non si avvia
2 partecipanti
Pagina 1 di 1
Re: non si avvia
fai cosi;
* Scarica Virit
Installalo/aggiornalo e fai uno scan completo del sistema
* Fai anche uno scan con Combofix
http://www.steven.altervista.org/files/tools.html#tools1
* Scarica Virit
Installalo/aggiornalo e fai uno scan completo del sistema
* Fai anche uno scan con Combofix
http://www.steven.altervista.org/files/tools.html#tools1
Virit
....Non me lo fa scaricare. devo fare la scansione con combofix prima?
team03- Numero di messaggi : 7
Data d'iscrizione : 18.10.08
Re: non si avvia
Si fai combofix....
* Scarica anche questo Gromozon Rootkit Removal Tool
- Avvialo con un doppio click
- Clicca su Scan
- Rispondi YES alla richiesta di riavvio
- Dopo il riavvio il tool terminerà la procedura
Posta il log C:\gromozon_removal.txt
fai anche questo controllo, vai nel registro (start / esegui /regedit)
Vai alla seguente chiave
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
(nella parte sinistra della finestra) controlla se hai un valore debugger collegata ad un file strano
PS_Piu tempo metti a ripulire il pc, e piu sarà infetto
* Scarica anche questo Gromozon Rootkit Removal Tool
- Avvialo con un doppio click
- Clicca su Scan
- Rispondi YES alla richiesta di riavvio
- Dopo il riavvio il tool terminerà la procedura
Posta il log C:\gromozon_removal.txt
fai anche questo controllo, vai nel registro (start / esegui /regedit)
Vai alla seguente chiave
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
(nella parte sinistra della finestra) controlla se hai un valore debugger collegata ad un file strano
PS_Piu tempo metti a ripulire il pc, e piu sarà infetto
non si avvia
Gromozon niente.
File strani tipo questo?
"c:\windows\system32\thjrwmxl.old"
File strani tipo questo?
"c:\windows\system32\thjrwmxl.old"
team03- Numero di messaggi : 7
Data d'iscrizione : 18.10.08
non si avvia
Scusa dimenticavo...il log di combofix
ComboFix 08-10-18.03 - user 2008-10-22 20.25.01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.247 [GMT 2:00]
Eseguito da: C:\Documents and Settings\user\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\InfoSat.txt
.
((((((((((((((((((((((((( Files Creati Da 2008-09-22 al 2008-10-22 )))))))))))))))))))))))))))))))))))
.
2008-10-19 22:45 . 2008-10-19 22:48 <DIR> d-------- C:\Programmi\FindyKill
2008-10-18 15:17 . 2008-10-18 15:18 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-18 13:15 . 2008-10-18 13:15 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-10-18 13:15 . 2008-10-18 13:15 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Malwarebytes
2008-10-18 13:15 . 2008-09-10 00:07 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-18 13:15 . 2008-09-10 00:07 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-18 13:14 . 2007-12-12 22:37 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-10-18 13:14 . 2007-12-12 22:37 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-10-18 13:14 . 2007-12-12 22:37 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-10-18 13:14 . 2007-12-12 22:08 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-10-18 13:14 . 2007-12-12 22:37 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-10-18 13:14 . 2008-10-22 20:26 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-10-18 13:14 . 2007-12-12 22:37 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-10-18 13:14 . 2008-10-18 13:15 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-10-18 13:14 . 2008-10-18 13:14 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-11 13:08 . 2008-10-11 13:08 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-11 09:36 . 2008-10-11 09:36 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\Malwarebytes
2008-10-11 09:36 . 2008-10-11 09:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-10-07 19:59 . 2008-10-07 19:59 244 --ah----- C:\sqmnoopt06.sqm
2008-10-07 19:59 . 2008-10-07 19:59 232 --ah----- C:\sqmdata06.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 18:15 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\OpenOffice.org2
2008-10-11 06:40 --------- d-----w C:\Programmi\Windows Live
2008-10-11 06:39 --------- d-----w C:\Programmi\NCH Swift Sound
2008-10-11 06:38 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\NCH Software
2008-10-04 17:13 --------- d-----w C:\Programmi\Pixia
2008-09-29 20:50 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Image Zone Express
2008-09-15 15:38 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 18:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\NCH Swift Sound
2008-08-30 07:55 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-20 05:35 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:42 2,184,064 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:42 2,061,440 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"MsnMsgr"="C:\Documents and Settings\user\Desktop\msnmsgr.exe" [2007-10-18 5724184]
"Google Update"="C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-11-15 286720]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]
C:\Documents and Settings\user\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.3.lnk - C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
"Debugger"="c:\windows\system32\thjrwmxl.old"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule tcp in ingresso
"4672:UDP"= 4672:UDP:emule udp in ingresso
"86:TCP"= 86:TCP:BroadCam Web Server
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-30 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-19 76040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19c1cc50-de39-11dc-b3a0-001060a5140b}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
2008-10-18 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-05 23:29]
2008-10-22 C:\WINDOWS\Tasks\pggupc.job
- c:\windows\system32\winyimgh.exe [2007-04-16 17:54]
2008-10-19 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
.
------- Supplementare di scansione -------
.
FireFox -: Profile - C:\Documents and Settings\user\Dati applicazioni\Mozilla\Firefox\Profiles\qgmpqd7s.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-22 20:27:13
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-10-22 20.29.34
ComboFix-quarantined-files.txt 2008-10-22 18:29:27
Pre-Run: 62.438.211.584 byte disponibili
Post-Run: 62,537,486,336 byte disponibili
127 --- E O F --- 2008-10-18 13:18:41
ComboFix 08-10-18.03 - user 2008-10-22 20.25.01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.247 [GMT 2:00]
Eseguito da: C:\Documents and Settings\user\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\InfoSat.txt
.
((((((((((((((((((((((((( Files Creati Da 2008-09-22 al 2008-10-22 )))))))))))))))))))))))))))))))))))
.
2008-10-19 22:45 . 2008-10-19 22:48 <DIR> d-------- C:\Programmi\FindyKill
2008-10-18 15:17 . 2008-10-18 15:18 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-18 13:15 . 2008-10-18 13:15 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-10-18 13:15 . 2008-10-18 13:15 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Malwarebytes
2008-10-18 13:15 . 2008-09-10 00:07 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-18 13:15 . 2008-09-10 00:07 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-18 13:14 . 2007-12-12 22:37 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-10-18 13:14 . 2007-12-12 22:37 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-10-18 13:14 . 2007-12-12 22:37 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-10-18 13:14 . 2007-12-12 22:08 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-10-18 13:14 . 2007-12-12 22:37 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-10-18 13:14 . 2008-10-22 20:26 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-10-18 13:14 . 2007-12-12 22:37 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-10-18 13:14 . 2008-10-18 13:15 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-10-18 13:14 . 2008-10-18 13:14 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-11 13:08 . 2008-10-11 13:08 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-11 09:36 . 2008-10-11 09:36 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\Malwarebytes
2008-10-11 09:36 . 2008-10-11 09:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-10-07 19:59 . 2008-10-07 19:59 244 --ah----- C:\sqmnoopt06.sqm
2008-10-07 19:59 . 2008-10-07 19:59 232 --ah----- C:\sqmdata06.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 18:15 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\OpenOffice.org2
2008-10-11 06:40 --------- d-----w C:\Programmi\Windows Live
2008-10-11 06:39 --------- d-----w C:\Programmi\NCH Swift Sound
2008-10-11 06:38 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\NCH Software
2008-10-04 17:13 --------- d-----w C:\Programmi\Pixia
2008-09-29 20:50 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Image Zone Express
2008-09-15 15:38 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 18:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\NCH Swift Sound
2008-08-30 07:55 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-20 05:35 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:42 2,184,064 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:42 2,061,440 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"MsnMsgr"="C:\Documents and Settings\user\Desktop\msnmsgr.exe" [2007-10-18 5724184]
"Google Update"="C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-11-15 286720]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]
C:\Documents and Settings\user\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.3.lnk - C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
"Debugger"="c:\windows\system32\thjrwmxl.old"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule tcp in ingresso
"4672:UDP"= 4672:UDP:emule udp in ingresso
"86:TCP"= 86:TCP:BroadCam Web Server
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-30 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-19 76040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19c1cc50-de39-11dc-b3a0-001060a5140b}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
2008-10-18 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-05 23:29]
2008-10-22 C:\WINDOWS\Tasks\pggupc.job
- c:\windows\system32\winyimgh.exe [2007-04-16 17:54]
2008-10-19 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
.
------- Supplementare di scansione -------
.
FireFox -: Profile - C:\Documents and Settings\user\Dati applicazioni\Mozilla\Firefox\Profiles\qgmpqd7s.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-22 20:27:13
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-10-22 20.29.34
ComboFix-quarantined-files.txt 2008-10-22 18:29:27
Pre-Run: 62.438.211.584 byte disponibili
Post-Run: 62,537,486,336 byte disponibili
127 --- E O F --- 2008-10-18 13:18:41
team03- Numero di messaggi : 7
Data d'iscrizione : 18.10.08
Re: non si avvia
si, era proprio quello che cercavo...
fai cosi;
apri una pagina del bloc notes e copia incolla quanto segue
Salva la pagina con il nome CFScript.txt sul desktop
Adesso trascina e lascia CFScript.txt sull'icona combofix e lascialo lavorare
posta il nuovo log
fai cosi;
apri una pagina del bloc notes e copia incolla quanto segue
- Codice:
KillAll::
file::
c:\windows\system32\thjrwmxl.old
c:\windows\system32\winyimgh.exe
C:\WINDOWS\Tasks\pggupc.job
registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19c1cc50-de39-11dc-b3a0-001060a5140b}]
Salva la pagina con il nome CFScript.txt sul desktop
Adesso trascina e lascia CFScript.txt sull'icona combofix e lascialo lavorare
posta il nuovo log
Nuovo log
ComboFix 08-10-18.03 - user 2008-10-24 19.24.05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.254 [GMT 2:00]
Eseguito da: C:\Documents and Settings\user\Desktop\ComboFix.exe
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
((((((((((((((((((((((((( Files Creati Da 2008-09-24 al 2008-10-24 )))))))))))))))))))))))))))))))))))
.
2008-10-23 20:08 . 2008-10-23 20:10 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-10-22 21:17 . 2008-10-22 21:17 <DIR> d-------- C:\Programmi\GPLGS
2008-10-22 21:15 . 2007-07-12 22:33 87,552 --a------ C:\WINDOWS\system32\cpwmon2k.dll
2008-10-22 21:14 . 2008-10-22 21:14 <DIR> d-------- C:\Programmi\Acro Software
2008-10-19 22:45 . 2008-10-19 22:48 <DIR> d-------- C:\Programmi\FindyKill
2008-10-18 15:17 . 2008-10-18 15:18 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-18 13:15 . 2008-10-18 13:15 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-10-18 13:15 . 2008-10-18 13:15 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Malwarebytes
2008-10-18 13:15 . 2008-09-10 00:07 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-18 13:15 . 2008-09-10 00:07 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-18 13:14 . 2007-12-12 22:37 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-10-18 13:14 . 2007-12-12 22:37 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-10-18 13:14 . 2007-12-12 22:37 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-10-18 13:14 . 2007-12-12 22:08 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-10-18 13:14 . 2007-12-12 22:37 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-10-18 13:14 . 2008-10-24 19:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-10-18 13:14 . 2007-12-12 22:37 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-10-18 13:14 . 2008-10-18 13:15 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-10-18 13:14 . 2008-10-18 13:14 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-11 13:08 . 2008-10-11 13:08 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-11 09:36 . 2008-10-11 09:36 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\Malwarebytes
2008-10-11 09:36 . 2008-10-11 09:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-10-07 19:59 . 2008-10-07 19:59 244 --ah----- C:\sqmnoopt06.sqm
2008-10-07 19:59 . 2008-10-07 19:59 232 --ah----- C:\sqmdata06.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 17:10 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\OpenOffice.org2
2008-10-11 06:40 --------- d-----w C:\Programmi\Windows Live
2008-10-11 06:39 --------- d-----w C:\Programmi\NCH Swift Sound
2008-10-11 06:38 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\NCH Software
2008-10-04 17:13 --------- d-----w C:\Programmi\Pixia
2008-09-29 20:50 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Image Zone Express
2008-09-15 15:38 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 18:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\NCH Swift Sound
2008-08-30 07:55 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-20 05:35 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:42 2,184,064 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:42 2,061,440 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((( snapshot@2008-10-22_20.28.49,03 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-08-17 12:29:46 332,288 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2008-10-15 16:57:30 332,800 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
- 2006-08-17 12:29:46 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2008-10-15 16:57:30 332,800 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2006-11-02 02:46:12 728,576 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PS5UI.DLL
+ 2006-11-02 02:46:12 543,232 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2006-11-02 02:46:12 728,576 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\PS5UI.DLL
+ 2006-11-02 02:46:12 543,232 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\PSCRIPT5.DLL
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"MsnMsgr"="C:\Documents and Settings\user\Desktop\msnmsgr.exe" [2007-10-18 5724184]
"Google Update"="C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-11-15 286720]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]
C:\Documents and Settings\user\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.3.lnk - C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
"Debugger"="c:\windows\system32\thjrwmxl.old"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule tcp in ingresso
"4672:UDP"= 4672:UDP:emule udp in ingresso
"86:TCP"= 86:TCP:BroadCam Web Server
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-30 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-19 76040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19c1cc50-de39-11dc-b3a0-001060a5140b}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54eab9b2-cea5-11dc-b383-001060a5140b}]
\Shell\AutoRun\command - nideiect.com
\Shell\explore\Command - nideiect.com
\Shell\open\Command - nideiect.com
.
Contenuto della cartella 'Scheduled Tasks'
2008-10-23 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-05 23:29]
2008-10-24 C:\WINDOWS\Tasks\pggupc.job
- c:\windows\system32\winyimgh.exe [2007-04-16 17:54]
2008-10-22 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
.
------- Supplementare di scansione -------
.
FireFox -: Profile - C:\Documents and Settings\user\Dati applicazioni\Mozilla\Firefox\Profiles\qgmpqd7s.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-24 19:25:48
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-10-24 19.28.20
ComboFix-quarantined-files.txt 2008-10-24 17:28:05
ComboFix2.txt 2008-10-22 18:29:35
Pre-Run: 62.248.411.136 byte disponibili
Post-Run: 62,451,490,816 byte disponibili
141 --- E O F --- 2008-10-23 18:48:01
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.254 [GMT 2:00]
Eseguito da: C:\Documents and Settings\user\Desktop\ComboFix.exe
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
((((((((((((((((((((((((( Files Creati Da 2008-09-24 al 2008-10-24 )))))))))))))))))))))))))))))))))))
.
2008-10-23 20:08 . 2008-10-23 20:10 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-10-22 21:17 . 2008-10-22 21:17 <DIR> d-------- C:\Programmi\GPLGS
2008-10-22 21:15 . 2007-07-12 22:33 87,552 --a------ C:\WINDOWS\system32\cpwmon2k.dll
2008-10-22 21:14 . 2008-10-22 21:14 <DIR> d-------- C:\Programmi\Acro Software
2008-10-19 22:45 . 2008-10-19 22:48 <DIR> d-------- C:\Programmi\FindyKill
2008-10-18 15:17 . 2008-10-18 15:18 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-18 13:15 . 2008-10-18 13:15 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-10-18 13:15 . 2008-10-18 13:15 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Malwarebytes
2008-10-18 13:15 . 2008-09-10 00:07 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-18 13:15 . 2008-09-10 00:07 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-18 13:14 . 2007-12-12 22:37 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-10-18 13:14 . 2007-12-12 22:37 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-10-18 13:14 . 2007-12-12 22:37 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-10-18 13:14 . 2007-12-12 22:08 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-10-18 13:14 . 2007-12-12 22:37 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-10-18 13:14 . 2008-10-24 19:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-10-18 13:14 . 2007-12-12 22:37 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-10-18 13:14 . 2008-10-18 13:15 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-10-18 13:14 . 2008-10-18 13:14 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-11 13:08 . 2008-10-11 13:08 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-11 09:36 . 2008-10-11 09:36 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\Malwarebytes
2008-10-11 09:36 . 2008-10-11 09:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-10-07 19:59 . 2008-10-07 19:59 244 --ah----- C:\sqmnoopt06.sqm
2008-10-07 19:59 . 2008-10-07 19:59 232 --ah----- C:\sqmdata06.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 17:10 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\OpenOffice.org2
2008-10-11 06:40 --------- d-----w C:\Programmi\Windows Live
2008-10-11 06:39 --------- d-----w C:\Programmi\NCH Swift Sound
2008-10-11 06:38 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\NCH Software
2008-10-04 17:13 --------- d-----w C:\Programmi\Pixia
2008-09-29 20:50 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Image Zone Express
2008-09-15 15:38 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 18:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\NCH Swift Sound
2008-08-30 07:55 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-20 05:35 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:42 2,184,064 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:42 2,061,440 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((( snapshot@2008-10-22_20.28.49,03 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-08-17 12:29:46 332,288 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2008-10-15 16:57:30 332,800 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
- 2006-08-17 12:29:46 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2008-10-15 16:57:30 332,800 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2006-11-02 02:46:12 728,576 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PS5UI.DLL
+ 2006-11-02 02:46:12 543,232 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2006-11-02 02:46:12 728,576 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\PS5UI.DLL
+ 2006-11-02 02:46:12 543,232 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\PSCRIPT5.DLL
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"MsnMsgr"="C:\Documents and Settings\user\Desktop\msnmsgr.exe" [2007-10-18 5724184]
"Google Update"="C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-11-15 286720]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]
C:\Documents and Settings\user\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.3.lnk - C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
"Debugger"="c:\windows\system32\thjrwmxl.old"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule tcp in ingresso
"4672:UDP"= 4672:UDP:emule udp in ingresso
"86:TCP"= 86:TCP:BroadCam Web Server
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-30 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-19 76040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19c1cc50-de39-11dc-b3a0-001060a5140b}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54eab9b2-cea5-11dc-b383-001060a5140b}]
\Shell\AutoRun\command - nideiect.com
\Shell\explore\Command - nideiect.com
\Shell\open\Command - nideiect.com
.
Contenuto della cartella 'Scheduled Tasks'
2008-10-23 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-05 23:29]
2008-10-24 C:\WINDOWS\Tasks\pggupc.job
- c:\windows\system32\winyimgh.exe [2007-04-16 17:54]
2008-10-22 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
.
------- Supplementare di scansione -------
.
FireFox -: Profile - C:\Documents and Settings\user\Dati applicazioni\Mozilla\Firefox\Profiles\qgmpqd7s.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-24 19:25:48
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-10-24 19.28.20
ComboFix-quarantined-files.txt 2008-10-24 17:28:05
ComboFix2.txt 2008-10-22 18:29:35
Pre-Run: 62.248.411.136 byte disponibili
Post-Run: 62,451,490,816 byte disponibili
141 --- E O F --- 2008-10-23 18:48:01
team03- Numero di messaggi : 7
Data d'iscrizione : 18.10.08
Re: non si avvia
allora, le voci infette sono ancora li... fai cosi;
Scarica ed esegui OtMoveIt3 come spiegato qui
http://www.steven.altervista.org/files/tools1.html#tools5
copia / incolla quanto segue in "Paste List of Files/Folders to be moved"
clicca su MoveIt
Se ti viene chiesto di riavviare, acconsenti
posta il suo log
IMPORTANTEPrima dell'operazione assicurati di essere disconnesso da internet e disattiva tutti i programmi di sicurezza
Scarica ed esegui OtMoveIt3 come spiegato qui
http://www.steven.altervista.org/files/tools1.html#tools5
copia / incolla quanto segue in "Paste List of Files/Folders to be moved"
- Codice:
c:\windows\system32\thjrwmxl.old
c:\windows\system32\winyimgh.exe
C:\WINDOWS\Tasks\pggupc.job
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19c1cc50-de39-11dc-b3a0-001060a5140b}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54eab9b2-cea5-11dc-b383-001060a5140b}
clicca su MoveIt
Se ti viene chiesto di riavviare, acconsenti
posta il suo log
IMPORTANTEPrima dell'operazione assicurati di essere disconnesso da internet e disattiva tutti i programmi di sicurezza
Log
File/Folder avenger.zip not found.
File/Folder avenger.exe not found.
File/Folder Avenger not found.
File/Folder avenger.txt not found.
File/Folder bfu.zip not found.
File/Folder BFU not found.
File/Folder combofix.exe not found.
File/Folder Combo-Fix.sys not found.
File/Folder ComboFix not found.
File/Folder erdnt\subs not found.
File/Folder QooBox not found.
File/Folder ComboFix*.txt not found.
Service not present: catchme.
File/Folder catchme.exe not found.
File/Folder fdsv.exe not found.
File/Folder grep.exe not found.
File/Folder moveex.exe not found.
File/Folder nircmd.exe not found.
File/Folder sed.exe not found.
File/Folder swreg.exe not found.
File/Folder Swsc.exe not found.
File/Folder Swxcacls.exe not found.
File/Folder VFind.exe not found.
File/Folder WS2Fix.exe not found.
File/Folder zip.exe not found.
File/Folder tmp.reg not found.
File/Folder dss.exe not found.
File/Folder Deckard not found.
File/Folder deljob.exe not found.
File/Folder deljob not found.
File/Folder logit.txt not found.
File/Folder FindAWF.exe not found.
File/Folder AWF.txt not found.
File/Folder fixwareout.exe not found.
File/Folder fixwareout not found.
File/Folder fsbl.exe not found.
File/Folder fsbl*.log not found.
File/Folder gmer.exe not found.
File/Folder gmer.dll not found.
File/Folder gmer.ini not found.
File/Folder gmer.log not found.
File/Folder gmer_uninstall.cmd not found.
File/Folder gmer.sys not found.
Service not present: gmer.
File/Folder haxfix.exe not found.
File/Folder haxfix.txt not found.
File/Folder killbox.exe not found.
File/Folder !Killbox not found.
File/Folder NoLop.exe not found.
File/Folder NoLop.txt not found.
File/Folder NoLopOLD.txt not found.
File/Folder delete.bat not found.
File/Folder OTListIt.exe not found.
File/Folder OTListIt.txt not found.
File/Folder Extras.txt not found.
File/Folder OTMoveIt.exe not found.
File/Folder OTMoveIt2.exe not found.
File delete failed. C:\Documents and Settings\user\Desktop\OTMoveIt3.exe scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Desktop\OTMoveIt3.exe scheduled to be deleted on reboot.
C:\_OTMoveIt\MovedFiles\10272008_195821 folder deleted successfully.
C:\_OTMoveIt\MovedFiles folder deleted successfully.
C:\_OTMoveIt folder deleted successfully.
File delete failed. C:\Documents and Settings\user\Desktop\OTMoveIt3.exe scheduled to be deleted on reboot.
File/Folder avenger.exe not found.
File/Folder Avenger not found.
File/Folder avenger.txt not found.
File/Folder bfu.zip not found.
File/Folder BFU not found.
File/Folder combofix.exe not found.
File/Folder Combo-Fix.sys not found.
File/Folder ComboFix not found.
File/Folder erdnt\subs not found.
File/Folder QooBox not found.
File/Folder ComboFix*.txt not found.
Service not present: catchme.
File/Folder catchme.exe not found.
File/Folder fdsv.exe not found.
File/Folder grep.exe not found.
File/Folder moveex.exe not found.
File/Folder nircmd.exe not found.
File/Folder sed.exe not found.
File/Folder swreg.exe not found.
File/Folder Swsc.exe not found.
File/Folder Swxcacls.exe not found.
File/Folder VFind.exe not found.
File/Folder WS2Fix.exe not found.
File/Folder zip.exe not found.
File/Folder tmp.reg not found.
File/Folder dss.exe not found.
File/Folder Deckard not found.
File/Folder deljob.exe not found.
File/Folder deljob not found.
File/Folder logit.txt not found.
File/Folder FindAWF.exe not found.
File/Folder AWF.txt not found.
File/Folder fixwareout.exe not found.
File/Folder fixwareout not found.
File/Folder fsbl.exe not found.
File/Folder fsbl*.log not found.
File/Folder gmer.exe not found.
File/Folder gmer.dll not found.
File/Folder gmer.ini not found.
File/Folder gmer.log not found.
File/Folder gmer_uninstall.cmd not found.
File/Folder gmer.sys not found.
Service not present: gmer.
File/Folder haxfix.exe not found.
File/Folder haxfix.txt not found.
File/Folder killbox.exe not found.
File/Folder !Killbox not found.
File/Folder NoLop.exe not found.
File/Folder NoLop.txt not found.
File/Folder NoLopOLD.txt not found.
File/Folder delete.bat not found.
File/Folder OTListIt.exe not found.
File/Folder OTListIt.txt not found.
File/Folder Extras.txt not found.
File/Folder OTMoveIt.exe not found.
File/Folder OTMoveIt2.exe not found.
File delete failed. C:\Documents and Settings\user\Desktop\OTMoveIt3.exe scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Desktop\OTMoveIt3.exe scheduled to be deleted on reboot.
C:\_OTMoveIt\MovedFiles\10272008_195821 folder deleted successfully.
C:\_OTMoveIt\MovedFiles folder deleted successfully.
C:\_OTMoveIt folder deleted successfully.
File delete failed. C:\Documents and Settings\user\Desktop\OTMoveIt3.exe scheduled to be deleted on reboot.
team03- Numero di messaggi : 7
Data d'iscrizione : 18.10.08
Pagina 1 di 1
Permessi in questa sezione del forum:
Non puoi rispondere agli argomenti in questo forum.
|
|