Rimuovere il virus iexplore.exe / log hijack

**xalice15x** · #1 10 novembre 2008, 18:14

Hey guys,
Um. Ogni volta che avvio il computer, il iexplore.exe (in mangiatoia compito) viene su da sola. Io non uso mai internet explorer, io uso Firefox. ma questo è il controllo della sua propria. E 'anche utilizzare la maggior parte della mia memoria. Ho anche trovato un miliardo di popup che io sono pronto a scommettere sono da questo. ogni volta che terminare il processo si torna a 3 o 4 volte, poi di solito va via dopo la 5a volta ho fine. ma questo è solo per circa 5min poi il suo ritorno. Qualcuno sa che cosa succede? Ho eseguito scansioni con Ad-Aware, Norton, ecc, ma non hanno trovato nulla.
Ulteriori informazioni:
Ho's Window XP
& & Inoltre ci sono voci fcoming dagli annunci. Ho provato di tutto. Grazie in anticipo ^ __ ^

Sono un po 'nuovo a questo. Così ERM. Qualcuno può dirmi come rimuoverlo? In un modo semplice ish? = P

File di log di HijackThis v1.99.1
Scan saved at 6:14:25, il 11/10/2008
Piattaforma: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Processi in esecuzione:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ ehome \ ehtray.exe
C: \ windows \ system \ hpsysdrv.exe
C: \ Program Files \ HP \ Digital Imaging \ Unload \ hpqcmon.exe
C: \ WINDOWS \ System32 \ hphmon05.exe
C: \ HP \ KBD \ KBD.EXE
C: \ WINDOWS \ LTMSG.exe
C: \ Program Files \ Multimedia Card Reader \ shwicon2k.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ ALCXMNTR.EXE
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Program Files \ Aggiornamenti da HP \ 137903 \ Program \ BackWeb-137903.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Photodex \ ProShowGold \ ScsiAccess.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ 0LFlxR4x.exe
C: \ Program Files \ Lavasoft \ Ad-Aware SE Professional \ Ad-Aware.exe
C: \ PROGRA ~ 1 \ WinZip \ winzip32.exe
C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ LOCALS ~ 1 \ Temp \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://srch-us10.hpwis.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int Ethernet Impostazioni, ProxyOverride = localhost
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (3615EE58-6F38-47BA-9DD9-C99BD611C6A6) - C: \ WINDOWS \ system32 \ efcdbxx.dll (file missing)
O2 - BHO: (no name) - (4715C8BC-0204-06D4-0A62-2E00BBB78BBD) - C: \ WINDOWS \ system32 \ izf.dll (file mancanti)
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: (no name) - (843B515A-BBC4-4AF2-916D-69E9F7DD8F9D) - C: \ WINDOWS \ system32 \ vtsqo.dll (file mancanti)
O2 - BHO: (684a8728-DD11-3ef9-b3e4-ea3410654e7c) - (c7e45601-43ae-4e3b-9fe3-11dd8278a486) - C: \ WINDOWS \ system32 \ ikwijhuy.dll (file mancanti)
O3 - Toolbar: HP View - (B2847E28-5D7D-4DEB-8B67-05D28BCF79F5) - c: \ Program Files \ HP \ Digital Imaging \ bin \ hpdtlk02.dll
O4 - HKLM \ .. \ Run: [ehTray] C: \ WINDOWS \ ehome \ ehtray.exe
O4 - HKLM \ .. \ Run: [hpsysdrv] c: \ windows \ system \ hpsysdrv.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ System32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [CamMonitor] c: \ Program Files \ HP \ Digital Imaging \ Unload \ hpqcmon.exe
O4 - HKLM \ .. \ Run: [HPHUPD05] c: \ Program Files \ HP \ (45B6180B-DCAB-4093-8EE8-6164457517F0) \ hphupd05.exe
O4 - HKLM \ .. \ Run: [HPHmon05] C: \ WINDOWS \ System32 \ hphmon05.exe
O4 - HKLM \ .. \ Run: [KBD] C: \ HP \ KBD \ KBD.EXE
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [AutoTKit] C: \ hp \ bin \ AUTOTKIT.EXE
O4 - HKLM \ .. \ Run: [Recguard] C: \ WINDOWS \ SMINST \ RECGUARD.EXE
O4 - HKLM \ .. \ Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM \ .. \ Run: [LTMSG] LTMSG.exe 7
O4 - HKLM \ .. \ Run: [PS2] C: \ WINDOWS \ system32 \ ps2.exe
O4 - HKLM \ .. \ Run: [Sunkist2k] C: \ Program Files \ Multimedia Card Reader \ shwicon2k.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [ATIPTA] C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
O4 - HKLM \ .. \ Run: [Index Washer] C: \ Program Files \ Webroot \ Washer \ WashIdx.exe "Administrator"
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ 1.2.1128.5462 \ G oogleToolbarNotifier.exe
O4 - HKCU \ .. \ Run: [Window Washer] C: \ Program Files \ Webroot \ Washer \ wwDisp.exe
O4 - HKLM \ .. \ Run: [Index Washer] C: \ Program Files \ Webroot \ Washer \ WashIdx.exe "Administrator"
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma LOADER.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: Quicken Updates.lnk Programmato = C: \ Program Files \ Quicken \ bagent.exe
O4 - Global Startup: Aggiornamenti da HP.lnk = C: \ Program Files \ Aggiornamenti da HP \ 137903 \ Program \ BackWeb-137903.exe
O8 - Extra contesto voce di menu: E & sporta in Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ EXCEL.EXE/3000
O9 - Extra pulsante: Invia a OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S & fine a OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll
O9 - Extra pulsante: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ REFIEBAR.DLL
O9 - Extra pulsante: MUSICMATCH MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (file mancanti)
O9 - Extra pulsante: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file mancanti)
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file mancanti)
O9 - Extra pulsante: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø11 - Opzioni di gruppo: [INTERNATIONAL] International *
Ø16 - DPF: (67DABFBF-D0AB-41FA-9C46-CC0F21721616) -- http://download.divx.com/player/DivXBrowserPlugin.cab
Ø16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
Ø18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ GR99D3 ~ 1.DLL
Ø18 - Protocol: ms-help - (314111C7-A502-11D2-BBCA-00C04F8EC294) - C: \ Program Files \ Common Files \ Microsoft Shared \ Help \ hxds.dll
Ø18 - Filter hijack: text / xml - (807563E5-5146-11D5-A672-00B0D022E945) - C: \ PROGRA ~ 1 \ COMUNE ~ 1 \ micros ~ 1 \ Office12 \ MSOXMLMF.DL L
Ø20 - Winlogon Notify: dimsntfy -% SystemRoot% \ System32 \ dimsntfy.dll (file mancanti)
O20 - Winlogon Notify: efcdbxx - efcdbxx.dll (file missing)
Ø20 - Winlogon Notify: igfxcui - C: \ WINDOWS \ SYSTEM32 \ igfxsrvc.dll
Ø20 - Winlogon Notify: NavLogon - C: \ WINDOWS \ system32 \ NavLogon.dll
O23 - Service: Adobe LM Service - Sconosciuto proprietario - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Ati Hotkey Poller - Ignoto proprietario - C: \ WINDOWS \ System32 \ Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
O23 - Service: ScsiAccess - Sconosciuto proprietario - C: \ Program Files \ Photodex \ ProShowGold \ ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe

**evilfantasy** · #2 10 novembre 2008, 20:23

Benvenuti a CJ.

Si prega di stampare queste istruzioni che saranno necessari più tardi, quando l'accesso a Internet non è disponibile.

Scaricare SDFix da AndyManchesta e salvarlo sul desktop.

Quando si utilizza questo strumento, è necessario utilizzare il Amministratore del conto o un account con Diritti amministrativi

Fare doppio clic SDFix.exe e si estrarre i file in% systemdrive%
(questa è l'unità che contiene la directory di Windows, di solito C: \ SDFix).
NON usare solo ancora.

Riavviare il computer in Safe Mode utilizzando il F8 metodo. Per effettuare questa operazione, riavviare il computer e il computer dopo aver sentito suonare una volta durante l'avvio (ma prima di Windows viene visualizzata l'icona), premere ripetutamente il tasto F8. Verrà visualizzato un menu con diverse opzioni. Utilizzare i tasti freccia per navigare e selezionare l'opzione per eseguire Windows in "Modalità provvisoria".

Apri la cartella SDFix e fare doppio clic RunThis.bat per avviare lo script.

Tipo + + digitare Y per avviare il processo di pulizia.
Essa consente di eliminare ogni Servizi Trojan o Registry Entries trovato poi chiederà di premere un tasto qualsiasi per riavviare il sistema.
Premere un tasto qualsiasi e si riavvia il PC.
Quando il PC viene riavviato, il Fixtool sarà nuovamente e completare il processo di rimozione, quindi, Finito, Premere un tasto qualsiasi per terminare lo script e caricare le icone sul desktop.
Una volta che il desktop icone caricare il SDFix relazione si aprirà sullo schermo e salvare nella cartella SDFix Report.txt.
Copia e incolla il contenuto del file di risultati Report.txt nella prossima risposta.

----------

Inoltre, installare la nuova versione di HijackThis e posta un nuovo log di avvio in modalità normale dopo SDFix è stato completato.

Scaricare TrendMicro HijackThis.exe (HJT) per il Desktop.

Fare doppio clic su HJTInstall.
Fare clic sul Installare pulsante.
Sarà automaticamente posto in HJT C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
Su installare, HijackThis dovrebbe aprire per voi.
Fare clic sul Eseguire una scansione del sistema e salvare un file di log pulsante
HijackThis effettua la scansione e poi si aprirà un log in notepad.
Copiare e incollare l'intero contenuto del registro nel tuo post.
Non HijackThis fissare hanno ancora nulla. La maggior parte di ciò che si ritiene essere innocui o addirittura necessario.

**xalice15x** · #3 11 novembre 2008, 08:55

SDFix Report

SDFix: Version 1,240
Gestita da Amministratore in data Mar 11/11/2008 alle 08:39

Microsoft Windows XP [Versione 5/1/2600]
Running From: C: \ SDFix

Verifica Servizi :

Ripristino dei valori di default di sicurezza
Ripristino di file Hosts predefinito

Riavvio

Verifica File :

Trojan Files Found:

C: \ Program Files \ nvcoi \ mst.stt - Soppresso

Cartella C: \ Program Files \ nvcoi - Rimosso
Cartella C: \ Program Files \ Temporary - Rimosso
Cartella C: \ Temp \ sanR24 - Rimosso

Rimozione di file temporanei

ADS Check :

Verifica finale :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 08:47:19
5/1/2600 Windows Service Pack 3 NTFS

scansione processi nascosti ...

la scansione del sistema e nascosto servizi alveare ...

voci di registro nascosti scansione ...

scansione di file nascosti ...

scansione completata con successo
processi nascosti: 0
hidden services: 0
i file nascosti: 0

Rimanendo Servizi :

Autorizzato Application Key Export:

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servizi es \ sharedaccess \ parameters \ firewallpolicy \ profilo standard \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ sistema m32 \ \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"C: \ Program Files \ \ Aggiornamenti da HP \ \ 137903 \ \ Programmi \ \ BackWeb-137903.exe" = "C: \ Program Files \ \ Aggiornamenti da HP \ \ 137903 \ \ Programmi \ \ BackWeb-137903 . exe: *: Disabled: BackWeb-137903 "
"C: \ Program Files \ \ Microsoft Office \ \ Office12 \ Outlook.exe" = "C: \ Program Files \ \ Microsoft Office \ \ \ Office12 \ OUTLOOK.EXE: *: Enabled: Microsoft Office Outlook"
"C: \ Program Files \ \ Microsoft Office \ \ Office12 \ \ Groove.exe" = "C: \ Program Files \ \ Microsoft Office \ \ \ Office12 \ Groove.exe: *: Enabled: Microsoft Office Groove"
"C: \ Program Files \ \ Microsoft Office \ \ Office12 \ \ Onenote.exe" = "C: \ Program Files \ \ Microsoft Office \ \ \ Office12 \ Onenote.exe: *: Enabled: Microsoft Office OneNote"
"C: \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "C: \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe: *: Enabled : AOL Loader "
"C: \ Program Files \ \ AIM6 \ \ aim6.exe" = "C: \ Program Files \ \ AIM6 \ \ aim6.exe: *: Enabled: AIM"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servizi es \ sharedaccess \ parameters \ firewallpolicy \ domainpr ofilo \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ sistema m32 \ \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"

File rimanenti :

Le copie di backup dei file: - C: \ SDFix \ backups \ backups.zip

I file con gli attributi Nascosto :

Mer 14 novembre 2007 204 A. SHR --- "C: \ BOOT.BAK"
Ven 22 Ago 2008 635.848 A.SH. --- "C: \ Program Files \ Internet Explorer \ iexplore.exe"
Gio 15 Luglio 2004 0 A.SH. --- "C: \ Programmi \ QuickTime \ HPCD.SYS"
Gio 10 gennaio 2008 4.348 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Gio 10 gennaio 2008 401 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv19.bak"
Mer 29 Ott 2008 3.442 A.SH. --- "C: \ Documents and Settings \ All Users \ Documenti \ Registrazioni \ TempRec \ TempSBE \ SBE3.tmp"

Finito!

------------------------------------------

HijackThis Entra

Logfile di Trend Micro HijackThis v2.0.2
Scan saved at 8:55:16, il 11/11/2008
Piattaforma: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Processi in esecuzione:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Photodex \ ProShowGold \ ScsiAccess.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
C: \ WINDOWS \ ehome \ ehtray.exe
C: \ windows \ system \ hpsysdrv.exe
C: \ Program Files \ HP \ Digital Imaging \ Unload \ hpqcmon.exe
C: \ WINDOWS \ System32 \ hphmon05.exe
C: \ HP \ KBD \ KBD.EXE
C: \ WINDOWS \ LTMSG.exe
C: \ Program Files \ Multimedia Card Reader \ shwicon2k.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe
C: \ WINDOWS \ ALCXMNTR.EXE
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Webroot \ Washer \ wwDisp.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Program Files \ Aggiornamenti da HP \ 137903 \ Program \ BackWeb-137903.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ notepad.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://srch-us10.hpwis.com/
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = circa: bianco
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int Ethernet Impostazioni, ProxyOverride = localhost
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (4715C8BC-0204-06D4-0A62-2E00BBB78BBD) - C: \ WINDOWS \ system32 \ izf.dll (file mancanti)
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: (no name) - (843B515A-BBC4-4AF2-916D-69E9F7DD8F9D) - C: \ WINDOWS \ system32 \ vtsqo.dll (file mancanti)
O2 - BHO: (684a8728-DD11-3ef9-b3e4-ea3410654e7c) - (c7e45601-43ae-4e3b-9fe3-11dd8278a486) - C: \ WINDOWS \ system32 \ ikwijhuy.dll (file mancanti)
O3 - Toolbar: HP View - (B2847E28-5D7D-4DEB-8B67-05D28BCF79F5) - c: \ Program Files \ HP \ Digital Imaging \ bin \ hpdtlk02.dll
O4 - HKLM \ .. \ Run: [ehTray] C: \ WINDOWS \ ehome \ ehtray.exe
O4 - HKLM \ .. \ Run: [hpsysdrv] c: \ windows \ system \ hpsysdrv.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ System32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [CamMonitor] c: \ Program Files \ HP \ Digital Imaging \ Unload \ hpqcmon.exe
O4 - HKLM \ .. \ Run: [HPHUPD05] c: \ Program Files \ HP \ (45B6180B-DCAB-4093-8EE8-6164457517F0) \ hphupd05.exe
O4 - HKLM \ .. \ Run: [HPHmon05] C: \ WINDOWS \ System32 \ hphmon05.exe
O4 - HKLM \ .. \ Run: [KBD] C: \ HP \ KBD \ KBD.EXE
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [AutoTKit] C: \ hp \ bin \ AUTOTKIT.EXE
O4 - HKLM \ .. \ Run: [Recguard] C: \ WINDOWS \ SMINST \ RECGUARD.EXE
O4 - HKLM \ .. \ Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM \ .. \ Run: [LTMSG] LTMSG.exe 7
O4 - HKLM \ .. \ Run: [PS2] C: \ WINDOWS \ system32 \ ps2.exe
O4 - HKLM \ .. \ Run: [Sunkist2k] C: \ Program Files \ Multimedia Card Reader \ shwicon2k.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [ATIPTA] C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ 1.2.1128.5462 \ G oogleToolbarNotifier.exe
O4 - HKCU \ .. \ Run: [Window Washer] C: \ Program Files \ Webroot \ Washer \ wwDisp.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AdobeUpdater] C: \ Program Files \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AdobeUpdater] C: \ Program Files \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma LOADER.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: Quicken Updates.lnk Programmato = C: \ Program Files \ Quicken \ bagent.exe
O4 - Global Startup: Aggiornamenti da HP.lnk = C: \ Program Files \ Aggiornamenti da HP \ 137903 \ Program \ BackWeb-137903.exe
O8 - Extra contesto voce di menu: E & sporta in Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ EXCEL.EXE/3000
O9 - Extra pulsante: Invia a OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S & fine a OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll
O9 - Extra pulsante: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ REFIEBAR.DLL
O9 - Extra pulsante: MUSICMATCH MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (file mancanti)
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra pulsante: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (67DABFBF-D0AB-41FA-9C46-CC0F21721616) -- http://download.divx.com/player/DivXBrowserPlugin.cab
Ø16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
Ø18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ GR99D3 ~ 1.DLL
O23 - Service: Adobe LM Service - Sconosciuto proprietario - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Ati Hotkey Poller - Ignoto proprietario - C: \ WINDOWS \ System32 \ Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
O23 - Service: ScsiAccess - Sconosciuto proprietario - C: \ Program Files \ Photodex \ ProShowGold \ ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe

--
End of file - 9268 bytes

**evilfantasy** · #4 11 novembre 2008, 11:07

Scaricare Disabilitare / Rimuovi di Windows Messenger sul desktop per rimuovere Windows Messenger.

Non confondere Windows Messenger con MSN Messenger perché non sono la stessa cosa. Windows Messenger è una causa frequente di popup.

Decomprimere il file sul desktop. Aprire il MessengerDisable.exe e scegliere la casella di fondo -- Disinstallare Windows Messenger e fare clic su Applicare.

Esci fuori di MessengerDisable quindi eliminare i due file che sono stati messi sul tavolo.

----------

Apri HijackThis e selezionare Non solo un sistema di scansione.

Mettere un segno di spunta accanto alle seguenti voci: (se esiste)

- O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
- O2 - BHO: (no name) - (4715C8BC-0204-06D4-0A62-2E00BBB78BBD) - C: \ WINDOWS \ system32 \ izf.dll (file missing)
- O2 - BHO: (no name) - (843B515A-BBC4-4AF2-916D-69E9F7DD8F9D) - C: \ WINDOWS \ system32 \ vtsqo.dll (file missing)
- O2 - BHO: (684a8728-DD11-3ef9-b3e4-ea3410654e7c) - (c7e45601-43ae-4e3b-9fe3-11dd8278a486) - C: \ WINDOWS \ system32 \ ikwijhuy.dll (file missing)
- O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE

Importante: Chiudere tutte le finestre, ad eccezione di HijackThis e quindi fare clic su Fix controllati.

Uscita HijackThis.

----------

Nota: le istruzioni qui di seguito sono stati creati appositamente per questo utente. Se non siete l'utente, NON seguire queste istruzioni in quanto potrebbero danneggiare il funzionamento del sistema

Vai a Start> Esegui e il tipo notepad.exe quindi fare clic su OK

Copia e incolla il sottostante nel Blocco note e salvarlo come fixme.reg a Vostra Desktop

Codice:

REGEDIT4 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run] "AlcxMonitor" =-

Individuare fixme.reg sul desktop e fare doppio clic su di esso. Risposta Sì quando viene chiesto di fondersi con il registro.

Assicurarsi che mi dite se si riceve un messaggio su come aggiungere a quanto sopra il Registro di sistema. Se non si riceve un messaggio, non ha funzionato.

Eliminare il fixme.reg dal desktop.

----------

Scarica ComboFix da success da uno dei link qui sotto. Assicurarsi superiore a salvare la Desktop.

Link # 1
Link # 2

** Nota: E 'importante che si è salvato direttamente sul tuo desktop

Chiudere tutti i browser Web aperto. (Firefox, Internet Explorer, etc) prima di iniziare ComboFix.

Temporaneamente disattivare tuo antivirus, E qualsiasi antispyware protezione in tempo reale prima eseguire una scansione. Fare clic sul pulsante questo link per visualizzare un elenco di programmi di sicurezza che dovrebbero essere disattivati e come disattivarli.

Fare doppio clic su combofix.exe e segui le istruzioni.

Per Windows XP Sistemi di installare la Console di ripristino di emergenza:

- Se si utilizza Windows XP e non hanno già installato la Console di ripristino di emergenza, si prega di garantire la connessione a Internet è attiva (se possibile) e fare clic su Sì.
- Se per qualche ragione il vostro Internet non funziona fare clic No.
-- Se non si utilizza Windows XP, non verrà richiesto.
- Quando viene richiesto di accettare l'EULA clic OK.
- Accetta di Microsoft EULA (Fare clic su Sì).
- Quando si è detto che la RC è installato correttamente fare clic SÌ per continuare la scansione di malware.

Una volta terminato ComboFix produrrà un log per voi.
Posta la ComboFix log nella prossima risposta.

Importante: Non clic ComboFix della finestra, mentre è in esecuzione. Che potrebbero indurlo a stalla.

Ricorda di riattivare l'antivirus e antispyware quando ComboFix protezione è completa.

Inoltre vorrei sapere come il computer è ora in esecuzione.

**xalice15x** · #5 11 novembre 2008, 11:55

ComboFix log

ComboFix 08-11-10.01 - Administrator 2008-11-11 11:39:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.176 [GMT -7:00]
Running da: c: \ Documents and Settings \ Administrator \ Desktop \ ComboFix.exe
* Creato un nuovo punto di ripristino
.

Altri ((((((((((((((((((((((((((((((((((((((( Deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

c: \ Documents and Settings \ Administrator \ Documenti \ TSKS ~ 1
c: \ Program Files \ Common Files \ racle ~ 1
c: \ Program Files \ stem32 ~ 1
c: \ Program Files \ wnsxs ~ 1
c: \ windows \ BMf3ec611b.txt
c: \ windows \ system32 \0LFlxR4x.exe.a_a
c: \ windows \ system32 \ epljwqgq.ini
c: \ windows \ system32 \ fj8wNOvc.exe.a_a
c: \ windows \ system32 \ icidbcft.ini
c: \ windows \ system32 \ iDlo01
c: \ windows \ system32 \ jrjvfibu.ini
c: \ windows \ system32 \ jryeuaqx.ini
c: \ windows \ system32 \ mcrh.tmp
c: \ windows \ system32 \ MSINET.oca
c: \ windows \ system32 \ mvmqocpc.ini
c: \ windows \ system32 \ oqstv.ini
c: \ windows \ system32 \ oqstv.ini2
D: \ Autorun.inf

.
((((((((((((((((((((((((( Files Creati dal 2008/10/11 al 2008/11/11 ))))))))))) ))))))))))))))))))))
.

2008-11-11 08:54. 2008-11-11 08:54 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-11-11 08:38. 2008-11-11 08:38 578.560 - a - c --- C: \ WINDOWS \ system32 \ user32.dll
2008-11-11 08:29. 2008-11-11 08:29 <DIR> d -------- C: \ WINDOWS \ ERUNT
2008-11-11 08:23. 2008-11-11 08:51 <DIR> d -------- C: \ SDFix
2008-11-02 09:12. 2008-11-10 14:10 41.474 - a ------ C: \ windows \ system32 \0LFlxR4x.exe_
2008-11-02 09:12. 2008-11-11 09:12 40.450 - a ------ C: \ windows \ system32 \0LFlxR4x.exe
2008-10-31 18:00. 2008-10-31 18:00 <DIR> d -------- C: \ Documents and Settings \ NetworkService \ Dati applicazioni \ Yahoo!
2008-10-31 16:40. 2008-10-31 16:40 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Dati applicazioni \ Yahoo!
2008-10-31 16:39. 2008-11-10 17:27 <DIR> d -------- C: \ Program Files \ Yahoo!
2008-10-29 17:23. 2008-10-29 17:23 <DIR> d -------- C: \ WINDOWS \ system32 \ CatRoot_bak
2008-10-29 17:23. 2008-09-08 03:41 333.824 ----- c --- C: \ WINDOWS \ system32 \ Srv.sys
2008-10-29 17:23. 2008-06-13 04:05 272.128 ----- c --- C: \ WINDOWS \ system32 \ bthport.sys
2008-10-29 17:23. 2008-08-14 03:04 138.496 ----- c --- C: \ WINDOWS \ system32 \ afd.sys
2008-10-29 17:22. 2008-08-14 03:11 2.189.184 ----- c --- C: \ WINDOWS \ system32 \ ntoskrnl.exe
2008-10-29 17:22. 2008-08-14 03:09 2.145.280 ----- c --- C: \ WINDOWS \ system32 \ Ntkrnlmp.exe
2008-10-29 17:22. 2008-08-14 02:33 2.066.048 ----- c --- C: \ WINDOWS \ system32 \ Ntkrnlpa.exe
2008-10-29 17:22. 2008-08-14 02:33 2.023.936 ----- c --- C: \ WINDOWS \ system32 \ Ntkrpamp.exe
2008-10-29 17:22. 2008-09-15 05:12 1.846.400 ----- c --- C: \ WINDOWS \ system32 \ win32k.sys
2008-10-29 17:22. 2008-04-11 12:04 691.712 ----- c --- C: \ WINDOWS \ system32 \ Inetcomm.dll
2008-10-29 17:22. 2008-05-08 07:02 203.136 ----- c --- C: \ WINDOWS \ system32 \ Rmcast.sys
2008-10-28 18:39. 2008-10-28 18:39 10 - a ------ C: \ Windows \ Wininit.ini
2008-10-23 14:45. 2008-10-15 09:34 337.408 ----- c --- C: \ WINDOWS \ system32 \ Netapi32.dll
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ WINDOWS \ system32 \ script
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ WINDOWS \ system32 \ it
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ WINDOWS \ system32 \ bits
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ WINDOWS \ l2schemas
2008-10-15 18:23. 2007-06-13 03:23 1.033.216 - a ------ C: \ WINDOWS \ SET25A.tmp
2008-10-15 18:22. 2008-08-14 03:09 2.145.280 - a ------ C: \ windows \ system32 \ ntoskrnl.exe
2008-10-15 16:09. 2008-10-15 16:09 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Dati applicazioni \ Motive
2008-10-12 17:26. 2008-10-12 17:25 30.272 - a ------ C: \ windows \ system32 \ fj8wNOvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Relazione )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 18:38 --------- d ----- bagni: \ Program Files \ Symantec AntiVirus
2008-11-10 22:05 --------- d ----- bagni: \ Program Files \ DivX
2008-11-10 22:03 --------- d ----- bagni: \ Program Files \ Java
2008-11-10 01:37 --------- d ----- bagni: \ Program Files \ Microsoft Plus! Digital Media Edition
2008-11-10 01:35 --------- d ----- bagni: \ Program Files \ Microsoft Works
2008-11-08 02:37 90.112 ---- aw C: \ WINDOWS \ DUMP3a98.tmp
2008-11-08 01:26 30 ---- aw C: \ Documents and Settings \ Administrator \ jagex_runescape_preferences. Dat
2008-10-29 22:21 77.824 ---- aw C: \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ FDIWrapper.dll
2008-10-29 22:21 69.632 ---- aw C: \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ msxmlwrapper.dll
2008-10-29 22:21 5.632 ---- aw C: \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ GUI.dll
2008-10-29 22:21 49.152 ---- aw C: \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ PCHI18N.dll
2008-10-29 22:21 32.768 ---- aw C: \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ pchapi.dll
2008-10-29 22:21 26.572 ---- aw C: \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ INV16.dll
2008-10-29 22:21 213.089 ---- aw C: \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ motive.zip
2008-10-29 22:21 139.264 ---- aw C: \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ ContentUpdater.exe
2008-10-29 22:21 114.688 ---- aw C: \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ ZipLib.dll
2008-10-29 22:21 114.688 ---- aw C: \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ asst_ui.dll
2008-10-29 22:11 --------- d - h - WC: \ Program Files \ InstallShield Installation Information
2008-10-29 22:11 --------- d ----- bagni: \ Program Files \ ATI Technologies
2008-10-25 01:16 --------- d ----- bagni: \ Documents and Settings \ Administrator \ Dati applicazioni \ Move Networks
2008-10-16 22:05 --------- d ----- bagni: \ Documents and Settings \ All Users \ Dati applicazioni \ Viewpoint
2008-10-16 01:06 --------- d ----- bagni: \ Program Files \ Google
2008-09-28 22:59 --------- d ----- bagni: \ Program Files \ Common Files \ AOL
2008-09-22 21:29 --------- d ----- bagni: \ Documents and Settings \ All Users \ Dati applicazioni \ AOL OCP
2008-09-22 21:29 --------- d ----- bagni: \ Documents and Settings \ Administrator \ Dati applicazioni \ acccore
2008-09-22 21:27 --------- d ----- bagni: \ Documents and Settings \ All Users \ Dati applicazioni \ AOL
2008-09-17 01:24 --------- d ----- bagni: \ Documents and Settings \ Administrator \ Dati applicazioni \ Vso
2008-09-15 12:12 1.846.400 ---- aw c: \ windows \ system32 \ win32k.sys
2008-08-26 07:24 826.368 ---- aw C: \ windows \ system32 \ wininet.dll
2008-08-14 09:33 2.023.936 ---- aw C: \ windows \ system32 \ Ntkrnlpa.exe
2007-12-28 00:53 79.738 ---- aw C: \ Documents and Settings \ Fonts \ broken_ghost.zip
2007-11-23 01:25 81.920 ---- aw C: \ Documents and Settings \ Administrator \ Dati applicazioni \ ezpinst.exe
2007-11-23 01:25 47.360 ---- aw C: \ Documents and Settings \ Administrator \ Dati applicazioni \ pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * vuoto voci & legit default voci non vengono visualizzate
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"ctfmon.exe" = "c: \ windows \ system32 \ ctfmon.exe" [2008-04-13 15360]
"Window Washer" = "C: \ Program Files \ Webroot \ Washer \ wwDisp.exe" [2005-03-08 910336]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"ATIPTA" = "C: \ WINDOWS \ ehome \ CTFMON.EXE" [2004-08-04 50176]
"NeroFilterCheck" = "C: \ windows \ system \ hpsysdrv.exe" [1998-05-07 52736]
"SynTPEnh" = "C: \ Windows \ System32 \ hkcmd.exe" [2003-10-02 118784]
"CamMonitor" = "C: \ Program Files \ HP \ Digital Imaging \ Unload \ hpqcmon.exe" [2002-10-07 90112]
"HPHmon05" = "C: \ Windows \ System32 \ hphmon05.exe" [2003-05-23 483328]
"KBD" = "C: \ WINDOWS \ KBD \ KBD.EXE" [2003-02-11 61440]
"Google Desktop Search" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2003-12-17 151597]
"QuickTime Task" = "C: \ Programmi \ QuickTime \ jusched.exe" [2002-09-13 212992]
"PS2" = "C: \ windows \ system32 \ ps2.exe" [2002-10-16 81920]
"Sunkist2k" = "C: \ Program Files \ Multimedia Card Reader \ shwicon2k.exe" [2003-08-14 139264]
"ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" [2005-06-02 48752]
"nwiz" = "C: \ progra ~ 1 \ ALWILS ~ 1 \ VPTray.exe" [2005-06-23 85696]
"RemoteControl" = "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck" = "c: \ windows \ system32 \ NeroCheck.e xe" [2001-07-09 155648]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2007-10-10 39792]
"ATIModeChange" = "Ati2mdxx.exe" [2001/09/05 c: \ windows \ system32 \ Ati2mdxx.exe]
"LTMSG" = "LTMSG.exe" [2003/07/14 c: \ windows \ ltmsg.exe]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AdobeUpdater" = "C: \ Program Files \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe" [2007-03-01 2321600]

c: \ Documents and Settings \ All Users \ Menu Avvio \ Programmi \ Startup \
Adobe Gamma Loader.lnk - C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma LOADER.EXE [2007-11-22 113664]
HP Digital Imaging Monitor.lnk - C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe [2003-09-16 237568]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ Program Files \ \ Aggiornamenti da HP \ \ 137903 \ \ Programmi \ \ BackWeb-137903.exe" =
"c: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ Outlook.exe" =
"c: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" =
"c: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =

R2 CX88XBAR; Conexant 2388x Traversa Dual Input, c: \ windows \ system32 \ drivers \ CX88XBARDUAL.sys [2003-12-10 7040]

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ explorer \ mountpoints2 \ D]
\ Shell \ AutoRun \ command - D: \ Info.exe Folder.htt 480 480

* * Servizio di nuova costituzione - PROCEXP90
.
Indice dell ' "Operazioni pianificate' cartella

2008/10/30 C: \ WINDOWS \ Tasks \ At1.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/11 C: \ WINDOWS \ Tasks \ At10.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/02 C: \ WINDOWS \ Tasks \ At100.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 C: \ WINDOWS \ Tasks \ At101.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 C: \ WINDOWS \ Tasks \ At102.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 C: \ WINDOWS \ Tasks \ At103.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 C: \ WINDOWS \ Tasks \ At104.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 C: \ WINDOWS \ Tasks \ At105.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/11 C: \ WINDOWS \ Tasks \ At106.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/11 C: \ WINDOWS \ Tasks \ At107.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/09 C: \ WINDOWS \ Tasks \ At108.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/09 C: \ WINDOWS \ Tasks \ At109.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/11 C: \ WINDOWS \ Tasks \ At11.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/09 C: \ WINDOWS \ Tasks \ At110.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/10 C: \ WINDOWS \ Tasks \ At111.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/10 C: \ WINDOWS \ Tasks \ At112.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/06 C: \ WINDOWS \ Tasks \ At113.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/09 C: \ WINDOWS \ Tasks \ At114.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/11 C: \ WINDOWS \ Tasks \ At115.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/11 C: \ WINDOWS \ Tasks \ At116.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/09 C: \ WINDOWS \ Tasks \ At117.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 C: \ WINDOWS \ Tasks \ At118.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 C: \ WINDOWS \ Tasks \ At119.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/09 C: \ WINDOWS \ Tasks \ At12.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/02 C: \ WINDOWS \ Tasks \ At120.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/09 C: \ WINDOWS \ Tasks \ At13.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/09 C: \ WINDOWS \ Tasks \ At14.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/10 C: \ WINDOWS \ Tasks \ At15.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/10 C: \ WINDOWS \ Tasks \ At16.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/06 C: \ WINDOWS \ Tasks \ At17.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/09 C: \ WINDOWS \ Tasks \ At18.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/11 C: \ WINDOWS \ Tasks \ At19.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 C: \ WINDOWS \ Tasks \ At2.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/11 C: \ WINDOWS \ Tasks \ At20.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/09 C: \ WINDOWS \ Tasks \ At21.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 C: \ WINDOWS \ Tasks \ At22.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 C: \ WINDOWS \ Tasks \ At23.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 C: \ WINDOWS \ Tasks \ At24.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 C: \ WINDOWS \ Tasks \ At3.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 C: \ WINDOWS \ Tasks \ At4.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 C: \ WINDOWS \ Tasks \ At5.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 C: \ WINDOWS \ Tasks \ At6.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/31 C: \ WINDOWS \ Tasks \ At7.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 C: \ WINDOWS \ Tasks \ At8.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/01 C: \ WINDOWS \ Tasks \ At9.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/02 C: \ WINDOWS \ Tasks \ At97.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 C: \ WINDOWS \ Tasks \ At98.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 C: \ WINDOWS \ Tasks \ At99.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]
.
- - - - ORFANI REMOVED - - - --

HKCU-Run-swg - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 1.2.1128.5462 \ oogleToolbarNotifier.exe G
HKCU-Run-RecordNow! - (No file)
HKLM-Run-HPHUPD05 - C: \ Program Files \ HP \ (45B6180B-DCAB-4093-8EE8-6164457517F0) \ hphupd05.exe
HKLM-Run-AutoTKit - C: \ WINDOWS \ bin \ AUTOTKIT.EXE
HKLM-Run-SunJavaUpdateSched - C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe
HKLM-Run-ACU - c: \ Program Files \ ATI Technologies \ ATI Control Panel \ SynTPLpr.exe

.
------- ------- Supplementari Scan
.
FireFox -: Profile - C: \ Documents and Settings \ Administrator \ Dati applicazioni \ Mozilla \ Firefox \ Profiles \0rews22y.default \
FireFox -: prefs.js - STARTUP.HOMEPAGE - circa: bianco
FF -: plugin - C: \ Documents and Settings \ Administrator \ Dati applicazioni \ Mozilla \ Firefox \ Profiles \0rews22y.default \ extensions \ moveplayer @ movenetworks. com piattaforma \ \ WINNT_x86-msvc \ plugins \ npmnqmp07076007.dll
FF -: plugin - C: \ Documents and Settings \ Administrator \ Dati applicazioni \ Mozilla \ plugins \ npPxPlay.dll
FF -: plugin - C: \ Program Files \ Mozilla Firefox \ plugins \ npmozax.dll
FF -: plugin - C: \ Program Files \ Mozilla Firefox \ plugins \ npsnapfish.dll
FF -: plugin - C: \ Program Files \ Real \ RealOne Player \ Netscape6 \ nppl3260.dll
FF -: plugin - C: \ Program Files \ Real \ RealOne Player \ Netscape6 \ nprjplug.dll
FF -: plugin - C: \ Program Files \ Real \ RealOne Player \ Netscape6 \ nprpjplug.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 11:44:13
5/1/2600 Windows Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

scansione di file nascosti ...

************************************************** ************************
.
Ora fine: 2008-11-11 11:47:43
ComboFix-quarantined-files.txt 2008-11-11 18:46:39

Pre-Run: 89004101632 bytes free
Post-Run: 89081098240 bytes free

272 --- EOF --- 2008-10-30 03:01:59

~ ~
Hasnt Finora iexplore.exe sono saltate fuori ^ _ ^
C'è comunque da fare in modo che si è andato?
& & E 'bene se ho cancellato le cose che ho scaricato?

**evilfantasy** · #6 11 novembre 2008, 12:04

Noi pulire tutto prima di noi è fatto. C'è ancora molto da fare, ma devo correre per un po '. Di ritorno più tardi.

**xalice15x** · #7 11 novembre 2008, 12:19

Altre iniziative? Ho pensato che sono state fatte D:
Quick question; è niente di tutto questo va ad incidere i programmi che vengono installati sul mio computer?
Alrightie, devo andare per un po 'così xP

**xalice15x** · #8 11 novembre 2008, 13:07

iexplore.exe 's ancora qui, -;

**evilfantasy** · #9 11 novembre 2008, 16:28

No, non sono fatto. Io darò il tutto chiaro, quando sarà finita

Nota: le istruzioni qui di seguito sono stati creati appositamente per questo utente. Se non siete l'utente, NON seguire queste istruzioni in quanto potrebbero danneggiare il funzionamento del sistema

Elimina i file / cartelle, come segue:

1. Vai a Inizio > Correre > Tipo Notepad.exe e fare clic su OK per aprire il Blocco note.
Esso dovere essere il Blocco note, non Wordpad.
2. Copia il testo nella casella qui sotto il codice evidenziando tutto il testo e premendo Ctrl + C

Codice:

3. Vai alla finestra e fare clic su Blocco note Modifica > Incolla
4. Quindi, fare clic su File > Salvare
5. Nome del file CFScript.txt - Salva il file sul tuo desktop
6. Quindi, trascinare il CFScript (tenere premuto il tasto sinistro del mouse mentre si trascina il file) e rilasciarlo (rilasciare il tasto sinistro del mouse) in ComboFix.exe come potete vedere nella schermata qui sotto. Importante: Eseguire questa attentamente le istruzioni!

ComboFix inizierà a eseguire, basta seguire le istruzioni.
Dopo il reboot (nel caso in cui si chiede di riavviare), che produrrà un log per voi.
Post che log (Combofix.txt) nella prossima risposta.

Nota: Non clic ComboFix della finestra, mentre è in esecuzione. Questo può causare il sistema per congelare

**xalice15x** · #10 11 novembre 2008, 17:36

Va bene ^ __ ^

Combofix Entra

ComboFix 08-11-10.01 - Administrator 2008-11-11 17:21:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.153 [GMT -7:00]
Running da: c: \ Documents and Settings \ Administrator \ Desktop \ ComboFix.exe
Interruttori di comando utilizzati:: C: \ Documents and Settings \ Administrator \ Desktop \ CFScript.txt
* Creato un nuovo punto di ripristino

FILE::
c: \ windows \ SET25A.tmp
c: \ windows \ system32 \0LFlxR4x.exe
c: \ windows \ system32 \0LFlxR4x.exe_
c: \ windows \ system32 \ fj8wNOvc.exe
c: \ windows \ Tasks \ At1.job
c: \ windows \ Tasks \ At10.job
c: \ windows \ Tasks \ At100.job
c: \ windows \ Tasks \ At101.job
c: \ windows \ Tasks \ At102.job
c: \ windows \ Tasks \ At103.job
c: \ windows \ Tasks \ At104.job
c: \ windows \ Tasks \ At105.job
c: \ windows \ Tasks \ At106.job
c: \ windows \ Tasks \ At107.job
c: \ windows \ Tasks \ At108.job
c: \ windows \ Tasks \ At109.job
c: \ windows \ Tasks \ At11.job
c: \ windows \ Tasks \ At110.job
c: \ windows \ Tasks \ At111.job
c: \ windows \ Tasks \ At112.job
c: \ windows \ Tasks \ At113.job
c: \ windows \ Tasks \ At114.job
c: \ windows \ Tasks \ At115.job
c: \ windows \ Tasks \ At116.job
c: \ windows \ Tasks \ At117.job
c: \ windows \ Tasks \ At118.job
c: \ windows \ Tasks \ At119.job
c: \ windows \ Tasks \ At12.job
c: \ windows \ Tasks \ At120.job
c: \ windows \ Tasks \ At13.job
c: \ windows \ Tasks \ At14.job
c: \ windows \ Tasks \ At15.job
c: \ windows \ Tasks \ At16.job
c: \ windows \ Tasks \ At17.job
c: \ windows \ Tasks \ At18.job
c: \ windows \ Tasks \ At19.job
c: \ windows \ Tasks \ At2.job
c: \ windows \ Tasks \ At20.job
c: \ windows \ Tasks \ At21.job
c: \ windows \ Tasks \ At22.job
c: \ windows \ Tasks \ At23.job
c: \ windows \ Tasks \ At24.job
c: \ windows \ Tasks \ At3.job
c: \ windows \ Tasks \ At4.job
c: \ windows \ Tasks \ At5.job
c: \ windows \ Tasks \ At6.job
c: \ windows \ Tasks \ At7.job
c: \ windows \ Tasks \ At8.job
c: \ windows \ Tasks \ At9.job
c: \ windows \ Tasks \ At97.job
c: \ windows \ Tasks \ At98.job
c: \ windows \ Tasks \ At99.job
.

Altri ((((((((((((((((((((((((((((((((((((((( Deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

c: \ windows \ SET25A.tmp
c: \ windows \ system32 \0LFlxR4x.exe
c: \ windows \ system32 \0LFlxR4x.exe.a_a
c: \ windows \ system32 \ fj8wNOvc.exe
c: \ windows \ Tasks \ At1.job
c: \ windows \ Tasks \ At10.job
c: \ windows \ Tasks \ At100.job
c: \ windows \ Tasks \ At101.job
c: \ windows \ Tasks \ At102.job
c: \ windows \ Tasks \ At103.job
c: \ windows \ Tasks \ At104.job
c: \ windows \ Tasks \ At105.job
c: \ windows \ Tasks \ At106.job
c: \ windows \ Tasks \ At107.job
c: \ windows \ Tasks \ At108.job
c: \ windows \ Tasks \ At109.job
c: \ windows \ Tasks \ At11.job
c: \ windows \ Tasks \ At110.job
c: \ windows \ Tasks \ At111.job
c: \ windows \ Tasks \ At112.job
c: \ windows \ Tasks \ At113.job
c: \ windows \ Tasks \ At114.job
c: \ windows \ Tasks \ At115.job
c: \ windows \ Tasks \ At116.job
c: \ windows \ Tasks \ At117.job
c: \ windows \ Tasks \ At118.job
c: \ windows \ Tasks \ At119.job
c: \ windows \ Tasks \ At12.job
c: \ windows \ Tasks \ At120.job
c: \ windows \ Tasks \ At13.job
c: \ windows \ Tasks \ At14.job
c: \ windows \ Tasks \ At15.job
c: \ windows \ Tasks \ At16.job
c: \ windows \ Tasks \ At17.job
c: \ windows \ Tasks \ At18.job
c: \ windows \ Tasks \ At19.job
c: \ windows \ Tasks \ At2.job
c: \ windows \ Tasks \ At20.job
c: \ windows \ Tasks \ At21.job
c: \ windows \ Tasks \ At22.job
c: \ windows \ Tasks \ At23.job
c: \ windows \ Tasks \ At24.job
c: \ windows \ Tasks \ At3.job
c: \ windows \ Tasks \ At4.job
c: \ windows \ Tasks \ At5.job
c: \ windows \ Tasks \ At6.job
c: \ windows \ Tasks \ At7.job
c: \ windows \ Tasks \ At8.job
c: \ windows \ Tasks \ At9.job
c: \ windows \ Tasks \ At97.job
c: \ windows \ Tasks \ At98.job
c: \ windows \ Tasks \ At99.job

.
((((((((((((((((((((((((( Files Creati Da 2008-10-12 al 2008/11/12 ))))))))))) ))))))))))))))))))))
.

2008-11-11 08:54. 2008-11-11 08:54 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-11-11 08:38. 2008-11-11 08:38 578.560 - a - c --- C: \ WINDOWS \ system32 \ user32.dll
2008-11-11 08:29. 2008-11-11 08:29 <DIR> d -------- C: \ WINDOWS \ ERUNT
2008-11-11 08:23. 2008-11-11 08:51 <DIR> d -------- C: \ SDFix
2008-10-31 18:00. 2008-10-31 18:00 <DIR> d -------- C: \ Documents and Settings \ NetworkService \ Dati applicazioni \ Yahoo!
2008-10-31 16:40. 2008-10-31 16:40 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Dati applicazioni \ Yahoo!
2008-10-31 16:39. 2008-11-10 17:27 <DIR> d -------- C: \ Program Files \ Yahoo!
2008-10-29 17:23. 2008-10-29 17:23 <DIR> d -------- C: \ WINDOWS \ system32 \ CatRoot_bak
2008-10-29 17:23. 2008-09-08 03:41 333.824 ----- c --- C: \ WINDOWS \ system32 \ Srv.sys
2008-10-29 17:23. 2008-06-13 04:05 272.128 ----- c --- C: \ WINDOWS \ system32 \ bthport.sys
2008-10-29 17:23. 2008-08-14 03:04 138.496 ----- c --- C: \ WINDOWS \ system32 \ afd.sys
2008-10-29 17:22. 2008-08-14 03:11 2.189.184 ----- c --- C: \ WINDOWS \ system32 \ ntoskrnl.exe
2008-10-29 17:22. 2008-08-14 03:09 2.145.280 ----- c --- C: \ WINDOWS \ system32 \ Ntkrnlmp.exe
2008-10-29 17:22. 2008-08-14 02:33 2.066.048 ----- c --- C: \ WINDOWS \ system32 \ Ntkrnlpa.exe
2008-10-29 17:22. 2008-08-14 02:33 2.023.936 ----- c --- C: \ WINDOWS \ system32 \ Ntkrpamp.exe
2008-10-29 17:22. 2008-09-15 05:12 1.846.400 ----- c --- C: \ WINDOWS \ system32 \ win32k.sys
2008-10-29 17:22. 2008-04-11 12:04 691.712 ----- c --- C: \ WINDOWS \ system32 \ Inetcomm.dll
2008-10-29 17:22. 2008-05-08 07:02 203.136 ----- c --- C: \ WINDOWS \ system32 \ Rmcast.sys
2008-10-28 18:39. 2008-10-28 18:39 10 - a ------ C: \ Windows \ Wininit.ini
2008-10-23 14:45. 2008-10-15 09:34 337.408 ----- c --- C: \ WINDOWS \ system32 \ Netapi32.dll
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ WINDOWS \ system32 \ script
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ WINDOWS \ system32 \ it
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ WINDOWS \ system32 \ bits
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ WINDOWS \ l2schemas
2008-10-15 18:23. 2006-09-23 14:12 1.022.976 - a ------ C: \ windows \ system32 \ SETA0B.tmp
2008-10-15 18:22. 2008-08-14 03:09 2.145.280 - a ------ C: \ windows \ system32 \ ntoskrnl.exe
2008-10-15 16:09. 2008-10-15 16:09 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Dati applicazioni \ Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Relazione )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 00:29 --------- d ----- bagni: \ Program Files \ Symantec AntiVirus
2008-11-10 22:05 --------- d ----- bagni: \ Program Files \ DivX
2008-11-10 22:03 --------- d ----- bagni: \ Program Files \ Java
2008-11-10 01:37 --------- d ----- bagni: \ Program Files \ Microsoft Plus! Digital Media Edition
2008-11-10 01:35 --------- d ----- bagni: \ Program Files \ Microsoft Works
2008-11-08 02:37 90.112 ---- aw C: \ WINDOWS \ DUMP3a98.tmp
2008-11-08 01:26 30 ---- aw C: \ Documents and Settings \ Administrator \ jagex_runescape_preferences. Dat
2008-10-29 22:11 --------- d - h - WC: \ Program Files \ InstallShield Installation Information
2008-10-29 22:11 --------- d ----- bagni: \ Program Files \ ATI Technologies
2008-10-25 01:16 --------- d ----- bagni: \ Documents and Settings \ Administrator \ Dati applicazioni \ Move Networks
2008-10-16 22:05 --------- d ----- bagni: \ Documents and Settings \ All Users \ Dati applicazioni \ Viewpoint
2008-10-16 01:06 --------- d ----- bagni: \ Program Files \ Google
2008-09-28 22:59 --------- d ----- bagni: \ Program Files \ Common Files \ AOL
2008-09-22 21:29 --------- d ----- bagni: \ Documents and Settings \ All Users \ Dati applicazioni \ AOL OCP
2008-09-22 21:29 --------- d ----- bagni: \ Documents and Settings \ Administrator \ Dati applicazioni \ acccore
2008-09-22 21:27 --------- d ----- bagni: \ Documents and Settings \ All Users \ Dati applicazioni \ AOL
2008-09-17 01:24 --------- d ----- bagni: \ Documents and Settings \ Administrator \ Dati applicazioni \ Vso
2007-12-28 00:53 79.738 ---- aw C: \ Documents and Settings \ Fonts \ broken_ghost.zip
2007-11-23 01:25 81.920 ---- aw C: \ Documents and Settings \ Administrator \ Dati applicazioni \ ezpinst.exe
2007-11-23 01:25 47.360 ---- aw C: \ Documents and Settings \ Administrator \ Dati applicazioni \ pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * vuoto voci & legit default voci non vengono visualizzate
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"ctfmon.exe" = "c: \ windows \ system32 \ ctfmon.exe" [2008-04-13 15360]
"Window Washer" = "C: \ Program Files \ Webroot \ Washer \ wwDisp.exe" [2005-03-08 910336]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"ATIPTA" = "C: \ WINDOWS \ ehome \ CTFMON.EXE" [2004-08-04 50176]
"NeroFilterCheck" = "C: \ windows \ system \ hpsysdrv.exe" [1998-05-07 52736]
"SynTPEnh" = "C: \ Windows \ System32 \ hkcmd.exe" [2003-10-02 118784]
"CamMonitor" = "C: \ Program Files \ HP \ Digital Imaging \ Unload \ hpqcmon.exe" [2002-10-07 90112]
"HPHmon05" = "C: \ Windows \ System32 \ hphmon05.exe" [2003-05-23 483328]
"KBD" = "C: \ WINDOWS \ KBD \ KBD.EXE" [2003-02-11 61440]
"Google Desktop Search" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2003-12-17 151597]
"QuickTime Task" = "C: \ Programmi \ QuickTime \ jusched.exe" [2002-09-13 212992]
"PS2" = "C: \ windows \ system32 \ ps2.exe" [2002-10-16 81920]
"Sunkist2k" = "C: \ Program Files \ Multimedia Card Reader \ shwicon2k.exe" [2003-08-14 139264]
"ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" [2005-06-02 48752]
"nwiz" = "C: \ progra ~ 1 \ ALWILS ~ 1 \ VPTray.exe" [2005-06-23 85696]
"RemoteControl" = "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck" = "c: \ windows \ system32 \ NeroCheck.e xe" [2001-07-09 155648]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2007-10-10 39792]
"ATIModeChange" = "Ati2mdxx.exe" [2001/09/05 c: \ windows \ system32 \ Ati2mdxx.exe]
"LTMSG" = "LTMSG.exe" [2003/07/14 c: \ windows \ ltmsg.exe]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AdobeUpdater" = "C: \ Program Files \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe" [2007-03-01 2321600]

c: \ Documents and Settings \ All Users \ Menu Avvio \ Programmi \ Startup \
Adobe Gamma Loader.lnk - C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma LOADER.EXE [2007-11-22 113664]
HP Digital Imaging Monitor.lnk - C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe [2003-09-16 237568]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ Program Files \ \ Aggiornamenti da HP \ \ 137903 \ \ Programmi \ \ BackWeb-137903.exe" =
"c: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ Outlook.exe" =
"c: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" =
"c: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =

R2 CX88XBAR; Conexant 2388x Traversa Dual Input, c: \ windows \ system32 \ drivers \ CX88XBARDUAL.sys [2003-12-10 7040]
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 17:26:59
5/1/2600 Windows Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

scansione di file nascosti ...

scansione completata con successo
i file nascosti: 0

************************************************** ************************
.
------------------------ Altri processi in esecuzione ----------------------- --
.
c: \ windows \ system32 \ ati2evxx.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
c: \ Program Files \ Photodex \ ProShowGold \ scsiaccess.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
c: \ Program Files \ Aggiornamenti da HP \ 137903 \ Program \ BackWeb-137903.exe
c: \ windows \ system32 \ hpzipm12.exe
.
************************************************** ************************
.
Ora fine: 2008-11-11 17:34:29 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-11-12 00:34:22
ComboFix2.txt 2008-11-11 18:47:44

Pre-Run: 89064681472 bytes free
Post-Run: 89055629312 bytes free

239 --- EOF --- 2008-10-30 03:01:59

Thread Tools
Visualizza Versione stampabile Invia questa pagina