Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

virus o falso positivo di malwarebites e pc lentissimo Opzioni
francesca64
Inviato: Thursday, April 02, 2009 6:27:45 PM

Rank: AiutAmico

Iscritto dal : 4/2/2009
Posts: 1,367
trovato con malwarebytes un trojan vundo che l'antivirus ha ignorato l'ho messo in quarantena e oggi stufa della lentezza del pc l'ho cancellato fra l'altro non riesco + ad aprire secunia psi che ho dovuto disinstallare e reinstallare ma continua a non funzionare insomma x non farla lunga ho provato di tutto ma il mio pc è sempre lentissimo potete aiutarmi?grazie
Sponsor
Inviato: Thursday, April 02, 2009 6:27:45 PM

 
r16
Inviato: Thursday, April 02, 2009 6:47:19 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
francesca64
Inviato: Thursday, April 02, 2009 7:01:16 PM

Rank: AiutAmico

Iscritto dal : 4/2/2009
Posts: 1,367
scusami è la prima volta che uso questo forum e non capisco cosa mi chiedi puoi essere + chiaro x favore?grazie
francesca64
Inviato: Thursday, April 02, 2009 7:06:30 PM

Rank: AiutAmico

Iscritto dal : 4/2/2009
Posts: 1,367
è questo?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.03.47, on 02/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programmi\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [EPSON Stylus Photo R285 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKE.EXE /FU "C:\WINDOWS\TEMP\E_SD4.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O24 - Desktop Component 0: (no name) - http://www.expedia.it/pubspec/scripts/include/sav.js

--
End of file - 9269 bytes
r16
Inviato: Thursday, April 02, 2009 8:02:40 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao
Si, mi riferivo a quello.
Adesso fai questa scansione eseguendo alla lettera le indicazioni:
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di combofix (qoobox)
enigmista63
Inviato: Thursday, April 02, 2009 9:22:22 PM

Rank: AiutAmico

Iscritto dal : 4/28/2007
Posts: 1,976
Ciao Francesca benvenuta sul forum segui le istruzioni alla lettera di R16 e vedrai che il pc torna a postoApplause
francesca64
Inviato: Thursday, April 02, 2009 9:25:54 PM

Rank: AiutAmico

Iscritto dal : 4/2/2009
Posts: 1,367
ho un problema il mio antivirus sembra avere una sua anima NON SI CHIUDE ho provato con la task manager e lo trovo sempre in esecuzione da 2h fermo al 98% adesso spengo e riavvio
enigmista63
Inviato: Thursday, April 02, 2009 9:35:16 PM

Rank: AiutAmico

Iscritto dal : 4/28/2007
Posts: 1,976
Allora Francesca oggi come ti ho spiegato in un messaggio un mio collega ha avuto lo stesso problema,ma a lui addiruttura il kis veniva disabilitato e al momento della scansione spariva del tutto, eliminato il VUNDO con la procedura descritta da R16 tutto e' tornato normale,fai come descritto da R16 poi una volta tolta l'infezione fai un ripristino dell'antivirus qualora ci siano problemi,ma prima elimina l'infezione senza lanciare scansioni se non richiesto da chi ti sta assistendo.
Per chiudere KAV tasto dx sull'icona e clicca SOSPENDI PROTEZIONE.
francesca64
Inviato: Thursday, April 02, 2009 9:54:41 PM

Rank: AiutAmico

Iscritto dal : 4/2/2009
Posts: 1,367

ok ecco il logo


ComboFix 09-04-01.01 - Asus 2009-04-02 21.47.22.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1919.1435 [GMT 2:00]
Eseguito da: c:\documents and settings\Asus\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-03-02 al 2009-04-02 )))))))))))))))))))))))))))))))))))
.

2009-04-02 19:03 . 2009-04-02 19:03 <DIR> d-------- c:\programmi\Trend Micro
2009-04-02 18:03 . 2009-04-02 18:03 <DIR> d-------- c:\programmi\Secunia
2009-04-01 17:33 . 2009-04-01 17:33 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2009-04-01 17:08 . 2009-04-01 17:08 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-04-01 17:08 . 2009-04-01 17:08 <DIR> d-------- c:\documents and settings\Asus\Dati applicazioni\Malwarebytes
2009-04-01 17:08 . 2009-04-01 17:08 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-04-01 17:08 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-01 17:08 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-28 18:43 . 2009-03-29 15:36 <DIR> d-------- c:\programmi\File comuni\Adobe AIR
2009-03-26 21:18 . 2009-03-26 21:18 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-24 13:03 . 2009-03-24 13:03 7,808 --a------ c:\windows\system32\drivers\psi_mf.sys
2009-03-22 19:22 . 2009-03-22 19:22 48 --ah----- c:\windows\system32\ezsidmv.dat
2009-03-22 19:19 . 2009-03-22 19:19 <DIR> dr------- c:\programmi\Skype
2009-03-22 19:19 . 2009-03-22 19:19 <DIR> d-------- c:\programmi\File comuni\Skype
2009-03-17 19:20 . 2006-06-29 14:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-03-17 00:03 . 2009-03-17 00:03 <DIR> d-------- c:\documents and settings\Asus\Dati applicazioni\Windows Search
2009-03-17 00:02 . 2009-03-17 00:02 <DIR> d-------- c:\windows\system32\GroupPolicy
2009-03-17 00:02 . 2009-03-18 10:45 <DIR> d-------- c:\programmi\Windows Desktop Search
2009-03-16 23:24 . 2009-01-09 21:19 1,090,181 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-03-16 22:23 . 2009-03-17 00:05 <DIR> d-------- c:\windows\system32\XPSViewer
2009-03-16 22:23 . 2009-03-16 22:23 <DIR> d-------- c:\programmi\Reference Assemblies
2009-03-16 22:22 . 2008-07-06 14:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-03-16 22:22 . 2008-07-06 14:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-16 22:22 . 2008-07-06 12:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-16 22:22 . 2008-07-06 14:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-03-16 22:22 . 2008-07-06 14:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-16 22:22 . 2008-07-06 14:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-03-16 22:22 . 2008-07-06 14:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-14 01:14 . 2009-03-14 01:16 <DIR> d-------- c:\documents and settings\Asus\Dati applicazioni\vlc
2009-03-12 22:11 . 2008-04-14 05:13 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-03-12 22:11 . 2008-04-13 21:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-03-12 22:11 . 2008-04-13 21:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-03-12 22:11 . 2001-08-31 00:07 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-03-12 21:15 . 2009-03-12 21:15 <DIR> d-------- c:\programmi\Microsoft Visual Studio 8
2009-03-12 00:29 . 2004-08-19 15:39 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-10 00:58 . 2009-04-02 21:42 <DIR> d-------- c:\documents and settings\Asus\Tracing
2009-03-10 00:57 . 2009-03-11 14:11 <DIR> d-------- c:\programmi\Microsoft Silverlight
2009-03-10 00:57 . 2009-03-10 00:57 <DIR> d-------- c:\programmi\Microsoft Office Outlook Connector
2009-03-10 00:50 . 2009-03-10 00:50 <DIR> d-------- c:\programmi\Windows Live SkyDrive
2009-03-10 00:50 . 2009-03-10 00:57 <DIR> d-------- c:\programmi\Microsoft
2009-03-10 00:44 . 2009-03-10 00:44 <DIR> d-------- c:\programmi\File comuni\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 19:42 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-04-02 19:40 622,624 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-02 19:40 4,256 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-02 19:40 23,448 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-02 19:40 2,594,848 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-02 19:01 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-04-01 15:36 --------- d-----w c:\documents and settings\Asus\Dati applicazioni\Symantec
2009-03-31 22:57 --------- d-----w c:\documents and settings\Asus\Dati applicazioni\SUPERAntiSpyware.com
2009-03-28 16:36 --------- d-----w c:\programmi\File comuni\Adobe
2009-03-26 19:18 410,984 -c--a-w c:\windows\system32\deploytk.dll
2009-03-22 17:24 --------- d-----w c:\documents and settings\Asus\Dati applicazioni\Skype
2009-03-22 17:22 --------- d-----w c:\documents and settings\Asus\Dati applicazioni\skypePM
2009-03-22 17:19 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Skype
2009-03-16 20:23 --------- d-----w c:\programmi\MSBuild
2009-03-12 19:18 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-03-09 22:49 --------- d-----w c:\programmi\Windows Live
2009-02-28 18:22 --------- d-----w c:\programmi\Messenger Plus! Live
2009-02-21 21:20 --------- d-----w c:\documents and settings\Asus\Dati applicazioni\live-player
2009-02-21 07:25 691,592 ----a-w c:\windows\system32\OGACheckControl.DLL
2009-02-19 20:19 --------- d-----w c:\programmi\CCleaner
2009-02-18 17:40 --------- d-----w c:\programmi\MegaLink
2009-02-17 17:11 24,232 -c--a-w c:\windows\system32\drivers\ElbyCDIO.sys
2009-02-17 13:33 89,256 -c--a-w c:\windows\system32\ElbyCDIO.dll
2009-02-09 14:04 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 14:39 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\EPSON
2009-02-07 14:34 --------- d-----w c:\programmi\EPSON
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-04 14:05 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-03 17:45 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 17:45 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-01-02 19:54 499,712 -c--a-w c:\windows\system32\msvcp71.dll
2009-01-02 19:54 348,160 -c--a-w c:\windows\system32\msvcr71.dll
2008-05-17 17:23 32 -c--a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2008-10-03 18:28 32,768 -csha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008100320081004\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-09 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"VeohPlugin"="c:\programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]
"ccleaner"="c:\programmi\CCleaner\CCleaner.exe" [2009-03-24 1488112]
"EPSON Stylus Photo R285 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICKE.EXE" [2007-04-13 182272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\programmi\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-16 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-16 81920]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-04 206088]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-01-02 185872]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-26 148888]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SkyTel"="SkyTel.EXE" [2007-04-13 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Asus\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programmi\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Italian\\setup.exe"=
"c:\\Programmi\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\Programmi\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [2007-04-19 24576]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [2007-06-06 1260672]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-03-24 7808]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0eea4c00-7a93-11dd-9f08-001d60dddb41}]
\Shell\AutoRun\command - 3bqqnkd.bat
\Shell\explore\Command - 3bqqnkd.bat
\Shell\open\Command - 3bqqnkd.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0eea4c01-7a93-11dd-9f08-001d60dddb41}]
\Shell\AutoRun\command - ig.bat
\Shell\explore\Command - ig.bat
\Shell\open\Command - ig.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55f70c60-0f39-11de-a028-001d60dddb41}]
\Shell\AutoRun\command - G:\Autorun.exe /run
\Shell\Shell00\Command - G:\Autorun.exe /run
\Shell\Shell01\Command - G:\Autorun.exe /action
\Shell\Shell02\Command - G:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91724ec6-cbe7-11dc-9dba-f1c7c3a4ee5c}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91724ec7-cbe7-11dc-9dba-f1c7c3a4ee5c}]
\Shell\AutoRun\command - wscript.exe VirusRemoval.vbs
\Shell\open\Command - wscript.exe VirusRemoval.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4a05e60-5be0-11dd-9ee5-001d60dddb41}]
\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\programmi\File comuni\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2009-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 23:29]

2009-04-01 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

2009-04-02 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = about:blank
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 21:48:52
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Ora fine scansione: 2009-04-02 21.50.37
ComboFix-quarantined-files.txt 2009-04-02 19:50:34
ComboFix2.txt 2009-04-02 19:45:49

Pre-Run: 33.013.780.480 byte disponibili
Post-Run: 32,994,684,928 byte disponibili

200 --- E O F --- 2009-03-25 15:07:23
francesca64
Inviato: Thursday, April 02, 2009 10:11:31 PM

Rank: AiutAmico

Iscritto dal : 4/2/2009
Posts: 1,367
succede una cosa strana mi è apparsa la notifica di windows che mi dice che la copia non è autentica(cosa strana ho sempre installato gli aggiornamenti e non è mai successo) il deskop è diventato nero è sparita l'immagine sfondo,Tutto normale?
r16
Inviato: Thursday, April 02, 2009 10:32:56 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Chiaro che non è normale.
Ma mi risulta che hai delle partizioni, o chiavette USB, oppure HD esterno che sono infettati.
Disinserisci tutte le periferiche e fai cosi:

Apri un file di testo sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0eea4c00-7a93-11dd-9f08-001d60dddb41}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0eea4c01-7a93-11dd-9f08-001d60dddb41}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91724ec7-cbe7-11dc-9dba-f1c7c3a4ee5c}]


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
*********************************************************************************************************
Bisogna disattivare momentaneamente il riconoscimento automatico delle periferiche USB;
serve il programma TweakUI scaricabile in questa pagina (lo trovi sulla destra verso metà pagina) e installalo:
http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx
Una volta installato, eseguilo e procedi con questi passaggi:

clicca sul simbolo + la sezione My Computer
clicca sul simbolo [+] la sottosezione Autoplay
Spostati in Types
Togli il segno di spunta a Enable Autoplay for removable drives
Clicca su Apply
Chiudi TweakUI


Da questo momento tutti gli apparati USB smetteranno di avviarsi automaticamente.
Inserisci le tue chiavette e fai una scansione delle stesse, con il tuo antivirus.
Quando sei sicuro che tutto è a posto, puoi riabilitare l'avvio automatico, rifacendo lo stesso percorso che ti ho indicato.


francesca64
Inviato: Thursday, April 02, 2009 10:42:02 PM

Rank: AiutAmico

Iscritto dal : 4/2/2009
Posts: 1,367
accidenti troppo complicato ma ci proverò nella chiavetta usb ho il file zip che ho scompattato dal centro assistnza dell'antivirus e nella partizione film archiviati da un sacco di tempo
r16
Inviato: Thursday, April 02, 2009 10:51:21 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
No francesca64 , non è complicato.
Se non elimini prima i file infetti che hai nel pc, è inutile bonificare le periferiche.
Devi solo copiare-incollare lo script in rosso, in un normale file di testo, lo salvi con il nome CFScript.txt
e lo trascini con il mouse sopra l'icona di Combofix.
poi aspetti il risultato senza toccare niente.
Dai, che ce la fai...Drool
francesca64
Inviato: Thursday, April 02, 2009 11:02:59 PM

Rank: AiutAmico

Iscritto dal : 4/2/2009
Posts: 1,367
eccolo se ho fatto giusto ho anche disabilitato non so che provo adesso ad attivare l'antivirus e fare la scansine della pen drive

ComboFix 09-04-01.01 - Asus 2009-04-02 22.56.47.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1919.1313 [GMT 2:00]
Eseguito da: c:\documents and settings\Asus\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Asus\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-03-02 al 2009-04-02 )))))))))))))))))))))))))))))))))))
.

2009-04-02 22:51 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2009-04-02 22:51 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2009-04-02 22:26 . 2009-04-02 22:26 <DIR> d-------- c:\programmi\SUPERAntiSpyware
2009-04-02 22:26 . 2009-04-02 22:26 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2009-04-02 19:03 . 2009-04-02 19:03 <DIR> d-------- c:\programmi\Trend Micro
2009-04-02 18:03 . 2009-04-02 18:03 <DIR> d-------- c:\programmi\Secunia
2009-04-01 17:33 . 2009-04-01 17:33 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2009-04-01 17:08 . 2009-04-01 17:08 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-04-01 17:08 . 2009-04-01 17:08 <DIR> d-------- c:\documents and settings\Asus\Dati applicazioni\Malwarebytes
2009-04-01 17:08 . 2009-04-01 17:08 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-04-01 17:08 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-01 17:08 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-28 18:43 . 2009-03-29 15:36 <DIR> d-------- c:\programmi\File comuni\Adobe AIR
2009-03-26 21:18 . 2009-03-26 21:18 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-24 13:03 . 2009-03-24 13:03 7,808 --a------ c:\windows\system32\drivers\psi_mf.sys
2009-03-22 19:22 . 2009-03-22 19:22 48 --ah----- c:\windows\system32\ezsidmv.dat
2009-03-22 19:19 . 2009-03-22 19:19 <DIR> dr------- c:\programmi\Skype
2009-03-22 19:19 . 2009-03-22 19:19 <DIR> d-------- c:\programmi\File comuni\Skype
2009-03-17 19:20 . 2006-06-29 14:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-03-17 00:03 . 2009-03-17 00:03 <DIR> d-------- c:\documents and settings\Asus\Dati applicazioni\Windows Search
2009-03-17 00:02 . 2009-03-17 00:02 <DIR> d-------- c:\windows\system32\GroupPolicy
2009-03-17 00:02 . 2009-03-18 10:45 <DIR> d-------- c:\programmi\Windows Desktop Search
2009-03-16 23:24 . 2009-01-09 21:19 1,090,181 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-03-16 22:23 . 2009-03-17 00:05 <DIR> d-------- c:\windows\system32\XPSViewer
2009-03-16 22:23 . 2009-03-16 22:23 <DIR> d-------- c:\programmi\Reference Assemblies
2009-03-16 22:22 . 2008-07-06 14:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-03-16 22:22 . 2008-07-06 14:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-16 22:22 . 2008-07-06 12:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-16 22:22 . 2008-07-06 14:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-03-16 22:22 . 2008-07-06 14:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-16 22:22 . 2008-07-06 14:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-03-16 22:22 . 2008-07-06 14:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-14 01:14 . 2009-03-14 01:16 <DIR> d-------- c:\documents and settings\Asus\Dati applicazioni\vlc
2009-03-12 22:11 . 2008-04-14 05:13 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-03-12 22:11 . 2008-04-13 21:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-03-12 22:11 . 2008-04-13 21:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-03-12 22:11 . 2001-08-31 00:07 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-03-12 21:15 . 2009-03-12 21:15 <DIR> d-------- c:\programmi\Microsoft Visual Studio 8
2009-03-12 00:29 . 2004-08-19 15:39 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-10 00:58 . 2009-04-02 21:42 <DIR> d-------- c:\documents and settings\Asus\Tracing
2009-03-10 00:57 . 2009-03-11 14:11 <DIR> d-------- c:\programmi\Microsoft Silverlight
2009-03-10 00:57 . 2009-03-10 00:57 <DIR> d-------- c:\programmi\Microsoft Office Outlook Connector
2009-03-10 00:50 . 2009-03-10 00:50 <DIR> d-------- c:\programmi\Windows Live SkyDrive
2009-03-10 00:50 . 2009-03-10 00:57 <DIR> d-------- c:\programmi\Microsoft
2009-03-10 00:44 . 2009-03-10 00:44 <DIR> d-------- c:\programmi\File comuni\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 20:26 --------- d-----w c:\documents and settings\Asus\Dati applicazioni\SUPERAntiSpyware.com
2009-04-02 19:42 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-04-02 19:40 622,624 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-02 19:40 4,256 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-02 19:40 23,448 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-02 19:40 2,594,848 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-02 19:01 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-04-01 15:36 --------- d-----w c:\documents and settings\Asus\Dati applicazioni\Symantec
2009-03-28 16:36 --------- d-----w c:\programmi\File comuni\Adobe
2009-03-26 19:18 410,984 -c--a-w c:\windows\system32\deploytk.dll
2009-03-22 17:24 --------- d-----w c:\documents and settings\Asus\Dati applicazioni\Skype
2009-03-22 17:22 --------- d-----w c:\documents and settings\Asus\Dati applicazioni\skypePM
2009-03-22 17:19 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Skype
2009-03-16 20:23 --------- d-----w c:\programmi\MSBuild
2009-03-12 19:18 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-03-09 22:49 --------- d-----w c:\programmi\Windows Live
2009-02-28 18:22 --------- d-----w c:\programmi\Messenger Plus! Live
2009-02-21 21:20 --------- d-----w c:\documents and settings\Asus\Dati applicazioni\live-player
2009-02-21 07:25 691,592 ----a-w c:\windows\system32\OGACheckControl.DLL
2009-02-19 20:19 --------- d-----w c:\programmi\CCleaner
2009-02-18 17:40 --------- d-----w c:\programmi\MegaLink
2009-02-17 17:11 24,232 -c--a-w c:\windows\system32\drivers\ElbyCDIO.sys
2009-02-17 13:33 89,256 -c--a-w c:\windows\system32\ElbyCDIO.dll
2009-02-09 14:04 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 14:39 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\EPSON
2009-02-07 14:34 --------- d-----w c:\programmi\EPSON
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-04 14:05 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-03 17:45 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 17:45 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-01-02 19:54 499,712 -c--a-w c:\windows\system32\msvcp71.dll
2009-01-02 19:54 348,160 -c--a-w c:\windows\system32\msvcr71.dll
2008-05-17 17:23 32 -c--a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2008-10-03 18:28 32,768 -csha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008100320081004\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-02_21.44.30.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-02 20:26:35 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-04-02 20:26:35 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-09 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"VeohPlugin"="c:\programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]
"ccleaner"="c:\programmi\CCleaner\CCleaner.exe" [2009-03-24 1488112]
"EPSON Stylus Photo R285 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICKE.EXE" [2007-04-13 182272]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\programmi\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-16 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-16 81920]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-04 206088]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-01-02 185872]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-26 148888]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SkyTel"="SkyTel.EXE" [2007-04-13 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Asus\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programmi\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Italian\\setup.exe"=
"c:\\Programmi\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\Programmi\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [2007-04-19 24576]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [2007-06-06 1260672]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-03-24 7808]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASENUM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55f70c60-0f39-11de-a028-001d60dddb41}]
\Shell\AutoRun\command - G:\Autorun.exe /run
\Shell\Shell00\Command - G:\Autorun.exe /run
\Shell\Shell01\Command - G:\Autorun.exe /action
\Shell\Shell02\Command - G:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91724ec6-cbe7-11dc-9dba-f1c7c3a4ee5c}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4a05e60-5be0-11dd-9ee5-001d60dddb41}]
\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\programmi\File comuni\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2009-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 23:29]

2009-04-02 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

2009-04-02 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = about:blank
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 22:58:22
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Ora fine scansione: 2009-04-02 23.00.11
ComboFix-quarantined-files.txt 2009-04-02 21:00:08
ComboFix2.txt 2009-04-02 19:50:38
ComboFix3.txt 2009-04-02 19:45:49

Pre-Run: 33.832.742.912 byte disponibili
Post-Run: 33,832,083,456 byte disponibili

212 --- E O F --- 2009-03-25 15:07:23
francesca64
Inviato: Thursday, April 02, 2009 11:06:23 PM

Rank: AiutAmico

Iscritto dal : 4/2/2009
Posts: 1,367
ok scansionata pen drive nessun file infetto
r16
Inviato: Thursday, April 02, 2009 11:11:45 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ok, visto che non era difficile?
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è importante)
Esegui una scansione completa del sistema
Posta il log.
francesca64
Inviato: Thursday, April 02, 2009 11:13:14 PM

Rank: AiutAmico

Iscritto dal : 4/2/2009
Posts: 1,367
ho già malware e ho già fatto oggi la scansione e non risulta + nulla
r16
Inviato: Thursday, April 02, 2009 11:19:35 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Falla lo stesso francesca64 , adesso il pc non è lo stesso di prima.
Non eliminare niente, se trova qualcosa.
Posta solo il risultato.
Mi raccomando, AGGIORNALO prima di fare la scansione.
Ci sono miglioramenti ?
francesca64
Inviato: Thursday, April 02, 2009 11:22:45 PM

Rank: AiutAmico

Iscritto dal : 4/2/2009
Posts: 1,367
ok seguo i tuoi consigli sto facendo la scansione mi dici tu quando disinstallare combofix?cmq ho scansionato anche la partizione con l'antivirus ma non c'è nulla
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.