Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » WORM

WORM Opzioni
Topic Precedente · Topic Sucessivo
massimob
Inviato: Wednesday, June 09, 2010 12:03:22 PM

Rank: AiutAmico

Iscritto dal : 12/13/2005
Posts: 162
Salve a tutti, mi ritrovo su una pennetta due Worm ( allego la scansione di ClamWin ), ho provato con alcuni antivirus, però non riesco a rimuoverli. Cosa posso fare?
Cordiali saluti e un grazie anticipato.
Massimo

Scan Started Wed Jun 09 10:46:34 2010
F:\autorun.inf: Worm.Downadup-496 FOUND
F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx: Worm.Kido-336 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 799625
Engine version: 0.95.3
Scanned directories: 1598
Scanned files: 9638
Infected files: 2

Data scanned: 1980.08 MB
Data read: 2554.70 MB (ratio 0.78:1)
Time: 2349.344 sec (39 m 9 s)
Completed
Torna in alto
 
Sponsor
Inviato: Wednesday, June 09, 2010 12:03:22 PM

 
Torna in alto
 
shapiro
Inviato: Wednesday, June 09, 2010 12:21:09 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao Massimo

prova in questo modo

tenendo premuto il tasto SHIFT presente in basso a sinistra della tastiera inserisci la chiavetta e rilascia il tasto dopo qualche secondo

scarica combofix da QUI e mettilo sul desktop

(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.
Torna in alto
 
pidue
Inviato: Wednesday, June 09, 2010 2:18:47 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Perchè non immunizzi la chiavetta?
http://ppecile.blogspot.com/2009/07/vaccinare-la-pen-drive-una-volta-oer.html

Oppure perchè non blccare i virus prima che si copino sul pc?
http://ppecile.blogspot.com/2009/01/virus-della-chiavetta-come-bloccarlo.html
Torna in alto
 
massimob
Inviato: Wednesday, June 09, 2010 9:48:31 PM

Rank: AiutAmico

Iscritto dal : 12/13/2005
Posts: 162
ComboFix 10-06-09.01 - Massimo1 09/06/2010 21.31.52.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1535.1058 [GMT 2:00]
Eseguito da: c:\documents and settings\Massimo1\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100609-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Massimo1\Dati applicazioni\0200000089eb8bd8896C.manifest
c:\documents and settings\Massimo1\Dati applicazioni\0200000089eb8bd8896O.manifest
c:\documents and settings\Massimo1\Dati applicazioni\0200000089eb8bd8896P.manifest
c:\documents and settings\Massimo1\Dati applicazioni\0200000089eb8bd8896S.manifest
c:\documents and settings\Massimo1\Dati applicazioni\SystemProc
c:\documents and settings\Massimo1\Dati applicazioni\SystemProc\lsass.exe
c:\documents and settings\Massimo1\Dati applicazioni\SystemProc\upd.exe
C:\LOG34.tmp
c:\programmi\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
c:\programmi\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\programmi\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
c:\programmi\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\windows\setup.exe
c:\windows\system32\1251119500
c:\windows\system32\SysWoW32
c:\windows\system32\SysWoW32\_u586853553v0
c:\windows\system32\SysWoW32\_u586853553v4
c:\windows\system32\SysWoW32\_u586853553v5
c:\windows\system32\SysWoW32\_u586853553v6
c:\windows\system32\SysWoW32\_u586853553v7
c:\windows\system32\SysWoW32\mu586853553v4
c:\windows\system32\SysWoW32\mu586853553v4.kwd
c:\windows\system32\SysWoW32\mu586853553v5
c:\windows\system32\SysWoW32\mu586853553v5.kwd
c:\windows\system32\SysWoW32\mu586853553v6
c:\windows\system32\SysWoW32\mu586853553v6.kwd
c:\windows\system32\SysWoW32\mu586853553v7
c:\windows\system32\SysWoW32\mu586853553v7.kwd
c:\windows\system32\SysWoW32\wu586853553v0
c:\windows\system32\SysWoW32\wu586853553v0.kwd
c:\windows\system32\SysWoW32\wu586853553v1
c:\windows\system32\SysWoW32\wu586853553v1.kwd
c:\windows\system32\SysWoW32\wu586853553v2
c:\windows\system32\SysWoW32\wu586853553v2.kwd
c:\windows\system32\SysWoW32\wu586853553v3
c:\windows\system32\SysWoW32\wu586853553v3.kwd
c:\windows\system32\unrar.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-05-09 al 2010-06-09 )))))))))))))))))))))))))))))))))))
.

2010-06-09 18:22 . 2010-06-09 18:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Panda Security
2010-06-09 18:22 . 2010-06-09 18:22 -------- d-----w- c:\programmi\Panda USB Vaccine
2010-06-07 20:38 . 2010-06-08 19:16 -------- d-----w- c:\documents and settings\Massimo1\Dati applicazioni\Azureus
2010-06-07 20:38 . 2010-06-07 20:38 -------- d-----w- c:\programmi\Vuze
2010-06-07 20:38 . 2010-06-07 20:38 -------- d-----w- c:\programmi\Conduit
2010-06-07 20:38 . 2010-06-07 20:38 -------- d-----w- c:\documents and settings\Massimo1\Impostazioni locali\Dati applicazioni\Conduit
2010-06-07 20:38 . 2010-06-08 19:56 -------- d-----w- c:\documents and settings\Massimo1\Impostazioni locali\Dati applicazioni\Vuze_Remote
2010-06-07 20:38 . 2010-06-07 20:38 -------- d-----w- c:\programmi\Vuze_Remote
2010-06-07 17:28 . 2010-06-07 17:28 8466368 ----a-w- c:\programmi\Vuze_4404_windows.exe
2010-06-06 11:48 . 2010-06-06 11:48 -------- d-----w- c:\programmi\FileZilla FTP Client
2010-06-06 11:48 . 2010-06-06 11:48 -------- d-----w- c:\programmi\FileZilla
2010-06-06 11:28 . 2010-06-06 12:00 -------- d-----w- c:\documents and settings\Massimo1\Dati applicazioni\FileZilla
2010-06-06 10:20 . 2010-06-06 10:20 -------- d--h--w- c:\windows\PIF
2010-06-02 12:37 . 2010-06-02 12:37 -------- d-----w- C:\ACCA
2010-06-02 12:36 . 2010-06-02 12:36 26107319 ----a-w- c:\programmi\PriMus-DCF_vUNICO(b).EXE
2010-06-01 23:03 . 2010-06-01 23:03 64393944 ----a-w- c:\programmi\93.71_forceware_winxp2k_international_whql.exe
2010-05-31 18:41 . 2010-05-31 18:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2010-05-29 23:34 . 2010-05-29 23:34 -------- d-----w- c:\documents and settings\Massimo1\Impostazioni locali\Dati applicazioni\kompozer.net
2010-05-29 23:34 . 2010-05-29 23:34 -------- d-----w- c:\documents and settings\Massimo1\Dati applicazioni\kompozer.net
2010-05-29 23:14 . 2010-05-29 23:14 -------- d-----w- c:\windows\XSxS
2010-05-29 23:14 . 2010-05-29 23:14 -------- d-----w- c:\programmi\Xenocode
2010-05-24 21:35 . 2010-05-24 21:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Softland
2010-05-24 21:35 . 2010-06-02 19:07 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-05-24 21:34 . 2010-05-24 21:34 -------- d-----w- c:\programmi\Softland
2010-05-24 21:34 . 2010-05-24 21:34 -------- d-----w- c:\documents and settings\Massimo1\Dati applicazioni\Softland
2010-05-24 21:34 . 2010-05-24 21:34 -------- d-----w- c:\programmi\FBackup
2010-05-24 21:24 . 2003-07-28 14:06 117231 ----a-r- c:\windows\system32\hpf3xo09.dat
2010-05-23 16:24 . 2010-05-23 16:24 -------- d-----w- c:\documents and settings\Massimiliano\Dati applicazioni\Malwarebytes
2010-05-23 16:24 . 2010-05-23 16:24 -------- d-----w- c:\documents and settings\Massimiliano\Impostazioni locali\Dati applicazioni\Google
2010-05-23 16:24 . 2010-05-23 16:24 -------- d-----w- c:\documents and settings\Massimiliano\Dati applicazioni\PC Suite
2010-05-23 08:10 . 2010-05-23 08:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Macrium
2010-05-23 08:09 . 2010-05-23 08:09 -------- d-----w- c:\programmi\Macrium
2010-05-23 08:07 . 2010-05-23 08:07 -------- d-----w- c:\programmi\Macrium_Reflect
2010-05-19 16:06 . 2010-05-19 16:06 -------- d-----w- c:\programmi\winMd5Sum
2010-05-18 20:37 . 2010-05-18 20:37 -------- d-----w- c:\documents and settings\Massimo1\Dati applicazioni\Ashampoo
2010-05-18 20:37 . 2010-05-18 20:37 -------- d-----w- c:\documents and settings\Massimo1\Impostazioni locali\Dati applicazioni\ashampoo
2010-05-18 20:37 . 2010-05-18 20:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ashampoo
2010-05-18 20:37 . 2010-05-18 20:37 -------- d-----w- c:\programmi\Ashampoo
2010-05-18 20:36 . 2010-05-18 20:36 -------- d-----w- c:\programmi\ashampoo_burning
2010-05-18 20:24 . 2010-05-18 20:24 8577922 ----a-w- c:\programmi\ashampoo_burning.zip
2010-05-15 21:46 . 2010-05-15 21:46 -------- d-----w- c:\documents and settings\Massimo1\Dati applicazioni\dvdcss
2010-05-15 21:02 . 2010-05-15 21:02 -------- d-----w- c:\documents and settings\Massimo1\Dati applicazioni\vlc
2010-05-15 19:06 . 2010-05-15 19:06 -------- d-----w- c:\programmi\vso
2010-05-12 21:01 . 2010-05-17 16:28 -------- d-----w- c:\documents and settings\Maurizio\Impostazioni locali\Dati applicazioni\Google
2010-05-11 20:59 . 2010-05-11 20:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NVIDIA
2010-05-11 20:38 . 2010-05-11 20:38 -------- d-----w- c:\documents and settings\Massimo1\Dati applicazioni\InstallShield
2010-05-11 20:30 . 2010-05-11 20:37 -------- d-----w- c:\documents and settings\Massimo1\Dati applicazioni\Download Manager
2010-05-11 20:08 . 2010-06-01 23:07 -------- d-----w- c:\windows\nview
2010-05-11 20:08 . 2006-10-22 10:22 208896 ----a-w- c:\windows\system32\nvudisp.exe
2010-05-11 20:08 . 2006-10-22 13:06 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-05-11 20:07 . 2010-05-11 20:07 -------- d-----w- C:\NVIDIA
2010-05-11 19:20 . 2010-06-04 21:38 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-05-11 19:11 . 2010-05-11 19:11 -------- d-----w- c:\programmi\proDAD
2010-05-11 19:04 . 2010-05-11 19:05 -------- d-----w- c:\programmi\AdorageI-GfxDatas
2010-05-11 19:04 . 2010-05-11 19:04 -------- d-----w- c:\programmi\AdorageI-SAL
2010-05-11 19:01 . 1999-11-10 09:05 86016 ----a-w- c:\windows\unvise32qt.exe
2010-05-11 19:00 . 2010-05-11 20:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\QuickTime
2010-05-11 19:00 . 2010-05-11 19:01 -------- d-----w- c:\programmi\QuickTime
2010-05-11 19:00 . 2010-05-11 19:01 -------- d-----w- c:\windows\system32\QuickTime
2010-05-11 18:52 . 2010-05-11 18:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SmartSound Software Inc
2010-05-11 18:52 . 2010-05-11 18:52 -------- d-----w- c:\programmi\SmartSound Software
2010-05-11 18:50 . 2004-07-02 14:28 84992 ----a-w- c:\windows\system32\ATL70.DLL
2010-05-11 18:49 . 2003-11-25 03:02 57856 ----a-w- c:\windows\system32\masd32.dll
2010-05-11 18:49 . 2003-11-25 03:02 138752 ----a-w- c:\windows\system32\mase32.dll
2010-05-11 18:49 . 2003-11-25 03:02 136192 ----a-w- c:\windows\system32\mamc32.dll
2010-05-11 18:49 . 2003-11-25 03:02 27648 ----a-w- c:\windows\system32\ma32.dll
2010-05-11 18:49 . 2003-11-25 03:02 196096 ----a-w- c:\windows\system32\macd32.dll
2010-05-11 18:49 . 2005-02-09 09:59 14165 ----a-w- c:\windows\system32\drivers\Pclepci.sys
2010-05-11 18:49 . 2004-02-24 10:04 41219 ----a-w- c:\windows\RSETPATH.exe
2010-05-11 18:40 . 2010-05-11 19:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Pinnacle
2010-05-11 18:40 . 2010-05-11 18:52 -------- d-----w- c:\programmi\Pinnacle

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-09 19:43 . 2003-04-08 12:00 83934 ----a-w- c:\windows\system32\perfc010.dat
2010-06-09 19:43 . 2003-04-08 12:00 489038 ----a-w- c:\windows\system32\perfh010.dat
2010-06-09 19:04 . 2010-04-27 16:31 1 ----a-w- c:\documents and settings\Massimo1\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-08 19:14 . 2010-04-27 14:45 -------- d-----w- c:\documents and settings\Massimo1\Dati applicazioni\XnView
2010-06-07 20:49 . 2010-06-07 20:49 6123008 ----a-w- c:\documents and settings\Massimo1\Dati applicazioni\Azureus\plugins\azemp\vuzeplayer.exe
2010-06-02 12:37 . 2010-04-26 18:41 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-05-26 16:29 . 2010-05-26 16:29 503808 ----a-w- c:\documents and settings\Maurizio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7e8410f4-n\msvcp71.dll
2010-05-26 16:29 . 2010-05-26 16:29 499712 ----a-w- c:\documents and settings\Maurizio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7e8410f4-n\jmc.dll
2010-05-26 16:29 . 2010-05-26 16:29 348160 ----a-w- c:\documents and settings\Maurizio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7e8410f4-n\msvcr71.dll
2010-05-26 16:29 . 2010-05-26 16:29 12800 ----a-w- c:\documents and settings\Maurizio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2676d552-n\decora-d3d.dll
2010-05-26 16:29 . 2010-05-26 16:29 61440 ----a-w- c:\documents and settings\Maurizio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2676d552-n\decora-sse.dll
2010-05-23 16:24 . 2010-04-27 18:21 60512 ----a-w- c:\documents and settings\Massimiliano\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-05-23 08:09 . 2010-05-23 08:09 43646 ----a-r- c:\documents and settings\Massimo1\Dati applicazioni\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_D707CE1C009F1381803C2C.exe
2010-05-23 08:09 . 2010-05-23 08:09 43646 ----a-r- c:\documents and settings\Massimo1\Dati applicazioni\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_33E47820CFD4F5D3775329.exe
2010-05-23 08:09 . 2010-05-23 08:09 43646 ----a-r- c:\documents and settings\Massimo1\Dati applicazioni\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_25E0DDF4BB5DA2E0BB26B4.exe
2010-05-23 08:09 . 2010-05-23 08:09 43646 ----a-r- c:\documents and settings\Massimo1\Dati applicazioni\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_21F3885A18D238E15AAE81.exe
2010-05-23 08:09 . 2010-05-23 08:09 29926 ----a-r- c:\documents and settings\Massimo1\Dati applicazioni\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_EABE28F7A0A98A84188A78.exe
2010-05-23 08:09 . 2010-05-23 08:09 109534 ----a-r- c:\documents and settings\Massimo1\Dati applicazioni\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_6FEFF9B68218417F98F549.exe
2010-05-23 08:01 . 2010-04-29 21:22 -------- d-----w- c:\programmi\Ask.com
2010-05-23 07:58 . 2010-05-23 07:58 503808 ----a-w- c:\documents and settings\Massimo1\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50fcb2f1-n\msvcp71.dll
2010-05-23 07:58 . 2010-05-23 07:58 499712 ----a-w- c:\documents and settings\Massimo1\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50fcb2f1-n\jmc.dll
2010-05-23 07:58 . 2010-05-23 07:58 348160 ----a-w- c:\documents and settings\Massimo1\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50fcb2f1-n\msvcr71.dll
2010-05-23 07:58 . 2010-05-23 07:58 61440 ----a-w- c:\documents and settings\Massimo1\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5658d958-n\decora-sse.dll
2010-05-23 07:58 . 2010-05-23 07:58 12800 ----a-w- c:\documents and settings\Massimo1\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5658d958-n\decora-d3d.dll
2010-05-19 19:06 . 2010-04-27 12:20 -------- d-----w- c:\documents and settings\Massimo1\Dati applicazioni\Skype
2010-05-19 18:02 . 2010-04-27 12:22 -------- d-----w- c:\documents and settings\Massimo1\Dati applicazioni\SkypePM
2010-05-18 20:29 . 2010-05-02 18:10 -------- d-----w- c:\programmi\Astonsoft
2010-05-18 06:59 . 2010-05-24 21:35 173056 ----a-w- c:\documents and settings\Massimo1\Dati applicazioni\Softland\FBackup 4\Plugins\OutlookExpressSources.dll
2010-05-13 20:37 . 2010-04-27 14:38 -------- d-----w- c:\documents and settings\Massimo1\Dati applicazioni\U3
2010-05-13 19:18 . 2010-04-30 19:37 -------- d-----w- c:\documents and settings\Massimo1\Dati applicazioni\FrostWire
2010-05-12 21:02 . 2010-04-27 16:41 60512 ----a-w- c:\documents and settings\Maurizio\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-05-11 19:24 . 2010-05-11 18:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Pinnacle Studio
2010-05-11 19:16 . 2010-04-26 22:14 60512 ----a-w- c:\documents and settings\Massimo1\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-05-11 18:51 . 2010-04-26 18:40 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-05-11 18:49 . 2010-04-26 19:26 -------- d-----w- c:\programmi\DivX
2010-05-09 18:58 . 2010-04-27 13:32 -------- d-----w- c:\programmi\Google
2010-05-07 21:37 . 2010-05-07 21:37 171504 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-05-07 20:09 . 2010-05-07 20:09 36864 ----a-w- c:\documents and settings\Massimo1\Dati applicazioni\Autodesk\DWG TrueView 2011\R8\enu\ContextualTabSelectorRules.dll
2010-05-07 20:00 . 2010-04-30 21:30 -------- d-----w- c:\documents and settings\Massimo1\Dati applicazioni\Autodesk
2010-05-07 20:00 . 2010-05-03 21:06 -------- d-----w- c:\programmi\File comuni\Autodesk Shared
2010-05-07 19:58 . 2010-05-03 21:06 -------- d-----w- c:\programmi\Autodesk
2010-05-06 20:39 . 2010-05-06 20:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-05-06 14:31 . 2010-05-06 14:31 -------- d-----w- c:\documents and settings\Maurizio\Dati applicazioni\PC Suite
2010-05-05 21:07 . 2010-05-05 21:07 -------- d-----w- c:\documents and settings\Massimo1\Dati applicazioni\Datalayer
2010-05-05 20:54 . 2010-05-05 20:54 -------- d-----w- c:\documents and settings\Massimo1\Dati applicazioni\Nokia Multimedia Player
2010-05-05 20:51 . 2010-05-05 20:51 -------- d-----w- c:\documents and settings\Massimo1\Dati applicazioni\Nokia
2010-05-05 20:48 . 2010-05-05 20:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2010-05-05 20:48 . 2010-05-05 20:48 -------- d-----w- c:\programmi\DIFX
2010-05-05 20:47 . 2010-05-05 20:47 -------- d-----w- c:\programmi\File comuni\Nokia
2010-05-05 20:47 . 2010-05-05 20:47 -------- d-----w- c:\programmi\File comuni\PCSuite
2010-05-05 20:47 . 2010-05-05 20:47 -------- d-----w- c:\programmi\Nokia
2010-05-05 20:47 . 2010-05-05 20:47 -------- d-----w- c:\documents and settings\Massimo1\Dati applicazioni\PC Suite
2010-05-05 20:46 . 2010-05-05 20:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Downloaded Installations
2010-05-03 21:13 . 2010-05-03 21:10 -------- d-----w- c:\programmi\AutoCAD 2007
2010-05-03 21:12 . 2010-05-03 21:12 -------- d-----w- c:\programmi\AnswerWorks 4.0
2010-05-03 21:10 . 2010-04-30 21:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Autodesk
2010-05-03 20:41 . 2010-05-03 20:41 -------- d-----w- c:\programmi\MSBuild
2010-05-03 20:41 . 2010-05-03 20:41 -------- d-----w- c:\programmi\Reference Assemblies
2010-05-02 19:35 . 2010-05-02 19:35 137 ----a-w- c:\documents and settings\Maurizio\Impostazioni locali\Dati applicazioni\fusioncache.dat
2010-05-02 19:35 . 2010-05-02 19:35 -------- d-----w- c:\documents and settings\Maurizio\Dati applicazioni\Malwarebytes
2010-05-02 18:10 . 2010-05-02 18:10 -------- d-----w- c:\documents and settings\Massimo1\Dati applicazioni\DeepBurner
2010-05-02 10:15 . 2010-05-02 10:15 -------- d-----w- c:\documents and settings\Massimo1\Dati applicazioni\Motive
2010-05-01 16:14 . 2010-04-30 21:30 152 ----a-w- c:\documents and settings\Massimo1\udpcrawl.tmp
2010-05-01 14:34 . 2010-05-01 14:34 -------- d-----w- c:\programmi\CONEXANT
2010-05-01 11:27 . 2010-04-26 19:59 -------- d-----w- c:\programmi\File comuni\Adobe
2010-05-01 08:14 . 2010-05-01 08:12 -------- d-----w- c:\programmi\PDFCreator
2010-04-30 21:33 . 2010-04-30 21:33 137 ----a-w- c:\documents and settings\Massimo1\Impostazioni locali\Dati applicazioni\fusioncache.dat
2010-04-30 21:31 . 2010-04-26 18:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Motive
2010-04-30 20:45 . 2010-04-30 20:45 0 ----a-w- c:\documents and settings\Massimo1\Dati applicazioni\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-04-30 19:37 . 2010-04-30 19:36 -------- d-----w- c:\programmi\frostwire
2010-04-29 21:23 . 2010-04-26 20:39 -------- d-----w- c:\programmi\Glary Utilities
2010-04-28 21:39 . 2010-04-28 21:39 -------- d-----w- c:\programmi\Sandboxie
2010-04-28 21:10 . 2010-04-28 21:10 -------- d-----w- c:\programmi\Opera
2010-04-28 21:03 . 2010-04-28 21:03 -------- d-----w- c:\programmi\File comuni\Java
2010-04-28 21:02 . 2010-04-28 21:02 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-28 21:02 . 2010-04-28 21:02 -------- d-----w- c:\programmi\Java
2010-04-28 16:15 . 2010-04-28 16:15 -------- d-----w- c:\documents and settings\Maurizio\Dati applicazioni\Motive
2010-04-28 15:58 . 2010-04-26 18:40 -------- d-----w- c:\programmi\Telecom Italia
2010-04-28 15:54 . 2010-04-27 17:49 1 ----a-w- c:\documents and settings\Maurizio\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-27 19:17 . 2010-04-27 19:17 503808 ----a-w- c:\documents and settings\Massimo1\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a04a979-n\msvcp71.dll
2010-04-27 19:17 . 2010-04-27 19:17 499712 ----a-w- c:\documents and settings\Massimo1\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a04a979-n\jmc.dll
2010-04-27 19:17 . 2010-04-27 19:17 348160 ----a-w- c:\documents and settings\Massimo1\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a04a979-n\msvcr71.dll
2010-04-27 19:17 . 2010-04-27 19:17 61440 ----a-w- c:\documents and settings\Massimo1\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-645c0db4-n\decora-sse.dll
2010-04-27 19:17 . 2010-04-27 19:17 12800 ----a-w- c:\documents and settings\Massimo1\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-645c0db4-n\decora-d3d.dll
2010-04-27 17:52 . 2010-04-27 17:52 61440 ----a-w- c:\documents and settings\Maurizio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3ecf6abb-n\decora-sse.dll
2010-04-27 17:52 . 2010-04-27 17:52 503808 ----a-w- c:\documents and settings\Maurizio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4cd0f5c8-n\msvcp71.dll
2010-04-27 17:52 . 2010-04-27 17:52 499712 ----a-w- c:\documents and settings\Maurizio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4cd0f5c8-n\jmc.dll
2010-04-27 17:52 . 2010-04-27 17:52 348160 ----a-w- c:\documents and settings\Maurizio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4cd0f5c8-n\msvcr71.dll
2010-04-27 17:52 . 2010-04-27 17:52 12800 ----a-w- c:\documents and settings\Maurizio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3ecf6abb-n\decora-d3d.dll
2010-04-27 17:48 . 2010-04-27 17:48 -------- d-----w- c:\documents and settings\Maurizio\Dati applicazioni\OpenOffice.org
2010-04-27 17:16 . 2010-04-27 17:16 -------- d-----w- c:\programmi\7-Zip
2010-04-27 17:16 . 2010-04-27 17:16 -------- d-----w- c:\programmi\7zip
2010-04-27 16:31 . 2010-04-27 16:31 -------- d-----w- c:\documents and settings\Massimo1\Dati applicazioni\OpenOffice.org
2010-04-27 16:29 . 2010-04-27 16:29 -------- d-----w- c:\programmi\JRE
2010-04-27 16:29 . 2010-04-27 16:29 -------- d-----w- c:\programmi\OpenOffice.org 3
2010-04-27 16:26 . 2010-04-27 16:26 -------- d-----w- c:\programmi\OpenOffice
2010-04-27 15:56 . 2010-04-27 15:56 -------- d-----w- c:\programmi\MSXML 4.0
2010-04-27 14:45 . 2010-04-27 14:45 -------- d-----w- c:\programmi\XnView
2010-04-27 12:22 . 2010-04-27 12:22 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-27 12:19 . 2010-04-27 12:19 -------- d-----r- c:\programmi\Skype
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2010-05-17 1385864]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\programmi\Vuze_Remote\tbVuze.dll" [2010-06-03 2736736]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-06-03 16:24 2736736 ----a-w- c:\programmi\Vuze_Remote\tbVuze.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-17 16:43 1385864 ----a-w- c:\programmi\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2010-05-17 1385864]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\programmi\Vuze_Remote\tbVuze.dll" [2010-06-03 2736736]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2010-05-17 1385864]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\programmi\Vuze_Remote\tbVuze.dll" [2010-06-03 2736736]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Massimo1\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-04-27 133104]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-06 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"tsnp2std"="c:\windows\tsnp2std.exe" [2005-11-14 110592]
"snp2std"="c:\windows\vsnp2std.exe" [2005-11-16 344064]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2010-05-06 30192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Maurizio\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.2.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\documents and settings\Massimo1\Menu Avvio\Programmi\Esecuzione automatica\
PandaUSBVaccine.lnk - c:\programmi\Panda USB Vaccine\USBVaccine.exe [2010-6-9 1287176]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-1 110592]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2010-4-26 217088]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - c:\programmi\File comuni\Autodesk Shared\acstart17.exe [2006-3-5 11000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Opera\\opera.exe"=
"d:\\eMule\\eMule.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"i:\\PortableApps\\SkypePortable\\App\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [17/03/2010 9.51.48 15328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [26/04/2010 22.28.50 114768]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [28/04/2010 17.58.25 8192]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [26/04/2010 21.34.45 46080]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [17/03/2010 9.51.28 220128]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [26/04/2010 21.34.45 56960]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [27/04/2010 15.32.54 136176]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [06/05/2010 22.36.58 30192]
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-09 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2010-04-26 11:03]

2010-06-09 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-06 20:36]

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-27 13:32]

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-27 13:32]

2010-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-162531612-725345543-1004Core.job
- c:\documents and settings\Massimo1\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-04-27 19:39]

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-162531612-725345543-1004UA.job
- c:\documents and settings\Massimo1\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-04-27 19:39]

2010-06-09 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2010-05-17 16:43]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.tiscali.it/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: {A9D1EF3A-1327-4CC5-B3FE-82323DEF3DD7} = 85.37.17.17 85.38.28.72
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-09 21:39
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3980)
c:\windows\system32\WININET.dll
c:\progra~1\ALICET~1\SMARTB~1\SBHook.dll
c:\windows\system32\AcSignIcon.dll
c:\windows\system32\msi.dll
c:\programmi\File comuni\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Sandboxie\SbieSvc.exe
c:\windows\system32\wdfmgr.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\progra~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\windows\system32\RUNDLL32.EXE
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
c:\programmi\File comuni\PCSuite\Services\ServiceLayer.exe
c:\documents and settings\Massimo1\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.23\GoogleCrashHandler.exe
.
**************************************************************************
.
Ora fine scansione: 2010-06-09 21:46:19 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-06-09 19:46

Pre-Run: 3.219.025.920 byte disponibili
Post-Run: 3.181.731.840 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - E34C28CF1A72799A6375786430803BEF
Torna in alto
 
shapiro
Inviato: Wednesday, June 09, 2010 10:16:28 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
hai inserito la chiavetta come ti ho detto? ripeti il procedimento e lascia che malwarebytes scansioni il tuo pc alla ricerca delle altre infezioni da eliminare, deve esserci altro

scarica malwarebytes

1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare per ora le ventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum


finita la scansione, collegati a questa pagina usando I.E.

posta i due rapporti
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » WORM


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.