Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

aiuto virus...non ci capisco veramente niente!!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

aiuto virus...non ci capisco veramente niente!!

Postdi elaisa83 » 06/05/09 10:15

Vi preggoooo :aaah :aaah :aaah ..ho provato a leggere le altre discussioni...è due giorni che ci provo ma nulla!!!!
...ho fatto ascansioni on lin con house call e ogni volta mi trova qualcosa...il mio avira niente ...spy bot in mod provv niente...eppure ce qualcosa il pc va lento lento e pure la connessione.
Ho scaricato Hijack...ma non ci capisco veramente niente...come faccio a togliere le operazioni sospette???e quali sono ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.46.28, on 06/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ONDA CONNECTION MANAGER\ONDA CONNECTION MANAGER.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mininova.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-A0E8-EB65B685FA7D} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-A0E8-EB65B685FA7D} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-28124613-439726741-2325757750-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file:///D:/CDVIEWER/CdViewer.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe

--
End of file - 9870 bytes

ditemi cosa devo fare e lo farò!!!!
elaisa83
Utente Junior
 
Post: 53
Iscritto il: 06/05/09 10:08

Sponsor
 

Re: aiuto virus...non ci capisco veramente niente!!

Postdi shel » 06/05/09 10:56

ciao

il log non presenta minacce - intanto elimina queste voci con hijackthis

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-A0E8-EB65B685FA7D} - (no file)

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-A0E8-EB65B685FA7D} - (no file)


Scarica e installa http://www.malwarebytes.org/mbam/program/mbam-setup.exe Aggiornalo e fai una scansione completa del computer. Posta il rapporto ottenuto. Per ora non rimuovere nessuna eventuale minaccia rilevata
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: aiuto virus...non ci capisco veramente niente!!

Postdi elaisa83 » 06/05/09 13:01

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 164378
Tempo trascorso: 40 minute(s), 51 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 2
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)


COSA FACCIO? CANCELLO??? :eeh:
elaisa83
Utente Junior
 
Post: 53
Iscritto il: 06/05/09 10:08

Re: aiuto virus...non ci capisco veramente niente!!

Postdi shel » 06/05/09 13:29

riavvia malwarebytes ed elimina tutto
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: aiuto virus...non ci capisco veramente niente!!

Postdi elaisa83 » 06/05/09 15:09

ok fatto...cosa dici ora faccio un altra scansione con housa call, o ci sono di migliori....perchè ce icona della connessione che è diventata come quella di un aplicazione non riconosciuta (pagina bianca e blu) ...perchè?
Io ho installato Spyware Termintor...che in realta non so affatto se funziona ma mi blocca sempre questo processo
c:\windows\system32\drivers\sldrv\mtlstrm.sym???cosa faccio che è?lo metto nella lista bianca?
Mi compare anche un errore quando spengo il pc 0x0000 che ha fatto riferimento...ooo(un altro numerone..e dice che la memoria non poteva essere read...

...sono impossibili ste macchine a volte la vita te la complicano propriooo :eeh:
elaisa83
Utente Junior
 
Post: 53
Iscritto il: 06/05/09 10:08

Re: aiuto virus...non ci capisco veramente niente!!

Postdi shel » 06/05/09 15:30

vai qui ===> http://www.virustotal.com/it/

analizzalo e posta il risultato c:\windows\system32\drivers\sldrv\mtlstrm.sym
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: aiuto virus...non ci capisco veramente niente!!

Postdi shel » 06/05/09 15:34

sei sicuro che sia

c:\windows\system32\drivers\sldrv\mtlstrm.sym

e non

c:\windows\system32\drivers\sldrv\mtlstrm.sys
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: aiuto virus...non ci capisco veramente niente!!

Postdi elaisa83 » 06/05/09 15:57

si hai raragione l estensione non è sym ma .sys????...pero ho notato che aprendo la cartella DRVSTORE tutti in file sono in blu...in piu ho notato che nella cartelletta di windows ce una sotto cartella chiamata ie7 che è blu pure lei e anche vari di questi ne avro una 15 $NtServicePackUninstall$

è grave dottor?
elaisa83
Utente Junior
 
Post: 53
Iscritto il: 06/05/09 10:08

Re: aiuto virus...non ci capisco veramente niente!!

Postdi shel » 06/05/09 16:17

non toccare i file nelle cartelle di windows, se c'e' qualcosa da togliere ci pensa combofix

Disattiva l'antivirus e i programmi anti-spyware
Disconnetti il pc da internet


scarica combofix da qui:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Se hai delle icone di collegamento a programmi sul desktop, crea una cartella apposita e copiale al suo interno

Doppio click su combofix.exe e segui le istruzioni passo a passo, ricordati di dare invio dopo i vari passaggi

Quando avrà finito creerà il log C:\combofix.txt salvalo e postalo come gli altri report.

Nota bene : durante la scansione verranno creati dei file sul desktop e scompariranno le icone, potrebbe succedere che qualche programma ti chiede cosa fare per la rimozione dei drivers, in questo caso accossenti, si tratta probabilmente di drivers infetti.

Il programma creerà la cartella C:\QooBox ed all'interno della stessa verrà posizionato un backup dei files rimossi ed un file di backup del registro di windows chiamato Hiv-backup.

NON TOCCARE MOUSE E TASTIERA durante la scansione.
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: aiuto virus...non ci capisco veramente niente!!

Postdi elaisa83 » 06/05/09 16:23

http://www.virustotal.com/it/analisis/f ... 2cda810e0d
guarda che mi da....

un tipo con cui chatto pensa di avere un virus o qualcosa del genere tedesco ...puo centrare??? :aaah :aaah :aaah :aaah
elaisa83
Utente Junior
 
Post: 53
Iscritto il: 06/05/09 10:08

Re: aiuto virus...non ci capisco veramente niente!!

Postdi elaisa83 » 06/05/09 17:06

oddioooo gia la cosa si fa pericolosa!!...spiegami meglio...tutte le icone del desktop quindi anche il cestino..i programmi zippati che che scarico e balle varie?????? e dopo sta cartelletta dove la metto??la lascio li??...scusa se sono pesante ma è l unico che ho :aaah :aaah :aaah :aaah :aaah :aaah :aaah :aaah :aaah :aaah
elaisa83
Utente Junior
 
Post: 53
Iscritto il: 06/05/09 10:08

Re: aiuto virus...non ci capisco veramente niente!!

Postdi shel » 06/05/09 17:40

lascia lavorare combofix, non succede niente

non toccare niente durante la scansione
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: aiuto virus...non ci capisco veramente niente!!

Postdi elaisa83 » 06/05/09 18:52

ho capito ma dopo la scansione???che ci faccio con quei backup? :aaah :aaah :aaah
elaisa83
Utente Junior
 
Post: 53
Iscritto il: 06/05/09 10:08

Re: aiuto virus...non ci capisco veramente niente!!

Postdi elaisa83 » 06/05/09 19:46

ok...cazzarola mi avevi fatto paura con tutte le tue raccomandazioni :oops:

beh non è successo nulla di nulla ti posto il log
ComboFix 09-05-05.04 - Michela Ravarelli 06/05/2009 20.30.08.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.408 [GMT 2:00]
Eseguito da: c:\documents and settings\Michela Ravarelli\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: PC Tools Firewall Plus *enabled*
.

((((((((((((((((((((((((( Files Creati Da 2009-04-06 al 2009-05-06 )))))))))))))))))))))))))))))))))))
.

2009-05-06 10:39 . 2009-05-06 10:39 -------- d-----w c:\documents and settings\Michela Ravarelli\Dati applicazioni\Malwarebytes
2009-05-06 10:39 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-06 10:39 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 10:39 . 2009-05-06 10:39 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-05-06 10:39 . 2009-05-06 10:39 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-05-06 07:46 . 2009-05-06 07:46 -------- d-----w c:\programmi\Trend Micro
2009-05-06 05:55 . 2009-05-06 05:54 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-05 19:10 . 2009-05-06 17:50 -------- d-----w c:\documents and settings\Michela Ravarelli\.housecall6.6
2009-05-05 17:18 . 2009-05-05 17:19 -------- d-----w c:\programmi\FlashCAD_Composer
2009-05-04 17:32 . 2009-05-04 17:32 -------- d-----w c:\windows\FlashCAD_Composer
2009-05-04 17:32 . 2009-05-04 17:51 -------- d-----w C:\FlashLIB
2009-05-03 13:05 . 2009-05-03 13:05 -------- d-----w c:\documents and settings\Michela Ravarelli\Impostazioni locali\Dati applicazioni\Ahead
2009-05-03 13:04 . 2009-05-03 13:04 -------- d-----w c:\documents and settings\Michela Ravarelli\Dati applicazioni\Ahead
2009-05-03 12:57 . 2009-05-03 12:57 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Ahead
2009-05-03 12:56 . 2009-05-03 12:56 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Nero
2009-05-03 12:56 . 2009-05-03 12:56 -------- d-----w c:\programmi\File comuni\Ahead
2009-05-03 12:56 . 2009-05-03 12:56 -------- d-----w c:\programmi\Nero
2009-05-03 08:38 . 2009-05-03 08:46 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-05-03 08:35 . 2009-05-06 07:43 -------- d-----w c:\windows\system32\ZoneLabs
2009-05-03 08:35 . 2009-05-03 08:35 -------- d-----w c:\programmi\Zone Labs
2009-05-03 08:34 . 2009-05-05 17:21 -------- d-----w c:\windows\Internet Logs
2009-04-16 16:42 . 2008-04-21 21:14 219136 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-16 16:41 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 16:41 . 2009-03-06 14:19 286208 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-16 16:41 . 2009-02-09 11:22 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-16 16:41 . 2009-02-09 10:51 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 16:41 . 2009-02-09 10:51 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 16:41 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-16 16:41 . 2009-02-09 10:51 683520 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 16:41 . 2009-02-09 10:51 734720 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 16:41 . 2009-02-09 10:51 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 16:41 . 2009-02-09 10:51 736256 ------w c:\windows\system32\dllcache\ntdll.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-06 18:29 . 2008-12-30 12:29 -------- d-----w c:\programmi\PeerGuardian2
2009-05-06 18:18 . 2008-09-16 14:37 -------- d-----w c:\programmi\ONDA CONNECTION MANAGER
2009-05-06 05:54 . 2008-09-12 08:33 -------- d-----w c:\programmi\Java
2009-05-01 08:26 . 2008-09-11 23:43 108992 ----a-w c:\documents and settings\Michela Ravarelli\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-29 08:56 . 2009-02-05 17:18 -------- d-----w c:\programmi\Spyware Terminator
2009-04-26 06:24 . 2008-09-13 08:41 -------- d-----w c:\programmi\Bonjour
2009-04-24 09:03 . 2008-09-17 15:21 -------- d-----w c:\programmi\eMule
2009-04-17 01:16 . 2004-09-03 09:37 91890 ----a-w c:\windows\system32\perfc010.dat
2009-04-17 01:16 . 2004-09-03 09:37 510062 ----a-w c:\windows\system32\perfh010.dat
2009-04-02 13:54 . 2009-03-29 11:29 -------- d-----w c:\programmi\File comuni\PC Tools
2009-03-30 06:09 . 2009-03-29 11:32 -------- d-----w c:\programmi\PC Tools Firewall Plus
2009-03-29 12:51 . 2009-03-29 12:26 -------- d-----w c:\programmi\Startup Inspector for Windows
2009-03-17 17:06 . 2008-09-16 13:20 -------- d-----w c:\programmi\Google
2009-03-13 17:43 . 2008-09-12 07:05 -------- d-----w c:\programmi\File comuni\Adobe
2009-03-06 14:45 . 2009-03-29 11:29 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-03-06 14:19 . 2004-09-03 09:36 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2004-09-03 09:36 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-22 09:39 . 2009-02-22 09:39 0 ----a-w c:\windows\nsreg.dat
2009-02-20 17:08 . 2004-09-03 09:36 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-10 17:02 . 2004-08-19 13:34 2069760 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 14:04 . 2004-09-03 09:36 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2004-09-03 09:36 2192768 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:22 . 2004-09-03 09:36 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2004-09-03 09:36 734720 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2004-09-03 09:36 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2004-09-03 09:36 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2004-09-03 09:36 736256 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2004-09-03 09:36 35328 ----a-w c:\windows\system32\sc.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ccleaner"="c:\programmi\CCleaner\CCleaner.exe" [2008-12-19 1434864]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PeerGuardian"="c:\programmi\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 98394]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 688218]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-04-26 45056]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-01 7118848]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-05-06 148888]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2008-01-10 385024]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2005-09-22 180269]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-02-05 2267136]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"NBKeyScan"="c:\programmi\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2008-02-21 1647912]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-05-04 14396416]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-07-01 1519616]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-23 101136]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2008-11-6 688128]
Windows Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\CrossLoop\\CrossLoopConnect.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"33386:TCP"= 33386:TCP:eMule_TCP
"38360:UDP"= 38360:UDP:eMule_UDP
"1720:TCP"= 1720:TCP:utorrent

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [29/03/2009 13.29.55 130424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [29/03/2009 13.30.13 159600]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [05/02/2009 19.18.54 142592]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [16/09/2008 16.37.26 81920]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [29/03/2009 13.29.55 73840]
R3 CIR;Hid Device;c:\windows\system32\drivers\CIR.sys [01/01/1980 5120]
R3 kbd;Keyboard;c:\windows\system32\drivers\kbd.sys [01/01/1980 21504]
R3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [22/09/2005 10.57.11 800000]
R3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [16/09/2008 16.37.32 100480]
R3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [16/09/2008 16.37.32 87552]
R3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [16/09/2008 16.37.32 100480]
R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\SLDRV\slazldrv.sys [22/09/2005 10.57.38 226768]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [29/03/2009 13.32.25 95640]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - PGFILTER
*Deregistered* - tmcomm
.
Contenuto della cartella 'Scheduled Tasks'

2009-05-06 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-16 15:09]

2009-03-30 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\programmi\Spybot - Search & Destroy\SpybotSD.exe [2008-09-12 07:42]

2009-05-06 c:\windows\Tasks\User_Feed_Synchronization-{CAE53F20-15C2-4EC1-9B45-7732B51ED482}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 16:36]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.mininova.org/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com\www.update
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///D:/CDVIEWER/CdViewer.cab
FF - ProfilePath - c:\documents and settings\Michela Ravarelli\Dati applicazioni\Mozilla\Firefox\Profiles\fgvmq34c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mininova.org/
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin8.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-06 20:31
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(1480)
c:\programmi\Logitech\SetPoint\lgscroll.dll
c:\programmi\Windows Desktop Search\deskbar.dll
c:\programmi\Windows Desktop Search\it-it\dbres.dll.mui
c:\programmi\Windows Desktop Search\dbres.dll
c:\programmi\Windows Desktop Search\wordwheel.dll
c:\programmi\Windows Desktop Search\it-it\msnlExtRes.dll.mui
c:\programmi\Windows Desktop Search\msnlExtRes.dll
c:\programmi\File comuni\Ahead\Lib\NeroSearchBar.dll
c:\programmi\File comuni\Ahead\Lib\MFC71U.DLL
c:\programmi\File comuni\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-05-06 20.33.28
ComboFix-quarantined-files.txt 2009-05-06 18:33
ComboFix2.txt 2009-05-06 18:24

Pre-Run: 8.640.565.248 byte disponibili
Post-Run: 8.622.350.336 byte disponibili

204 --- E O F --- 2009-04-17 01:05



anche se a me la cartella combofix non si è formata e qst l ho dovuto salvare sul desktop...invece nell altra qoobox
file in quarantena
2009-05-06 18:21:35 . 2009-05-06 18:31:10 11,419 ----a-w C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-05-06 18:18:01 . 2009-05-06 18:29:38 162 ----a-w C:\Qoobox\Quarantine\catchme.log
2009-05-04 18:07:21 . 2009-05-04 18:07:21 15 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\Oleopri20091.dll.vir
2009-05-04 17:33:28 . 2009-05-04 17:33:28 18 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\timedefw32ex.dll.vir


Add-Remove Programs
dobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Reader 9.1 - Italiano
Adobe Setup
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Aggiornamento critico per Windows Media Player 11 (KB959772)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127-v2)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB953838)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB956390)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB958215)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB960714)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB961260)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB963027)
Aggiornamento della protezione per Windows Media Player (KB911564)
Aggiornamento della protezione per Windows Media Player 6.4 (KB925398)
Aggiornamento della protezione per Windows Media Player 9 (KB936782)
Aggiornamento della protezione per Windows XP (KB923561)
Aggiornamento della protezione per Windows XP (KB938464-v2)
Aggiornamento della protezione per Windows XP (KB952004)
Aggiornamento della protezione per Windows XP (KB956572)
Aggiornamento della protezione per Windows XP (KB958690)
Aggiornamento della protezione per Windows XP (KB959426)
Aggiornamento della protezione per Windows XP (KB960225)
Aggiornamento della protezione per Windows XP (KB960803)
Aggiornamento della protezione per Windows XP (KB961373)
Apple Mobile Device Support
Apple Software Update
µTorrent
Avira AntiVir Personal - Free Antivirus
CCleaner (remove only)
CDDRV_Installer
CrossLoop 2.44
eMule
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
iTunes
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) 6 Update 13
KhalSetup
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1 Italian Language Pack
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 - Language Pack (italiano)
Microsoft .NET Framework 2.0 Language Pack - ITA
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0 - Language Pack (italiano)
Microsoft .NET Framework 3.0 Italian Language Pack
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Nero BackItUp 2 Essentials
neroxml
ONDA CONNECTION MANAGER
Pacchetto provider Microsoft servizio crittografia smart card di base
PC Tools Firewall Plus 5.0
PDF Settings
PeerGuardian 2.0
QuickTime
Security Update per Microsoft .NET Framework 2.0 (KB928365)
Sonic MyDVD
Sonic RecordNow!
Spybot - Search & Destroy
Spyware Terminator
Text-To-Speech-Runtime
VC 9.0 Runtime
VideoLAN VLC media player 0.8.6i
WebFldrs XP
Windows Communication Foundation
Windows Communication Foundation Language Pack - ITA
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (ITA)
Windows Search 4.0
Windows Workflow Foundation
Windows Workflow Foundation IT Language Pack
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
ZoneAlarm

QUINDI???????
elaisa83
Utente Junior
 
Post: 53
Iscritto il: 06/05/09 10:08

Re: aiuto virus...non ci capisco veramente niente!!

Postdi elaisa83 » 06/05/09 19:48

TUTTI I FILE AZZURRINI CHE TI AV DETTO PRIMA CI SONO ANCORA...SE è NORMALE MI DICI A CHE DIAVOLO SERVONO? E PERCHè HO DELLE CARTELLETTE CHE SEMBRANO SBIADITE?
elaisa83
Utente Junior
 
Post: 53
Iscritto il: 06/05/09 10:08

Re: aiuto virus...non ci capisco veramente niente!!

Postdi elaisa83 » 06/05/09 20:07

SPERANDO DI TROVARE UN ALTRO TUO POST...TI FACCIO NOTARE CHE HO QUESTO FILE NELLA CARTELLA TEMP
Perflib_Perfdata_7c CHE FACCIO LO CANCELLO?CERCANDO SU GOOGLE HO TROVATO SOLO SITI TEDESCHIIIIII :undecided:
elaisa83
Utente Junior
 
Post: 53
Iscritto il: 06/05/09 10:08

Re: aiuto virus...non ci capisco veramente niente!!

Postdi shel » 06/05/09 20:32

ciao Elaisa

allora per precisare volevo dirti due cose

la prima e' quella di scrivere in minuscolo, saprai che il maiuscolo equivale ad urlare

la seconda e' inerente il log che mi hai postato, troppo pieno di pause con i tuoi commenti e soprattutto un po' incompleto

pertanto ti inviterei ad eseguire nuovamente la scansione, oppure postarmi il log senza nessun commento scritto nel mezzo- semmai, se proprio devi comunicarmi qualcosa, fallo solo alla fine del log, scri i tuoi commenti sotto

GRAZIE
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: aiuto virus...non ci capisco veramente niente!!

Postdi elaisa83 » 07/05/09 06:48

.

Codice: Seleziona tutto
(((((((((((((((((((((((((   Files Creati Da 2009-04-06 al 2009-05-06  )))))))))))))))))))))))))))))))))))
.

2009-05-06 10:39 . 2009-05-06 10:39   --------   d-----w   c:\documents and settings\Michela Ravarelli\Dati applicazioni\Malwarebytes
2009-05-06 10:39 . 2009-04-06 13:32   15504   ----a-w   c:\windows\system32\drivers\mbam.sys
2009-05-06 10:39 . 2009-04-06 13:32   38496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 10:39 . 2009-05-06 10:39   --------   d-----w   c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-05-06 10:39 . 2009-05-06 10:39   --------   d-----w   c:\programmi\Malwarebytes' Anti-Malware
2009-05-06 07:46 . 2009-05-06 07:46   --------   d-----w   c:\programmi\Trend Micro
2009-05-06 05:55 . 2009-05-06 05:54   410984   ----a-w   c:\windows\system32\deploytk.dll
2009-05-05 19:10 . 2009-05-06 17:50   --------   d-----w   c:\documents and settings\Michela Ravarelli\.housecall6.6
2009-05-05 17:18 . 2009-05-05 17:19   --------   d-----w   c:\programmi\FlashCAD_Composer
2009-05-04 17:32 . 2009-05-04 17:32   --------   d-----w   c:\windows\FlashCAD_Composer
2009-05-04 17:32 . 2009-05-04 17:51   --------   d-----w   C:\FlashLIB
2009-05-03 13:05 . 2009-05-03 13:05   --------   d-----w   c:\documents and settings\Michela Ravarelli\Impostazioni locali\Dati applicazioni\Ahead
2009-05-03 13:04 . 2009-05-03 13:04   --------   d-----w   c:\documents and settings\Michela Ravarelli\Dati applicazioni\Ahead
2009-05-03 12:57 . 2009-05-03 12:57   --------   d-----w   c:\documents and settings\All Users\Dati applicazioni\Ahead
2009-05-03 12:56 . 2009-05-03 12:56   --------   d-----w   c:\documents and settings\All Users\Dati applicazioni\Nero
2009-05-03 12:56 . 2009-05-03 12:56   --------   d-----w   c:\programmi\File comuni\Ahead
2009-05-03 12:56 . 2009-05-03 12:56   --------   d-----w   c:\programmi\Nero
2009-05-03 08:38 . 2009-05-03 08:46   4212   ---ha-w   c:\windows\system32\zllictbl.dat
2009-05-03 08:35 . 2009-05-06 07:43   --------   d-----w   c:\windows\system32\ZoneLabs
2009-05-03 08:35 . 2009-05-03 08:35   --------   d-----w   c:\programmi\Zone Labs
2009-05-03 08:34 . 2009-05-05 17:21   --------   d-----w   c:\windows\Internet Logs
2009-04-16 16:42 . 2008-04-21 21:14   219136   ------w   c:\windows\system32\dllcache\wordpad.exe
2009-04-16 16:41 . 2009-02-06 10:10   227840   ------w   c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 16:41 . 2009-03-06 14:19   286208   ------w   c:\windows\system32\dllcache\pdh.dll
2009-04-16 16:41 . 2009-02-09 11:22   111104   ------w   c:\windows\system32\dllcache\services.exe
2009-04-16 16:41 . 2009-02-09 10:51   401408   ------w   c:\windows\system32\dllcache\rpcss.dll
2009-04-16 16:41 . 2009-02-09 10:51   473600   ------w   c:\windows\system32\dllcache\fastprox.dll
2009-04-16 16:41 . 2009-02-06 10:39   35328   ------w   c:\windows\system32\dllcache\sc.exe
2009-04-16 16:41 . 2009-02-09 10:51   683520   ------w   c:\windows\system32\dllcache\advapi32.dll
2009-04-16 16:41 . 2009-02-09 10:51   734720   ------w   c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 16:41 . 2009-02-09 10:51   453120   ------w   c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 16:41 . 2009-02-09 10:51   736256   ------w   c:\windows\system32\dllcache\ntdll.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-06 18:29 . 2008-12-30 12:29   --------   d-----w   c:\programmi\PeerGuardian2
2009-05-06 18:18 . 2008-09-16 14:37   --------   d-----w   c:\programmi\ONDA CONNECTION MANAGER
2009-05-06 05:54 . 2008-09-12 08:33   --------   d-----w   c:\programmi\Java
2009-05-01 08:26 . 2008-09-11 23:43   108992   ----a-w   c:\documents and settings\Michela Ravarelli\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-29 08:56 . 2009-02-05 17:18   --------   d-----w   c:\programmi\Spyware Terminator
2009-04-26 06:24 . 2008-09-13 08:41   --------   d-----w   c:\programmi\Bonjour
2009-04-24 09:03 . 2008-09-17 15:21   --------   d-----w   c:\programmi\eMule
2009-04-17 01:16 . 2004-09-03 09:37   91890   ----a-w   c:\windows\system32\perfc010.dat
2009-04-17 01:16 . 2004-09-03 09:37   510062   ----a-w   c:\windows\system32\perfh010.dat
2009-04-02 13:54 . 2009-03-29 11:29   --------   d-----w   c:\programmi\File comuni\PC Tools
2009-03-30 06:09 . 2009-03-29 11:32   --------   d-----w   c:\programmi\PC Tools Firewall Plus
2009-03-29 12:51 . 2009-03-29 12:26   --------   d-----w   c:\programmi\Startup Inspector for Windows
2009-03-17 17:06 . 2008-09-16 13:20   --------   d-----w   c:\programmi\Google
2009-03-13 17:43 . 2008-09-12 07:05   --------   d-----w   c:\programmi\File comuni\Adobe
2009-03-06 14:45 . 2009-03-29 11:29   130424   ----a-w   c:\windows\system32\drivers\PCTCore.sys
2009-03-06 14:19 . 2004-09-03 09:36   286208   ----a-w   c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2004-09-03 09:36   826368   ----a-w   c:\windows\system32\wininet.dll
2009-02-22 09:39 . 2009-02-22 09:39   0   ----a-w   c:\windows\nsreg.dat
2009-02-20 17:08 . 2004-09-03 09:36   78336   ----a-w   c:\windows\system32\ieencode.dll
2009-02-10 17:02 . 2004-08-19 13:34   2069760   ----a-w   c:\windows\system32\ntkrnlpa.exe
2009-02-09 14:04 . 2004-09-03 09:36   1846784   ----a-w   c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2004-09-03 09:36   2192768   ----a-w   c:\windows\system32\ntoskrnl.exe
2009-02-09 11:22 . 2004-09-03 09:36   111104   ----a-w   c:\windows\system32\services.exe
2009-02-09 10:51 . 2004-09-03 09:36   734720   ----a-w   c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2004-09-03 09:36   401408   ----a-w   c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2004-09-03 09:36   683520   ----a-w   c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2004-09-03 09:36   736256   ----a-w   c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2004-09-03 09:36   35328   ----a-w   c:\windows\system32\sc.exe
.

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ccleaner"="c:\programmi\CCleaner\CCleaner.exe" [2008-12-19 1434864]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PeerGuardian"="c:\programmi\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 98394]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 688218]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-04-26 45056]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-01 7118848]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-05-06 148888]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2008-01-10 385024]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2005-09-22 180269]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-02-05 2267136]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"NBKeyScan"="c:\programmi\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2008-02-21 1647912]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-05-04 14396416]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-07-01 1519616]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-23 101136]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2008-11-6 688128]
Windows Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\CrossLoop\\CrossLoopConnect.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"33386:TCP"= 33386:TCP:eMule_TCP
"38360:UDP"= 38360:UDP:eMule_UDP
"1720:TCP"= 1720:TCP:utorrent

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [29/03/2009 13.29.55 130424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [29/03/2009 13.30.13 159600]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [05/02/2009 19.18.54 142592]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [16/09/2008 16.37.26 81920]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [29/03/2009 13.29.55 73840]
R3 CIR;Hid Device;c:\windows\system32\drivers\CIR.sys [01/01/1980 5120]
R3 kbd;Keyboard;c:\windows\system32\drivers\kbd.sys [01/01/1980 21504]
R3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [22/09/2005 10.57.11 800000]
R3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [16/09/2008 16.37.32 100480]
R3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [16/09/2008 16.37.32 87552]
R3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [16/09/2008 16.37.32 100480]
R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\SLDRV\slazldrv.sys [22/09/2005 10.57.38 226768]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [29/03/2009 13.32.25 95640]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - PGFILTER
*Deregistered* - tmcomm
.
Contenuto della cartella 'Scheduled Tasks'

2009-05-06 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-16 15:09]

2009-03-30 c:\windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
- c:\programmi\Spybot - Search & Destroy\SpybotSD.exe [2008-09-12 07:42]

2009-05-06 c:\windows\Tasks\User_Feed_Synchronization-{CAE53F20-15C2-4EC1-9B45-7732B51ED482}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 16:36]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.mininova.org/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com\www.update
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///D:/CDVIEWER/CdViewer.cab
FF - ProfilePath - c:\documents and settings\Michela Ravarelli\Dati applicazioni\Mozilla\Firefox\Profiles\fgvmq34c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mininova.org/
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin8.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-06 20:31
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(1480)
c:\programmi\Logitech\SetPoint\lgscroll.dll
c:\programmi\Windows Desktop Search\deskbar.dll
c:\programmi\Windows Desktop Search\it-it\dbres.dll.mui
c:\programmi\Windows Desktop Search\dbres.dll
c:\programmi\Windows Desktop Search\wordwheel.dll
c:\programmi\Windows Desktop Search\it-it\msnlExtRes.dll.mui
c:\programmi\Windows Desktop Search\msnlExtRes.dll
c:\programmi\File comuni\Ahead\Lib\NeroSearchBar.dll
c:\programmi\File comuni\Ahead\Lib\MFC71U.DLL
c:\programmi\File comuni\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-05-06 20.33.28
ComboFix-quarantined-files.txt  2009-05-06 18:33
ComboFix2.txt  2009-05-06 18:24

Pre-Run: 8.640.565.248 byte disponibili
Post-Run: 8.622.350.336 byte disponibili

204   --- E O F ---   2009-04-17 01:05
elaisa83
Utente Junior
 
Post: 53
Iscritto il: 06/05/09 10:08

Re: aiuto virus...non ci capisco veramente niente!!

Postdi elaisa83 » 07/05/09 10:59

:?: così non va bene??? ho fatto copia incolla..
elaisa83
Utente Junior
 
Post: 53
Iscritto il: 06/05/09 10:08


Torna a Sicurezza e Privacy


Topic correlati a "aiuto virus...non ci capisco veramente niente!!":

Aiuto urgente!!!
Autore: templare77
Forum: Software Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 11 ospiti

cron