Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Virus

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Re: Virus

Postdi lupos3 » 04/11/09 16:44

il remove tool non mi ha trovato nulla di infetto, in compenso nod mi ha messo in quarantena 4 file posicionati nella cartella C:\RECYCLER, con estensione finale (dc27.dll, dc12.tmp, dc11tmp, dc10.tmp) varianti win32/trojandownloader.I, gli altri 3 file variante Mebroot.CN

attendo direttiva
grazie
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Sponsor
 

Re: Virus

Postdi lupos3 » 04/11/09 16:50

ti posto il log di nod

04/11/2009 16.37.26 Protezione file system in tempo reale file C:\RECYCLER\S-1-5-21-2488422153-3833549872-3521217758-1006\Dc27.dll una variante di Win32/TrojanDownloader.Mebload.I trojan horse Risolto tramite eliminazione - messo in quarantena NT AUTHORITY\SYSTEM Si è verificato un evento in un file modificato dall'applicazione: C:\WINDOWS\Explorer.EXE.
04/11/2009 16.37.18 Protezione file system in tempo reale file C:\RECYCLER\S-1-5-21-2488422153-3833549872-3521217758-1006\Dc12.tmp una variante di Win32/Mebroot.CN trojan horse Risolto tramite eliminazione - messo in quarantena NT AUTHORITY\SYSTEM Si è verificato un evento in un file modificato dall'applicazione: C:\WINDOWS\Explorer.EXE.
04/11/2009 16.37.10 Protezione file system in tempo reale file C:\RECYCLER\S-1-5-21-2488422153-3833549872-3521217758-1006\Dc11.tmp una variante di Win32/Mebroot.CN trojan horse Risolto tramite eliminazione - messo in quarantena NT AUTHORITY\SYSTEM Si è verificato un evento in un file modificato dall'applicazione: C:\WINDOWS\Explorer.EXE.
04/11/2009 16.37.02 Protezione file system in tempo reale file C:\RECYCLER\S-1-5-21-2488422153-3833549872-3521217758-1006\Dc10.tmp una variante di Win32/Mebroot.CN trojan horse Risolto tramite eliminazione - messo in quarantena NT AUTHORITY\SYSTEM Si è verificato un evento in un file modificato dall'applicazione: C:\WINDOWS\Explorer.EXE.
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Re: Virus

Postdi lupos3 » 08/11/09 10:28

Ho fatto un paio di scansioni online e mi rileva semprun mebroot.cn, qualsiasi browser utilizzi, dopo qualche minuto il pc si inchioda, qualcuno mi dice cosa fare?
grazie
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Re: Virus

Postdi shel » 08/11/09 11:41

ciao

se e' il Trojan.Mebroot si e' insidiato nel M.B.R.

prova a fare una scansione con questo programma

http://dl.antivir.de/down/windows/antivir_rootkit.zip
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Virus

Postdi lupos3 » 08/11/09 14:03

ho provato a scaricare varie versioni di questo programma , ma all'avvio mi esce il seguente messaggio di errore: impossibile avviare l'applicazione specificata. la configurazione dell'applicaziojne non e' corretta una nuova installaziono potrebbe risolvere.
che fare?
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Re: Virus

Postdi shel » 08/11/09 14:20

prova da provvisoria, potrebbe esserci qualche programma che va in conflitto
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Virus

Postdi lupos3 » 08/11/09 14:28

provato anche da provvisoria, ho disattivato anche l'antivirus ma nulla da fare
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Re: Virus

Postdi shel » 08/11/09 14:35

prova questo tool, mi sembra che e' stand alone

http://www.ziddu.com/download/4428377/F ... t.exe.html

doppio click sul file FixMebroot.exe , poi clicca su Accept

clicca su Start e segui le istruzioni a video

Una volta conclusa la scansione verrà generato sul desktop il log dal nome FixMebroot.log
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Virus

Postdi lupos3 » 08/11/09 15:04

la scansione e' durata pochissimo , non ha trovato nulla e non ha generato nessun log, il pc e' sempre piu' inchiodato anche senza collegamento internet, non so piu' che fare
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Re: Virus

Postdi lupos3 » 08/11/09 19:12

Oggi mi ci sto buttando a capofitto, prima di buttarlo dalla finestra.
Altra anomalia riscontrata, ho fatto diverse scansioni online e anche qualchhe scansione con programmi tipo (spyware doctor) non termina mai le scansioni e si blocca sempre durante la fase di controllo dei file .
Il mistero s' infittisce?
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Re: Virus

Postdi shel » 08/11/09 20:08

riesegu combofix da provvisoria e posta il report

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Virus

Postdi lupos3 » 08/11/09 22:49

ecco il post

ComboFix 09-11-08.02 - massimo 08/11/2009 22.28.25.4.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1015.843 [GMT 1:00]
Eseguito da: C:\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-10-08 al 2009-11-08 )))))))))))))))))))))))))))))))))))
.

2009-11-08 21:20:23 . 2009-11-08 21:20:34 3563182 ----a-r- C:\ComboFix.exe
2009-11-08 17:58:57 . 2009-11-08 17:58:57 0 d-----w- C:\Documents and Settings\massimo\Impostazioni locali\Dati applicazioni\Threat Expert
2009-11-08 17:34:30 . 2009-10-08 10:31:14 767952 ----a-w- C:\WINDOWS\BDTSupport.dll
2009-11-08 17:34:29 . 2009-10-08 10:31:46 149456 ----a-w- C:\WINDOWS\SGDetectionTool.dll
2009-11-08 17:34:29 . 2009-10-08 10:31:44 165840 ----a-w- C:\WINDOWS\PCTBDRes.dll
2009-11-08 17:34:29 . 2009-10-08 10:31:44 1636304 ----a-w- C:\WINDOWS\PCTBDCore.dll
2009-11-08 17:34:29 . 2009-10-02 13:19:04 1152470 ----a-w- C:\WINDOWS\UDB.zip
2009-11-08 17:34:29 . 2008-11-26 11:08:42 131 ----a-w- C:\WINDOWS\IDB.zip
2009-11-08 17:28:05 . 2009-09-24 07:55:46 229304 ----a-w- C:\WINDOWS\system32\drivers\pctgntdi.sys
2009-11-08 17:27:43 . 2009-09-23 15:10:06 207280 ----a-w- C:\WINDOWS\system32\drivers\PCTCore.sys
2009-11-08 17:27:42 . 2009-10-06 15:31:30 87784 ----a-w- C:\WINDOWS\system32\drivers\PCTAppEvent.sys
2009-11-08 17:27:02 . 2009-09-03 08:45:12 70408 ----a-w- C:\WINDOWS\system32\drivers\pctplsg.sys
2009-11-08 17:26:12 . 2009-11-08 21:21:21 0 d-----w- C:\Programmi\Spyware Doctor
2009-11-08 17:26:12 . 2009-11-08 17:26:12 0 d-----w- C:\Documents and Settings\massimo\Dati applicazioni\PC Tools
2009-11-08 17:26:12 . 2009-11-08 17:26:12 0 d-----w- C:\Documents and Settings\All Users\Dati applicazioni\PC Tools
2009-11-08 17:09:24 . 2009-11-08 17:09:24 117760 ----a-w- C:\Documents and Settings\massimo\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-08 17:07:22 . 2009-11-08 17:07:22 0 d-----w- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-11-08 17:07:09 . 2009-11-08 17:07:16 0 d-----w- C:\Programmi\SUPERAntiSpyware
2009-11-08 17:07:09 . 2009-11-08 17:07:09 0 d-----w- C:\Documents and Settings\massimo\Dati applicazioni\SUPERAntiSpyware.com
2009-11-08 17:06:46 . 2009-11-08 17:06:46 0 d-----w- C:\Programmi\File comuni\Wise Installation Wizard
2009-11-08 16:39:11 . 2009-11-08 17:34:47 0 d-----w- C:\Programmi\File comuni\PC Tools
2009-11-08 16:38:52 . 2009-11-08 21:21:26 0 d---a-w- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2009-11-08 14:37:28 . 2009-11-08 14:44:19 0 d-----w- C:\Documents and Settings\massimo\Dati applicazioni\QuickScan
2009-11-08 14:36:56 . 2009-10-29 14:39:50 679936 ----a-w- C:\Documents and Settings\massimo\Dati applicazioni\Mozilla\Firefox\Profiles\ljxunb94.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-11-08 14:36:56 . 2009-10-29 14:39:32 614400 ----a-w- C:\Documents and Settings\massimo\Dati applicazioni\Mozilla\Firefox\Profiles\ljxunb94.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-11-08 13:00:45 . 2009-04-21 13:20:32 188673 ----a-w- C:\avirarkd.exe
2009-11-08 12:08:01 . 2009-11-08 12:29:28 152576 ----a-w- C:\Documents and Settings\massimo\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-04 15:37:01 . 2009-11-04 15:37:01 0 d-----w- C:\Documents and Settings\massimo\Impostazioni locali\Dati applicazioni\ESET
2009-11-04 12:02:50 . 2009-11-08 21:12:12 3610656 --sha-w- C:\WINDOWS\system32\drivers\fidbox.dat
2009-11-04 08:10:02 . 2009-11-04 08:10:02 25108 ---ha-w- C:\WINDOWS\system32\mlfcache.dat
2009-10-29 16:25:58 . 2009-10-29 16:25:58 0 d-----w- C:\Documents and Settings\massimo\Impostazioni locali\Dati applicazioni\Apple Computer
2009-10-29 16:25:57 . 2009-10-29 16:25:59 0 d-----w- C:\Documents and Settings\massimo\Dati applicazioni\Apple Computer
2009-10-29 16:24:19 . 2009-10-29 16:24:47 0 d-----w- C:\Programmi\Safari
2009-10-29 16:24:19 . 2009-10-29 16:24:19 0 d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2009-10-29 16:23:54 . 2009-10-29 16:23:54 0 d-----w- C:\Documents and Settings\massimo\Impostazioni locali\Dati applicazioni\Apple
2009-10-29 16:23:38 . 2009-10-29 16:23:41 0 d-----w- C:\Programmi\Apple Software Update
2009-10-29 16:23:38 . 2009-10-29 16:23:38 0 d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Apple
2009-10-29 15:00:36 . 2009-10-29 15:10:32 0 d-----w- C:\Documents and Settings\HelpAssistant.MAX\IETldCache
2009-10-29 14:58:29 . 2009-10-29 14:58:29 0 d-sh--w- C:\Documents and Settings\massimo\IETldCache
2009-10-29 14:58:29 . 2009-10-29 14:58:29 0 d-sh--w- C:\Documents and Settings\LocalService\IETldCache
2009-10-29 14:56:23 . 2009-10-02 04:44:07 92160 ------w- C:\WINDOWS\system32\dllcache\iecompat.dll
2009-10-29 14:55:54 . 2009-10-29 15:06:25 0 d-----w- C:\WINDOWS\ie8updates
2009-10-29 14:55:16 . 2009-08-29 07:56:22 12800 ------w- C:\WINDOWS\system32\dllcache\xpshims.dll
2009-10-29 14:55:12 . 2009-08-29 07:56:12 246272 ------w- C:\WINDOWS\system32\dllcache\ieproxy.dll
2009-10-29 14:52:02 . 2009-08-29 07:26:30 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll
2009-10-29 14:52:02 . 2009-08-29 07:26:30 78336 ----a-w- C:\WINDOWS\system32\dllcache\ieencode.dll
2009-10-28 23:23:37 . 2009-10-28 23:23:39 0 d-----w- C:\5268ed4190955f9a237733
2009-10-28 23:18:35 . 2008-07-06 12:06:10 89088 ------w- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2009-10-28 23:18:35 . 2008-07-06 12:06:10 117760 ------w- C:\WINDOWS\system32\prntvpt.dll
2009-10-28 23:18:34 . 2008-07-06 12:06:10 575488 ------w- C:\WINDOWS\system32\xpsshhdr.dll
2009-10-28 23:18:34 . 2008-07-06 12:06:10 575488 ------w- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2009-10-28 23:18:34 . 2008-07-06 12:06:10 1676288 ------w- C:\WINDOWS\system32\xpssvcs.dll
2009-10-28 23:18:34 . 2008-07-06 12:06:10 1676288 ------w- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2009-10-28 23:18:34 . 2008-07-06 10:50:03 597504 ------w- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2009-10-28 23:18:33 . 2009-10-28 23:19:12 0 d-----w- C:\a2c064abf746e4875f4ba0
2009-10-27 13:01:09 . 2009-10-27 13:01:09 0 d-----w- C:\Documents and Settings\HelpAssistant.MAX\DoctorWeb
2009-10-27 13:00:41 . 2009-10-27 13:00:43 0 d-----w- C:\Documents and Settings\HelpAssistant.MAX\.housecall6.6
2009-10-26 19:35:45 . 2009-11-08 13:29:33 0 d-----w- C:\Programmi\Spybot - Search & Destroy
2009-10-26 19:35:45 . 2009-11-08 13:29:32 0 d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-10-26 19:13:19 . 2009-10-26 19:13:21 0 d-----w- C:\Programmi\CCleaner
2009-10-26 17:22:37 . 2009-10-26 17:22:37 0 d-----w- C:\Documents and Settings\massimo\DoctorWeb
2009-10-26 16:01:40 . 2008-03-03 17:21:34 568 ---ha-w- C:\WINDOWS\nod32fixtemdono.reg
2009-10-26 16:01:40 . 2008-03-03 13:25:38 5702 ---ha-w- C:\WINDOWS\nod32restoretemdono.reg
2009-10-26 15:49:07 . 2009-10-26 15:49:07 0 d-----w- C:\Programmi\ESET
2009-10-26 15:31:35 . 2009-10-26 15:31:35 0 d-----w- C:\Documents and Settings\All Users\Dati applicazioni\ESET
2009-10-26 15:02:27 . 2009-02-06 10:10:02 227840 ------w- C:\WINDOWS\system32\dllcache\wmiprvse.exe
2009-10-26 15:02:23 . 2009-03-06 14:19:00 286208 ------w- C:\WINDOWS\system32\dllcache\pdh.dll
2009-10-26 15:02:23 . 2009-02-09 11:22:49 111104 ------w- C:\WINDOWS\system32\dllcache\services.exe
2009-10-26 15:02:23 . 2009-02-09 10:51:44 401408 ------w- C:\WINDOWS\system32\dllcache\rpcss.dll
2009-10-26 15:02:22 . 2009-02-09 10:51:44 683520 ------w- C:\WINDOWS\system32\dllcache\advapi32.dll
2009-10-26 15:02:22 . 2009-02-09 10:51:43 473600 ------w- C:\WINDOWS\system32\dllcache\fastprox.dll
2009-10-26 15:02:22 . 2009-02-09 10:51:42 453120 ------w- C:\WINDOWS\system32\dllcache\wmiprvsd.dll
2009-10-26 15:02:22 . 2009-02-06 10:39:08 35328 ------w- C:\WINDOWS\system32\dllcache\sc.exe
2009-10-26 15:02:21 . 2009-02-09 10:51:43 736256 ------w- C:\WINDOWS\system32\dllcache\ntdll.dll
2009-10-26 11:28:07 . 2008-04-21 21:14:24 219136 ------w- C:\WINDOWS\system32\dllcache\wordpad.exe
2009-10-26 11:26:54 . 2008-06-14 17:32:08 272768 ------w- C:\WINDOWS\system32\drivers\bthport.sys
2009-10-26 11:26:54 . 2008-06-14 17:32:08 272768 ------w- C:\WINDOWS\system32\dllcache\bthport.sys
2009-10-26 11:13:42 . 2009-06-30 09:37:16 28552 ----a-w- C:\WINDOWS\system32\drivers\pavboot.sys
2009-10-26 11:13:28 . 2009-10-26 11:13:28 0 d-----w- C:\Programmi\Panda Security
2009-10-26 11:10:50 . 2009-10-26 11:12:20 0 d-----w- C:\Documents and Settings\massimo\.housecall6.6
2009-10-26 11:09:42 . 2009-10-26 11:09:42 0 d-----w- C:\WINDOWS\Sun
2009-10-26 10:27:48 . 2009-10-26 10:35:42 0 d-----w- C:\WINDOWS\BDOSCAN8
2009-10-26 09:51:10 . 2008-05-27 17:23:58 765952 ----a-w- C:\WINDOWS\system32\dllcache\vgx.dll
2009-10-26 08:45:19 . 2009-06-21 21:47:25 153088 ------w- C:\WINDOWS\system32\dllcache\triedit.dll
2009-10-26 08:41:19 . 2008-05-08 14:02:52 203136 ------w- C:\WINDOWS\system32\dllcache\rmcast.sys
2009-10-26 08:40:46 . 2008-10-24 11:21:09 455296 ------w- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2009-10-26 08:40:03 . 2008-12-11 10:57:09 333952 ------w- C:\WINDOWS\system32\dllcache\srv.sys
2009-10-26 08:39:24 . 2008-05-01 14:34:52 331776 ------w- C:\WINDOWS\system32\dllcache\msadce.dll
2009-10-26 08:38:40 . 2009-07-10 13:26:37 1315328 ------w- C:\WINDOWS\system32\dllcache\msoe.dll
2009-10-26 08:31:30 . 2008-04-11 19:04:32 691712 ------w- C:\WINDOWS\system32\dllcache\inetcomm.dll
2009-10-25 23:21:10 . 2008-10-15 16:36:15 337408 ------w- C:\WINDOWS\system32\dllcache\netapi32.dll
2009-10-25 23:20:18 . 2008-09-04 17:15:03 1106944 ------w- C:\WINDOWS\system32\dllcache\msxml3.dll
2009-10-25 23:10:44 . 2009-08-13 15:15:50 512000 ----a-w- C:\WINDOWS\system32\dllcache\jscript.dll
2009-10-25 23:02:28 . 2009-10-25 23:02:28 0 d-----w- C:\Programmi\Trend Micro
2009-10-25 22:52:02 . 2009-10-25 22:52:02 0 d-----w- C:\WINDOWS\system32\wbem\Repository
2009-10-25 21:53:30 . 2008-11-12 02:46:46 0 d-----w- C:\Documents and Settings\HelpAssistant\Bluetooth Software
2009-10-25 21:53:29 . 2009-10-25 22:21:52 0 d-----w- C:\Documents and Settings\HelpAssistant\Documenti
2009-10-25 21:53:29 . 2009-10-25 22:21:52 0 d-----w- C:\Documents and Settings\HelpAssistant\Dati applicazioni
2009-10-25 21:53:29 . 2009-10-25 22:21:51 0 d-----w- C:\Documents and Settings\HelpAssistant\Preferiti
2009-10-25 21:53:29 . 2009-10-25 22:21:51 0 d-----w- C:\Documents and Settings\HelpAssistant\Modelli
2009-10-25 21:53:29 . 2009-10-25 22:21:51 0 d-----w- C:\Documents and Settings\HelpAssistant\Impostazioni locali
2009-10-25 21:53:28 . 2009-10-25 22:21:54 0 d-s---w- C:\Documents and Settings\HelpAssistant
2009-10-19 20:46:34 . 2009-08-04 17:26:06 2148864 ------w- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2009-10-19 20:46:31 . 2009-08-04 17:26:09 2069760 ------w- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2009-10-19 20:46:31 . 2009-08-04 17:26:03 2027520 ------w- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2009-10-10 22:25:09 . 2009-10-25 22:25:49 0 d-----w- C:\Programmi\TVAnts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-08 21:12:12 . 2009-11-04 12:02:50 41036 --sha-w- C:\WINDOWS\system32\drivers\fidbox.idx
2009-11-08 12:32:00 . 2008-11-12 02:52:55 0 d-----w- C:\Programmi\Java
2009-11-08 12:02:46 . 2008-06-26 08:00:04 560454 ----a-w- C:\WINDOWS\system32\perfh010.dat
2009-11-08 12:02:46 . 2008-06-26 08:00:04 108356 ----a-w- C:\WINDOWS\system32\perfc010.dat
2009-10-25 22:51:29 . 2009-07-16 21:13:43 0 d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Skype
2009-10-25 22:51:28 . 2009-07-16 21:15:47 0 d-----w- C:\Documents and Settings\massimo\Dati applicazioni\Skype
2009-10-25 22:51:28 . 2009-07-16 21:13:51 0 d-----w- C:\Programmi\Skype
2009-10-25 22:51:27 . 2009-07-16 21:25:21 0 d-----w- C:\Documents and Settings\massimo\Dati applicazioni\VoipStunt
2009-10-25 22:50:30 . 2009-07-20 08:18:43 0 d-----w- C:\Programmi\Mozilla Firefox(2)
2009-10-25 22:49:51 . 2009-07-30 17:11:05 0 d-----w- C:\Programmi\Winamp
2009-10-25 22:49:51 . 2009-07-30 17:11:05 0 d-----w- C:\Documents and Settings\massimo\Dati applicazioni\Winamp
2009-10-25 22:49:32 . 2009-08-04 20:34:21 0 d-----w- C:\Programmi\AviSynth 2.5
2009-10-25 22:44:53 . 2009-08-26 17:24:00 0 d-----w- C:\Programmi\WebSite X5 v8 - Evolution
2009-10-25 22:28:00 . 2009-10-05 20:40:33 0 d-----w- C:\Programmi\ASIO4ALL v2(2)
2009-10-25 22:27:45 . 2009-10-05 20:46:19 0 d-----w- C:\Documents and Settings\massimo\Dati applicazioni\vlc
2009-10-08 13:57:22 . 2008-07-29 18:59:58 613888 ----a-w- C:\WINDOWS\system32\uiautomationcore.dll
2009-10-08 13:57:22 . 2008-04-15 04:00:00 23040 ----a-w- C:\WINDOWS\system32\oleaccrc.dll
2009-10-08 13:57:00 . 2008-04-15 04:00:00 220160 ----a-w- C:\WINDOWS\system32\oleacc.dll
2009-10-07 08:55:10 . 2009-07-29 11:57:17 394 ----a-w- C:\Documents and Settings\massimo\Dati applicazioni\wklnhst.dat
2009-10-05 20:44:45 . 2009-10-05 20:44:45 0 d-----w- C:\Programmi\VideoLAN
2009-10-05 20:31:52 . 2009-07-16 21:19:32 0 d-----w- C:\Documents and Settings\massimo\Dati applicazioni\skypePM
2009-09-27 11:45:44 . 2009-07-29 11:57:24 33408 ----a-w- C:\Documents and Settings\massimo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-09-16 02:20:50 . 2009-11-08 17:27:43 7383 ----a-w- C:\WINDOWS\system32\drivers\pctcore.cat
2009-09-15 05:20:46 . 2009-11-08 17:27:06 7383 ----a-w- C:\WINDOWS\system32\drivers\pctplsg.cat
2009-09-15 01:12:04 . 2009-11-08 17:27:43 7412 ----a-w- C:\WINDOWS\system32\drivers\PCTAppEvent.cat
2009-09-15 00:01:44 . 2009-11-08 17:28:06 7387 ----a-w- C:\WINDOWS\system32\drivers\pctgntdi.cat
2009-09-11 14:17:34 . 2008-04-15 04:00:00 136192 ----a-w- C:\WINDOWS\system32\msv1_0.dll
2009-09-04 21:03:04 . 2008-04-15 04:00:00 58880 ----a-w- C:\WINDOWS\system32\msasn1.dll
2009-08-29 07:26:38 . 2007-08-14 00:54:10 832512 ----a-w- C:\WINDOWS\system32\wininet.dll
2009-08-29 07:26:29 . 2008-04-15 04:00:00 17408 ----a-w- C:\WINDOWS\system32\corpol.dll
2009-08-26 08:00:31 . 2008-04-15 04:00:00 247326 ----a-w- C:\WINDOWS\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 10:31:46 395216]

[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 10:31:46 395216]

[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-15 13:46:46 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-15 13:46:46 159744]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-15 13:46:18 131072]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2008-07-31 18:58:42 1343488]
"HP Mobile Broadband"="c:\SWsetup\HPQWWAN\HPMobileBroadband.exe" [2008-07-08 13:30:44 439600]
"hpWirelessAssistant"="C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 13:51:00 488752]
"egui"="C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-08 07:46:42 1451264]
"ISTray"="C:\Programmi\Spyware Doctor\pctsTray.exe" [2009-09-22 16:11:32 1243088]
"IDTSysTrayApp"="sttray.exe" - C:\WINDOWS\sttray.exe [2008-08-30 00:03:24 442477]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-15 04:00:00 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 604776]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 09:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21:42 548352 ----a-w- C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop

R0 PCTCore;PCTools KDS;C:\WINDOWS\system32\drivers\PCTCore.sys [08/11/2009 18.27.43 207280]
S0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [26/10/2009 12.13.42 28552]
S1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [08/10/2008 8.50.14 34312]
S1 nod32drv;nod32drv;C:\WINDOWS\system32\drivers\nod32drv.sys --> C:\WINDOWS\system32\drivers\nod32drv.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Programmi\SUPERAntiSpyware\sasdifsv.sys [12/10/2009 21.24.54 9968]
S1 SASKUTIL;SASKUTIL;C:\Programmi\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 21.24.52 74480]
S2 Browser Defender Update Service;Browser Defender Update Service;C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe [08/11/2009 18.34.30 112592]
S2 ekrn;Eset Service;C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [08/10/2008 8.47.58 468224]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [15/04/2008 5.00.00 3584]
S2 sdAuxService;PC Tools Auxiliary Service;C:\Programmi\Spyware Doctor\pctsAuxs.exe [08/11/2009 18.26.33 358600]
S3 AESTAud;AE Audio Service;C:\WINDOWS\system32\drivers\AESTAud.sys [12/11/2008 3.43.55 112128]
S3 NDISKIO;NDISKIO;\??\C:\DOCUME~1\massimo\IMPOST~1\Temp\b52d5e4c.nmc\nse\bin\ndiskio.sys --> C:\DOCUME~1\massimo\IMPOST~1\Temp\b52d5e4c.nmc\nse\bin\ndiskio.sys [?]
S3 SASENUM;SASENUM;C:\Programmi\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 21.24.56 7408]
S3 UnhookMBRS;UnhookMBRS;\??\C:\DOCUME~1\massimo\IMPOST~1\Temp\b52d5e4c.nmc\nse\bin\unhookmbrs.sys --> C:\DOCUME~1\massimo\IMPOST~1\Temp\b52d5e4c.nmc\nse\bin\unhookmbrs.sys [?]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Invia a Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - C:\Documents and Settings\massimo\Dati applicazioni\Mozilla\Firefox\Profiles\ljxunb94.default\
FF - component: C:\Documents and Settings\massimo\Dati applicazioni\Mozilla\Firefox\Profiles\ljxunb94.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: C:\Documents and Settings\massimo\Dati applicazioni\Mozilla\Firefox\Profiles\ljxunb94.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

---- FIREFOX POLICIES ----
C:\Programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Re: Virus

Postdi shel » 08/11/09 23:50

conosci il contenuto di questa cartella?

C:\WINDOWS\IDB.zip
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Virus

Postdi lupos3 » 09/11/09 11:03

non cono0sco quella cartella, la cancello? da provvisoria o in modalita' normale?
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Re: Virus

Postdi shel » 09/11/09 11:13

non cancellarla dimmi solo cosa contiene
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Virus

Postdi lupos3 » 09/11/09 11:19

c'e un solo file di testo
idb.txt
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Re: Virus

Postdi shel » 09/11/09 11:48

ciao

controlla cosa e' scritto in quel txt

scarica http://www.gmer.net/files.php

Eseguilo, clicca su >>> e poi su "autostart" - "scan" - "copy" - apri un nuovo file di testo - incolla e salva il file.
Poi,clicca su "rootkit" - "scan" - "copy" - apri un nuovo file di testo - incolla e salva il file.
Posta anche questi due rapporti


Controlla durante la scansione eventuali voci in rosso
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Virus

Postdi lupos3 » 09/11/09 15:28

pc ormai ridotto ai minimi termini, ho dovuto fare la scansione 3 volte perche si inchiodava. ti posto i risultati

nel file di testo idb.txt c'e' scritto (/wp-stats.php^08360)

log di gmer:
GMER 1.0.15.15163 - http://www.gmer.net
Autostart scan 2009-11-09 12:04:26
Windows 5.1.2600 Service Pack 3


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
!SASWinLogon@DLLName = C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
igfxcui@DLLName = igfxdev.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Browser Defender Update Service@ = "C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe"
btwdins@ = C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
ekrn@ = "C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe"
NOD32FiXTemDono@ = C:\WINDOWS\system32\regedt32.exe /s C:\WINDOWS\nod32fixtemdono.reg
sdAuxService@ = C:\Programmi\Spyware Doctor\pctsAuxs.exe
sdCoreService@ = C:\Programmi\Spyware Doctor\pctsSvc.exe
STacSV@ = C:\Programmi\IDT\WDM\STacSV.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@IgfxTrayC:\WINDOWS\system32\igfxtray.exe = C:\WINDOWS\system32\igfxtray.exe
@HotKeysCmdsC:\WINDOWS\system32\hkcmd.exe = C:\WINDOWS\system32\hkcmd.exe
@PersistenceC:\WINDOWS\system32\igfxpers.exe = C:\WINDOWS\system32\igfxpers.exe
@IDTSysTrayAppsttray.exe = sttray.exe
@SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
@HP Mobile Broadbandc:\SWsetup\HPQWWAN\HPMobileBroadband.exe /TrayMode = c:\SWsetup\HPQWWAN\HPMobileBroadband.exe /TrayMode
@hpWirelessAssistantC:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe = C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
@egui"C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice = "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
@ISTray"C:\Programmi\Spyware Doctor\pctsTray.exe" = "C:\Programmi\Spyware Doctor\pctsTray.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} = C:\Programmi\SUPERAntiSpyware\SASSEH.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/(null) =
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/(null) =
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@(null) =
@{6af09ec9-b429-11d4-a1fb-0090960218cb} /*My Bluetooth Places*/C:\WINDOWS\system32\BTNEIG~1.DLL = C:\WINDOWS\system32\BTNEIG~1.DLL
@{7842554E-6BED-11D2-8CDB-B05550C10000} /*Monitor*/C:\WINDOWS\system32\btncopy.dll = C:\WINDOWS\system32\btncopy.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Programmi\Synaptics\SynTP\SynTPCpl.dll = C:\Programmi\Synaptics\SynTP\SynTPCpl.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{B089FE88-FB52-11D3-BDF1-0050DA34150D} /*Eset Smart Security - Context Menu Shell Extension*/C:\Programmi\ESET\ESET NOD32 Antivirus\shellExt.dll = C:\Programmi\ESET\ESET NOD32 Antivirus\shellExt.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Eset Smart Security - Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Programmi\ESET\ESET NOD32 Antivirus\shellExt.dll
SDContextExt@{70F8E90E-353A-47AB-B297-C576345EE693} = C:\Programmi\Spyware Doctor\SDContextExt32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{CA8ACAFA-5FBB-467B-B348-90DD488DE003} = C:\Programmi\SUPERAntiSpyware\SASCTXMN.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers@{CA8ACAFA-5FBB-467B-B348-90DD488DE003} = C:\Programmi\SUPERAntiSpyware\SASCTXMN.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Eset Smart Security - Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Programmi\ESET\ESET NOD32 Antivirus\shellExt.dll
SDContextExt@{70F8E90E-353A-47AB-B297-C576345EE693} = C:\Programmi\Spyware Doctor\SDContextExt32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
@{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll = C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Programmi\Java\jre6\bin\jp2ssv.dll = C:\Programmi\Java\jre6\bin\jp2ssv.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = BTTray.lnk

---- EOF - GMER 1.0.15 ----


il log di gmer rootkit non me lo fa postare perche troppo lungp


non ho trovato scritte in rosso.
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Re: Virus

Postdi shel » 09/11/09 16:21

ciao

comincio a pensare che il tuo problema potrebbe essere di natura hardware, non si riesce a venirne fuori

prova questa operazione >>> Start / Cerca / Tutti i file e le cartelle e digita ibm000

Se trova file come quelli che seguono vuol dire che sei infetto

ibm0000x.exe

ibm0000x.dll

al posto della «x» ci saranno delle cifre
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Virus

Postdi lupos3 » 09/11/09 16:46

non ha trovato nulla, anche io ho pensato ad un problema hardware, il fatto e ' che tutto e' avvenuto dopo aver installato quei 2 maledetti programmi, ho pensato di formattare ma si tratta di un mini notebook senza lettore anche se mi hanno fornito il cd di ripristino.
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

PrecedenteProssimo

Torna a Sicurezza e Privacy


Topic correlati a "Virus":


Chi c’è in linea

Visitano il forum: Nessuno e 11 ospiti