Zawieszajacy sie laptop ,nie dziala intenet prosba o sprawdz

**Posty:** 21 · przez **justynam26** 06 Gru 2008, 15:02

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 13.59.41, on 06/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe C:\Programmi\Philips\Philips Device Manager\Bin\DeviceManager.exe C:\Programmi\Ad Muncher\AdMunch.exe C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe C:\Programmi\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Hewlett-Packard\Shared\hpqWmiEx.exe C:\WINDOWS\system32\wscntfy.exe C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe C:\Programmi\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Utente\Documenti\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {5EB55B98-B201-4804-B671-E7D53C561538} - C:\WINDOWS\system32\khfFwWop.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmi\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programmi\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {a884f115-2579-465c-a19e-8b5094841034} - C:\WINDOWS\system32\kfybyp.dll O2 - BHO: (no name) - {BC4D329C-268C-4DF1-9495-D628AF034330} - C:\WINDOWS\system32\fccaXoNf.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [PhilipsDM] "C:\Programmi\Philips\Philips Device Manager\Bin\DeviceManager.exe" O4 - HKLM\..\Run: [Ad Muncher] "C:\Programmi\Ad Muncher\AdMunch.exe" /bt O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Programmi\Odkurzacz\odk_mcd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [QuickTime Task] C:\Programmi\WebMediaViewer\qttask.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=4122PO0A&id=menu_ie_frame O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=4122PO0A&id=menu_ie_image O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=4122PO0A&id=menu_ie_link O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=4122PO0A&id=menu_ie_exclude O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=4122PO0A&id=menu_ie_report O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Programmi\SmartShopper\Bin\2.5.0\SmrtShpr.dll (file missing) O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Programmi\SmartShopper\Bin\2.5.0\SmrtShpr.dll (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Programmi\Yahoo!\Common\yinsthelper.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: kfybyp.dll O20 - Winlogon Notify: khfFwWop - C:\WINDOWS\SYSTEM32\khfFwWop.dll O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: flaxen - {257f6f44-2c64-46bb-acb4-55f9b9e0ae08} - (no file) O22 - SharedTaskScheduler: disaffiliation - {854b8525-c907-4258-bc2e-7b118037419c} - (no file) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Programmi\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: XAudioService - Unknown owner - C:\WINDOWS\system32\DRIVERS\xaudio.exe (file missing) -- End of file - 8656 bytes

Dodano 06.12.2008 15:30:23:

Kod: Zaznacz wszystko: ComboFix 08-12-05.06 - Utente 2008-12-06 14.13.23.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1626 [GMT 1:00] Eseguito da: H:\ComboFix.exe * Creato nuovo punto di ripristino [COLOR=RED][B]ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !![/B][/COLOR] . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\Utente\Dati applicazioni\Rapid Antivirus c:\documents and settings\Utente\Dati applicazioni\Rapid Antivirus\Rapid Antivirus.ini c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\aqcqyss.dat c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\aqcqyss.exe c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\aqcqyss_nav.dat c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\aqcqyss_navps.dat c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\swmgg.dat c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\swmgg.exe c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\swmgg_nav.dat c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\swmgg_navps.dat c:\programmi\Applications\myd.ico c:\programmi\Applications\mym.ico c:\programmi\Applications\myp.ico c:\programmi\Applications\myv.ico c:\programmi\webmediaviewer c:\programmi\webmediaviewer\myd.ico c:\programmi\webmediaviewer\mym.ico c:\programmi\webmediaviewer\myp.ico c:\programmi\webmediaviewer\myv.ico c:\windows\system32\bjxwld.dll c:\windows\system32\bqkrfayk.dll c:\windows\system32\bvxvlkiv.dll c:\windows\system32\cayvxdvf.ini c:\windows\system32\evvqdyaq.dll c:\windows\system32\fccaXoNf.dll c:\windows\system32\fNoXaccf.ini c:\windows\system32\fNoXaccf.ini2 c:\windows\system32\fouovsxf.ini c:\windows\system32\hishcucg.dll c:\windows\system32\idgfnpvk.ini c:\windows\system32\ihiwsxva.dll c:\windows\system32\inlwgdqn.dll c:\windows\system32\kdepp.exe c:\windows\system32\kfybyp.dll c:\windows\system32\khfFwWop.dll c:\windows\system32\ltpexg.dll c:\windows\system32\lxfxcxdj.ini c:\windows\system32\mabgjnnk.ini c:\windows\system32\mmshjvpa.ini c:\windows\system32\netwbix32.dll c:\windows\system32\qaydqvve.ini c:\windows\system32\qknjzg.dll c:\windows\system32\rcauhmfs.dll c:\windows\system32\tdtpplwb.ini c:\windows\system32\vatojd.dll c:\windows\system32\xiigbx.dll c:\windows\system32\xkqltlbs.dll c:\windows\system32\xqujvwpv.ini c:\windows\system32\xwpdrrfb.dll c:\windows\system32\zkwxds.dll D:\Autorun.inf D:\resycled d:\resycled\boot.com E:\Autorun.inf E:\resycled e:\resycled\boot.com ----- BITS: Sites possivelmente infetados ----- hxxp://childhe.com . ((((((((((((((((((((((((((((((((((((((( Driver/Servizi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ISODRIVE -------\Service_ISODrive -------\Service_TDSSserv ((((((((((((((((((((((((( Files Creati Da 2008-11-06 al 2008-12-06 ))))))))))))))))))))))))))))))))))) . 2008-12-05 23:59 . 2008-12-06 02:02 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\Skype 2008-12-05 23:58 . 2008-12-05 23:58 <DIR> d-------- c:\programmi\Skype 2008-12-05 23:58 . 2008-12-05 23:58 <DIR> d-------- c:\programmi\File comuni\Skype 2008-12-05 23:43 . 2008-12-05 23:43 <DIR> d-------- C:\HaxFix 2008-12-05 23:43 . 2008-12-04 16:14 487,166 --a------ C:\HaxFix.exe 2008-12-05 23:42 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix 2008-12-05 23:36 . 2008-12-05 23:37 <DIR> d-------- c:\programmi\UltraISO 2008-12-05 23:36 . 2008-12-05 23:36 <DIR> d-------- c:\programmi\File comuni\EZB Systems 2008-12-05 23:31 . 2008-12-05 23:31 <DIR> d-------- c:\programmi\Ad Muncher 2008-12-05 23:31 . 2008-12-05 23:31 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Ad Muncher 2008-12-05 23:29 . 2008-12-05 23:29 <DIR> d-------- c:\programmi\Quick StartUp 2008-12-05 23:28 . 2008-12-05 23:58 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Skype 2008-12-05 23:19 . 2008-12-05 23:19 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage 2008-12-05 23:12 . 2008-12-06 01:55 <DIR> d-------- c:\programmi\TorrentMan 2008-12-05 23:12 . 2008-12-05 23:12 <DIR> d-------- c:\programmi\BitLord 2008-12-05 16:12 . 2008-12-05 16:12 0 --a------ c:\windows\nsreg.dat 2008-12-05 13:30 . 2008-12-05 13:30 <DIR> d-------- c:\programmi\Symantec 2008-12-05 13:30 . 2008-12-05 16:30 <DIR> d-------- c:\programmi\File comuni\Symantec Shared 2008-12-05 13:30 . 2008-12-05 13:30 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS 2008-12-05 13:30 . 2008-12-05 13:30 60,808 --a------ c:\windows\system32\S32EVNT1.DLL 2008-12-05 13:30 . 2008-12-05 13:29 35,888 -ra------ c:\windows\system32\drivers\SymIM.sys 2008-12-05 13:30 . 2008-12-05 13:30 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT 2008-12-05 13:30 . 2008-12-05 13:30 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF 2008-12-05 13:29 . 2008-12-05 13:29 <DIR> d-------- c:\windows\system32\drivers\NIS 2008-12-05 13:29 . 2008-12-05 13:29 <DIR> d-------- c:\programmi\Windows Sidebar 2008-12-05 13:29 . 2008-12-05 13:29 <DIR> d-------- c:\programmi\Norton Internet Security 2008-12-05 13:29 . 2008-12-05 13:30 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Norton 2008-12-05 13:28 . 2008-12-05 13:28 <DIR> d-------- c:\programmi\NortonInstaller 2008-12-05 13:28 . 2008-12-05 13:28 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller 2008-12-04 23:13 . 2008-12-06 12:58 8,652,832 --ahs---- c:\windows\system32\drivers\fidbox.dat 2008-12-04 23:13 . 2008-12-06 12:58 104,564 --ahs---- c:\windows\system32\drivers\fidbox.idx 2008-12-04 22:37 . 2008-12-04 22:37 <DIR> d-------- C:\VundoFix Backups 2008-12-04 22:24 . 2008-12-04 22:24 <DIR> d-------- c:\windows\ERUNT 2008-12-04 22:24 . 2008-12-04 22:24 <DIR> d-------- C:\ERDNT 2008-12-04 22:24 . 2008-12-05 11:58 <DIR> d-------- C:\!FixIEDef 2008-12-04 21:41 . 2008-12-04 21:41 <DIR> d-------- c:\programmi\Common Files 2008-12-03 16:18 . 2008-12-03 16:18 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard 2008-12-03 16:13 . 2008-12-03 16:18 <DIR> d-------- c:\programmi\CCleaner 2008-12-03 15:56 . 2008-12-03 15:56 <DIR> d--hs---- c:\documents and settings\Utente\B6A344F55D1844F0 2008-12-03 15:56 . 2008-12-03 15:56 48,640 --a------ c:\windows\system32\hgGVomJb.dll 2008-12-02 02:43 . 2008-12-02 02:43 <DIR> d-------- c:\documents and settings\All Users\Nuova cartella 2008-12-01 22:47 . 2008-12-01 22:47 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\install_4873_MHwzNXwxMDAwMDAwMDAwfHx8fHx8fHw_[1] 2008-11-29 13:43 . 2008-11-10 09:58 173,528 --a------ c:\windows\system32nsinet.exe 2008-11-26 17:34 . 2008-12-05 12:02 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files 2008-11-26 17:15 . 2008-12-05 13:59 <DIR> d-------- c:\programmi\Odkurzacz 2008-11-25 23:00 . 2008-11-25 23:00 <DIR> dr------- c:\documents and settings\NetworkService\Preferiti 2008-11-24 22:44 . 2008-11-24 22:44 <DIR> d-------- c:\programmi\Microsoft Silverlight 2008-11-15 15:21 . 2001-08-30 23:07 8,704 --a------ c:\windows\system32\kbdjpn.dll 2008-11-15 15:21 . 2001-08-30 23:07 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll 2008-11-15 15:21 . 2001-08-30 23:07 8,192 --a------ c:\windows\system32\kbdkor.dll 2008-11-15 15:21 . 2001-08-30 23:07 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll 2008-11-15 15:21 . 2008-04-14 04:12 6,144 --a------ c:\windows\system32\kbd106.dll 2008-11-15 15:21 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd101c.dll 2008-11-15 15:21 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd101b.dll 2008-11-15 15:21 . 2008-04-14 04:12 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll 2008-11-15 15:21 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll 2008-11-15 15:21 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll 2008-11-15 15:21 . 2001-08-17 22:55 5,632 --a------ c:\windows\system32\kbd103.dll 2008-11-15 15:21 . 2001-08-17 22:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll 2008-11-15 12:00 . 2008-11-22 07:02 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-11-15 04:31 . 2008-12-01 21:56 <DIR> d-------- c:\windows\system32\FlashAX 2008-11-15 04:27 . 2008-11-15 04:27 <DIR> d-------- C:\MicroGaming 2008-11-15 04:27 . 2008-11-15 04:27 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Microgaming 2008-11-15 04:27 . 2008-11-15 04:40 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\MGS 2008-11-12 21:23 . 2008-11-26 17:51 <DIR> d-a------ c:\documents and settings\All Users\Dati applicazioni\TEMP 2008-11-12 21:20 . 2008-12-06 14:13 <DIR> d-------- c:\programmi\Applications 2008-11-12 13:33 . 2008-11-12 13:33 118 --a------ c:\windows\system32\MRT.INI 2008-11-12 08:45 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-12 08:42 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-09 10:16 . 2008-11-09 10:16 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\Windows Live Writer 2008-11-08 19:33 . 2008-12-05 13:48 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\SmartShopper . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-29 10:32 --------- d-----w c:\programmi\CONEXANT 2008-11-26 17:00 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8 2008-11-26 16:22 --------- d-----w c:\programmi\Windows Live Toolbar 2008-11-26 16:22 --------- d-----w c:\programmi\NetWaiting 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 23:39 115,564 ----a-w c:\documents and settings\Utente\Menu Avvio.exe 2008-10-19 00:23 --------- d-----w c:\programmi\Servizi in linea 2008-10-12 20:59 --------- d--h--w c:\programmi\InstallShield Installation Information 2008-10-12 20:59 --------- d-----w c:\programmi\Philips 2008-10-09 12:55 --------- d-----w c:\programmi\Hewlett-Packard 2008-10-06 18:28 --------- d-----w c:\programmi\Windows Live . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024] "ccleaner"="c:\programmi\CCleaner\CCleaner.exe" [2008-08-22 1234160] "Odkurzacz-MCD"="c:\programmi\Odkurzacz\odk_mcd.exe" [2008-08-16 264704] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016] "NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "PhilipsDM"="c:\programmi\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2005-09-14 512000] "Ad Muncher"="c:\programmi\Ad Muncher\AdMunch.exe" [2008-12-05 779776] "nwiz"="nwiz.exe" [2006-07-20 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872] Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=kfybyp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "QlbCtrl.exe"=c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start "NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "MsmqIntCert"=regsvr32 /s mqrt.dll "UserFaultCheck"=%systemroot%\system32\dumprep 0 -u [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Programmi\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1000000.07D\SYMEFA.SYS [2008-12-05 309296] R1 BHDrvx86;Symantec Heuristics Driver;\??\c:\windows\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [2008-12-05 254512] R1 ccHP;Symantec Hash Provider;\??\c:\windows\system32\drivers\NIS\1000000.07D\ccHPx86.sys [2008-12-05 362544] R1 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [2008-12-05 274808] R2 B6A344F55D1844F0;B6A344F55D1844F0;\??\c:\documents and settings\Utente\B6A344F55D1844F0\B6A344F55D1844F0 [] R2 Norton Internet Security;Norton Internet Security;"c:\programmi\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\programmi\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 [] R2 NwSapAgent;Agente SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-19 14336] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-05 99376] R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\DRIVERS\NETw5x32.sys [2008-09-04 3630080] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{404ef809-b411-11dd-8afb-0019d29e2b4a}] \Shell\AutoRun\command - H:\taqhptr.bat \Shell\explore\Command - H:\taqhptr.bat \Shell\open\Command - H:\taqhptr.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56c62d20-7a92-11dd-8a66-0019d29e2b4a}] \Shell\AutoRun\command - H:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56c62d22-7a92-11dd-8a66-0019d29e2b4a}] \Shell\AutoRun\command - H:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aabae420-7b5e-11dd-8a68-001b241f02d0}] \Shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcd7befe-7c39-11dd-8a6f-001b241f02d0}] \Shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcd7beff-7c39-11dd-8a6f-001b241f02d0}] \Shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcd7bf00-7c39-11dd-8a6f-001b241f02d0}] \Shell\AutoRun\command - G:\AutoRun.exe . Contenuto della cartella 'Scheduled Tasks' 2008-12-06 c:\windows\Tasks\User_Feed_Synchronization-{7034279A-5ADB-4738-B5DF-01520A46C493}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 17:36] . - - - - ORFÃOS REMOVIDOS - - - - BHO-{5EB55B98-B201-4804-B671-E7D53C561538} - c:\windows\system32\khfFwWop.dll BHO-{a884f115-2579-465c-a19e-8b5094841034} - c:\windows\system32\kfybyp.dll BHO-{BC4D329C-268C-4DF1-9495-D628AF034330} - c:\windows\system32\fccaXoNf.dll HKLM-Explorer_Run-QuickTime Task - c:\programmi\WebMediaViewer\qttask.exe SharedTaskScheduler-{854b8525-c907-4258-bc2e-7b118037419c} - (no file) ShellExecuteHooks-{5EB55B98-B201-4804-B671-E7D53C561538} - c:\windows\system32\khfFwWop.dll . ------- Supplementare di scansione ------- . uInternet Settings,ProxyOverride = <local> IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=4122PO0A&id=menu_ie_frame IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=4122PO0A&id=menu_ie_image IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=4122PO0A&id=menu_ie_link IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=4122PO0A&id=menu_ie_exclude IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=4122PO0A&id=menu_ie_report IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {BCEB373D-A35A-4200-BD43-8586CD9DFAE7} - c:\programmi\SmartShopper\Bin\2.5.0\SmrtShpr.dll FireFox -: Profile - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\r5g4k9l7.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q= FF -: plugin - c:\programmi\Microsoft Silverlight\2.0.31005.0\npctrl.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-06 14:23:36 Windows 5.1.2600 Service Pack 3 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\programmi\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\programmi\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\B6A344F55D1844F0] "ImagePath"="\??\c:\documents and settings\Utente\B6A344F55D1844F0\B6A344F55D1844F0" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\B6A344F55D1844F0] "ImagePath"="\??\c:\documents and settings\Utente\B6A344F55D1844F0\B6A344F55D1844F0" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'explorer.exe'(1080) c:\programmi\Ad Muncher\AM30400.dll c:\programmi\Windows Media Player\wmpband.dll . ------------------------ Altri processi in esecuzione ------------------------ . c:\programmi\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\msdtc.exe c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe c:\programmi\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe c:\windows\system32\nvsvc32.exe c:\programmi\Hewlett-Packard\Shared\hpqWmiEx.exe c:\programmi\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe c:\programmi\File comuni\Nero\Lib\NMIndexingService.exe c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe c:\windows\system32\rundll32.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Ora fine scansione: 2008-12-06 14:25:39 - macchina è stato riavviato ComboFix-quarantined-files.txt 2008-12-06 13:25:33 Pre-Run: 142.633.816.064 byte disponibili Post-Run: 142,598,254,592 byte disponibili 301 --- E O F --- 2008-11-13 06:47:28

Dodano 06.12.2008 17:55:07:
laptop mi sie zawiesza,zamula i nie laczy sie z internetem przez modem,prosze o sprawdzenie loga

**Posty:** 18165 · przez **wojtas** 06 Gru 2008, 18:28

Otworz notatnik i wklej w nim to:

File::
c:\windows\system32\hgGVomJb.dll
c:\windows\system32nsinet.exe
c:\documents and settings\Utente\Menu Avvio.exe

Folder::
c:\documents and settings\Utente\Dati applicazioni\install_4873_MHwzNXwxMDAwMDAwMDAwfHx8fHx8fHw_[1]
c:\documents and settings\Utente\Dati applicazioni\SmartShopper

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{404ef809-b411-11dd-8afb-0019d29e2b4a}]

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania

**Posty:** 21 · przez **justynam26** 06 Gru 2008, 19:25

Kod: Zaznacz wszystko: ComboFix 08-12-05.06 - Utente 2008-12-06 18.17.52.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1599 [GMT 1:00] Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe [COLOR=RED][B]ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !![/B][/COLOR] . ((((((((((((((((((((((((( Files Creati Da 2008-11-06 al 2008-12-06 ))))))))))))))))))))))))))))))))))) . 2008-12-06 18:10 . 2008-12-06 18:10 156,160 --a------ C:\swreg.exe 2008-12-06 18:10 . 2008-12-06 18:10 142,336 --a------ C:\catchme.exe 2008-12-06 18:10 . 2008-12-06 18:10 53,248 --a------ C:\process.exe 2008-12-06 18:10 . 2008-12-06 18:10 51,200 --a------ C:\dumphive.exe 2008-12-06 18:10 . 2008-12-06 18:10 40,960 --a------ C:\swsc.exe 2008-12-06 18:10 . 2008-12-06 18:10 38,400 --a------ C:\moveex.exe 2008-12-06 18:10 . 2008-12-06 18:10 6,656 --a------ C:\md5file.exe 2008-12-06 18:10 . 2008-12-06 18:10 4,096 --a------ C:\reboot.exe 2008-12-06 18:10 . 2008-12-06 18:10 3,109 --a------ C:\run2.hax 2008-12-05 23:59 . 2008-12-06 02:02 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\Skype 2008-12-05 23:58 . 2008-12-05 23:58 <DIR> d-------- c:\programmi\Skype 2008-12-05 23:58 . 2008-12-05 23:58 <DIR> d-------- c:\programmi\File comuni\Skype 2008-12-05 23:43 . 2008-12-05 23:43 <DIR> d-------- C:\HaxFix 2008-12-05 23:43 . 2008-12-04 16:14 487,166 --a------ C:\HaxFix.exe 2008-12-05 23:42 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix 2008-12-05 23:36 . 2008-12-05 23:37 <DIR> d-------- c:\programmi\UltraISO 2008-12-05 23:36 . 2008-12-05 23:36 <DIR> d-------- c:\programmi\File comuni\EZB Systems 2008-12-05 23:31 . 2008-12-05 23:31 <DIR> d-------- c:\programmi\Ad Muncher 2008-12-05 23:31 . 2008-12-05 23:31 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Ad Muncher 2008-12-05 23:29 . 2008-12-05 23:29 <DIR> d-------- c:\programmi\Quick StartUp 2008-12-05 23:28 . 2008-12-05 23:58 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Skype 2008-12-05 23:19 . 2008-12-05 23:19 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage 2008-12-05 23:12 . 2008-12-06 01:55 <DIR> d-------- c:\programmi\TorrentMan 2008-12-05 23:12 . 2008-12-05 23:12 <DIR> d-------- c:\programmi\BitLord 2008-12-05 16:12 . 2008-12-05 16:12 0 --a------ c:\windows\nsreg.dat 2008-12-05 13:30 . 2008-12-05 13:30 <DIR> d-------- c:\programmi\Symantec 2008-12-05 13:30 . 2008-12-05 16:30 <DIR> d-------- c:\programmi\File comuni\Symantec Shared 2008-12-05 13:30 . 2008-12-05 13:30 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS 2008-12-05 13:30 . 2008-12-05 13:30 60,808 --a------ c:\windows\system32\S32EVNT1.DLL 2008-12-05 13:30 . 2008-12-05 13:29 35,888 -ra------ c:\windows\system32\drivers\SymIM.sys 2008-12-05 13:30 . 2008-12-05 13:30 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT 2008-12-05 13:30 . 2008-12-05 13:30 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF 2008-12-05 13:29 . 2008-12-05 13:29 <DIR> d-------- c:\windows\system32\drivers\NIS 2008-12-05 13:29 . 2008-12-05 13:29 <DIR> d-------- c:\programmi\Windows Sidebar 2008-12-05 13:29 . 2008-12-05 13:29 <DIR> d-------- c:\programmi\Norton Internet Security 2008-12-05 13:29 . 2008-12-05 13:30 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Norton 2008-12-05 13:28 . 2008-12-05 13:28 <DIR> d-------- c:\programmi\NortonInstaller 2008-12-05 13:28 . 2008-12-05 13:28 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller 2008-12-04 23:13 . 2008-12-06 12:58 8,652,832 --ahs---- c:\windows\system32\drivers\fidbox.dat 2008-12-04 23:13 . 2008-12-06 12:58 104,564 --ahs---- c:\windows\system32\drivers\fidbox.idx 2008-12-04 22:37 . 2008-12-04 22:37 <DIR> d-------- C:\VundoFix Backups 2008-12-04 22:24 . 2008-12-04 22:24 <DIR> d-------- c:\windows\ERUNT 2008-12-04 22:24 . 2008-12-04 22:24 <DIR> d-------- C:\ERDNT 2008-12-04 22:24 . 2008-12-05 11:58 <DIR> d-------- C:\!FixIEDef 2008-12-04 21:41 . 2008-12-04 21:41 <DIR> d-------- c:\programmi\Common Files 2008-12-03 16:18 . 2008-12-03 16:18 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard 2008-12-03 16:13 . 2008-12-03 16:18 <DIR> d-------- c:\programmi\CCleaner 2008-12-03 15:56 . 2008-12-03 15:56 <DIR> d--hs---- c:\documents and settings\Utente\B6A344F55D1844F0 2008-12-02 02:43 . 2008-12-02 02:43 <DIR> d-------- c:\documents and settings\All Users\Nuova cartella 2008-11-26 17:34 . 2008-12-05 12:02 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files 2008-11-26 17:15 . 2008-12-05 13:59 <DIR> d-------- c:\programmi\Odkurzacz 2008-11-25 23:00 . 2008-11-25 23:00 <DIR> dr------- c:\documents and settings\NetworkService\Preferiti 2008-11-24 22:44 . 2008-11-24 22:44 <DIR> d-------- c:\programmi\Microsoft Silverlight 2008-11-15 15:21 . 2001-08-30 23:07 8,704 --a------ c:\windows\system32\kbdjpn.dll 2008-11-15 15:21 . 2001-08-30 23:07 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll 2008-11-15 15:21 . 2001-08-30 23:07 8,192 --a------ c:\windows\system32\kbdkor.dll 2008-11-15 15:21 . 2001-08-30 23:07 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll 2008-11-15 15:21 . 2008-04-14 04:12 6,144 --a------ c:\windows\system32\kbd106.dll 2008-11-15 15:21 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd101c.dll 2008-11-15 15:21 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd101b.dll 2008-11-15 15:21 . 2008-04-14 04:12 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll 2008-11-15 15:21 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll 2008-11-15 15:21 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll 2008-11-15 15:21 . 2001-08-17 22:55 5,632 --a------ c:\windows\system32\kbd103.dll 2008-11-15 15:21 . 2001-08-17 22:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll 2008-11-15 12:00 . 2008-11-22 07:02 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-11-15 04:31 . 2008-12-01 21:56 <DIR> d-------- c:\windows\system32\FlashAX 2008-11-15 04:27 . 2008-11-15 04:27 <DIR> d-------- C:\MicroGaming 2008-11-15 04:27 . 2008-11-15 04:27 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Microgaming 2008-11-15 04:27 . 2008-11-15 04:40 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\MGS 2008-11-12 21:23 . 2008-11-26 17:51 <DIR> d-a------ c:\documents and settings\All Users\Dati applicazioni\TEMP 2008-11-12 21:20 . 2008-12-06 14:13 <DIR> d-------- c:\programmi\Applications 2008-11-12 13:33 . 2008-11-12 13:33 118 --a------ c:\windows\system32\MRT.INI 2008-11-12 08:45 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-12 08:42 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-09 10:16 . 2008-11-09 10:16 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\Windows Live Writer . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-29 10:32 --------- d-----w c:\programmi\CONEXANT 2008-11-26 17:00 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8 2008-11-26 16:22 --------- d-----w c:\programmi\Windows Live Toolbar 2008-11-26 16:22 --------- d-----w c:\programmi\NetWaiting 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-19 00:23 --------- d-----w c:\programmi\Servizi in linea 2008-10-12 20:59 --------- d--h--w c:\programmi\InstallShield Installation Information 2008-10-12 20:59 --------- d-----w c:\programmi\Philips 2008-10-09 12:55 --------- d-----w c:\programmi\Hewlett-Packard 2008-10-06 18:28 --------- d-----w c:\programmi\Windows Live . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024] "ccleaner"="c:\programmi\CCleaner\CCleaner.exe" [2008-08-22 1234160] "Odkurzacz-MCD"="c:\programmi\Odkurzacz\odk_mcd.exe" [2008-08-16 264704] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016] "NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "PhilipsDM"="c:\programmi\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2005-09-14 512000] "Ad Muncher"="c:\programmi\Ad Muncher\AdMunch.exe" [2008-12-05 779776] "nwiz"="nwiz.exe" [2006-07-20 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872] Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=kfybyp.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "QlbCtrl.exe"=c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start "NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "MsmqIntCert"=regsvr32 /s mqrt.dll "UserFaultCheck"=%systemroot%\system32\dumprep 0 -u [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Programmi\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1000000.07D\SYMEFA.SYS [2008-12-05 309296] R1 BHDrvx86;Symantec Heuristics Driver;\??\c:\windows\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [2008-12-05 254512] R1 ccHP;Symantec Hash Provider;\??\c:\windows\system32\drivers\NIS\1000000.07D\ccHPx86.sys [2008-12-05 362544] R1 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [2008-12-05 274808] R2 B6A344F55D1844F0;B6A344F55D1844F0;\??\c:\documents and settings\Utente\B6A344F55D1844F0\B6A344F55D1844F0 [] R2 Norton Internet Security;Norton Internet Security;"c:\programmi\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\programmi\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 [] R2 NwSapAgent;Agente SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-19 14336] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-05 99376] R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\DRIVERS\NETw5x32.sys [2008-09-04 3630080] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56c62d20-7a92-11dd-8a66-0019d29e2b4a}] \Shell\AutoRun\command - H:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56c62d22-7a92-11dd-8a66-0019d29e2b4a}] \Shell\AutoRun\command - H:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aabae420-7b5e-11dd-8a68-001b241f02d0}] \Shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcd7befe-7c39-11dd-8a6f-001b241f02d0}] \Shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcd7beff-7c39-11dd-8a6f-001b241f02d0}] \Shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcd7bf00-7c39-11dd-8a6f-001b241f02d0}] \Shell\AutoRun\command - G:\AutoRun.exe . Contenuto della cartella 'Scheduled Tasks' 2008-12-06 c:\windows\Tasks\User_Feed_Synchronization-{7034279A-5ADB-4738-B5DF-01520A46C493}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 17:36] . . ------- Supplementare di scansione ------- . uInternet Settings,ProxyOverride = <local> IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=4122PO0A&id=menu_ie_frame IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=4122PO0A&id=menu_ie_image IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=4122PO0A&id=menu_ie_link IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=4122PO0A&id=menu_ie_exclude IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=4122PO0A&id=menu_ie_report IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {BCEB373D-A35A-4200-BD43-8586CD9DFAE7} - c:\programmi\SmartShopper\Bin\2.5.0\SmrtShpr.dll FireFox -: Profile - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\r5g4k9l7.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q= FF -: plugin - c:\programmi\Microsoft Silverlight\2.0.31005.0\npctrl.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-06 18:21:29 Windows 5.1.2600 Service Pack 3 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\programmi\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\programmi\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\B6A344F55D1844F0] "ImagePath"="\??\c:\documents and settings\Utente\B6A344F55D1844F0\B6A344F55D1844F0" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\B6A344F55D1844F0] "ImagePath"="\??\c:\documents and settings\Utente\B6A344F55D1844F0\B6A344F55D1844F0" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'explorer.exe'(2716) c:\programmi\Ad Muncher\AM30400.dll c:\programmi\Windows Media Player\wmpband.dll . Ora fine scansione: 2008-12-06 18.22.31 ComboFix-quarantined-files.txt 2008-12-06 17:22:24 ComboFix2.txt 2008-12-06 17:09:07 ComboFix3.txt 2008-12-06 13:25:41 Pre-Run: 142.572.318.720 byte disponibili Post-Run: 142,562,979,840 byte disponibili

Dodano 06.12.2008 19:26:45:
to log z teraz

**Posty:** 684 · przez **djarta** 06 Gru 2008, 19:47

Pobierz ---> The Avenger

Wklej do niego ten tekst:

Kod: Zaznacz wszystko: Files to delete: c:\windows\system32\MRT.INI c:\windows\Tasks\User_Feed_Synchronization-{7034279A-5ADB-4738-B5DF-01520A46C493}.job Folders to delete: C:\VundoFix Backups c:\documents and settings\Utente\B6A344F55D1844F0 c:\programmi\Applications Drivers to delete: B6A344F55D1844F0

Kopiujesz - Klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK.
Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt

2)

Do Notatnika wklej:

Kod: Zaznacz wszystko: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=- "AppInit_DLLs"="" [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] [-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\B6A344F55D1844F0] [-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\B6A344F55D1844F0]

Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na: "Wszystkie pliki" >>> Zapisz jako FIX.REG>>>
plik uruchom (dwuklik i OK- zgódź się na dodanie do Rejestru).
Zrestartuj komputer.

3) Wracasz z nowym logiem z ComboFixa.!

=================
K.

**Posty:** 21 · przez **justynam26** 06 Gru 2008, 20:21

Kod: Zaznacz wszystko: ComboFix 08-12-05.06 - Utente 2008-12-06 19.14.33.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1570 [GMT 1:00] Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe [COLOR=RED][B]ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !![/B][/COLOR] . ((((((((((((((((((((((((( Files Creati Da 2008-11-06 al 2008-12-06 ))))))))))))))))))))))))))))))))))) . 2008-12-06 18:10 . 2008-12-06 18:10 156,160 --a------ C:\swreg.exe 2008-12-06 18:10 . 2008-12-06 18:10 142,336 --a------ C:\catchme.exe 2008-12-06 18:10 . 2008-12-06 18:10 53,248 --a------ C:\process.exe 2008-12-06 18:10 . 2008-12-06 18:10 51,200 --a------ C:\dumphive.exe 2008-12-06 18:10 . 2008-12-06 18:10 40,960 --a------ C:\swsc.exe 2008-12-06 18:10 . 2008-12-06 18:10 38,400 --a------ C:\moveex.exe 2008-12-06 18:10 . 2008-12-06 18:10 6,656 --a------ C:\md5file.exe 2008-12-06 18:10 . 2008-12-06 18:10 4,096 --a------ C:\reboot.exe 2008-12-06 18:10 . 2008-12-06 18:10 3,109 --a------ C:\run2.hax 2008-12-05 23:59 . 2008-12-06 02:02 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\Skype 2008-12-05 23:58 . 2008-12-05 23:58 <DIR> d-------- c:\programmi\Skype 2008-12-05 23:58 . 2008-12-05 23:58 <DIR> d-------- c:\programmi\File comuni\Skype 2008-12-05 23:43 . 2008-12-05 23:43 <DIR> d-------- C:\HaxFix 2008-12-05 23:43 . 2008-12-04 16:14 487,166 --a------ C:\HaxFix.exe 2008-12-05 23:42 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix 2008-12-05 23:36 . 2008-12-05 23:37 <DIR> d-------- c:\programmi\UltraISO 2008-12-05 23:36 . 2008-12-05 23:36 <DIR> d-------- c:\programmi\File comuni\EZB Systems 2008-12-05 23:31 . 2008-12-05 23:31 <DIR> d-------- c:\programmi\Ad Muncher 2008-12-05 23:31 . 2008-12-05 23:31 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Ad Muncher 2008-12-05 23:29 . 2008-12-05 23:29 <DIR> d-------- c:\programmi\Quick StartUp 2008-12-05 23:28 . 2008-12-05 23:58 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Skype 2008-12-05 23:19 . 2008-12-05 23:19 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage 2008-12-05 23:12 . 2008-12-06 01:55 <DIR> d-------- c:\programmi\TorrentMan 2008-12-05 23:12 . 2008-12-05 23:12 <DIR> d-------- c:\programmi\BitLord 2008-12-05 16:12 . 2008-12-05 16:12 0 --a------ c:\windows\nsreg.dat 2008-12-05 13:30 . 2008-12-05 13:30 <DIR> d-------- c:\programmi\Symantec 2008-12-05 13:30 . 2008-12-05 16:30 <DIR> d-------- c:\programmi\File comuni\Symantec Shared 2008-12-05 13:30 . 2008-12-05 13:30 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS 2008-12-05 13:30 . 2008-12-05 13:30 60,808 --a------ c:\windows\system32\S32EVNT1.DLL 2008-12-05 13:30 . 2008-12-05 13:29 35,888 -ra------ c:\windows\system32\drivers\SymIM.sys 2008-12-05 13:30 . 2008-12-05 13:30 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT 2008-12-05 13:30 . 2008-12-05 13:30 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF 2008-12-05 13:29 . 2008-12-05 13:29 <DIR> d-------- c:\windows\system32\drivers\NIS 2008-12-05 13:29 . 2008-12-05 13:29 <DIR> d-------- c:\programmi\Windows Sidebar 2008-12-05 13:29 . 2008-12-05 13:29 <DIR> d-------- c:\programmi\Norton Internet Security 2008-12-05 13:29 . 2008-12-05 13:30 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Norton 2008-12-05 13:28 . 2008-12-05 13:28 <DIR> d-------- c:\programmi\NortonInstaller 2008-12-05 13:28 . 2008-12-05 13:28 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller 2008-12-04 23:13 . 2008-12-06 12:58 8,652,832 --ahs---- c:\windows\system32\drivers\fidbox.dat 2008-12-04 23:13 . 2008-12-06 12:58 104,564 --ahs---- c:\windows\system32\drivers\fidbox.idx 2008-12-04 22:24 . 2008-12-04 22:24 <DIR> d-------- c:\windows\ERUNT 2008-12-04 22:24 . 2008-12-04 22:24 <DIR> d-------- C:\ERDNT 2008-12-04 22:24 . 2008-12-05 11:58 <DIR> d-------- C:\!FixIEDef 2008-12-04 21:41 . 2008-12-04 21:41 <DIR> d-------- c:\programmi\Common Files 2008-12-03 16:18 . 2008-12-03 16:18 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard 2008-12-03 16:13 . 2008-12-03 16:18 <DIR> d-------- c:\programmi\CCleaner 2008-12-02 02:43 . 2008-12-02 02:43 <DIR> d-------- c:\documents and settings\All Users\Nuova cartella 2008-11-26 17:34 . 2008-12-05 12:02 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files 2008-11-26 17:15 . 2008-12-05 13:59 <DIR> d-------- c:\programmi\Odkurzacz 2008-11-25 23:00 . 2008-11-25 23:00 <DIR> dr------- c:\documents and settings\NetworkService\Preferiti 2008-11-24 22:44 . 2008-11-24 22:44 <DIR> d-------- c:\programmi\Microsoft Silverlight 2008-11-15 15:21 . 2001-08-30 23:07 8,704 --a------ c:\windows\system32\kbdjpn.dll 2008-11-15 15:21 . 2001-08-30 23:07 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll 2008-11-15 15:21 . 2001-08-30 23:07 8,192 --a------ c:\windows\system32\kbdkor.dll 2008-11-15 15:21 . 2001-08-30 23:07 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll 2008-11-15 15:21 . 2008-04-14 04:12 6,144 --a------ c:\windows\system32\kbd106.dll 2008-11-15 15:21 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd101c.dll 2008-11-15 15:21 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd101b.dll 2008-11-15 15:21 . 2008-04-14 04:12 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll 2008-11-15 15:21 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll 2008-11-15 15:21 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll 2008-11-15 15:21 . 2001-08-17 22:55 5,632 --a------ c:\windows\system32\kbd103.dll 2008-11-15 15:21 . 2001-08-17 22:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll 2008-11-15 12:00 . 2008-11-22 07:02 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-11-15 04:31 . 2008-12-01 21:56 <DIR> d-------- c:\windows\system32\FlashAX 2008-11-15 04:27 . 2008-11-15 04:27 <DIR> d-------- C:\MicroGaming 2008-11-15 04:27 . 2008-11-15 04:27 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Microgaming 2008-11-15 04:27 . 2008-11-15 04:40 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\MGS 2008-11-12 21:23 . 2008-11-26 17:51 <DIR> d-a------ c:\documents and settings\All Users\Dati applicazioni\TEMP 2008-11-12 08:45 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-12 08:42 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-09 10:16 . 2008-11-09 10:16 <DIR> d-------- c:\documents and settings\Utente\Dati applicazioni\Windows Live Writer . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-29 10:32 --------- d-----w c:\programmi\CONEXANT 2008-11-26 17:00 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8 2008-11-26 16:22 --------- d-----w c:\programmi\Windows Live Toolbar 2008-11-26 16:22 --------- d-----w c:\programmi\NetWaiting 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-19 00:23 --------- d-----w c:\programmi\Servizi in linea 2008-10-12 20:59 --------- d--h--w c:\programmi\InstallShield Installation Information 2008-10-12 20:59 --------- d-----w c:\programmi\Philips 2008-10-09 12:55 --------- d-----w c:\programmi\Hewlett-Packard 2008-10-06 18:28 --------- d-----w c:\programmi\Windows Live . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024] "ccleaner"="c:\programmi\CCleaner\CCleaner.exe" [2008-08-22 1234160] "Odkurzacz-MCD"="c:\programmi\Odkurzacz\odk_mcd.exe" [2008-08-16 264704] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016] "NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "PhilipsDM"="c:\programmi\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2005-09-14 512000] "Ad Muncher"="c:\programmi\Ad Muncher\AdMunch.exe" [2008-12-05 779776] "nwiz"="nwiz.exe" [2006-07-20 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872] Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "QlbCtrl.exe"=c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start "NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "MsmqIntCert"=regsvr32 /s mqrt.dll "UserFaultCheck"=%systemroot%\system32\dumprep 0 -u [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Programmi\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1000000.07D\SYMEFA.SYS [2008-12-05 309296] R1 BHDrvx86;Symantec Heuristics Driver;\??\c:\windows\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [2008-12-05 254512] R1 ccHP;Symantec Hash Provider;\??\c:\windows\system32\drivers\NIS\1000000.07D\ccHPx86.sys [2008-12-05 362544] R1 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [2008-12-05 274808] R2 Norton Internet Security;Norton Internet Security;"c:\programmi\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\programmi\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 [] R2 NwSapAgent;Agente SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-19 14336] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-05 99376] R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\DRIVERS\NETw5x32.sys [2008-09-04 3630080] . . ------- Supplementare di scansione ------- . uInternet Settings,ProxyOverride = <local> IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=4122PO0A&id=menu_ie_frame IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=4122PO0A&id=menu_ie_image IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=4122PO0A&id=menu_ie_link IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=4122PO0A&id=menu_ie_exclude IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=4122PO0A&id=menu_ie_report IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {BCEB373D-A35A-4200-BD43-8586CD9DFAE7} - c:\programmi\SmartShopper\Bin\2.5.0\SmrtShpr.dll FireFox -: Profile - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\r5g4k9l7.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q= FF -: plugin - c:\programmi\Microsoft Silverlight\2.0.31005.0\npctrl.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-06 19:17:34 Windows 5.1.2600 Service Pack 3 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\programmi\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\programmi\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'explorer.exe'(1448) c:\programmi\Ad Muncher\AM30400.dll c:\programmi\Windows Media Player\wmpband.dll . Ora fine scansione: 2008-12-06 19.18.23 ComboFix-quarantined-files.txt 2008-12-06 18:18:19 ComboFix2.txt 2008-12-06 17:22:32 ComboFix3.txt 2008-12-06 17:09:07 ComboFix4.txt 2008-12-06 13:25:41 Pre-Run: 142.657.843.200 byte disponibili Post-Run: 142,649,491,456 byte disponibili 183 --- E O F --- 2008-11-13 06:47:28

Dodano 06.12.2008 20:22:49:
to nowy log

**Posty:** 684 · przez **djarta** 06 Gru 2008, 21:02

Czysto.

Wykonaj to co jest podane w tym temacie (jeśli wykonałeś/łaś to wcześniej to nie rób tego).

Usuń ręcznie folder C:\Qoobox,

Usuń instalkę ComboFix z dysku.

Wykonaj optymalizację autostartu

Przeczyść komputer ATF-Cleaner

Wyłącz i włącz przywracanie systemu na wszystkich dyskach.Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

=======================
K.

**Posty:** 21 · przez **justynam26** 07 Gru 2008, 10:25

wczoraj padlam przed kompem ,jak tylko bede miala loga to wstawie -generalnie dziala,dzial,dziala!!!!!!!!!!!!!!!!! Jestescie wspanili

Dodano 07.12.2008 11:15:12:

Kod: Zaznacz wszystko: RAPORT KASPERSKY ONLINE SCANNER 7.0 niedziela, 7 grudzień 2008 System operacyjny: Microsoft Windows XP Professional Service Pack 3 (build 2600) Wersja Kaspersky Online Scanner: 7.0.26.12 Data ostatniej aktualizacji bazy danych: Sunday, December 07, 2008 03:56:00 Liczba wpisów: 1441542 -------------------------------------------------------------------------------- Ustawienia skanowania: Typ bazy danych użytej do skanowania: rozszerzona Skanuj archiwa: tak Skanuj pocztowe bazy danych: tak Obszar skanowania - Obszary krytyczne: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica C:\Documents and Settings\Utente\Menu Avvio\Programmi\Esecuzione automatica C:\Program Files C:\Programmi C:\WINDOWS Statystyki skanowania: Przeskanowanych plików: 24413 Nazwa zagrożenia: 0 Zainfekowanych obiektów: 0 Podejrzanych obiektów: 0 Czas skanowania: 00:21:48 Nie wykryto zagrożeń. Obszar skanowania jest czysty. Wybrany obszar został przeskanowany.

Dodano 07.12.2008 11:15:45:
**********************************************************
* *
* FixIEDef Log *
* Version 1.7.20.6874 *
* *
********************************************************************************

Created at 09:04:30 on Sunday, December 07, 2008

Time Zone :

Logged On User : Utente

Operating System : Microsoft Windows XP Professional Service Pack 3
OS Version : 5.1.2600
System Langauge : Italian (Standard)
Keyboard Layout : Italian (Standard)
Processor : X86 Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz

Kod: Zaznacz wszystko: System Drive : C:\ Windows Directory : C:\WINDOWS System Directory : C:\WINDOWS\system32 System Drive Type : Fixed System Drive Status : READY System Drive Label : SISTEMA System Drive Size : 145.57 GB System Drive Free : 138.41 GB Total Physical Memory: 2046 MB Free Physical Memory : 1588 MB Total Page File : 2046 MB Free Page File : 3610 MB Total Virtual Memory : 2048 MB

Dodano 07.12.2008 11:43:42:

Kod: Zaznacz wszystko: RAPORT KASPERSKY ONLINE SCANNER 7.0 niedziela, 7 grudzień 2008 System operacyjny: Microsoft Windows XP Professional Service Pack 3 (build 2600) Wersja Kaspersky Online Scanner: 7.0.26.12 Data ostatniej aktualizacji bazy danych: Sunday, December 07, 2008 03:56:00 Liczba wpisów: 1441542 -------------------------------------------------------------------------------- Ustawienia skanowania: Typ bazy danych użytej do skanowania: rozszerzona Skanuj archiwa: tak Skanuj pocztowe bazy danych: tak Obszar skanowania - Mój komputer: C:\ D:\ E:\ F:\ H:\ Statystyki skanowania: Przeskanowanych plików: 30130 Nazwa zagrożenia: 2 Zainfekowanych obiektów: 4 Podejrzanych obiektów: 0 Czas skanowania: 00:19:57 Nazwa pliku / Nazwa zagrożenia / Liczba zagrożeń H:\Windows WGA Patcher Permanent Kit\keyfinder.exe Zainfekowany: not-a-virus:PSWTool.Win32.RAS.g 1 H:\Windows WGA Patcher Permanent Kit\keyfinder.exe Zainfekowany: not-a-virus:PSWTool.Win32.RAS.a 1 H:\Windows WGA Patcher Permanent Kit\Windows WGA Patcher Permanent Kit.zip Zainfekowany: not-a-virus:PSWTool.Win32.RAS.g 1 H:\Windows WGA Patcher Permanent Kit\Windows WGA Patcher Permanent Kit.zip Zainfekowany: not-a-virus:PSWTool.Win32.RAS.a 1 Wybrany obszar został przeskanowany.

Dodano 07.12.2008 11:46:56:
CHYBA CZYSTO????????? WYKRYL TYLKO TO DO ZNEUTRALIZOWANIA WGA ALE TO NA KLUCZU
JESTESCIE WIELCY!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! DZIEKUJE I POZDRAWIAM

**Posty:** 18165 · przez **wojtas** 07 Gru 2008, 17:20

jest ok