Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

google redirect virus


  • Please log in to reply

#1
fgiusfredi

fgiusfredi

    New Member

  • Member
  • Pip
  • 4 posts
hi, I am federico, new of this forum, and i really need help.
I have a google redirect virus; I have successfully found and deleted a trojan downlader, but I cannot fix the google problem. Here is my hijack log; note that I also have installed cccleaner and killbox, buti am not sure how to use them.

LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.48.18, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Programmi\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\Apache Software Foundation\Apache2.2\bin\httpd.exe
c:\Programme\LRZ VPN Client\cvpnd.exe
C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmi\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Programmi\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Hewlett-Packard\IAM\bin\asghost.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\PDF Complete\pdfsty.exe
C:\Programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\Hewlett-Packard\Shared\HpqToaster.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\LRZ VPN Client\vpngui.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programmi\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PDF Complete] "C:\Programmi\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [googletalk] "C:\Programmi\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Programmi\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: LRZ VPN Client.lnk = C:\Programme\LRZ VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Programmi\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI69AF~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.co...ic/SimCityX.cab
O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.co...yScapeTeleX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8AF2E7F0-4B8C-49C8-83C3-8D401E1FBED7}: Domain = uni-muenchen.de
O17 - HKLM\System\CCS\Services\Tcpip\..\{8AF2E7F0-4B8C-49C8-83C3-8D401E1FBED7}: NameServer = 10.156.33.53,129.187.5.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = uni-muenchen.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = uni-muenchen.de
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: OneCard - C:\Programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Programmi\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Programme\LRZ VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Programmi\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MySQL - Unknown owner - C:\Programmi\MySQL\MySQL.exe (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Programmi\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Programmi\File comuni\SureThing Shared\stllssvr.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 12480 bytes

Any help will be totally welcome!
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello fgiusfredi

Welcome to G2Go. :)
=====================
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#3
fgiusfredi

fgiusfredi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi. I have run the Combofix, but I have noticed that I had deactivated the recovery console. Anyway, here is the log, I hope it is useful anyway. The computer of my colleague (we are a huge LAN) is dead, but it probably was infected by a virus I had already moved in the vault... sigh...
Well, as You asked me, here is the combo log:
---
ComboFix 08-12-09.02 - Administrator 2008-12-10 14:15:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.603 [GMT 1:00]

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

A:\autorun.inf
c:\windows\system32\drivers\TDSSmqlt.sys
c:\windows\system32\TDSScfmm.dll
c:\windows\system32\TDSShrxx.dll
c:\windows\system32\TDSSkhyf.log
c:\windows\system32\TDSSkkai.log
c:\windows\system32\TDSSlxcp.dll
c:\windows\system32\TDSSmtvd.dat
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSoiqt.dll
c:\windows\system32\TDSSsahc.dll
c:\windows\system32\TDSSvkql.dll
c:\windows\system32\x64
E:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Creati Da 2008-11-10 al 2008-12-10 )))))))))))))))))))))))))))))))))))
.

2008-12-10 12:54 . 2008-12-10 12:55 <DIR> d-------- C:\c4d0e2c5e1dfe554edf3152f76
2008-12-10 12:52 . 2008-12-10 12:52 <DIR> d-------- c:\programmi\Yahoo!
2008-12-10 12:52 . 2008-12-10 12:56 <DIR> d-------- c:\programmi\CCleaner
2008-12-10 12:02 . 2008-12-10 12:05 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-12-10 12:02 . 2008-12-10 12:02 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-12-10 12:02 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-10 12:02 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-10 11:29 . 2008-12-10 11:29 <DIR> d-------- C:\!KillBox
2008-12-10 11:25 . 2008-12-10 11:25 <DIR> d-------- c:\programmi\Trend Micro
2008-11-16 22:14 . 2008-11-16 22:14 <DIR> d-------- c:\programmi\Grand Theft Auto
2008-11-12 19:14 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-12 11:58 . 2008-09-04 18:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 11:58 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-10 13:26 . 2008-11-10 14:21 <DIR> d-------- c:\windows\system32\NtmsData
2008-11-10 10:45 . 2008-11-10 14:21 <DIR> d-------- c:\windows\system32\it
2008-11-10 10:45 . 2008-11-10 14:20 <DIR> d-------- c:\windows\system32\bits
2008-11-10 10:45 . 2008-11-10 14:07 <DIR> d-------- c:\windows\l2schemas
2008-11-10 10:42 . 2008-11-10 14:09 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-10 10:20 . 2005-12-16 11:48 90,112 --------- c:\windows\system32\hpqnt.dll
2008-11-10 10:20 . 2006-05-12 13:44 45,056 --a------ c:\windows\system32\hpBat.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 13:02 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Skype
2008-12-10 12:18 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg7
2008-12-10 10:56 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\skypePM
2008-12-10 09:44 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\AVG7
2008-12-10 09:22 --------- d-----w c:\programmi\Java
2008-12-09 22:27 --------- d-----w c:\programmi\Opera 9
2008-12-09 22:11 --------- d-----w c:\programmi\OpenArena
2008-12-09 14:35 45,946 ----a-w c:\documents and settings\Administrator\Dati applicazioni\wklnhst.dat
2008-12-09 11:11 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org2
2008-12-08 21:13 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-11-17 10:44 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\FileZilla
2008-11-15 11:58 1,739 ----a-w c:\windows\Sysvxd.exe
2008-11-10 14:41 --------- d-----w c:\programmi\WinEdt Team
2008-11-10 14:41 --------- d-----w c:\programmi\Windows Media Connect 2
2008-11-10 14:41 --------- d-----w c:\programmi\WIDCOMM
2008-11-10 14:41 --------- d-----w c:\programmi\VioLet Composer
2008-11-10 14:41 --------- d-----w c:\programmi\TI Education
2008-11-10 14:41 --------- d-----w c:\programmi\TeX2Word
2008-11-10 14:40 --------- d-----w c:\programmi\Synaptics
2008-11-10 14:40 --------- d-----w c:\programmi\Symantec
2008-11-10 14:40 --------- d-----w c:\programmi\SSH Communications Security
2008-11-10 14:40 --------- d-----w c:\programmi\Skype
2008-11-10 14:40 --------- d-----w c:\programmi\SimpleOCR
2008-11-10 14:40 --------- d-----w c:\programmi\Servizi in linea
2008-11-10 14:39 --------- d-----w c:\programmi\Roxio
2008-11-10 14:39 --------- d-----w c:\programmi\PHP
2008-11-10 14:39 --------- d-----w c:\programmi\PDFCreator
2008-11-10 14:39 --------- d-----w c:\programmi\PDF Complete
2008-11-10 14:39 --------- d-----w c:\programmi\ParallelGraphics
2008-11-10 14:37 --------- d-----w c:\programmi\OpenOffice.org 2.3
2008-11-10 14:36 --------- d-----w c:\programmi\MySQL
2008-11-10 14:36 --------- d-----w c:\programmi\MSXML 6.0
2008-11-10 14:36 --------- d-----w c:\programmi\MSXML 4.0
2008-11-10 14:32 --------- d-----w c:\programmi\MiKTeX 2.7
2008-11-10 14:31 --------- d-----w c:\programmi\Microsoft Works
2008-11-10 14:29 --------- d-----w c:\programmi\Microsoft.NET
2008-11-10 14:29 --------- d-----w c:\programmi\Microsoft Works Suite 2004
2008-11-10 14:29 --------- d-----w c:\programmi\Microsoft Office 2004
2008-11-10 14:29 --------- d-----w c:\programmi\microsoft frontpage
2008-11-10 14:29 --------- d-----w c:\programmi\Macrovision Corp
2008-11-10 14:28 --------- d-----w c:\programmi\InterVideo
2008-11-10 14:28 --------- d-----w c:\programmi\InterActual
2008-11-10 14:28 --------- d-----w c:\programmi\Intel
2008-11-10 14:27 --------- d-----w c:\programmi\Indiana2
2008-11-10 14:27 --------- d-----w c:\programmi\Indiana1
2008-11-10 14:27 --------- d-----w c:\programmi\HPQ
2008-11-10 14:27 --------- d-----w c:\programmi\HP
2008-11-10 14:22 --------- d-----w c:\programmi\Hewlett-Packard
2008-11-10 14:22 --------- d-----w c:\programmi\GRETECH
2008-11-10 14:21 --------- d-----w c:\programmi\Google
2008-11-10 14:21 --------- d-----w c:\programmi\GIMP-2.0
2008-11-10 14:20 --------- d-----w c:\programmi\Ganymede
2008-11-10 14:20 --------- d-----w c:\programmi\Fingerprint Sensor
2008-11-10 14:20 --------- d-----w c:\programmi\FileZilla FTP Client
2008-11-10 14:20 --------- d-----w c:\programmi\File comuni\Symantec Shared
2008-11-10 14:20 --------- d-----w c:\programmi\File comuni\SureThing Shared
2008-11-10 14:20 --------- d-----w c:\programmi\File comuni\Sonic Shared
2008-11-10 14:20 --------- d-----w c:\programmi\File comuni\Skype
2008-11-10 14:19 --------- d-----w c:\programmi\File comuni\Roxio Shared
2008-11-10 14:19 --------- d-----w c:\programmi\File comuni\ParallelGraphics
2008-11-10 14:17 --------- d-----w c:\programmi\File comuni\LightScribe
2008-11-10 14:17 --------- d-----w c:\programmi\File comuni\Java
2008-11-10 14:17 --------- d-----w c:\programmi\File comuni\InterVideo
2008-11-10 14:17 --------- d-----w c:\programmi\File comuni\InstallShield
2008-11-10 14:17 --------- d-----w c:\programmi\File comuni\Hewlett-Packard
2008-11-10 14:17 --------- d-----w c:\programmi\File comuni\Deterministic Networks
2008-11-10 14:17 --------- d-----w c:\programmi\File comuni\Adobe
2008-11-10 14:17 --------- d-----w c:\programmi\DzSoft
2008-11-10 14:17 --------- d-----w c:\programmi\DOSBox-0.72
2008-11-10 14:17 --------- d-----w c:\programmi\DivX
2008-11-10 14:17 --------- d-----w c:\programmi\Dictation2005
2008-11-10 14:17 --------- d-----w c:\programmi\Collegamenti programmi
2008-11-10 14:16 --------- d-----w c:\programmi\Apache Software Foundation
2008-11-10 14:16 --------- d-----w c:\programmi\Analog Devices
2008-11-10 14:15 --------- d-----w c:\programmi\Activation Assistant for the 2007 Microsoft Office suites
2008-11-10 14:09 --------- d-----w c:\documents and settings\NetworkService\Dati applicazioni\AVG7
2008-11-10 14:06 --------- d-----w c:\documents and settings\LocalService\Dati applicazioni\Roxio
2008-11-10 14:06 --------- d-----w c:\documents and settings\LocalService\Dati applicazioni\AVG7
2008-11-10 14:06 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Trymedia
2008-11-10 14:06 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Symantec
2008-11-10 14:06 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Sonic
2008-11-10 14:06 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2008-11-10 14:05 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Skype
2008-11-10 14:05 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\SBSI
2008-11-10 14:05 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Roxio
2008-11-10 14:05 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\MiKTeX
2008-11-10 14:05 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-11-10 14:05 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\InstallShield
2008-11-10 14:05 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Hewlett-Packard
2008-11-10 14:05 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Grisoft
2008-11-10 14:05 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2008-11-10 13:31 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\WinEdt
2008-11-10 13:31 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\VioLet Composer
2008-11-10 13:30 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\SampleView
2008-11-10 13:30 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Roxio
2008-11-10 13:30 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\PDFCreator
2008-11-10 13:24 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\OpenArena
2008-11-10 13:24 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\mIRC
2008-11-10 13:24 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\InterVideo
2008-11-10 13:24 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\InstallShield
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\programmi\File comuni\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2007-12-07 21686568]
"googletalk"="c:\programmi\Google\Google Talk\googletalk.exe" [2007-11-21 3293184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"PDF Complete"="c:\programmi\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="c:\programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"hpWirelessAssistant"="c:\programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 163840]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"Cpqset"="c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344]
"WatchDog"="c:\programmi\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928]
"Symantec PIF AlertEng"="c:\programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-18 590848]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"MsmqIntCert"="mqrt.dll" [2008-04-14 c:\windows\system32\mqrt.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-03-13 219136]

c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
wkcalrem.LNK - c:\programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe [2003-07-23 24651]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 561213]
DVD Check.lnk - c:\programmi\InterVideo\DVD Check\DVDCheck.exe [2007-12-05 192512]
hpoddt01.exe.lnk - c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 28672]
LRZ VPN Client.lnk - c:\programme\LRZ VPN Client\vpngui.exe [2008-01-10 1544984]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Monitor Apache Servers.lnk - c:\programmi\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2006-04-29 41041]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 02:30 74240 c:\programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Programmi\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Programmi\\Apache Software Foundation\\Apache2.2\\bin\\httpd.exe"=
"c:\\Python23\\pythonw.exe"=
"c:\\Programmi\\Opera 9\\Opera.exe"=
"c:\\Programmi\\OpenOffice.org 2.3\\program\\soffice.bin"=
"c:\\Programmi\\Google\\Google Talk\\googletalk.exe"=
"c:\\Programmi\\OpenArena\\openarena.exe"=
"c:\\Programmi\\OpenArena\\oa_ded.x86.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\PDF Complete\\pdfvista.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2007-04-22 100095]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-09 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-03-29 13696]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\RsvLock.sys [2007-04-22 5808]
R2 Apache2.2;Apache2.2;"c:\programmi\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice [2006-04-29 20539]
R2 ASBroker;Operatore della sessione di accesso;c:\windows\System32\svchost.exe -k Cognizance [2004-08-19 14336]
R2 ASChannel;Canale di comunicazione locale;c:\windows\System32\svchost.exe -k Cognizance [2004-08-19 14336]
R2 HpFkCryptService;Drive Encryption Service;"c:\programmi\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe" [2007-04-22 221184]
R2 pdfcDispatcher;PDF Document Manager;c:\programmi\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService [2007-07-24 540448]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-07-24 554352]
R3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2006-09-19 36608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\programmi\File comuni\LightScribe\LSRunOnce.exe"
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-DriverUpdaterPro - c:\programmi\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.hp.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

c:\windows\system32\msvcrt.dll - c:\windows\system32\mfc42.dll
c:\windows\system32\olepro32.dll
c:\windows\Downloaded Program Files\MaxisSimCityScapeTeleX.ocx
O16 -: {D3D83E08-54D1-4E9D-8EAF-9F979D139294}
hxxp://simcity.ea.com/scape/teleport/MaxisSimCityScapeTeleX.cab
c:\windows\Downloaded Program Files\MaxisSimCityScapeTeleX.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 14:21:30
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe? ??????????T??????????????|?M?|?????M?|&?@

Scansione files nascosti ...


c:\docume~1\ADMINI~1\IMPOST~1\Temp\JET7FC5.tmp 0 bytes

Scansione completata con successo
Files nascosti: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\programmi\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\programmi\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\programmi\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(1364)
c:\programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\programmi\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\windows\SbHpNp.DLL
c:\programmi\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\programmi\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\HPBrand.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\ItMsg.dll
c:\programmi\Hewlett-Packard\IAM\Bin\ASChnl.dll

- - - - - - - > 'lsass.exe'(1420)
c:\windows\SbHpNp.dll
c:\programmi\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\programmi\Hewlett-Packard\IAM\bin\ItMsg.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\msdtc.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\programme\LRZ VPN Client\cvpnd.exe
c:\programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\programmi\PDF Complete\pdfsvc.exe
c:\windows\system32\mqsvc.exe
c:\programmi\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\system32\mqtgsvc.exe
c:\programmi\Hewlett-Packard\IAM\Bin\asghost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\scardsvr.exe
c:\windows\system32\igfxsrvc.exe
c:\programmi\Hewlett-Packard\Shared\HpqToaster.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-10 14:25:33 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-10 13:25:30

Pre-Run: 58,667,663,360 byte disponibili
Post-Run: 59,588,079,616 byte disponibili

322 --- E O F --- 2008-11-12 16:42:23
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0

#5
fgiusfredi

fgiusfredi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
thanks man, I have don what you told me to do and the problem is solved.
I wished to add a piece of information: the malware affecting my computer had a peculiar feature: it prevented me from installing combofix and mbam. I was quite desperate at first, then I found a solution it might be useful for other users with the same problem.
I just renamed the setup exe files changing the first letter of the name: from Combofix.exe I renamed a 1Combofix.exe and it worked: apparently the virus is not that good at parsing :-)
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi you probably have more leftover can I see the 2 logs asked for in my previous post please?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP