Condividi:        

probabile virus

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

probabile virus

Postdi cerry91 » 01/09/08 11:52

Ciao a tutti, sono un nuovo utente e ho bisogno di una mano.
Da un paio di giorni a questa parte kaspersky Internet Security 7 mi avverte (con numerosi avvisi) che i seguenti 2 processi: explorer.exe e iexplorer.exe; stanno esenguendo delle azioni sospette e infatti se acconsento a continuare le operazioni compaiono pop up di siti strani e di pubblicità...Ho notato inoltre che le icone di internet explorer sono cambiate e sono diventate più "pixellose". Quindi molto probabilmente mi trovo davanti a un virus che però non riesco a trovare ed eliminare.

Sperando che possiate darmi una mano vi posto il log di hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12.31.35, on 01/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Programmi\Bonjour\mDNSResponder.exe
    C:\Programmi\cFosSpeed\spd.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Programmi\File comuni\LightScribe\LSSrvc.exe
    C:\Programmi\Raxco\PerfectDisk2008\PD91Agent.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Programmi\CyberLink\Shared Files\RichVideo.exe
    C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Programmi\cFosSpeed\cFosSpeed.exe
    C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\RocketDock\RocketDock.exe
    C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
    C:\Programmi\SimpleCenter\bin\win\sclauncher.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Programmi\Startup Faster\sfagent.exe
    C:\Programmi\uTorrent\uTorrent.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\explorer.exe
    C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
    C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?hl=it
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O4 - HKLM\..\Run: [StartupFaster] "C:\Programmi\Startup Faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: StartupFaster
    O4 - Global Startup: StartupFaster
    O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Translate with &Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Programmi\PicLensIE\PicLens.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DB59CE9D-EA67-481A-870B-2AB0E3D73504}: NameServer = 192.168.0.1,85.37.17.8,85.38.28.73
    O18 - Protocol: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - (no file)
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
    O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Programmi\cFosSpeed\spd.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe (file missing)
    O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk2008\PD91Agent.exe
    O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk2008\PD91Engine.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Programmi\TVersity\Media Server\MediaServer.exe
    O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Programmi\VMware\VMware Workstation\vmware-ufad.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
    O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

    --
    End of file - 9573 bytes
cerry91
Newbie
 
Post: 9
Iscritto il: 01/09/08 11:43

Sponsor
 

Re: probabile virus

Postdi THECAPITAN » 01/09/08 17:42

Ciao e benvenuto nel forum. Per controllare il log vai qui:
http://www.hijackthis.de/it
Incolla tutto il testo nello spazio bianco e poi poi clicca su analizza.
Se riscontri dei problemi guarda questa sezione: http://www.pc-facile.com/forum/viewtopic.php?f=7&t=49521
THECAPITAN
Utente Senior
 
Post: 275
Iscritto il: 20/07/06 15:00

Re: probabile virus

Postdi cerry91 » 01/09/08 21:00

ciao, ho fatto l'analisi su quel sito e mi da praticamente tutto in ordine...allora visto che il problema persiste ho provato a scaricare malwarebytes e, dopo l'aggiornamento, a fare una scansione, mi ha rilevato finora(dopo 1 ora di scansione) 32 elementi infetti, però ho visto che mi ha rilevato cose che non mi sembravano dannose. Dite che è meglio che alla fine della scansione posto qui il log e gli date un'occhiata, oppure posso eliminare tutto senza crearmi altri problemi? Grazie!
cerry91
Newbie
 
Post: 9
Iscritto il: 01/09/08 11:43

Re: probabile virus

Postdi Luke57 » 01/09/08 22:37

Ciao, posta il report di mbam.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: probabile virus

Postdi cerry91 » 02/09/08 11:10

ciao! allora, iei sera ho fatto la scansione completa solo che inavvertitamente quando ha finito (più di 4 ore) anzichè clicare su "mostra i risultati" o cambiato finestra e ho perso tutto il lavoro fatto...allora adesso per non perdere tutto quel tempo ho fatto una scansione rapida e anzichè i 61 elementi infetti che ha trovato ieri sera, ne ha trovato qualcuno meno, ma comunque vi posto il log della scansione rapida e ditemi se posso fare piazza pulita di tutto:


Malwarebytes' Anti-Malware 1.25
Versione del database: 1103
Windows 5.1.2600 Service Pack 3

11.51.23 02/09/2008
mbam-log-09-02-2008 (11-51-18).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 50618
Tempo trascorso: 5 minute(s), 50 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 4
Chiavi di registro infette: 15
Valori di registro infetti: 2
Elementi dato del registro infetti: 2
Cartelle infette: 0
File infetti: 26

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
C:\WINDOWS\system32\bloiotnk.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hgGxXpqR.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\rbnmlnec.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wvUnOhec.dll (Trojan.Vundo.H) -> No action taken.

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78527a84-d05b-4e8a-af04-dfbca5544e48} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvunohec (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{78527a84-d05b-4e8a-af04-dfbca5544e48} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d70d45ca-c8b9-48ff-a903-e68bd11f293a} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d70d45ca-c8b9-48ff-a903-e68bd11f293a} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da4c298e-b708-41d8-9f97-3eccfb3ed22f} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{da4c298e-b708-41d8-9f97-3eccfb3ed22f} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmcb3d5e20 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{78527a84-d05b-4e8a-af04-dfbca5544e48} (Trojan.Vundo.H) -> No action taken.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\hggxxpqr -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggxxpqr -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\WINDOWS\system32\wvUnOhec.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hgGxXpqR.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\RqpXxGgh.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\RqpXxGgh.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\uikcat.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\bloiotnk.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kntoiolb.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\rbnmlnec.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nlhitfic.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\eigwoqnm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\eimdcilt.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pakusi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ssqRhGyv.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\uickyiiw.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rqRKATmk.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\vtUNefEU.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\xxyxXOHx.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ymjfbksk.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\geBspNHw.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\youtubex.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BMcb3d5e20.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BMcb3d5e20.txt (Trojan.Vundo) -> No action taken.
cerry91
Newbie
 
Post: 9
Iscritto il: 01/09/08 11:43

Re: probabile virus

Postdi Luke57 » 02/09/08 12:03

Ciao, perchè vuoi tenerti quell'oceano di schifezze? ;)
Cancella tutto ma ci saranno sicuramente altri file infetti, per cui:
scarica combofix da qui:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Per eseguirlo,doppio click su Combofix.exe
Si aprirà una finestra blu....Attendere....
Dopo qualche attimo apparirà l'avviso che declina l'autore da ogni problema legato ad una errata utilizzazione del tool.
A questo punto selezionate 1 quindi ENTER per lanciare lo scan..
Attendere.....(non fare altre manovre duante lo scan, se spariscono le icone dal desktop è del tutto normale)
Un avviso ti segnalerà la fine dell'operazione e dopo qualche attimo apparirà il log con i dettagli dello scan.
IL log verrà memorizzato in C:\Combofix.txt
Allegalo o incollalo a un post
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: probabile virus

Postdi cerry91 » 02/09/08 20:41

Ciao, non voglio assolutamente tenermi quelle schifezze anzi! :D Ero solo incerto perchè non sapevo se potevano essere file che servivano.. :oops: Ora comunque sto facendo la scansione completa(il log è di quella rapida per cui ha trovato meno file infetti rispetto a quella completa) e poi cancello tutto e faccio quello che mi hai spiegato, così vediamo se mi è rimasta altra roba...Grazie, appena faccio tutto vi aggiorno!
cerry91
Newbie
 
Post: 9
Iscritto il: 01/09/08 11:43

Re: probabile virus

Postdi cerry91 » 03/09/08 14:34

Ciao, ho una buona notizia, dopo aver fatto la scansione completa con malwarebytes e aver eliminato i file infetti che ha trovato il pc ha ripreso a funzionare correttamente senza avvisi strani, anche se 4-5 file mi ha detto che non poteva eliminarli...ora ll'unico neo è che all'avvio windows mi da errore di caricamente di 2 dll!! Come risolvo?
cerry91
Newbie
 
Post: 9
Iscritto il: 01/09/08 11:43

Re: probabile virus

Postdi Luke57 » 03/09/08 15:50

Ciao, puoi utilizzare anche combofix e postare il suo report?
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: probabile virus

Postdi cerry91 » 05/09/08 18:00

ciao, ho finalmente fatto la scansione con combofix che ha rilevato ed eliminato divresi file...però devo dire che ha apportato un paio problemi, il primo è facilmente risolvibile perhè è andato via il wallpaper dal desktop, il secondo è che l'errore di caricamento dll continua a esserci e ne sono comparsi altri di simile fattura! comunque copio qui il log e spero mi illuminiate sul da farsi!

ComboFix 08-09-04.09 - Master 2008-09-05 17.52.39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.502 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Master\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active


ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Master\Cookies\master@ad.yieldmanager[1].txt
C:\Documents and Settings\Master\Cookies\master@clickpoint[1].txt
C:\Documents and Settings\Master\Cookies\master@clicktorrent[2].txt
C:\Documents and Settings\Master\Cookies\master@statcounter[1].txt
C:\Documents and Settings\Master\Dati applicazioni\inst.exe
C:\WINDOWS\system32\kntoiolb.ini
C:\WINDOWS\system32\sfufclia.ini
C:\WINDOWS\system32\wfxhelp22.dll
C:\WINDOWS\system32\winapi32.dll
K:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Creati Da 2008-08-05 al 2008-09-05 )))))))))))))))))))))))))))))))))))
.

2008-09-01 17:07 . 2008-09-02 17:30 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-09-01 17:07 . 2008-09-01 17:07 <DIR> d-------- C:\Documents and Settings\Master\Dati applicazioni\Malwarebytes
2008-09-01 17:07 . 2008-09-01 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-09-01 17:07 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-01 17:07 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-01 12:29 . 2008-09-01 12:29 <DIR> d-------- C:\Programmi\Trend Micro
2008-08-30 19:36 . 2008-08-30 19:36 <DIR> d-------- C:\Temp
2008-08-30 16:53 . 2008-09-05 18:33 1,324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-08-29 12:30 . 2003-08-11 10:07 14,604 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-08-29 11:24 . 2008-08-29 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Adobe Systems
2008-08-29 11:19 . 2008-08-29 11:19 <DIR> d-------- C:\Programmi\File comuni\Adobe Systems Shared
2008-08-26 18:02 . 2008-08-26 18:02 <DIR> d-------- C:\Programmi\AutoPowerOn
2008-08-26 18:02 . 2008-08-26 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\AutoPowerOn
2008-08-26 00:59 . 2008-08-26 00:59 <DIR> d-------- C:\Programmi\Dnote Software
2008-08-26 00:50 . 2008-08-26 00:51 <DIR> d-------- C:\Programmi\PoigpsGo
2008-08-26 00:33 . 2008-08-31 12:17 <DIR> d-------- C:\Richard_Davies
2008-08-26 00:32 . 2000-01-30 22:24 421,888 --------- C:\WINDOWS\system32\DFORRT.DLL
2008-08-26 00:32 . 2004-05-29 09:55 86,016 --------- C:\WINDOWS\system32\qtXLS.dll
2008-08-26 00:32 . 2004-04-15 15:27 938 --------- C:\WINDOWS\system32\L0611-879268.lic
2008-08-24 18:24 . 2008-08-24 18:24 <DIR> d-------- C:\Programmi\Magellan
2008-08-23 12:15 . 2008-08-23 12:15 0 --a------ C:\WINDOWS\windowfx3.ini
2008-08-23 11:49 . 2008-08-23 11:49 0 --a------ C:\WINDOWS\windowfx2.ini
2008-08-23 11:37 . 2007-07-11 14:06 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2008-08-23 10:59 . 2008-08-23 11:00 <DIR> d-------- C:\Programmi\UberIcon
2008-08-22 16:13 . 2008-05-16 00:51 436,784 --a------ C:\WINDOWS\system32\vnetlib.dll
2008-08-22 16:13 . 2008-05-16 00:51 150,064 --a------ C:\WINDOWS\system32\vmnat.exe
2008-08-22 16:13 . 2008-05-16 00:51 121,392 --a------ C:\WINDOWS\system32\vmnetdhcp.exe
2008-08-22 16:13 . 2008-05-16 00:51 50,992 -ra------ C:\WINDOWS\system32\vmnetbridge.dll
2008-08-22 16:13 . 2008-05-16 00:51 28,592 -ra------ C:\WINDOWS\system32\drivers\vmnetbridge.sys
2008-08-22 16:13 . 2008-05-16 00:52 25,136 --a------ C:\WINDOWS\system32\drivers\vmnetuserif.sys
2008-08-22 16:13 . 2008-05-16 00:51 17,712 -ra------ C:\WINDOWS\system32\drivers\vmnet.sys
2008-08-22 16:13 . 2008-05-16 00:51 16,816 -ra------ C:\WINDOWS\system32\drivers\vmnetadapter.sys
2008-08-22 16:13 . 2008-05-16 00:51 13,104 -ra------ C:\WINDOWS\system32\vnetinst.dll
2008-08-22 16:12 . 2008-05-16 00:52 20,912 --a------ C:\WINDOWS\system32\drivers\VMkbd.sys
2008-08-22 16:08 . 2008-08-22 16:08 <DIR> d-------- C:\Programmi\File comuni\VMware
2008-08-22 15:12 . 2008-08-22 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Modelli
2008-08-21 02:25 . 2008-09-05 18:37 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-08-20 00:58 . 2008-08-20 00:58 <DIR> d-------- C:\Documents and Settings\Master\Dati applicazioni\.ZMatrix
2008-08-20 00:57 . 2008-08-20 00:57 <DIR> d-------- C:\Programmi\ZMatrix
2008-08-20 00:57 . 2008-08-20 00:57 <DIR> d-------- C:\Programmi\Winamp
2008-08-20 00:57 . 2008-08-20 00:57 64 --a------ C:\WINDOWS\ZMatrixSS.ini
2008-08-19 18:50 . 2008-08-19 18:50 299,008 --a------ C:\WINDOWS\system32\miccyhook.dll
2008-08-19 17:34 . 2008-07-03 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-08-18 12:42 . 2008-08-18 12:47 <DIR> d-------- C:\Programmi\Driver Sweeper
2008-08-17 22:45 . 2008-08-17 22:45 <DIR> d-------- C:\Documents and Settings\Master\Dati applicazioni\Windows Search
2008-08-17 19:14 . 2008-08-17 19:14 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-08-17 19:14 . 2008-08-19 16:31 <DIR> d-------- C:\Programmi\Windows Desktop Search
2008-08-17 19:11 . 2008-07-22 16:45 790,846 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-17 19:11 . 2008-03-07 19:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-08-17 19:11 . 2008-03-07 19:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-08-17 19:11 . 2008-03-07 19:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-08-17 19:10 . 2008-07-22 16:45 1,214,526 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-17 19:10 . 2008-07-22 16:45 9,696 -----c--- C:\WINDOWS\system32\dllcache\drvmain.sdb
2008-08-15 17:44 . 2008-08-23 01:32 <DIR> d-------- C:\DESKTOP
2008-08-15 15:22 . 2008-08-15 15:22 <DIR> d-------- C:\Programmi\RocketDock
2008-08-15 00:51 . 2008-08-20 19:21 <DIR> d-------- C:\Documents and Settings\Master\Dati applicazioni\Azureus
2008-08-15 00:51 . 2008-08-15 00:51 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Azureus
2008-08-15 00:50 . 2008-08-15 00:51 <DIR> d-------- C:\Programmi\Vuze
2008-08-15 00:48 . 2008-08-15 00:48 <DIR> d-------- C:\Documents and Settings\Master\Temp
2008-08-14 11:18 . 2008-05-01 16:34 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-14 11:17 . 2008-04-11 21:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 21:16 . 2007-03-16 14:30 15,360 -ra------ C:\WINDOWS\system32\viahdcpl.cpl
2008-08-13 21:15 . 2007-04-11 15:35 331,184 --------- C:\WINDOWS\system32\difxapi.dll
2008-08-13 16:05 . 2002-08-20 14:17 217,088 -ra------ C:\WINDOWS\system32\MafiaSetup.exe
2008-08-13 12:23 . 2005-06-24 16:24 438,272 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-08-13 12:23 . 2004-12-10 09:06 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax
2008-08-13 10:41 . 2004-07-09 04:26 47,104 --a--c--- C:\WINDOWS\system32\dllcache\wstdecod.dll
2008-08-13 10:41 . 2004-07-09 04:26 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2008-08-13 10:41 . 2004-07-09 04:26 18,688 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys
2008-08-13 10:41 . 2004-07-09 04:26 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2008-08-13 10:41 . 2004-07-09 04:26 14,976 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys
2008-08-13 10:41 . 2004-07-09 04:26 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2008-08-13 10:41 . 2004-07-09 04:26 10,880 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys
2008-08-13 10:41 . 2004-07-09 04:26 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2008-08-13 10:41 . 2004-07-09 04:26 10,112 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-08-11 21:11 . 2008-08-11 21:11 267,304 -----c--- C:\WINDOWS\system32\dllcache\wgaLogon.dll
2008-08-11 21:10 . 2008-08-11 21:10 952,360 -----c--- C:\WINDOWS\system32\dllcache\WgaTray.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 16:39 35,786,272 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-05 16:39 1,138,976 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-05 16:39 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-09-05 16:38 --------- d-----w C:\Programmi\cFosSpeed
2008-09-05 16:37 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\VMware
2008-09-05 16:37 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\VMware
2008-09-05 16:35 483,008 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-05 16:35 109,772 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-05 15:51 --------- d-----w C:\Documents and Settings\Master\Dati applicazioni\uTorrent
2008-09-02 09:55 --------- d-----w C:\Programmi\Startup Faster
2008-08-31 15:53 --------- d-----w C:\Documents and Settings\Master\Dati applicazioni\CyberLink
2008-08-29 10:30 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-08-25 14:53 --------- d-----w C:\Documents and Settings\Master\Dati applicazioni\VMware
2008-08-23 14:27 --------- d-----w C:\Programmi\Electronic Arts
2008-08-23 10:57 --------- d-----w C:\Programmi\Google Earth Pro 4.2
2008-08-23 09:37 --------- d-----w C:\Programmi\Stardock
2008-08-23 09:32 --------- d-----w C:\Documents and Settings\Master\Dati applicazioni\LimeWire
2008-08-22 23:13 --------- d-----w C:\Programmi\PicLensIE
2008-08-22 14:08 --------- d-----w C:\Programmi\VMware
2008-08-20 21:04 --------- d-----w C:\Documents and Settings\Master\Dati applicazioni\DivX
2008-08-20 17:21 --------- d-----w C:\Documents and Settings\Master\Dati applicazioni\Nokia
2008-08-20 17:21 --------- d-----w C:\Documents and Settings\Master\Dati applicazioni\mIRC
2008-08-20 17:21 --------- d-----w C:\Documents and Settings\Master\Dati applicazioni\IceChat
2008-08-20 17:21 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2008-08-20 17:20 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7
2008-08-20 17:20 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2008-08-19 14:49 --------- d-----w C:\Programmi\Microsoft Silverlight
2008-08-16 20:15 --------- d-----w C:\Documents and Settings\Master\Dati applicazioni\Vso
2008-08-14 17:33 162,432 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys
2008-08-14 09:39 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-08-13 19:16 --------- d-----w C:\Programmi\VIA
2008-08-07 14:43 --------- d-----w C:\Programmi\Folder Lock
2008-08-06 16:49 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-04 19:39 --------- d-----w C:\Documents and Settings\Master\Dati applicazioni\BlackBean
2008-08-04 19:37 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ATI
2008-08-04 19:26 --------- d-----w C:\Programmi\ATI Technologies
2008-08-04 17:32 --------- d-----w C:\Programmi\BlackBeanGames
2008-08-01 22:40 --------- d-----w C:\Programmi\Java
2008-08-01 17:19 --------- d-----w C:\Programmi\Screen Saver
2008-07-25 13:59 --------- d-----w C:\Programmi\Nokia
2008-07-25 13:59 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-07-25 13:58 --------- d-----w C:\Programmi\File comuni\Nokia
2008-07-25 13:33 --------- d-----w C:\Programmi\Nero
2008-07-25 13:33 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-07-25 12:00 --------- d-----w C:\Documents and Settings\Master\Dati applicazioni\Nero
2008-07-24 16:18 --------- d-----w C:\Programmi\eXtreme Movie Manager
2008-07-24 14:14 --------- d-----w C:\Programmi\Free Audio Pack
2008-07-24 14:09 --------- d-----w C:\Programmi\FLAC
2008-07-23 17:50 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-21 16:17 --------- d-----w C:\Documents and Settings\Master\Dati applicazioni\Reasonable Software House Ltd
2008-07-16 20:24 --------- d-----w C:\Programmi\TVersity Codec Pack
2008-07-10 15:23 --------- d-----w C:\Programmi\RegDoctor
2008-07-08 14:01 --------- d-----w C:\Programmi\Microsoft CAPICOM 2.1.0.2
2008-07-07 22:11 --------- d-----w C:\Programmi\IceChat7
2008-07-07 20:27 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 17:11 162,816 ----a-w C:\WINDOWS\system32\fmod.dll
2008-07-07 17:10 --------- d-----w C:\Programmi\Yamicsoft
2008-07-06 10:08 --------- d-----w C:\Programmi\LimeWire
2008-07-04 03:48 9,490,432 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-07-04 03:25 421,888 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-07-04 03:23 309,248 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-07-04 03:14 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-07-04 03:14 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-07-04 03:14 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-07-04 03:13 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-07-04 03:13 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-07-04 03:12 561,152 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-07-04 03:10 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-07-04 03:06 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-07-04 03:00 3,786,144 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-07-04 02:55 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-07-04 02:49 2,140,672 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-07-04 02:34 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-07-04 02:30 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-07-04 02:29 32,768 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-07-04 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-07-04 02:25 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-07-04 02:22 565,248 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-06-25 08:33 290,008 ----a-w C:\WINDOWS\system32\cfosspeed.dll
2008-06-24 16:42 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:15 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-17 16:40 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-23 22:04 47,360 ----a-w C:\Documents and Settings\Master\Dati applicazioni\pcouffin.sys
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-05-07 16:30 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008050720080508\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupFaster"="C:\Programmi\Startup Faster\startuploader.exe" [2008-03-22 1393888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\Master\Menu Avvio\Programmi\Esecuzione automatica\StartupFaster
StartupFaster.ini [2008-09-05 285]
ZMatrix.lnk - C:\Programmi\ZMatrix\matrix.exe [2003-05-25 114688]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\StartupFaster
Adobe Reader Speed Launch.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-10-04 10:58 184320 C:\Programmi\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\SimpleCenter\\Home Media Server.exe"=
"C:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Programmi\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"C:\\Programmi\\Google\\Google SketchUp 6\\SketchUp.exe"=
"C:\\Programmi\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Programmi\\Sega\\OutRun2006 Coast 2 Coast\\OR2006C2C.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\cFosSpeed\\cfosspeed.exe"=
"C:\\Programmi\\IceChat7\\IceChat7.exe"=
"C:\\Programmi\\TVersity\\Media Server\\MediaServer.exe"=
"C:\\Programmi\\Vuze\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58594:TCP"= 58594:TCP:l
"4662:TCP"= 4662:TCP:utorrent1
"4662:UDP"= 4662:UDP:utorrent2

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Programmi\CyberLink\PowerDVD\000.fcl [2008-01-30 13:28 41456]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 66048]
R2 PD91Agent;PD91Agent;C:\Programmi\Raxco\PerfectDisk2008\PD91Agent.exe [2008-01-16 664840]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 24344]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 PD91Engine;PD91Engine;C:\Programmi\Raxco\PerfectDisk2008\PD91Engine.exe [2008-01-16 894216]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-16 167808]
.
Contenuto della cartella 'Scheduled Tasks'
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.it/ig?hl=it
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1;*.local
O8 -: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Translate with &Babylon - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O17 -: HKLM\CCS\Interface\{DB59CE9D-EA67-481A-870B-2AB0E3D73504}: NameServer = 192.168.0.1,85.37.17.8,85.38.28.73

O16 -: Microsoft XML Parser for Java - C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
.
------- File Associations (Beta) -------
.
regfile=regedit.exe "%1" %*
scrfile="%1" %*
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-05 18:37:29
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Programmi\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Carregadas Sob os Processos em Execu‡Æo ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Programmi\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\cFosSpeed\spd.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Programmi\cFosSpeed\cfosspeed.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmi\AutoPowerOn\AutoPowerOn.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\SimpleCenter\bin\win\sclauncher.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Startup Faster\SFAgent.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Ora fine scansione: 2008-09-05 18:43:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-05 16:43:00

Pre-Run: 8,261,652,480 byte disponibili
Post-Run: 20,968,857,600 byte disponibili

350 --- E O F --- 2008-08-28 10:22:32
cerry91
Newbie
 
Post: 9
Iscritto il: 01/09/08 11:43

Re: probabile virus

Postdi Luke57 » 05/09/08 18:48

Ciao, puoi indicare correttamente l'errore di caricamento delle dll?
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: probabile virus

Postdi cerry91 » 05/09/08 19:43

ciao, ok domattina ch accendo il pc guardo e mi annoto l'errore...dal log di combofix rievi qualcosa di anomalo oppure mi sono lliberato, grazie anche a malwarebyeìtes, di tutti i file infetti e i virus? Grazie!
cerry91
Newbie
 
Post: 9
Iscritto il: 01/09/08 11:43

Re: probabile virus

Postdi Luke57 » 05/09/08 21:54

Nel report di combofix non vedo altre minacce.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: probabile virus

Postdi cerry91 » 09/09/08 20:33

ciao, scusate il ritardo, comunque l'errore è questo.

errore di caricamento C:/WINDOWS/system32/rbnmlnec.dll
impossibile trovare il modulo specificato

questo errore me lo da ogni volta che lo accendo...come dite che posso risolvere'

Ciao e grazie per l'aiuto!
cerry91
Newbie
 
Post: 9
Iscritto il: 01/09/08 11:43

Re: probabile virus

Postdi Luke57 » 09/09/08 21:18

Ciao, apri regedit da start>esegui>regedit (lo digiti nello spazio)>OK.
Aperto l'editor del registro, clicca su Risorse del computer, dal menu Modifica>Trova, Nello spazio scrivi:
rbnmlnec.dll
lasci deselezionata la voce Stringa intera e premi il tasto Invio. Se compare una voce che contiene il suddetto valore click tasto dx su di essa e scegli Elimina.
Premi il tasto F3 per controllare se ci siano altre voci che contengano il suddettovalore; se ci fossero, vanno eliminate con il solito metodo fino a che un messaggio ti avviserà che la ricerca è finita. A questo punto chiudi il registro e riavvii il computer.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: probabile virus

Postdi cerry91 » 10/09/08 10:47

Grazie mille! ora è tutto a posto!
Non vorrei approfittarne, però mentre ci sono ti chiedo ancora un consiglio su una schermata che mi compare sempre all'avvio; è una schermata dell'utilità di configurazione di sistema che mi dice che è stato modificato la modalità di avvio, e mi compare perchè ho cambiato l'avvio di alcuni programmi, il problema è che se anche metto la spunta su "non visualizzare più questo messaggio o questa finestra" lei continua a spuntare ad ogni avvio...esiste qualche chiave da modificare o comunque far si che non compaia più?

Ciao e grazie ancora!
cerry91
Newbie
 
Post: 9
Iscritto il: 01/09/08 11:43


Torna a Sicurezza e Privacy


Topic correlati a "probabile virus":


Chi c’è in linea

Visitano il forum: Nessuno e 41 ospiti