Olimpo Informatico

baciami · Semidio Registrato: 02/09/07 14:40 Messaggi: 287 Residenza: toscana

ecco il log..scusa il ritardo ma ero al lavoro

http://www.freefilehosting.net/download/3k0mc

Sante62 · Dio maturo Registrato: 27/06/07 16:55 Messaggi: 3477 Residenza: Floridia

Nessun problema per il ritardo.... Wink

il log non presenta nulla di sospetto....

Se vuoi, per chiudere in bellezza, collegati a Kaspersky online scanner e procedi con la scansione estesa del PC...

baciami · Semidio Registrato: 02/09/07 14:40 Messaggi: 287 Residenza: toscana

ciao sante..volevo dirti se posso eliminare suspectfile e mbr.exe..ti ricordo anche quel programma che mi hai promesso x poter caricare Laughing

ecco la scansione di kaspersky

Monday, July 21, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, July 21, 2008 10:54:02
Records in database: 980119

Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
E:\
F:\

Scan statistics
Files scanned 28820
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 00:31:38

File name Threat name Threats count
C:\WINDOWS\system32\IEDFix.C.exe Infected: Hoax.Win32.Renos.vaoz 1

The selected area was scanned.

baciami · Semidio Registrato: 02/09/07 14:40 Messaggi: 287 Residenza: toscana

ho trovato il file infetto in sistem32..che fo..lo elimino manualmente?

Sante62 · Dio maturo Registrato: 27/06/07 16:55 Messaggi: 3477 Residenza: Floridia

Si eliminalo manualmente; e puoi eliminare anche quelli che hai citato;

Quì trovi le istruzioni per installare la Console di ripristino di emergenza.

Ciao

Sante62 · Dio maturo Registrato: 27/06/07 16:55 Messaggi: 3477 Residenza: Floridia

Si eliminalo manualmente;

Quì trovi le istruzioni per installare la Console di ripristino di emergenza.

Ciao

baciami · Semidio Registrato: 02/09/07 14:40 Messaggi: 287 Residenza: toscana

ho scaricato il programma..l ho messo in combofix e questo è il log

ComboFix 08-07-20.A0 - Proprietario 2008-07-21 21.23.44.13 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.446 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Creati Da 2008-06-21 al 2008-07-21 )))))))))))))))))))))))))))))))))))
.

2008-07-21 19:25 . 2008-07-21 20:08 <DIR> d-------- C:\Programmi\a-squared Free
2008-07-20 12:30 . 2008-07-20 12:30 66,048 --a------ C:\mbr.exe
2008-07-18 19:56 . 2008-07-19 12:56 <DIR> d-------- C:\Programmi\Google
2008-07-18 19:56 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-18 19:49 . 2008-07-18 19:49 <DIR> d-------- C:\Programmi\File comuni\Java
2008-07-15 17:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-15 17:09 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-15 17:09 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-15 10:25 . 2008-01-19 14:27 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-14 21:46 . 2008-07-14 21:46 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Phone Browser
2008-07-14 21:46 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-07-14 21:45 . 2008-07-14 21:45 <DIR> d-------- C:\Programmi\Microsoft SQL Server Compact Edition
2008-07-14 21:31 . 2008-07-14 21:34 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-07-14 21:31 . 2008-07-14 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-07-12 20:33 . 2008-07-12 20:33 384 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-12 19:58 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-12 19:58 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-12 19:58 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-12 19:58 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-12 19:58 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-07 20:35 . 2008-07-07 20:35 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-07-07 20:19 . 2008-07-07 20:24 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-07-07 20:19 . 2005-04-15 20:58 1,071,088 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-07-07 20:19 . 2005-08-25 19:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-07-07 19:48 . 2008-07-07 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-06-27 20:40 . 2008-07-19 22:15 <DIR> d-------- C:\VEXPLITE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 17:56 --------- d-----w C:\Programmi\Java
2008-07-15 07:14 --------- d-----w C:\Programmi\Windows Live
2008-07-14 19:39 --------- d-----w C:\Programmi\MSN Messenger
2008-07-12 19:39 --------- d-----w C:\Programmi\backups
2008-07-12 16:51 39,808 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-06-27 18:27 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-06 11:38 --------- d-----w C:\Documents and Settings\Proprietario\Dati applicazioni\Nokia
2008-06-06 11:37 --------- d-----w C:\Programmi\Nokia
2008-06-06 11:37 --------- d-----w C:\Documents and Settings\Proprietario\Dati applicazioni\PC Suite
2008-06-06 11:36 --------- d-----w C:\Programmi\File comuni\PCSuite
2008-06-06 11:36 --------- d-----w C:\Programmi\File comuni\Nokia
2008-05-30 17:29 --------- d-----w C:\Programmi\Siemens
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-10 19:44 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-09-13 20:10 9,679,815 ----a-w C:\Programmi\vlc-0.8.6c-win32.exe
2008-03-01 15:49 20,512 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-18 20:07 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 13:36 266497]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:39 15360]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2004-11-25 00:27 32768]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ATI CATALYST System Tray.lnk]

[HKLM\~\startupfolder\^ntuser.dat]
path=\ntuser.dat

[HKLM\~\startupfolder\^ntuser.dat.LOG]
path=\ntuser.dat.LOG

[HKLM\~\startupfolder\^ntuser.ini]
path=\ntuser.ini
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIRIT LITE MONITOR
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
--a------ 2006-03-20 21:43 331776 C:\Programmi\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2004-11-25 00:27 32768 C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-11-24 21:10 344064 C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
--a------ 2005-03-31 09:30 1106944 C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
--a------ 2003-05-28 19:11 94208 C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
--a------ 2006-11-03 11:01 319488 C:\WINDOWS\PixArt\Pac207\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2005-03-22 09:39 167936 C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2005-04-20 09:57 847872 C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 19:19 15872 C:\Programmi\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2002-03-21 04:23 46592 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GbpSv"=2 (0x2)
"NMIndexingService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-07-12 18:51]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-07-19 20:59]
R3 PAC207;CIF USB Camera;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2006-11-10 13:51]
R3 WLAN FVNETusb(R);WLAN FVNETusb(R) Service for ATMEL USB FastVNET (AR);C:\WINDOWS\system32\DRIVERS\vnetusbr.sys [2002-08-06 16:38]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

*Newly Created Service* - A2FREE
*Newly Created Service* - CATCHME
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.it/

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-21 21:24:34
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-07-21 21:26:30
ComboFix-quarantined-files.txt 2008-07-21 19:25:52
ComboFix2.txt 2008-07-21 19:14:47

Pre-Run: 20,276,486,144 byte disponibili
Post-Run: 20,263,157,760 byte disponibili

147 --- E O F --- 2008-07-18 11:27:46

hei..non mi da quella scritta rossa..poi in fondo vedo vista ma io ho scaricato la home..boh..

baciami · Semidio Registrato: 02/09/07 14:40 Messaggi: 287 Residenza: toscana

sono andato sul sito e forse ho scaricato quella giusta..ma mi sembra che un sia cambiato nulla
ComboFix 08-07-20.A0 - Proprietario 2008-07-21 21.59.55.14 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.506 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Proprietario\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2008-06-21 al 2008-07-21 )))))))))))))))))))))))))))))))))))
.

2008-07-21 19:25 . 2008-07-21 20:08 <DIR> d-------- C:\Programmi\a-squared Free
2008-07-18 19:56 . 2008-07-19 12:56 <DIR> d-------- C:\Programmi\Google
2008-07-18 19:56 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-18 19:49 . 2008-07-18 19:49 <DIR> d-------- C:\Programmi\File comuni\Java
2008-07-15 17:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-15 17:09 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-15 17:09 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-15 10:25 . 2008-01-19 14:27 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-14 21:46 . 2008-07-14 21:46 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Phone Browser
2008-07-14 21:46 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-07-14 21:45 . 2008-07-14 21:45 <DIR> d-------- C:\Programmi\Microsoft SQL Server Compact Edition
2008-07-14 21:31 . 2008-07-14 21:34 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-07-14 21:31 . 2008-07-14 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-07-12 20:33 . 2008-07-12 20:33 384 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-12 19:58 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-12 19:58 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-12 19:58 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-12 19:58 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-12 19:58 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-07 20:35 . 2008-07-07 20:35 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-07-07 20:19 . 2008-07-07 20:24 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-07-07 20:19 . 2005-04-15 20:58 1,071,088 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-07-07 20:19 . 2005-08-25 19:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-07-07 19:48 . 2008-07-07 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-06-27 20:40 . 2008-07-19 22:15 <DIR> d-------- C:\VEXPLITE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 17:56 --------- d-----w C:\Programmi\Java
2008-07-15 07:14 --------- d-----w C:\Programmi\Windows Live
2008-07-14 19:39 --------- d-----w C:\Programmi\MSN Messenger
2008-07-12 19:39 --------- d-----w C:\Programmi\backups
2008-07-12 16:51 39,808 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-06-27 18:27 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-06 11:38 --------- d-----w C:\Documents and Settings\Proprietario\Dati applicazioni\Nokia
2008-06-06 11:37 --------- d-----w C:\Programmi\Nokia
2008-06-06 11:37 --------- d-----w C:\Documents and Settings\Proprietario\Dati applicazioni\PC Suite
2008-06-06 11:36 --------- d-----w C:\Programmi\File comuni\PCSuite
2008-06-06 11:36 --------- d-----w C:\Programmi\File comuni\Nokia
2008-05-30 17:29 --------- d-----w C:\Programmi\Siemens
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-10 19:44 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-09-13 20:10 9,679,815 ----a-w C:\Programmi\vlc-0.8.6c-win32.exe
2008-03-01 15:49 20,512 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-18 20:07 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 13:36 266497]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:39 15360]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2004-11-25 00:27 32768]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ATI CATALYST System Tray.lnk]

[HKLM\~\startupfolder\^ntuser.dat]
path=\ntuser.dat

[HKLM\~\startupfolder\^ntuser.dat.LOG]
path=\ntuser.dat.LOG

[HKLM\~\startupfolder\^ntuser.ini]
path=\ntuser.ini
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIRIT LITE MONITOR
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
--a------ 2006-03-20 21:43 331776 C:\Programmi\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2004-11-25 00:27 32768 C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-11-24 21:10 344064 C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
--a------ 2005-03-31 09:30 1106944 C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
--a------ 2003-05-28 19:11 94208 C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
--a------ 2006-11-03 11:01 319488 C:\WINDOWS\PixArt\Pac207\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2005-03-22 09:39 167936 C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2005-04-20 09:57 847872 C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 19:19 15872 C:\Programmi\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2002-03-21 04:23 46592 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GbpSv"=2 (0x2)
"NMIndexingService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-07-12 18:51]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-07-19 20:59]
R3 PAC207;CIF USB Camera;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2006-11-10 13:51]
R3 WLAN FVNETusb(R);WLAN FVNETusb(R) Service for ATMEL USB FastVNET (AR);C:\WINDOWS\system32\DRIVERS\vnetusbr.sys [2002-08-06 16:38]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.it/

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-21 22:01:07
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-07-21 22:03:10
ComboFix-quarantined-files.txt 2008-07-21 20:02:46

Pre-Run: 20,317,810,688 byte disponibili
Post-Run: 20,288,266,240 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

152 --- E O F --- 2008-07-18 11:27:46

Sante62 · Dio maturo Registrato: 27/06/07 16:55 Messaggi: 3477 Residenza: Floridia

In che senso non è cambiato nulla?

Mi sembra sia andata a buon fine, la scritta rossa non c'è più... Think

baciami · Semidio Registrato: 02/09/07 14:40 Messaggi: 287 Residenza: toscana

forse xchè x sbaglio ho eliminato windowsupdate da strumenti...opzioni internet..visualizza oggetti ? oppure xchè ho scaricato la nuova versione di msn messenger dove mi ha scaricato anche Wlinstaller? posso ora eliminare il programma che mi hai dato?..scusa se rompo Rolling Eyes

Sante62 · Dio maturo Registrato: 27/06/07 16:55 Messaggi: 3477 Residenza: Floridia

baciami · Semidio Registrato: 02/09/07 14:40 Messaggi: 287 Residenza: toscana

ok..ti ringrazio.cmq quando faccio combofix mi da un bug..se poi trovi una soluzione ok senno' vado avanti cosi' Ciao

Sante62 · Dio maturo Registrato: 27/06/07 16:55 Messaggi: 3477 Residenza: Floridia

Che bug ti dà?

baciami · Semidio Registrato: 02/09/07 14:40 Messaggi: 287 Residenza: toscana

ciao sante..questo bug..

pushd "C:\327882R2FWJFW\"

=============================================

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Proprietario\Dati applicazioni
cfldr=327882R2FWJFW
CLIENTNAME=Console
CommonProgramFiles=C:\Programmi\File comuni
COMPUTERNAME=PIOMBINO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Proprietario
kmd=CF16332.exe
LOGONSERVER=\\PIOMBINO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\327882R2FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Programmi\ATI Technologies\ATI Control Panel;C:\Programmi\ATI Technologies\ATI.ACE;C:\Programmi\Symantec\Norton
PATHEXT=.cfexe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Programmi
PROMPT=$
SESSIONNAME=Console
sfxname=C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe
system=C:\WINDOWS\system32
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp
TMP=C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp
USERDOMAIN=PIOMBINO
USERNAME=Proprietario
USERPROFILE=C:\Documents and Settings\Proprietario
windir=C:\WINDOWS

=============================================

if not defined sfxname goto END

If [/u] == [] Set "SfxCmd="

if /I "C:\327882R2FWJFW" NEQ "C:\327882R2FWJFW" goto Abort

if exist "C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\327882R2FWJFW327882R2FWJFW.log" del "C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\327882R2FWJFW327882R2FWJFW.log"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 (C)
Ownerchange for "C:\WINDOWS\system32\cmd.exe" to Administrators group was successful

copy /y "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF16332.exe"
1 file copiati.

if not exist "C:\WINDOWS\system32\CF16332.exe" catchme -l nul -c "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF16332.exe"

For /F "tokens=*" %g in ("C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe") do @(
set "FileName=%~ng"
set "FilePath=%~dpg"
)

Set FileName 1>FileName 2>nul

GREP -Gisqx "FileName=[-[:alnum:]@.]*" FileName || (
nircmd infobox "You cannot rename ComboFix as ComboFix~n~nPlease use another name, preferbaly made up of alphanumeric characters" ""
goto END
)

DIR /AD/B C:\* | Findstr -IVX ComboFix 1>dirname00

Findstr -LIXC:"ComboFix" dirname00 1>nul && call :NameChk

If exist dirname0? del /Q dirname0?

If exist "\ComboFix" DIR /AD "\ComboFix" 1>nul && (
rd /s/q "\ComboFix"
If exist "\ComboFix" (
PV -kf Findstr *.cfexe
rd /s/q "\ComboFix"
)
If exist "\ComboFix" (
handle "C:\ComboFix" | SED -r "/pid:/!d; s/.*: (.*): .*/\1/" 1>temp00
for /F "tokens=1,2" %g in (temp00) do @echo.y | Handle -p %g -c %h
del /q temp00
rd /s/q "\ComboFix"
)
)

If exist "\ComboFix" rd /s/q "\ComboFix"

If exist "\ComboFix" goto :eof

swreg query "hklm\software\microsoft\windows nt\currentversion" /v currentversion 1>osVer00

GREP -sq "currentversion.* 6.0" osVer00 && (Call :Vista ) ||

del osVer00 2>nul

CD ..

Set "comspec=C:\WINDOWS\system32\CF16332.exe"

(
echo.md "\ComboFix"
echo.Move /y "\327882R2FWJFW\*" "\ComboFix"
echo.RD /S/Q "\327882R2FWJFW"
echo.Start "." /d"C:\ComboFix" "C:\WINDOWS\system32\CF16332.exe" /k c.bat
echo.pv -kf cmd.exe
) 1>Start_.cmd

NirCmd exec hide "C:\WINDOWS\system32\CF16332.exe" /f:off /d /c call Start_.cmd

NirCmd execmd del "\327882R2FWJFW\prep.cmd"

EXIT

Sante62 · Dio maturo Registrato: 27/06/07 16:55 Messaggi: 3477 Residenza: Floridia

Mi sembra sia il lavoro che fa quando digiti il comando di disinstallazione;

E' così, oppure non si disinstalla?

baciami · Semidio Registrato: 02/09/07 14:40 Messaggi: 287 Residenza: toscana

ho fatto una prova e si...appare il bug quando disinstallo combofix da start---esegui---combofix /u

gia che ci sono..oltre al programma che mi hai dato,elimino anche le parti che si trovano in c ? "cmdcons" "Boot.bak" "cmldr" grazie di tutto. Ciao

Sante62 · Dio maturo Registrato: 27/06/07 16:55 Messaggi: 3477 Residenza: Floridia

Non so di preciso a quali programmi appartengono quei comandi.

baciami · Semidio Registrato: 02/09/07 14:40 Messaggi: 287 Residenza: toscana

sono del programma che mi hai dato..quello di microsoft

Sante62 · Dio maturo Registrato: 27/06/07 16:55 Messaggi: 3477 Residenza: Floridia

Ah, ho capito, la consolle di ripristino....

Non sono sicuro però della loro eliminazione...

baciami · Semidio Registrato: 02/09/07 14:40 Messaggi: 287 Residenza: toscana

ok..le lascio sta..grazie di tutto sante Ciao