aggiornamenti antivirus e software di sicurezza bloccati

**mulongo** · 29-03-2010, 09:43

buongiorno!

dopo aver risolto (credo) con mswinvks.exe, mi sono accorto che dal mio Pc è impossibile registrare/aggiornare qualsiasi sistema AV e Firewall e simili ... ho fatto varie prove (prima del virus avevo Comodo AV e ora ho optato per Avast! dopo aver riprovato con la suite di Comodo) e in tutti i casi mi arriva un messaggio di errore che dice più o meno che il server del sito xy è irraggiungibile... mentre sul web tutto il resto va regolarmente.

sbirciando in qualche altro post, ho fatto una scansione con SystemScan che allego.
L'ho anche caricato su mediafire, qui:

http://www.mediafire.com/download.php?2ycmmtyzwmt

Qualcuno può aiutarmi, per favore?

Grazie dell'attenzione.

**menatwork** · 29-03-2010, 10:14

Buongiorno

prima di fare la scansione con systemscan aspetta prima che ti venga chiesta, e' abbastanza lunga per poterla leggere e darti la procedura da seguire

controlla il sistema con combofix

scaricalo sul desktop ed eseguilo

(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

**mulongo** · 29-03-2010, 10:34

ok. pardon

potrò farlo solo stasera.

grazie

**mulongo** · 30-03-2010, 00:23

@menatwork

non riesco ad allegare ...

incollo qui sotto il report Combofix. Grazie dell'attenzione.

ComboFix 10-03-29.02 - user 29/03/2010 23.58.35.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.503.224 [GMT 2:00]
Eseguito da: c:\documents and settings\user\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

c:\programmi\Internet Explorer\SETB.tmp
c:\programmi\Internet Explorer\SETC.tmp
c:\programmi\Internet Explorer\SETD.tmp

.
((((((((((((((((((((((((( Files Creati Da 2010-02-28 al 2010-03-29 )))))))))))))))))))))))))))))))))))
.

2010-03-18 21:55 . 2010-03-18 21:55 -------- d-----w- c:\documents and settings\user\Dati applicazioni\Malwarebytes
2010-03-18 21:55 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-18 21:55 . 2010-03-18 21:55 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-18 21:55 . 2010-03-18 21:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-03-18 21:55 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-18 14:10 . 2010-03-09 11:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-18 14:10 . 2010-03-09 11:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-18 14:10 . 2010-03-09 11:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-18 14:10 . 2010-03-09 11:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-18 14:09 . 2010-03-09 11:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-18 14:09 . 2010-03-09 11:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-18 14:09 . 2010-03-09 11:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-18 14:09 . 2010-03-09 11:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-18 14:09 . 2010-03-09 11:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-18 14:09 . 2010-03-18 14:09 -------- d-----w- c:\programmi\Alwil Software
2010-03-18 14:09 . 2010-03-18 14:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software
2010-03-18 13:39 . 2010-03-18 13:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Comodo Downloader
2010-03-18 13:35 . 2010-03-18 13:38 -------- d-----w- c:\documents and settings\user\Dati applicazioni\U3
2010-03-18 10:45 . 2010-03-18 10:46 -------- d-----w- c:\windows\ie8
2010-03-18 10:45 . 2010-03-18 10:45 -------- d-----w- c:\programmi\Uniblue
2010-03-18 10:44 . 2010-03-18 10:44 -------- d-----w- C:\~ErdUserProfile.$$$
2010-03-16 21:12 . 2010-03-16 21:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2010-03-29 20:58 . 2007-10-20 18:35 785 --sha-w- c:\windows\system32\mmf.sys
2010-03-18 21:46 . 2006-08-03 18:47 -------- d-----w- c:\programmi\Google
2010-03-18 20:51 . 2007-02-21 08:15 -------- d-----w- c:\programmi\Comodo
2010-03-18 10:45 . 2010-02-26 20:42 -------- d-----w- c:\programmi\CCleaner
2010-03-18 10:38 . 2010-02-27 16:31 573201 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-02-27 16:31 . 2007-02-21 08:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Comodo
2010-02-26 21:20 . 2010-02-26 21:20 -------- d-----w- c:\documents and settings\user\Dati applicazioni\Uniblue
2010-01-11 20:40 . 2004-08-19 12:00 432430 ----a-w- c:\windows\system32\perfc010.dat
2010-01-11 20:40 . 2004-08-19 12:00 1035698 ----a-w- c:\windows\system32\perfh010.dat
2005-03-31 20:17 . 2006-04-21 20:37 40960 ----a-w- c:\programmi\Uninstall_CDS.exe
2009-03-21 14:06 . 2004-08-19 12:00 159465 --sha-r- c:\windows\system32\rqmlkdi.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-03-18_21.18.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-29 20:58 . 2010-03-29 20:58 16384 c:\windows\Temp\Perflib_Perfdata_5c4.dat
+ 2009-05-02 09:00 . 2009-02-20 17:08 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2010-03-18 21:46 . 2010-03-18 21:46 47104 c:\windows\Installer\5e678.msi
+ 2010-03-18 21:38 . 2010-03-18 21:38 22528 c:\windows\Installer\5e665.msi
+ 2009-05-02 09:00 . 2006-09-06 15:43 215776 c:\windows\ie7\spuninst\spuninst.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh. exe" [2005-06-20 729178]
"RemoteControl"="c:\programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"InCD"="c:\programmi\Ahead\InCD\InCD.exe" [2005-06-10 1397760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\j usched.exe" [2009-02-28 136600]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712]
"CameraFixer"="c:\windows\CameraFixer.exe" [2006-12-05 20480]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-09-26 270336]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"EverioService"="c:\programmi\CyberLink\PCM4Everio \EverioService.exe" [2006-11-22 151552]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ConnMonitor"="c:\programmi\Alice Mobile Olicard 100\ConnMonitor.exe" [2009-06-18 401408]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI. exe" [2010-03-09 2769336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2005-3-29 569405]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\CyberLink\\PCM4Everio\\PCM4Everio. exe"=
"c:\\Programmi\\CyberLink\\PCM4Everio\\EverioServi ce.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"4198:TCP"= 4198:TCP:ldmigdbz

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18/03/2010 16.10.03 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [18/03/2010 16.10.04 19024]
S2 gupdate1c8f4ada58955a;Google Update Service (gupdate1c8f4ada58955a);c:\programmi\Google\Update \GoogleUpdate.exe [02/08/2008 16.35.41 133104]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [20/10/2007 20.35.34 2560]
S2 xyoeobqxu;Monitor Boot;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S3 pmx3gmdm;Olivetti USB Device for Legacy Serial Communication;c:\windows\system32\drivers\pmx3gmdm .sys [22/10/2009 21.18.07 103552]
S3 pmx3gnet;Olivetti USB-NDIS miniport;c:\windows\system32\drivers\pmx3gnet.sys [22/10/2009 21.18.29 117120]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
xyoeobqxu
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2008-08-02 18:13]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2008-08-02 18:13]

2010-03-29 c:\windows\Tasks\User_Feed_Synchronization-{A9372C4D-DFF9-4BC3-A86E-6DC7D8F030E6}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = 192.168.0.22:61380
uInternet Settings,ProxyOverride = <local>
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
LSP: c:\windows\system32\CavEmLSP.dll
FF - ProfilePath - c:\documents and settings\user\Dati applicazioni\Mozilla\Firefox\Profiles\7rdnl2j2.def ault\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneC lick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npOGAPlugin.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-HijackThis - c:\documents and settings\user\Documenti\HijackThis.exe

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-30 00:04
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\x yoeobqxu]
"ServiceDll"="c:\windows\system32\rqmlkdi.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtr l\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41, 66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:f1,df,16,de,80,08,0e,2a,78,a4,28,cb,d2,56, ff,58,a6,09,d8,fb,43,e9,d5,
e7,16,83,71,61,5d,be,d8,25
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41, 66,ec,2b,92,4b,0d,22,14,9d,
cb,e3,f8,73,90,7d,a4,36,0d,7e,db,3a,16,4c,1a,45,81 ,b1,a5,77,31,f5,50,d6,e8

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtr l\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae, 57,ed,60,42,a5,db,24,eb,e2,
b0,36,d7,56,53,fe,9f,3d,f9
"2"=hex:8c,23,2d,03,75,bd,a0,cd
"3"=hex:73,f9,0d,92,2b,0f,d9,69,f4,7f,9c,9d,9f,0f, 3a,6d,7e,d6,bd,d0,d0,00,a7,
f4,dd,13,4e,46,f5,52,b5,38,cc,f7,10,07,39,ee,c0,d3 ,85,0d,b2,92,1c,00,9f,bc,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52, f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb ,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3, 39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9 ,d4,1a,3d,68,9d,00,32,20
"7"=hex:6b,96,68,24,0f,2f,9e,94,e8,ce,54,f3,3b,80, 63,3a,1b,c3,e7,ed,44,3a,1d,
97,9f,f9,03,77,68,81,1b,0c,34,a2,88,30,12,be,09,a0
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,45,46,ce,0e,bb,86, 02,74,7d,9b,9f,1a,3e,22,49,
5f,dd,6f,ce,70,6a,f9,1b,76,0f,42,4f,1f,7b,3e,c8,56 ,60,67,3c,e1,44,59,a2,d3,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:07,96,b3,35,9e,5a,1a,0b
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(556)
c:\windows\system32\CavEmLSP.dll
.
Ora fine scansione: 2010-03-30 00:06:58
ComboFix-quarantined-files.txt 2010-03-29 22:06
ComboFix2.txt 2010-03-18 21:20

Pre-Run: 8.386.015.232 byte disponibili
Post-Run: 8.342.560.768 byte disponibili

- - End Of File - - DFA2C2ECCABB20D911EFEEF9B960D081

**menatwork** · 30-03-2010, 10:20

apri una pagina del blocco note e copia incolla quanto segue

File::
c:\windows\system32\rqmlkdi.dll

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\x yoeobqxu]

NetSvcs::
xyoeobqxu

Driver::
xyoeobqxu

salva la pagina nominandola obligatoriamente in CFScript.txt

a questo punto trascina e lascia il file CFScript.txt sull'icona di combofix

lascialo lavorare fino alla fine e riposta il suo log

**mulongo** · 30-03-2010, 10:48

ok, stasera eseguirò e posterò il risultato... purtroppo devo lavorarci a casa...

**mulongo** · 30-03-2010, 20:55

eccomi...

ComboFix 10-03-29.02 - user 30/03/2010 20.26.14.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.503.270 [GMT 2:00]
Eseguito da: c:\documents and settings\user\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\user\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\system32\rqmlkdi.dll"

(Altre eliminazioni)
.

c:\windows\system32\rqmlkdi.dll

(Driver/Servizi)
.

-------\Legacy_XYOEOBQXU
-------\Service_xyoeobqxu

(Files Creati Da 2010-02-28 al 2010-03-30)
.

2010-03-18 21:55 . 2010-03-18 21:55 -------- d-----w- c:\documents and settings\user\Dati applicazioni\Malwarebytes
2010-03-18 21:55 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-18 21:55 . 2010-03-18 21:55 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-18 21:55 . 2010-03-18 21:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-03-18 21:55 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-18 14:10 . 2010-03-09 11:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-18 14:10 . 2010-03-09 11:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-18 14:10 . 2010-03-09 11:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-18 14:10 . 2010-03-09 11:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-18 14:09 . 2010-03-09 11:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-18 14:09 . 2010-03-09 11:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-18 14:09 . 2010-03-09 11:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-18 14:09 . 2010-03-09 11:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-18 14:09 . 2010-03-09 11:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-18 14:09 . 2010-03-18 14:09 -------- d-----w- c:\programmi\Alwil Software
2010-03-18 14:09 . 2010-03-18 14:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software
2010-03-18 13:39 . 2010-03-18 13:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Comodo Downloader
2010-03-18 13:35 . 2010-03-18 13:38 -------- d-----w- c:\documents and settings\user\Dati applicazioni\U3
2010-03-18 10:45 . 2010-03-18 10:46 -------- d-----w- c:\windows\ie8
2010-03-18 10:45 . 2010-03-18 10:45 -------- d-----w- c:\programmi\Uniblue
2010-03-18 10:44 . 2010-03-18 10:44 -------- d-----w- C:\~ErdUserProfile.$$$
2010-03-16 21:12 . 2010-03-16 21:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab

(Find3M Report)
.
2010-03-30 18:34 . 2007-10-20 18:35 785 --sha-w- c:\windows\system32\mmf.sys
2010-03-30 05:59 . 2004-08-19 12:00 434110 ----a-w- c:\windows\system32\perfc010.dat
2010-03-30 05:59 . 2004-08-19 12:00 1038680 ----a-w- c:\windows\system32\perfh010.dat
2010-03-18 21:46 . 2006-08-03 18:47 -------- d-----w- c:\programmi\Google
2010-03-18 20:51 . 2007-02-21 08:15 -------- d-----w- c:\programmi\Comodo
2010-03-18 10:45 . 2010-02-26 20:42 -------- d-----w- c:\programmi\CCleaner
2010-03-18 10:38 . 2010-02-27 16:31 573201 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-02-27 16:31 . 2007-02-21 08:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Comodo
2010-02-26 21:20 . 2010-02-26 21:20 -------- d-----w- c:\documents and settings\user\Dati applicazioni\Uniblue
2005-03-31 20:17 . 2006-04-21 20:37 40960 ----a-w- c:\programmi\Uninstall_CDS.exe
.

(SnapShot@2010-03-18_21.18.33)
.
+ 2010-03-30 18:34 . 2010-03-30 18:34 16384 c:\windows\Temp\Perflib_Perfdata_374.dat
+ 2009-05-02 09:00 . 2009-02-20 17:08 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2010-03-18 21:46 . 2010-03-18 21:46 47104 c:\windows\Installer\5e678.msi
+ 2010-03-18 21:38 . 2010-03-18 21:38 22528 c:\windows\Installer\5e665.msi
+ 2004-08-19 12:00 . 2010-03-30 05:59 777590 c:\windows\system32\perfh009.dat
+ 2004-08-19 12:00 . 2010-03-30 05:59 367598 c:\windows\system32\perfc009.dat
+ 2009-05-02 09:00 . 2006-09-06 15:43 215776 c:\windows\ie7\spuninst\spuninst.exe
.
(Punti Reg Caricati)
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh. exe" [2005-06-20 729178]
"RemoteControl"="c:\programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"InCD"="c:\programmi\Ahead\InCD\InCD.exe" [2005-06-10 1397760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\j usched.exe" [2009-02-28 136600]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712]
"CameraFixer"="c:\windows\CameraFixer.exe" [2006-12-05 20480]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-09-26 270336]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"EverioService"="c:\programmi\CyberLink\PCM4Everio \EverioService.exe" [2006-11-22 151552]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ConnMonitor"="c:\programmi\Alice Mobile Olicard 100\ConnMonitor.exe" [2009-06-18 401408]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI. exe" [2010-03-09 2769336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2005-3-29 569405]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\CyberLink\\PCM4Everio\\PCM4Everio. exe"=
"c:\\Programmi\\CyberLink\\PCM4Everio\\EverioServi ce.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"4198:TCP"= 4198:TCP:ldmigdbz

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18/03/2010 16.10.03 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [18/03/2010 16.10.04 19024]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [20/10/2007 20.35.34 2560]
S2 gupdate1c8f4ada58955a;Google Update Service (gupdate1c8f4ada58955a);c:\programmi\Google\Update \GoogleUpdate.exe [02/08/2008 16.35.41 133104]
S3 pmx3gmdm;Olivetti USB Device for Legacy Serial Communication;c:\windows\system32\drivers\pmx3gmdm .sys [22/10/2009 21.18.07 103552]
S3 pmx3gnet;Olivetti USB-NDIS miniport;c:\windows\system32\drivers\pmx3gnet.sys [22/10/2009 21.18.29 117120]
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2008-08-02 18:13]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2008-08-02 18:13]

2010-03-29 c:\windows\Tasks\User_Feed_Synchronization-{A9372C4D-DFF9-4BC3-A86E-6DC7D8F030E6}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = 192.168.0.22:61380
uInternet Settings,ProxyOverride = <local>
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
LSP: c:\windows\system32\CavEmLSP.dll
FF - ProfilePath - c:\documents and settings\user\Dati applicazioni\Mozilla\Firefox\Profiles\7rdnl2j2.def ault\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneC lick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npOGAPlugin.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-30 20:34
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

************************************************** ************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtr l\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41, 66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:f1,df,16,de,80,08,0e,2a,78,a4,28,cb,d2,56, ff,58,a6,09,d8,fb,43,e9,d5,
e7,16,83,71,61,5d,be,d8,25
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41, 66,ec,2b,92,4b,0d,22,14,9d,
cb,e3,f8,73,90,7d,a4,36,0d,7e,db,3a,16,4c,1a,45,81 ,b1,a5,77,31,f5,50,d6,e8

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtr l\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae, 57,ed,60,42,a5,db,24,eb,e2,
b0,36,d7,56,53,fe,9f,3d,f9
"2"=hex:8c,23,2d,03,75,bd,a0,cd
"3"=hex:73,f9,0d,92,2b,0f,d9,69,f4,7f,9c,9d,9f,0f, 3a,6d,7e,d6,bd,d0,d0,00,a7,
f4,dd,13,4e,46,f5,52,b5,38,cc,f7,10,07,39,ee,c0,d3 ,85,0d,b2,92,1c,00,9f,bc,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52, f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb ,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3, 39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9 ,d4,1a,3d,68,9d,00,32,20
"7"=hex:6b,96,68,24,0f,2f,9e,94,e8,ce,54,f3,3b,80, 63,3a,1b,c3,e7,ed,44,3a,1d,
97,9f,f9,03,77,68,81,1b,0c,34,a2,88,30,12,be,09,a0
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,45,46,ce,0e,bb,86, 02,74,7d,9b,9f,1a,3e,22,49,
5f,dd,6f,ce,70,6a,f9,1b,76,0f,42,4f,1f,7b,3e,c8,56 ,60,67,3c,e1,44,59,a2,d3,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:07,96,b3,35,9e,5a,1a,0b
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(588)
c:\windows\system32\CavEmLSP.dll

- - - - - - - > 'explorer.exe'(3260)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Ahead\InCD\InCDsrv.exe
c:\programmi\Alwil Software\Avast5\AvastSvc.exe
c:\programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\CyberLink\Shared Files\RichVideo.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\AGRSMMSG.exe
.
************************************************** ************************
.
Ora fine scansione: 2010-03-30 20:38:09 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-03-30 18:38
ComboFix2.txt 2010-03-18 21:20

Pre-Run: 8.322.244.608 byte disponibili
Post-Run: 8.213.053.440 byte disponibili

- - End Of File - - 57E8B6BB3E13198F6852798304FE6277

**menatwork** · 30-03-2010, 21:36

pulisci il sistema con ccleaner

In fase d’installazione levare la spunta altrimenti viene installata Yahoo Tollbar.
Avvialo e clicca su:
- Opzioni Avanzate
Togli la spunta da:
- Elimina file solo se più vecchi di 48 ore
Clicca i tasti:
- Pulizia (il primo in alto a Sinistra)
- Analizza ( Pulsante in basso Centrale)
- Avvia Pulizia (Pulsante in basso a Destra)

Correzione errori File di Registro
CCleaner
Clicca i tasti:
- Registro (Secondo tasto in alto a Sinistra)
- Trova Problemi (Pulsante in basso Centrale)
- Ripara selezionati Pulsante in basso a Destra
- alla domanda:
- Vuoi eseguire il Backup delle modifiche del Registro”
- clicca:
- SI

scarica ATF-Cleaner Non richiede installazione)

Spunta la voce:
- Select all
Premi il tasto:
- Empty Select

scarica malwarebytes

Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto .

Discussione: aggiornamenti antivirus e software di sicurezza bloccati

Strumenti discussione

Ricerca discussione

Visualizza

aggiornamenti antivirus e software di sicurezza bloccati

vada per combofix

report combofix

nuovo report combofix

Permessi di invio