postalo solo se trova qualcosa,dai un occhiata in start,esegui,digiti "control userpasswords2"(senza virgolette),se ci fosse un utente di troppo?

va beneallora.drweb non ha trovato nulla?stai usando i.e.?hai solo quel bronswer?puoi provare con firefox portable se si verifica lo stesso problema?

questo è specifico per quel rootkit:
http://support.kaspersky.com/viruses/solutions?qid=208280684

Allora provo a fare così, dimmi se va bene:
1) riavvio
2) scansiono col tool di kaspersky
3) ritento la scansione completa con drweb, anche in modalità provvisoria se proprio non và.

se ha curato non dovrebbe servire eliminare,almeno credo,non vorrei che ti smantellasse tutto il pc.fai andare quel tool.

Salve.
Ieri ho fatto la scansione col tool di kaspersky, ha trovato ed eliminato un malware, poi una scansione con drweb ma si è bloccato.
Ho riavviato in modalità provvisoria ed ho rifatto la scansione ma verso la fine ha incominciato a rallentare e dopo quasi 6 ore mi son stufato, poichè era così lento che sembrava bloccato, ho cercato di bloccare la scansione ma si è bloccato definitivamente ho dovuto spegnere il pc dal pulsante di alimentaziione.
Prima che si bloccasse ha trovato tre malware ("tdss"), che ho fatto a tempo a curare, uno si trovava nella cartella della quarantena di combofix e gli altri due in C:\System Volume Information\ _restore...
Oggi ho riutilizzato il tool di kaspersky per sicurezza e non ha trovato nulla, poi ho fatto una scansione veloce con mbam ed una personalizzata con drweb nella quale non ho fatto scansionare solo i programmi che conosco, tipo nero dove si bloccava e gli antimalware che ho installato. Nessun file infetto rilevato.
Infine ho rifatto la scansione con combofix, che non ha rilevato il rootkit.



ComboFix 10-05-05.0B - Proprietario 09/05/2010 18.14.48.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.318 [GMT 2:00]
Eseguito da: c:\documents and settings\Proprietario\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-04-09 al 2010-05-09 )))))))))))))))))))))))))))))))))))
.

2010-05-08 14:44 . 2010-04-26 14:26 2856267 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{968F9FBF-0523-4FFE-95F9-512F1E2811A3}\vnlt6639.exe
2010-05-08 14:44 . 2010-05-08 15:26 -------- d-----w- C:\VEXPLite
2010-05-08 14:42 . 2010-05-08 14:42 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\PackageAware
2010-05-07 16:24 . 2010-05-07 16:24 63488 ----a-w- c:\documents and settings\Proprietario\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-07 16:24 . 2010-05-07 16:24 52224 ----a-w- c:\documents and settings\Proprietario\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-07 16:24 . 2010-05-07 16:24 117760 ----a-w- c:\documents and settings\Proprietario\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-07 16:22 . 2010-05-07 16:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-05-07 16:21 . 2010-05-07 16:21 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-05-07 16:21 . 2010-05-07 16:21 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\SUPERAntiSpyware.com
2010-05-07 16:20 . 2010-05-07 16:20 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-05-07 14:12 . 2010-05-08 18:27 -------- d-----w- c:\documents and settings\Proprietario\DoctorWeb
2010-05-06 14:30 . 2010-05-06 14:30 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-05-06 12:52 . 2010-05-06 12:52 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Runscanner.net
2010-05-06 11:44 . 2010-05-06 11:44 -------- d-----w- c:\programmi\a-squared HiJackFree
2010-05-06 09:39 . 2010-05-06 16:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-05-06 09:39 . 2010-05-06 09:45 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-05-04 22:09 . 2010-05-04 22:09 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Temp
2010-05-04 22:09 . 2010-05-04 22:09 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
2010-05-04 22:07 . 2010-05-04 22:08 -------- d-----w- c:\programmi\CCleaner
2010-05-04 22:04 . 2010-05-04 22:04 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2010-05-04 22:00 . 2010-05-04 22:00 388096 ----a-r- c:\documents and settings\Proprietario\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-03 20:55 . 2010-05-05 17:34 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Google
2010-05-03 20:52 . 2010-05-05 19:36 -------- d-----w- c:\programmi\Google
2010-04-28 00:09 . 2010-04-28 00:09 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\OpenOffice.org
2010-04-22 00:13 . 2010-04-14 10:29 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-22 00:13 . 2010-04-14 10:29 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-04-22 00:13 . 2010-04-14 10:29 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-22 00:13 . 2010-04-14 10:29 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-04-22 00:13 . 2010-04-14 10:29 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-22 00:13 . 2010-04-14 10:29 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-22 00:13 . 2010-04-14 10:29 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-22 00:13 . 2010-04-14 10:29 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-22 00:13 . 2010-04-14 10:29 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-22 00:13 . 2010-04-14 10:29 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 19:05 . 2001-08-31 15:00 12160 ----a-w- c:\windows\system32\drivers\acpiec.sys
2010-05-08 19:05 . 2004-08-03 20:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-05-08 14:44 . 2010-05-08 14:43 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{968F9FBF-0523-4FFE-95F9-512F1E2811A3}
2010-05-05 16:53 . 2001-08-31 15:00 79826 ----a-w- c:\windows\system32\perfc010.dat
2010-05-05 16:53 . 2001-08-31 15:00 479776 ----a-w- c:\windows\system32\perfh010.dat
2010-05-02 15:06 . 2009-03-15 18:34 -------- d-----w- c:\programmi\PokerStars.IT
2010-04-30 17:07 . 2009-11-16 18:29 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-30 17:07 . 2009-12-14 16:33 6153352 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-29 13:39 . 2009-11-16 18:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-11-16 18:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 13:51 . 2010-05-08 14:43 278528 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{968F9FBF-0523-4FFE-95F9-512F1E2811A3}\OFFLINE\D89A54DE\76AC2E42\MONLITE.exe
2010-04-22 19:06 . 2009-03-09 19:28 -------- d-----w- c:\programmi\McAfee.com
2010-04-22 00:25 . 2009-03-09 19:28 -------- d-----w- c:\programmi\McAfee
2010-04-22 00:24 . 2009-03-09 19:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2010-04-22 00:24 . 2009-03-09 19:28 -------- d-----w- c:\programmi\File comuni\McAfee
2010-04-13 06:54 . 2010-05-08 14:43 360448 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{968F9FBF-0523-4FFE-95F9-512F1E2811A3}\OFFLINE\BB22A901\76AC2E42\Scan.dll
2010-03-23 10:27 . 2010-05-08 14:43 819200 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{968F9FBF-0523-4FFE-95F9-512F1E2811A3}\OFFLINE\5BF53870\76AC2E42\viritexp.exe
2010-03-12 07:53 . 2010-05-08 14:43 122880 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{968F9FBF-0523-4FFE-95F9-512F1E2811A3}\OFFLINE\361580F9\76AC2E42\viritupg.dll
2010-03-10 06:15 . 2004-08-19 13:39 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:16 . 2004-08-19 13:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-03 21:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:05 . 2004-08-19 13:34 2149888 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2004-08-19 15:34 2028032 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-06 22:12 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-19 13:39 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-03 21:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

------- Sigcheck -------

[-] 2010-05-08 19:05 . 2D59E99B99EF083762A50E6A6C5019F4 . 12160 . . [------] . . c:\windows\system32\drivers\acpiec.sys
[7] 2001-08-31 . 49AC5CD87FBDDA62F3E25190019E7627 . 12160 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys
[7] 2001-08-31 . 49AC5CD87FBDDA62F3E25190019E7627 . 12160 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-05-06_14.28.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-07 14:03 . 2010-05-07 14:03 85019 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-11-11 07:53 . 2009-11-11 07:53 45312 c:\windows\system32\drivers\VIRAGTLT.sys
+ 2009-02-16 21:31 . 2010-05-07 21:53 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2009-02-16 21:31 . 2010-05-05 13:34 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2010-05-06 14:30 . 2010-05-07 21:53 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2010-05-07 21:45 . 2010-05-07 21:53 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-05-07 16:22 . 2010-05-07 16:22 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2010-05-07 16:22 . 2010-05-07 16:22 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2010-05-07 16:22 . 2010-05-07 16:22 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2010-01-27 00:58 . 2010-01-27 00:58 256280 c:\windows\system32\Macromed\Flash\FlashUtil10e.exe
+ 2010-05-08 14:44 . 2010-05-08 14:44 290304 c:\windows\Installer\4ae674.msi
+ 2010-05-07 16:22 . 2010-05-07 16:22 1583616 c:\windows\Installer\845e8c.msi
+ 2010-01-26 14:59 . 2010-01-26 14:59 1955384 c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-27 2020592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"SoundMan"="SOUNDMAN.EXE" [2009-02-16 67584]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2003-04-24 110592]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2003-04-24 610304]
"mcui_exe"="c:\programmi\McAfee.com\Agent\mcagent.exe" [2010-04-01 1180976]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2010-05-08 278528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Sitecom Wireless Utility.lnk - c:\programmi\Sitecom\Common\RaUI.exe [2009-3-9 1527808]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\File comuni\\McAfee\\McSvcHost\\McSvHost.exe"=

R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.sys [11/11/2009 9.53.20 45312]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [22/04/2010 2.13.20 82952]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11.25.50 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [27/04/2010 17.30.10 61440]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programmi\McAfee\SiteAdvisor\McSACore.exe [09/03/2009 21.32.45 93320]
R2 McMPFSvc;McAfee Personal Firewall;"c:\programmi\File comuni\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [22/04/2010 2.13.00 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\programmi\File comuni\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [22/04/2010 2.13.00 271480]
R2 mfefire;McAfee Firewall Core Service;c:\programmi\File comuni\McAfee\SystemCore\mfefire.exe [22/04/2010 2.13.54 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\programmi\File comuni\McAfee\SystemCore\mfevtps.exe [22/04/2010 2.13.23 141792]
R2 viritsvclite;VirIT eXplorer Lite;c:\vexplite\VIRITSVC.EXE [27/11/2009 16.10.32 69632]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [22/04/2010 2.13.19 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [22/04/2010 2.13.19 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [22/04/2010 2.13.20 88480]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [05/05/2010 0.04.44 135664]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [22/04/2010 2.13.20 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [22/04/2010 2.13.20 83496]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - Dwsh000040A0
*Deregistered* - klmd21
*Deregistered* - mfeavfk01
.
Contenuto della cartella 'Scheduled Tasks'

2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-05-04 22:04]

2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-05-04 22:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://google.it/
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-09 18:29
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(932)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2010-05-09 18:32:58
ComboFix-quarantined-files.txt 2010-05-09 16:32
ComboFix2.txt 2010-05-06 17:41
ComboFix3.txt 2010-05-06 14:34

Pre-Run: 37.789.982.720 byte disponibili
Post-Run: 38.226.759.680 byte disponibili

- - End Of File - - BC0047F56E36790C774942F0B2227C4E

Si conosco quel tipo di malware, è in giro da l'anno scorso credo, me ne sono reso conto dopo che ho fatto la scansione con drweb.
Ora faccio le pulizie.

java lo trovi su aiutamici.il log è pulito,vedi tu cosa tenere dei programmi che abbiamo scaricato,alcuni sono utili,altri li puoi defenestrare,ma decidi tu,sei scafato a sufficenza per conoscere cio' che puo' o meno servire.ciao e buona serata.

Scusate l'intrusione, perchè non provi a disinstallare Mcafee e SuperantiSypware ed installare al loro posto Avira e MalwareBytes?

http://www.aiutamici.com/software?ID=10908 Avira Personal Free ( Non scansiona la posta elettronica ).


http://software.aiutamici.com/software?ID=80346 MalwareBytes AntiMalware Free ( Ottimo software in abbinata con Avira ).

Bah fai come vuoi, ti affido a Paolo :)