17 77824 ----a-w- c:\windows\SOUNDMAN.EXE
2009-10-02 12:43 . 2009-09-19 16:17 1826816 ----a-w- c:\windows\SkyTel.exe
2009-10-02 12:43 . 2009-09-19 16:17 1482752 ----a-w- c:\windows\RtlUpd.exe
2009-10-02 12:43 . 2009-09-19 16:17 9715200 ----a-w- c:\windows\RTLCPL.EXE
2009-10-02 12:43 . 2009-09-19 16:17 5891584 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-10-02 12:43 . 2009-09-19 16:17 18702336 ----a-w- c:\windows\RTHDCPL.EXE
2009-10-02 12:43 . 2009-09-19 16:17 2170880 ----a-w- c:\windows\MicCal.exe
2009-10-02 12:43 . 2009-09-19 16:17 57344 ----a-w- c:\windows\ALCMTR.EXE
2009-10-02 12:43 . 2009-09-19 16:17 2808832 ----a-w- c:\windows\ALCWZRD.EXE
2009-10-02 12:43 . 2009-09-19 16:17 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-09-24 15:38 . 2009-09-24 15:38 -------- d-----w- c:\programmi\File comuni\DivX Shared
2009-09-23 05:11 . 2009-09-19 16:32 -------- d-----w- c:\programmi\bfgclient
2009-09-19 18:02 . 2009-09-19 17:55 984 ----a-w- c:\windows\eReg.dat
2009-09-19 17:58 . 2009-09-19 17:51 -------- d-----w- c:\programmi\EA Games
2009-09-19 17:44 . 2009-09-19 17:44 -------- d-----w- c:\programmi\PowerISO
2009-09-19 17:40 . 2009-09-19 17:40 -------- d-----w- c:\programmi\Microsoft
2009-09-19 17:40 . 2009-09-19 17:39 -------- d-----w- c:\programmi\Windows Live
2009-09-19 17:40 . 2009-09-19 17:40 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-09-19 17:19 . 2009-09-19 17:19 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-09-19 16:17 . 2009-09-19 16:17 -------- d-----w- c:\programmi\Realtek
2009-09-19 16:12 . 2009-09-19 16:12 -------- d-----w- c:\programmi\Intel
2009-09-19 16:06 . 2009-09-19 16:06 -------- d-----w- c:\programmi\microsoft frontpage
2009-09-19 16:04 . 2009-09-19 16:04 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-19 16:03 . 2009-09-19 16:03 -------- d-----w- c:\programmi\Servizi in linea
2009-09-19 15:55 . 2009-09-19 15:55 0 ----a-w- c:\windows\nsreg.dat
2009-09-04 15:44 . 2009-09-28 11:27 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 15:44 . 2009-09-28 11:27 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 15:44 . 2009-09-28 11:27 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 15:29 . 2009-09-28 11:27 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 15:29 . 2009-09-28 11:27 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 15:29 . 2009-09-28 11:27 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 15:29 . 2009-09-28 11:27 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 15:29 . 2009-09-28 11:27 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-08-21 19:15 . 2009-08-21 19:15 557568 ----a-w- c:\windows\system32\B4FM.dll
2009-08-06 17:24 . 2009-09-19 16:39 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2009-09-19 16:39 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2009-09-19 16:39 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2009-09-19 16:03 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2002-09-10 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2009-09-19 16:39 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2009-09-19 16:03 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 08:59 . 2002-09-10 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:34 . 2002-09-10 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:34 . 2002-09-10 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-28 14:33 . 2009-09-19 16:45 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-27 02:43 . 2009-07-27 02:43 58908 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-21 06:52 . 2009-07-21 06:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-21 06:52 . 2009-07-21 06:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-17 19:01 . 2002-09-10 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-12_00.54.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-09-12 23:54 . 2006-09-12 23:54 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_8f4fd500\mfc80KOR.dll
+ 2006-09-12 23:54 . 2006-09-12 23:54 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_8f4fd500\mfc80JPN.dll
+ 2006-09-12 23:54 . 2006-09-12 23:54 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_8f4fd500\mfc80ITA.dll
+ 2006-09-12 23:54 . 2006-09-12 23:54 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_8f4fd500\mfc80FRA.dll
+ 2006-09-12 23:54 . 2006-09-12 23:54 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_8f4fd500\mfc80ESP.dll
+ 2006-09-12 23:54 . 2006-09-12 23:54 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_8f4fd500\mfc80ENU.dll
+ 2006-09-12 23:54 . 2006-09-12 23:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_8f4fd500\mfc80DEU.dll
+ 2006-09-12 23:54 . 2006-09-12 23:54 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_8f4fd500\mfc80CHT.dll
+ 2006-09-12 23:54 . 2006-09-12 23:54 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_8f4fd500\mfc80CHS.dll
+ 2006-09-13 00:12 . 2006-09-13 00:12 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_3a00bc02\mfcm80u.dll
+ 2006-09-13 00:12 . 2006-09-13 00:12 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_3a00bc02\mfcm80.dll
+ 2006-09-12 22:43 . 2006-09-12 22:43 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_c9ba3671\ATL80.dll
+ 2002-09-10 12:00 . 2009-10-13 12:44 40802 c:\windows\system32\perfc009.dat
+ 2009-10-13 10:53 . 2009-10-13 10:53 40960 c:\windows\Installer\{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}\NewShortcut31_96B87C3D64854A7D96EBB2C8CB752619.exe
+ 2009-10-13 10:53 . 2009-10-13 10:53 40960 c:\windows\Installer\{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}\NewShortcut3_96B87C3D64854A7D96EBB2C8CB752619.exe
+ 2009-10-13 10:53 . 2009-10-13 10:53 33982 c:\windows\Installer\{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}\ARPPRODUCTICON.exe
+ 2006-09-12 22:41 . 2006-09-12 22:41 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_691a48fd\msvcr80.dll
+ 2006-09-12 22:41 . 2006-09-12 22:41 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_691a48fd\msvcp80.dll
+ 2006-09-12 22:41 . 2006-09-12 22:41 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_691a48fd\msvcm80.dll
+ 2009-09-19 16:29 . 2009-10-13 08:28 507100 c:\windows\system32\Restore\rstrlog.dat
+ 2002-09-10 12:00 . 2009-10-13 12:44 312414 c:\windows\system32\perfh009.dat
+ 2007-04-08 09:24 . 2007-04-08 09:15 131584 c:\windows\system32\gc.dll
+ 2006-09-13 00:12 . 2006-09-13 00:12 1092608 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_3a00bc02\mfc80u.dll
+ 2006-09-13 00:12 . 2006-09-13 00:12 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_3a00bc02\mfc80.dll
+ 2009-10-13 10:53 . 2009-10-13 10:53 14617600 c:\windows\Installer\52d3fa.msi
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2009-09-26 15:29 815104 ----a-w- c:\programmi\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\programmi\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2009-09-26 815104]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\programmi\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2009-09-26 815104]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-22 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\System32\igfxpers.exe" [2007-11-08 137752]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-01 149280]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"avgnt"="e:\avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2009-10-13 1799952]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-10-02 18702336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" /background
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" /background
"Messenger (Yahoo!)"="c:\programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"Search Protection"=c:\programmi\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"YSearchProtection"="c:\programmi\Yahoo!\Search Protection\SearchProtection.exe"
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"PWRISOVM.EXE"=c:\programmi\PowerISO\PWRISOVM.EXE
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"COMODO livePCsupport"=c:\programmi\COMODO\livePCsupport\ELPS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"d:\\Programmi\\BitTorrent\\bittorrent.exe"=
"d:\\Programmi\\EA GAMES\\Need for Speed Most Wanted\\nfsMW.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"d:\\Programmi\\Microsoft Virtual PC\\Virtual PC.exe"=

R2 gupdate1ca3af1656308a0;Servizio di Google Update (gupdate1ca3af1656308a0);c:\programmi\Google\Update\GoogleUpdate.exe [2009-09-21 133104]
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-10-02 1684736]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-10-13 132296]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-10-13 25160]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\avira\AntiVir Desktop\sched.exe [2009-05-13 108289]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-10-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-09-21 19:26]

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-09-21 19:26]

2009-10-13 c:\windows\Tasks\User_Feed_Synchronization-{BCA279AC-E48A-4349-ADC7-BA3D789B8B2E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

2009-10-13 c:\windows\Tasks\Verifica e correzione automatica.job
- c:\programmi\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 07:27]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.yahoo.it/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: &Search - ?p=ZJfox000
TCP: {713A5B49-EB08-431C-B7C1-395A251B11A1} = 78.130.154.49,85.187.217.203
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Michele&Katia\Dati applicazioni\Mozilla\Firefox\Profiles\ir34bvdy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://it.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - http://www.yahoo.it
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: d:\programmi\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\programmi\DivX\DivX Web Player\npdivx32.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-13 14:49
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1409082233-688789844-1343024091-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1072)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(1128)
c:\windows\system32\guard32.dll
.
Ora fine scansione: 2009-10-13 14:52
ComboFix-quarantined-files.txt 2009-10-13 12:52
ComboFix2.txt 2009-10-12 00:59

Pre-Run: 18 017 153 024 byte disponibili
Post-Run: 17 979 863 040 byte disponibili

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
378 --- E O F --- 2009-09-25 10:02