Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Virus nel Pc, ma non so di che cosa si tratti...

4 pages: [1] 2 3 4
Virus nel Pc, ma non so di che cosa si tratti... Opzioni
Topic Precedente · Topic Sucessivo
icollaboratore
Inviato: Wednesday, November 18, 2009 10:29:21 PM
Rank: AiutAmico

Iscritto dal : 5/19/2007
Posts: 50
Ciao a tutti. Ho il pc infettato. Il virus ha bloccato microsoft security essentials, non consente l'accesso a siti per la scansione antivirus online e impedisce l'installazione di antivirus (avg, panda, etc.). Inoltre blocca l'accesso a msn e ha toccato anche Ie8 (io comunque uso firefox e non dà problemi). l'apertura di word è rallentata. La modalità provvisoria è disponibile e scarico gli aggiornamenti del pc senza problemi (ho xp sp3 aggiornatissimo). Con un tool ho eliminato l'antivirus morto mail pc me lo segna ancora attivo. Ho usato combo, spybot, adaware, vari removal tool (tra cui anche quelli per beagle) senza grossi risultati. Che cosa posso fare per eliminare il maligno dal povero pc?

Grazie in anticipo
Torna in alto
 
Sponsor
Inviato: Wednesday, November 18, 2009 10:29:21 PM

 
Torna in alto
 
shapiro
Inviato: Wednesday, November 18, 2009 10:35:28 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

i sintomi comunque sembrerebbero quelli del bagle

fai una scansione con

http://dc108.4shared.com/download/75022994/b07bff/FindyKill.exe?tsid=20090209-102651-de3379fb

Una volta installato chiudi tutte le applicazioni attive e disconnettiti dal internet, poi clicca sull'icona di FindyKill e nella finestra dos che si aprirà scrivi 2 e premi Invio. Attendi il termine della scansione e posta qui il log che trovi in C:\FindyKill.txt
Torna in alto
 
icollaboratore
Inviato: Wednesday, November 18, 2009 10:53:14 PM
Rank: AiutAmico

Iscritto dal : 5/19/2007
Posts: 50
Innanzitutto grazie per la rapidità. Ecco il report:

* executed from : C:\Programmi\FindyKill
* Update on 06/12/08 par Chiquitine29
* Start at 22:46:55 the 18/11/2009
* Windows XP - Internet Explorer 8.0.6001.18702


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch


»»»» Supression files in C:\WINDOWS\system32


»»»» Supression files in C:\WINDOWS\system32\drivers


»»»» Supression files in C:\Documents and Settings\Pier Luigi\Dati applicazioni


»»»» Supression files in C:\DOCUME~1\PIERLU~1\IMPOST~1\Temp


»»»» Supression files in C:\Documents and Settings\Pier Luigi\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg

--------------- [ Registry / Infected keys ] ----------------


--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Unit… fissa

D: - Unit… fissa

F: - Unit… rimovibile


+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------
Torna in alto
 
shapiro
Inviato: Wednesday, November 18, 2009 11:02:07 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
forse e' alla fase iniziale

vai in provvisoria (se ti riesce) altrimenti eseguilo da modalita' normale

scarica questo programmino... il download lo trovi in fondo alla pagina http://www.zonavirus.com/datos/descargas/95/elibagla.asp

lancia il programma e spunta '' ELIMINAR FICHEROS AUTOMATICAMENTE''

clicca su EXPLORAR per avviare la scansione


quando avra' finito troverai il log in C:\InfoSat.txt. - copialo in blocco note e postalo nel forum



se hai combofix installato, eseguilo nuovamente sempre da provvisoria e posta anche il suo report
Torna in alto
 
icollaboratore
Inviato: Wednesday, November 18, 2009 11:09:32 PM
Rank: AiutAmico

Iscritto dal : 5/19/2007
Posts: 50
Intanto ti posto la scansione di Combo:

ComboFix 09-11-18.04 - Pier Luigi 18/11/2009 0.11.41.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.478.196 [GMT 1:00]
Eseguito da: F:\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: VirusKeeper 2009 Pro antivirus *On-access scanning enabled* (Updated) {165EE528-D666-4745-B14E-AA998BBEC191}
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-10-17 al 2009-11-17 )))))))))))))))))))))))))))))))))))
.

2009-11-15 23:05 . 2009-11-15 23:05 117760 ----a-w- c:\documents and settings\Pier Luigi\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-15 23:03 . 2009-11-15 23:03 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-11-15 23:02 . 2009-11-15 23:03 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-11-15 23:02 . 2009-11-15 23:02 -------- d-----w- c:\documents and settings\Pier Luigi\Dati applicazioni\SUPERAntiSpyware.com
2009-11-15 23:01 . 2009-11-15 23:01 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-11-15 22:21 . 2009-11-15 22:21 -------- dc----w- C:\ERDNT
2009-11-15 22:21 . 2009-11-15 22:21 -------- d-----w- c:\windows\ERUNT
2009-11-15 22:21 . 2009-11-15 22:21 -------- dc----w- C:\!FixIEDef
2009-11-14 09:42 . 2009-11-15 14:52 -------- dc----w- C:\FindyKill
2009-11-13 21:11 . 2009-11-13 21:11 -------- d-----w- c:\documents and settings\Pier Luigi\Dati applicazioni\IObit
2009-11-13 21:11 . 2009-11-13 21:11 -------- d-----w- c:\programmi\IObit
2009-11-13 21:09 . 2009-11-13 22:45 -------- d-----w- c:\programmi\AxBx
2009-11-12 21:13 . 2009-11-12 21:13 -------- d-----w- c:\documents and settings\Pier Luigi\DoctorWeb
2009-11-10 21:52 . 2009-11-10 21:52 -------- d-----w- c:\programmi\Panda Security
2009-11-10 21:21 . 2009-11-13 21:58 -------- d-----w- c:\documents and settings\Pier Luigi\Dati applicazioni\QuickScan
2009-11-10 21:20 . 2009-10-29 14:39 679936 ----a-w- c:\documents and settings\Pier Luigi\Dati applicazioni\Mozilla\Firefox\Profiles\9fve3s0w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-11-10 21:20 . 2009-10-29 14:39 614400 ----a-w- c:\documents and settings\Pier Luigi\Dati applicazioni\Mozilla\Firefox\Profiles\9fve3s0w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-11-10 19:54 . 2009-11-15 22:59 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-11-10 19:54 . 2009-11-15 14:19 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-11-10 19:19 . 2009-11-10 19:19 -------- d-----w- c:\documents and settings\Pier Luigi\Dati applicazioni\Malwarebytes
2009-11-10 19:19 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-10 19:19 . 2009-11-10 19:19 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-11-10 19:19 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-10 19:19 . 2009-11-10 19:19 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-11-09 22:25 . 2009-11-09 22:25 -------- dc----w- c:\documents and settings\Administrator\Tracing
2009-11-01 20:27 . 2009-11-15 23:12 -------- d-----w- c:\programmi\Mozilla Firefox 3.6 Beta 1
2009-10-29 18:53 . 2009-10-29 18:55 -------- dc----w- C:\0b69a83b8b97b14621d9bad9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-15 10:32 . 2007-12-31 11:15 -------- d-----w- c:\documents and settings\Pier Luigi\Dati applicazioni\Skype
2009-11-15 10:09 . 2003-04-08 19:00 93834 ----a-w- c:\windows\system32\perfc010.dat
2009-11-15 10:09 . 2003-04-08 19:00 515758 ----a-w- c:\windows\system32\perfh010.dat
2009-11-13 21:57 . 2009-04-28 19:36 -------- d-----w- c:\programmi\Mozilla Firefox 3.5 (Release candidate)
2009-11-07 08:32 . 2008-03-03 14:28 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-11-07 08:31 . 2007-12-31 16:19 -------- d-----w- c:\programmi\SpywareBlaster
2009-11-02 19:42 . 2009-09-30 21:09 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 23:26 . 2008-01-05 02:27 64944 -c--a-w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-25 13:14 . 2007-12-31 12:56 -------- d-----w- c:\documents and settings\Pier Luigi\Dati applicazioni\skypePM
2009-10-14 22:15 . 2007-12-31 11:40 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-08 13:57 . 2007-10-09 12:03 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 13:57 . 2003-04-08 19:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-08 13:57 . 2003-04-08 19:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 10:24 . 2009-10-08 10:24 -------- d-----w- c:\programmi\Microsoft
2009-09-27 21:53 . 2008-02-12 21:03 -------- d-----w- c:\programmi\eMule
2009-09-26 22:56 . 2008-02-13 12:12 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-09-26 12:50 . 2007-12-31 14:15 -------- d-----w- c:\programmi\JLC's Software
2009-09-11 14:17 . 2003-04-08 19:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2003-04-08 19:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:56 . 2003-04-08 19:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2003-04-08 19:00 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-12_21.38.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2003-04-08 19:00 . 2009-10-25 09:46 72238 c:\windows\system32\perfc009.dat
+ 2003-04-08 19:00 . 2009-11-15 10:09 72238 c:\windows\system32\perfc009.dat
+ 2009-11-15 23:03 . 2009-11-15 23:03 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-11-15 23:03 . 2009-11-15 23:03 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
- 2007-12-30 21:56 . 2009-10-14 22:37 23040 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-12-30 21:56 . 2009-11-14 10:54 23040 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-12-30 21:56 . 2009-10-14 22:37 61440 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-12-30 21:56 . 2009-11-14 10:54 61440 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-12-30 21:56 . 2009-10-14 22:37 27136 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-12-30 21:56 . 2009-11-14 10:54 27136 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-12-30 21:56 . 2009-11-14 10:54 11264 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-12-30 21:56 . 2009-10-14 22:37 11264 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-12-30 21:56 . 2009-10-14 22:37 86016 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-12-30 21:56 . 2009-11-14 10:54 86016 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-12-30 21:56 . 2009-10-14 22:37 12288 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-12-30 21:56 . 2009-11-14 10:54 12288 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-11-15 23:03 . 2009-11-15 23:03 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2007-12-30 21:56 . 2009-11-14 10:54 4096 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-12-30 21:56 . 2009-10-14 22:37 4096 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2003-04-08 19:00 . 2009-11-15 10:09 444362 c:\windows\system32\perfh009.dat
- 2003-04-08 19:00 . 2009-10-25 09:46 444362 c:\windows\system32\perfh009.dat
+ 2007-12-30 15:24 . 2009-11-14 11:16 249496 c:\windows\system32\FNTCACHE.DAT
- 2007-12-30 15:24 . 2009-08-09 23:09 249496 c:\windows\system32\FNTCACHE.DAT
- 2007-12-30 21:56 . 2009-10-14 22:37 409600 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-12-30 21:56 . 2009-11-14 10:54 409600 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-12-30 21:56 . 2009-11-14 10:54 286720 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-12-30 21:56 . 2009-10-14 22:37 286720 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-12-30 21:56 . 2009-11-14 10:54 249856 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-12-30 21:56 . 2009-10-14 22:37 249856 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-12-30 21:56 . 2009-11-14 10:54 794624 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-12-30 21:56 . 2009-10-14 22:37 794624 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-12-30 21:56 . 2009-11-14 10:54 135168 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-12-30 21:56 . 2009-10-14 22:37 135168 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-12-30 21:56 . 2009-10-14 22:37 593920 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-12-30 21:56 . 2009-11-14 10:54 593920 c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-12-25 03:47 . 2005-10-20 16:00 157696 c:\windows\ERUNT\ERUNT.EXE
+ 2003-04-08 19:00 . 2009-08-14 15:12 1850624 c:\windows\system32\win32k.sys
+ 2008-10-15 19:36 . 2009-08-14 15:12 1850624 c:\windows\system32\dllcache\win32k.sys
+ 2009-10-22 11:46 . 2009-10-22 11:46 6821888 c:\windows\Installer\38466f.msp
+ 2009-10-06 17:40 . 2009-10-06 17:40 7681024 c:\windows\Installer\384659.msp
+ 2009-10-22 11:28 . 2009-10-22 11:28 5521408 c:\windows\Installer\384643.msp
+ 2009-11-15 23:03 . 2009-11-15 23:03 1583616 c:\windows\Installer\1c9428.msi
+ 2007-12-30 23:41 . 2009-11-05 17:36 26768832 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-11 2001648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-05-27 98304]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"SynTPStart"="c:\programmi\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"VirusKeeper"="c:\programmi\AxBx\VirusKeeper 2009 Pro Trial\VirusKeeper.exe" [2009-07-01 3748728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TapiSrv"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate1c98b0686fb44c0"=2 (0x2)
"ERSvc"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"SwPrv"=3 (0x3)
"dmadmin"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Documents and Settings\\Pier Luigi\\Impostazioni locali\\Dati applicazioni\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Pier Luigi\\Impostazioni locali\\Dati applicazioni\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22/01/2009 0.34.14 64160]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [11/11/2009 10.44.48 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [11/11/2009 10.44.46 74480]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\programmi\HWiNFO32\HWiNFO32.SYS [31/12/2007 12.33.38 8192]
R2 vkservice;VirusKeeper antivirus/antispyware;c:\programmi\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe [26/09/2008 10.10.22 1119584]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [11/11/2009 10.44.50 7408]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [07/08/2009 16.10.04 7680]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [10/11/2009 20.19.03 38224]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [07/08/2009 16.11.23 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [07/08/2009 16.11.05 104960]
S4 gupdate1c98b0686fb44c0;Google Update Service (gupdate1c98b0686fb44c0);"c:\programmi\Google\Update\GoogleUpdate.exe" /svc --> c:\programmi\Google\Update\GoogleUpdate.exe [?]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-764733703-854245398-1004Core.job
- c:\documents and settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-11-12 20:28]

2009-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-764733703-854245398-1004UA.job
- c:\documents and settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-11-12 20:28]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: fastweb.it\wmail
FF - ProfilePath - c:\documents and settings\Pier Luigi\Dati applicazioni\Mozilla\Firefox\Profiles\9fve3s0w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - plugin: c:\documents and settings\Pier Luigi\Dati applicazioni\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\programmi\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\programmi\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\programmi\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\programmi\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\programmi\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", true);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-18 00:25
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\Internet Explorer
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\Internet Explorer\brndlog.bak 141 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\Internet Explorer\brndlog.txt 11041 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\Internet Explorer\Desktop.htt 2722 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\Collegamento a firefox.lnk 893 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\desktop.ini 181 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\Mostra Desktop.scf 79 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 3.6 Beta 1.lnk 1694 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk 787 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\AddIns
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\Address Book
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\Address Book\Pier Luigi.wab 176602 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\Address Book\Pier Luigi.wab~ 176602 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\Clip Organizer
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\Clip Organizer\mstore10.mgc 197688 bytes executable
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\Clip Organizer\Offic10.MGC 148512 bytes executable
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CLR Security Config
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CLR Security Config\v1.1.4322
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CLR Security Config\v1.1.4322\security.config 21918 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CLR Security Config\v1.1.4322\security.config.cch 21942 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CLR Security Config\v2.0.50727.42
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CLR Security Config\v2.0.50727.42\security.config.cch 2038 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\Credentials
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\Credentials\S-1-5-21-790525478-764733703-854245398-1004
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\087486FD43937B4695C52643C96BB94D 574 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\0897206B35294097C3660E62BCDB227C 2202 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\0EBB3788D77094423275558212CCE7B1 727 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\1E65712B327A68645BB1B8967203F708 1576 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 18 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 341 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\3130B1871A126520A8C47861EFE3ED4D 552 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\33ECCD4EC2899E5F6A7E306662596E0F 1184 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\33EF5DC954745FDB1C94EDBF02CDC43B 471 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\3C19F8F5C2A69BEC912EF5B953293907 1294 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\3C83474D61E624A4F9844DF935AFE217 569 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1 65170 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\5209B26A762CFE608406374019066239 1220 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\5553AF14BD4C3B1DE599145FD14950E0 574 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 95179 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\B2F4B1D39F0694C6CDB433BC3CCF1418 1764 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\B69D763EB21649DA26F20618312DEE70 18388 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\C571B417AAF1F617555A0486AB3F5361 555 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3 1039 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\D9446DF6FD9BABE04CC252D4F0FB3D01 1852 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\E04822AD18D472EA5B582E6E6F8C6B9A 531 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735 558 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\FAC4103904B3A44F8012EFF5A7EB160D 557 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\FB788E090BC1F3AA2FBC9E8FB2859601 785 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 898 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD 781 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\71644221AC231DBD2359C18EBB2118DC 541 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019 452842 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 413 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9 552 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 571 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 27455 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\A1377F7115F1F126A15360369B165211 552 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD 558 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\087486FD43937B4695C52643C96BB94D 202 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\0897206B35294097C3660E62BCDB227C 194 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\0EBB3788D77094423275558212CCE7B1 138 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\1E65712B327A68645BB1B8967203F708 134 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 216 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 126 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\3130B1871A126520A8C47861EFE3ED4D 132 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\33ECCD4EC2899E5F6A7E306662596E0F 140 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\33EF5DC954745FDB1C94EDBF02CDC43B 134 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\3C19F8F5C2A69BEC912EF5B953293907 126 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\3C83474D61E624A4F9844DF935AFE217 142 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1 120 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\5209B26A762CFE608406374019066239 142 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\5553AF14BD4C3B1DE599145FD14950E0 206 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 124 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\B2F4B1D39F0694C6CDB433BC3CCF1418 194 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\B69D763EB21649DA26F20618312DEE70 128 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\C571B417AAF1F617555A0486AB3F5361 146 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3 126 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\D9446DF6FD9BABE04CC252D4F0FB3D01 194 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\E04822AD18D472EA5B582E6E6F8C6B9A 140 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735 144 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\FAC4103904B3A44F8012EFF5A7EB160D 166 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\FB788E090BC1F3AA2FBC9E8FB2859601 134 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 94 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\696F3DE637E6DE85B458996D49D759AD 156 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\71644221AC231DBD2359C18EBB2118DC 148 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019 124 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 98 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9 132 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 136 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 216 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\A1377F7115F1F126A15360369B165211 142 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD 146 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\Crypto
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\Crypto\RSA
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\Crypto\RSA\S-1-5-21-790525478-764733703-854245398-1004
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\Crypto\RSA\S-1-5-21-790525478-764733703-854245398-1004\83aa4cc77f591dfc2374580bbd95f6ba_f49233b1-2599-4984-9faa-840489e79b6f 45 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\Crypto\RSA\S-1-5-21-790525478-764733703-854245398-1004\be279072b81623d016604ba1b9833b04_f49233b1-2599-4984-9faa-840489e79b6f 51 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\Excel
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\Excel\Excel11.xlb 17674 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\Excel\XLSTART
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\HTML Help
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\HTML Help\hh.dat 9420 bytes
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\IdentityCRL
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\IdentityCRL\Production
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\IdentityCRL\Production\ppcrlconfig.dll 15240 bytes executable
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\InfoPath
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft\InfoPath\infopath.tbs 1067 bytes

Scansione completata con successo
Files nascosti: 111

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-790525478-764733703-854245398-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Ora fine scansione: 2009-11-18 00:29
ComboFix-quarantined-files.txt 2009-11-17 23:29
ComboFix2.txt 2009-11-14 10:27
ComboFix3.txt 2009-11-12 21:42

Pre-Run: 18.577.727.488 byte disponibili
Post-Run: 18.634.252.288 byte disponibili

- - End Of File - - E1259542B616B7F7AEADBC1BBEFD8829
Torna in alto
 
shapiro
Inviato: Wednesday, November 18, 2009 11:19:56 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ilcollaboratore ti lascio dei compiti da svolgere

dopo aver eseguito elibagla, esegui quest'altra scansione

scarica questo tool della kaspersky ed eseguilo

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/


Crea una cartella sul Desktop e salvaci al suo interno il file che andrai a scaricare
lancia il tool
imposta le aree che vuoi scansionare
attendere.....al termine della scansione sarà possibile rimuovere e/o mettere in quarantena i file infetti rilevati
Salva il log che verrà rilasciato e postalo sul forum


Ci aggiorniamo a domattina
Torna in alto
 
icollaboratore
Inviato: Wednesday, November 18, 2009 11:21:41 PM
Rank: AiutAmico

Iscritto dal : 5/19/2007
Posts: 50
Grazie ancora!
Torna in alto
 
icollaboratore
Inviato: Thursday, November 19, 2009 8:30:33 PM
Rank: AiutAmico

Iscritto dal : 5/19/2007
Posts: 50
Ciao,

non ho ottenuto grandi risultati da Kaspersky... Ti posterei il report ma è lunghissimo e non me lo fa caricare.
Hai qualche soluzione da propormi?

Grazie!
Torna in alto
 
shapiro
Inviato: Thursday, November 19, 2009 8:33:39 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

il log di kaspersky (mi sono dimenticato di dirtelo) devi postare solo la parte delle infezioni rilevate- fai un copia\incolla

dovresti postare anche quello ottenuto da elibagla
Torna in alto
 
icollaboratore
Inviato: Thursday, November 19, 2009 8:38:07 PM
Rank: AiutAmico

Iscritto dal : 5/19/2007
Posts: 50
...non ha rilevato infezioni...
Torna in alto
 
shapiro
Inviato: Thursday, November 19, 2009 8:40:42 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Commenta:
...non ha rilevato infezioni...


quale dei due non ha rilevato infezioni?
Torna in alto
 
icollaboratore
Inviato: Thursday, November 19, 2009 8:41:32 PM
Rank: AiutAmico

Iscritto dal : 5/19/2007
Posts: 50

Elibagla trova alcuni folder non accessibili, tra cui uno che comincia con c:\documents and settings\Administrator\impostazionilocali\temp......
Torna in alto
 
shapiro
Inviato: Thursday, November 19, 2009 8:44:03 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
puoi postarmi i report? vorrei controllarli
Torna in alto
 
icollaboratore
Inviato: Thursday, November 19, 2009 8:47:58 PM
Rank: AiutAmico

Iscritto dal : 5/19/2007
Posts: 50

Nessuno dei due ne ha rilevate, in compenso virus keeper ne individua DUE: NIRCMD.EXE, 404FIX.EXE. Li elimina ma sembrano rigenerarsi.
Torna in alto
 
shapiro
Inviato: Thursday, November 19, 2009 8:51:17 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
disattiva il ripristino di sistema


ultimamente hai scaricato programmi o altro che tu ricordi? hai fatto qualche aggiornamento?
Torna in alto
 
icollaboratore
Inviato: Thursday, November 19, 2009 8:52:09 PM
Rank: AiutAmico

Iscritto dal : 5/19/2007
Posts: 50
Quello di K è enorme, ma magari sto sbagliando io e c'è pure una versione ridotta. Ho fatto ripartire Elibagla, appena produce qualcosa te lo posto. Scusa l'imprecisione ma non mi intendo molto di informatica ;)
Torna in alto
 
shapiro
Inviato: Thursday, November 19, 2009 8:59:36 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ascolta

fai una scansione con questo programma- attento se rileva voci in rosso

posta il report in formato word

scarica gmer da qui:
http://www2.gmer.net/gmer.zip

scompattalo, avvia gmer.exe, dopo una scanione preliminare, scegli il tab Rootkit e premi scan.
Al termine dello scan, premi Copy , apri un file di testo e incolla il report .
Torna in alto
 
icollaboratore
Inviato: Thursday, November 19, 2009 9:01:26 PM
Rank: AiutAmico

Iscritto dal : 5/19/2007
Posts: 50
elibagla dice:
(18-11-2009 22:10:26)
EliBagle v13.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 18 de Noviembre del 2009)
Lista de Acciones (por Acción Directa):

(18-11-2009 22:10:35)
EliBagle v13.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 18 de Noviembre del 2009)
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 5952
Nº Total de Ficheros: 43655
Nº de Ficheros Analizados: 12888
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

(19-11-2009 19:39:1)
EliBagle v13.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 18 de Noviembre del 2009)
Lista de Acciones (por Acción Directa):

(19-11-2009 19:39:17)
EliBagle v13.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 18 de Noviembre del 2009)
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 5973
Nº Total de Ficheros: 43963
Nº de Ficheros Analizados: 12911
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Torna in alto
 
shapiro
Inviato: Thursday, November 19, 2009 9:59:33 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ilcollaboratore devi fare la scansione che ti ho indicato nel post precedente, hai moltissimi file nascosti- quando avrai finito dobbiamo eseguire un'altra procedura....hai delle infezioni nella cartella windows installer
Torna in alto
 
Utenti presenti in questo topic
Guest

4 pages: [1] 2 3 4

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Virus nel Pc, ma non so di che cosa si tratti...


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.