Precedente :: Successivo |
Autore |
Messaggio |
baciami Semidio
Registrato: 02/09/07 14:40 Messaggi: 287 Residenza: toscana
|
Inviato: 20 Lug 2008 18:31 Oggetto: |
|
|
ecco il log..scusa il ritardo ma ero al lavoro
http://www.freefilehosting.net/download/3k0mc |
|
Top |
|
|
Sante62 Dio maturo
Registrato: 27/06/07 16:55 Messaggi: 3477 Residenza: Floridia
|
Inviato: 20 Lug 2008 23:22 Oggetto: |
|
|
Nessun problema per il ritardo....
il log non presenta nulla di sospetto....
Se vuoi, per chiudere in bellezza, collegati a Kaspersky online scanner e procedi con la scansione estesa del PC... |
|
Top |
|
|
baciami Semidio
Registrato: 02/09/07 14:40 Messaggi: 287 Residenza: toscana
|
Inviato: 21 Lug 2008 13:13 Oggetto: |
|
|
ciao sante..volevo dirti se posso eliminare suspectfile e mbr.exe..ti ricordo anche quel programma che mi hai promesso x poter caricare ecco la scansione di kaspersky
Monday, July 21, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, July 21, 2008 10:54:02
Records in database: 980119
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
E:\
F:\
Scan statistics
Files scanned 28820
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 00:31:38
File name Threat name Threats count
C:\WINDOWS\system32\IEDFix.C.exe Infected: Hoax.Win32.Renos.vaoz 1
The selected area was scanned. |
|
Top |
|
|
baciami Semidio
Registrato: 02/09/07 14:40 Messaggi: 287 Residenza: toscana
|
Inviato: 21 Lug 2008 19:36 Oggetto: |
|
|
ho trovato il file infetto in sistem32..che fo..lo elimino manualmente? |
|
Top |
|
|
Sante62 Dio maturo
Registrato: 27/06/07 16:55 Messaggi: 3477 Residenza: Floridia
|
Inviato: 21 Lug 2008 19:51 Oggetto: |
|
|
Si eliminalo manualmente; e puoi eliminare anche quelli che hai citato;
Quì trovi le istruzioni per installare la Console di ripristino di emergenza.
L'ultima modifica di Sante62 il 21 Lug 2008 19:53, modificato 1 volta |
|
Top |
|
|
Sante62 Dio maturo
Registrato: 27/06/07 16:55 Messaggi: 3477 Residenza: Floridia
|
|
Top |
|
|
baciami Semidio
Registrato: 02/09/07 14:40 Messaggi: 287 Residenza: toscana
|
Inviato: 21 Lug 2008 20:48 Oggetto: |
|
|
ho scaricato il programma..l ho messo in combofix e questo è il log
ComboFix 08-07-20.A0 - Proprietario 2008-07-21 21.23.44.13 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.446 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Creati Da 2008-06-21 al 2008-07-21 )))))))))))))))))))))))))))))))))))
.
2008-07-21 19:25 . 2008-07-21 20:08 <DIR> d-------- C:\Programmi\a-squared Free
2008-07-20 12:30 . 2008-07-20 12:30 66,048 --a------ C:\mbr.exe
2008-07-18 19:56 . 2008-07-19 12:56 <DIR> d-------- C:\Programmi\Google
2008-07-18 19:56 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-18 19:49 . 2008-07-18 19:49 <DIR> d-------- C:\Programmi\File comuni\Java
2008-07-15 17:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-15 17:09 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-15 17:09 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-15 10:25 . 2008-01-19 14:27 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-14 21:46 . 2008-07-14 21:46 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Phone Browser
2008-07-14 21:46 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-07-14 21:45 . 2008-07-14 21:45 <DIR> d-------- C:\Programmi\Microsoft SQL Server Compact Edition
2008-07-14 21:31 . 2008-07-14 21:34 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-07-14 21:31 . 2008-07-14 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-07-12 20:33 . 2008-07-12 20:33 384 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-12 19:58 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-12 19:58 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-12 19:58 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-12 19:58 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-12 19:58 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-07 20:35 . 2008-07-07 20:35 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-07-07 20:19 . 2008-07-07 20:24 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-07-07 20:19 . 2005-04-15 20:58 1,071,088 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-07-07 20:19 . 2005-08-25 19:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-07-07 19:48 . 2008-07-07 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-06-27 20:40 . 2008-07-19 22:15 <DIR> d-------- C:\VEXPLITE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 17:56 --------- d-----w C:\Programmi\Java
2008-07-15 07:14 --------- d-----w C:\Programmi\Windows Live
2008-07-14 19:39 --------- d-----w C:\Programmi\MSN Messenger
2008-07-12 19:39 --------- d-----w C:\Programmi\backups
2008-07-12 16:51 39,808 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-06-27 18:27 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-06 11:38 --------- d-----w C:\Documents and Settings\Proprietario\Dati applicazioni\Nokia
2008-06-06 11:37 --------- d-----w C:\Programmi\Nokia
2008-06-06 11:37 --------- d-----w C:\Documents and Settings\Proprietario\Dati applicazioni\PC Suite
2008-06-06 11:36 --------- d-----w C:\Programmi\File comuni\PCSuite
2008-06-06 11:36 --------- d-----w C:\Programmi\File comuni\Nokia
2008-05-30 17:29 --------- d-----w C:\Programmi\Siemens
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-10 19:44 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-09-13 20:10 9,679,815 ----a-w C:\Programmi\vlc-0.8.6c-win32.exe
2008-03-01 15:49 20,512 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-18 20:07 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 13:36 266497]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:39 15360]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2004-11-25 00:27 32768]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ATI CATALYST System Tray.lnk]
[HKLM\~\startupfolder\^ntuser.dat]
path=\ntuser.dat
[HKLM\~\startupfolder\^ntuser.dat.LOG]
path=\ntuser.dat.LOG
[HKLM\~\startupfolder\^ntuser.ini]
path=\ntuser.ini
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIRIT LITE MONITOR
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
--a------ 2006-03-20 21:43 331776 C:\Programmi\AGEIA Technologies\TrayIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2004-11-25 00:27 32768 C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-11-24 21:10 344064 C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
--a------ 2005-03-31 09:30 1106944 C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
--a------ 2003-05-28 19:11 94208 C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
--a------ 2006-11-03 11:01 319488 C:\WINDOWS\PixArt\Pac207\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2005-03-22 09:39 167936 C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2005-04-20 09:57 847872 C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 19:19 15872 C:\Programmi\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2002-03-21 04:23 46592 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GbpSv"=2 (0x2)
"NMIndexingService"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-07-12 18:51]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-07-19 20:59]
R3 PAC207;CIF USB Camera;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2006-11-10 13:51]
R3 WLAN FVNETusb(R);WLAN FVNETusb(R) Service for ATMEL USB FastVNET (AR);C:\WINDOWS\system32\DRIVERS\vnetusbr.sys [2002-08-06 16:38]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
*Newly Created Service* - A2FREE
*Newly Created Service* - CATCHME
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.it/
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-21 21:24:34
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-07-21 21:26:30
ComboFix-quarantined-files.txt 2008-07-21 19:25:52
ComboFix2.txt 2008-07-21 19:14:47
Pre-Run: 20,276,486,144 byte disponibili
Post-Run: 20,263,157,760 byte disponibili
147 --- E O F --- 2008-07-18 11:27:46
hei..non mi da quella scritta rossa..poi in fondo vedo vista ma io ho scaricato la home..boh.. |
|
Top |
|
|
baciami Semidio
Registrato: 02/09/07 14:40 Messaggi: 287 Residenza: toscana
|
Inviato: 21 Lug 2008 21:08 Oggetto: |
|
|
sono andato sul sito e forse ho scaricato quella giusta..ma mi sembra che un sia cambiato nulla
ComboFix 08-07-20.A0 - Proprietario 2008-07-21 21.59.55.14 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.506 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Proprietario\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((( Files Creati Da 2008-06-21 al 2008-07-21 )))))))))))))))))))))))))))))))))))
.
2008-07-21 19:25 . 2008-07-21 20:08 <DIR> d-------- C:\Programmi\a-squared Free
2008-07-18 19:56 . 2008-07-19 12:56 <DIR> d-------- C:\Programmi\Google
2008-07-18 19:56 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-18 19:49 . 2008-07-18 19:49 <DIR> d-------- C:\Programmi\File comuni\Java
2008-07-15 17:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-15 17:09 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-15 17:09 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-15 10:25 . 2008-01-19 14:27 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-14 21:46 . 2008-07-14 21:46 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Phone Browser
2008-07-14 21:46 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-07-14 21:45 . 2008-07-14 21:45 <DIR> d-------- C:\Programmi\Microsoft SQL Server Compact Edition
2008-07-14 21:31 . 2008-07-14 21:34 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-07-14 21:31 . 2008-07-14 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-07-12 20:33 . 2008-07-12 20:33 384 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-12 19:58 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-12 19:58 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-12 19:58 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-12 19:58 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-12 19:58 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-07 20:35 . 2008-07-07 20:35 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-07-07 20:19 . 2008-07-07 20:24 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-07-07 20:19 . 2005-04-15 20:58 1,071,088 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-07-07 20:19 . 2005-08-25 19:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-07-07 19:48 . 2008-07-07 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-06-27 20:40 . 2008-07-19 22:15 <DIR> d-------- C:\VEXPLITE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 17:56 --------- d-----w C:\Programmi\Java
2008-07-15 07:14 --------- d-----w C:\Programmi\Windows Live
2008-07-14 19:39 --------- d-----w C:\Programmi\MSN Messenger
2008-07-12 19:39 --------- d-----w C:\Programmi\backups
2008-07-12 16:51 39,808 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-06-27 18:27 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-06 11:38 --------- d-----w C:\Documents and Settings\Proprietario\Dati applicazioni\Nokia
2008-06-06 11:37 --------- d-----w C:\Programmi\Nokia
2008-06-06 11:37 --------- d-----w C:\Documents and Settings\Proprietario\Dati applicazioni\PC Suite
2008-06-06 11:36 --------- d-----w C:\Programmi\File comuni\PCSuite
2008-06-06 11:36 --------- d-----w C:\Programmi\File comuni\Nokia
2008-05-30 17:29 --------- d-----w C:\Programmi\Siemens
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-10 19:44 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-09-13 20:10 9,679,815 ----a-w C:\Programmi\vlc-0.8.6c-win32.exe
2008-03-01 15:49 20,512 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-18 20:07 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 13:36 266497]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:39 15360]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2004-11-25 00:27 32768]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ATI CATALYST System Tray.lnk]
[HKLM\~\startupfolder\^ntuser.dat]
path=\ntuser.dat
[HKLM\~\startupfolder\^ntuser.dat.LOG]
path=\ntuser.dat.LOG
[HKLM\~\startupfolder\^ntuser.ini]
path=\ntuser.ini
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIRIT LITE MONITOR
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
--a------ 2006-03-20 21:43 331776 C:\Programmi\AGEIA Technologies\TrayIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2004-11-25 00:27 32768 C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-11-24 21:10 344064 C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
--a------ 2005-03-31 09:30 1106944 C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
--a------ 2003-05-28 19:11 94208 C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
--a------ 2006-11-03 11:01 319488 C:\WINDOWS\PixArt\Pac207\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2005-03-22 09:39 167936 C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2005-04-20 09:57 847872 C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 19:19 15872 C:\Programmi\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2002-03-21 04:23 46592 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GbpSv"=2 (0x2)
"NMIndexingService"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-07-12 18:51]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-07-19 20:59]
R3 PAC207;CIF USB Camera;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2006-11-10 13:51]
R3 WLAN FVNETusb(R);WLAN FVNETusb(R) Service for ATMEL USB FastVNET (AR);C:\WINDOWS\system32\DRIVERS\vnetusbr.sys [2002-08-06 16:38]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.it/
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-21 22:01:07
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-07-21 22:03:10
ComboFix-quarantined-files.txt 2008-07-21 20:02:46
Pre-Run: 20,317,810,688 byte disponibili
Post-Run: 20,288,266,240 byte disponibili
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
152 --- E O F --- 2008-07-18 11:27:46 |
|
Top |
|
|
Sante62 Dio maturo
Registrato: 27/06/07 16:55 Messaggi: 3477 Residenza: Floridia
|
Inviato: 21 Lug 2008 21:47 Oggetto: |
|
|
In che senso non è cambiato nulla?
Mi sembra sia andata a buon fine, la scritta rossa non c'è più... |
|
Top |
|
|
baciami Semidio
Registrato: 02/09/07 14:40 Messaggi: 287 Residenza: toscana
|
Inviato: 22 Lug 2008 11:55 Oggetto: |
|
|
forse xchè x sbaglio ho eliminato windowsupdate da strumenti...opzioni internet..visualizza oggetti ? oppure xchè ho scaricato la nuova versione di msn messenger dove mi ha scaricato anche Wlinstaller? posso ora eliminare il programma che mi hai dato?..scusa se rompo |
|
Top |
|
|
Sante62 Dio maturo
Registrato: 27/06/07 16:55 Messaggi: 3477 Residenza: Floridia
|
Inviato: 22 Lug 2008 16:00 Oggetto: |
|
|
baciami ha scritto: | forse xchè x sbaglio ho eliminato windowsupdate da strumenti...opzioni internet..visualizza oggetti ? oppure xchè ho scaricato la nuova versione di msn messenger dove mi ha scaricato anche Wlinstaller? |
Può darsi, ma è difficile dirlo, almeno da parte mia.
baciami ha scritto: |
posso ora eliminare il programma che mi hai dato?..scusa se rompo |
Si, li puoi eliminare; per Combofix procedi così:
Start-Esegui->digita:
Citazione: | Combofix /u (rispetta le maiuscole e gli spazi)
|
|
|
Top |
|
|
baciami Semidio
Registrato: 02/09/07 14:40 Messaggi: 287 Residenza: toscana
|
Inviato: 22 Lug 2008 19:43 Oggetto: |
|
|
ok..ti ringrazio.cmq quando faccio combofix mi da un bug..se poi trovi una soluzione ok senno' vado avanti cosi' |
|
Top |
|
|
Sante62 Dio maturo
Registrato: 27/06/07 16:55 Messaggi: 3477 Residenza: Floridia
|
Inviato: 23 Lug 2008 08:12 Oggetto: |
|
|
Che bug ti dà? |
|
Top |
|
|
baciami Semidio
Registrato: 02/09/07 14:40 Messaggi: 287 Residenza: toscana
|
Inviato: 23 Lug 2008 20:42 Oggetto: |
|
|
ciao sante..questo bug..
pushd "C:\327882R2FWJFW\"
=============================================
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Proprietario\Dati applicazioni
cfldr=327882R2FWJFW
CLIENTNAME=Console
CommonProgramFiles=C:\Programmi\File comuni
COMPUTERNAME=PIOMBINO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Proprietario
kmd=CF16332.exe
LOGONSERVER=\\PIOMBINO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\327882R2FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Programmi\ATI Technologies\ATI Control Panel;C:\Programmi\ATI Technologies\ATI.ACE;C:\Programmi\Symantec\Norton
PATHEXT=.cfexe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Programmi
PROMPT=$
SESSIONNAME=Console
sfxname=C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe
system=C:\WINDOWS\system32
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp
TMP=C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp
USERDOMAIN=PIOMBINO
USERNAME=Proprietario
USERPROFILE=C:\Documents and Settings\Proprietario
windir=C:\WINDOWS
=============================================
if not defined sfxname goto END
If [/u] == [] Set "SfxCmd="
if /I "C:\327882R2FWJFW" NEQ "C:\327882R2FWJFW" goto Abort
if exist "C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\327882R2FWJFW327882R2FWJFW.log" del "C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\327882R2FWJFW327882R2FWJFW.log"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 (C)
Ownerchange for "C:\WINDOWS\system32\cmd.exe" to Administrators group was successful
copy /y "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF16332.exe"
1 file copiati.
if not exist "C:\WINDOWS\system32\CF16332.exe" catchme -l nul -c "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF16332.exe"
For /F "tokens=*" %g in ("C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe") do @(
set "FileName=%~ng"
set "FilePath=%~dpg"
)
Set FileName 1>FileName 2>nul
GREP -Gisqx "FileName=[-[:alnum:]@.]*" FileName || (
nircmd infobox "You cannot rename ComboFix as ComboFix~n~nPlease use another name, preferbaly made up of alphanumeric characters" ""
goto END
)
DIR /AD/B C:\* | Findstr -IVX ComboFix 1>dirname00
Findstr -LIXC:"ComboFix" dirname00 1>nul && call :NameChk
If exist dirname0? del /Q dirname0?
If exist "\ComboFix" DIR /AD "\ComboFix" 1>nul && (
rd /s/q "\ComboFix"
If exist "\ComboFix" (
PV -kf Findstr *.cfexe
rd /s/q "\ComboFix"
)
If exist "\ComboFix" (
handle "C:\ComboFix" | SED -r "/pid:/!d; s/.*: (.*): .*/\1/" 1>temp00
for /F "tokens=1,2" %g in (temp00) do @echo.y | Handle -p %g -c %h
del /q temp00
rd /s/q "\ComboFix"
)
)
If exist "\ComboFix" rd /s/q "\ComboFix"
If exist "\ComboFix" goto :eof
swreg query "hklm\software\microsoft\windows nt\currentversion" /v currentversion 1>osVer00
GREP -sq "currentversion.* 6.0" osVer00 && (Call :Vista ) ||
del osVer00 2>nul
CD ..
Set "comspec=C:\WINDOWS\system32\CF16332.exe"
(
echo.md "\ComboFix"
echo.Move /y "\327882R2FWJFW\*" "\ComboFix"
echo.RD /S/Q "\327882R2FWJFW"
echo.Start "." /d"C:\ComboFix" "C:\WINDOWS\system32\CF16332.exe" /k c.bat
echo.pv -kf cmd.exe
) 1>Start_.cmd
NirCmd exec hide "C:\WINDOWS\system32\CF16332.exe" /f:off /d /c call Start_.cmd
NirCmd execmd del "\327882R2FWJFW\prep.cmd"
EXIT |
|
Top |
|
|
Sante62 Dio maturo
Registrato: 27/06/07 16:55 Messaggi: 3477 Residenza: Floridia
|
Inviato: 23 Lug 2008 21:40 Oggetto: |
|
|
Mi sembra sia il lavoro che fa quando digiti il comando di disinstallazione;
E' così, oppure non si disinstalla? |
|
Top |
|
|
baciami Semidio
Registrato: 02/09/07 14:40 Messaggi: 287 Residenza: toscana
|
Inviato: 24 Lug 2008 12:27 Oggetto: |
|
|
ho fatto una prova e si...appare il bug quando disinstallo combofix da start---esegui---combofix /u
gia che ci sono..oltre al programma che mi hai dato,elimino anche le parti che si trovano in c ? "cmdcons" "Boot.bak" "cmldr" grazie di tutto. |
|
Top |
|
|
Sante62 Dio maturo
Registrato: 27/06/07 16:55 Messaggi: 3477 Residenza: Floridia
|
Inviato: 24 Lug 2008 15:27 Oggetto: |
|
|
Non so di preciso a quali programmi appartengono quei comandi. |
|
Top |
|
|
baciami Semidio
Registrato: 02/09/07 14:40 Messaggi: 287 Residenza: toscana
|
Inviato: 24 Lug 2008 19:12 Oggetto: |
|
|
sono del programma che mi hai dato..quello di microsoft |
|
Top |
|
|
Sante62 Dio maturo
Registrato: 27/06/07 16:55 Messaggi: 3477 Residenza: Floridia
|
Inviato: 24 Lug 2008 19:44 Oggetto: |
|
|
Ah, ho capito, la consolle di ripristino....
Non sono sicuro però della loro eliminazione... |
|
Top |
|
|
baciami Semidio
Registrato: 02/09/07 14:40 Messaggi: 287 Residenza: toscana
|
Inviato: 24 Lug 2008 19:47 Oggetto: |
|
|
ok..le lascio sta..grazie di tutto sante |
|
Top |
|
|
|