Condividi:        

AVVISI DI PROTEZIONE

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

AVVISI DI PROTEZIONE

Postdi francois87 » 07/02/09 18:29

salve a tutti ragazzi ho un problema fastidiosissimo.ho portato il computer in assistenza xke aveva alcuni virus tra i quali presumo "beagle",me lo hanno ritornato dicendo ke l'hanno formattato;se sapevo lo facevo io.cmq non è questo il problema.una volta ricollegato a casa,mi compare la "x rossa" degli avvisi di protezione e mi dice che l'antivirus non è aggiornato.quelli dell'assistenza mi avevano messo Avira e mi faceva questo problema ed io l'ho cambiato con avast pensando stupidamente ke il problema sarebbe sparito.mi rivolgo a voi sapendo ke siete "competenti".aspetto vostre notizie.grazie
ps ho provato a farlo aggiornare ma non mi si aggiorna.
UTILIZZO “hijackthis”:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Mixer.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\User\IMPOST~1\Temp\Rar$EX00.360\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R360 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE /FU "C:\WINDOWS\TEMP\E_S41.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{91E9D29B-50C9-44C5-BD10-478E0F5FFFAD}: NameServer = 85.37.17.50 85.38.28.76
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 4942 bytes
Come consigliato da Miki68 apro hijackthis metto la spunta a fianco di questa voce e poi premo FIX CHECKED :
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
..ma non risolvo niente…quindi mi ha consigliato di postare questo problema in questa sezione..AIUTO ;) ;)
francois87
Utente Junior
 
Post: 99
Iscritto il: 26/01/08 16:40

Sponsor
 

Re: AVVISI DI PROTEZIONE

Postdi girovago » 07/02/09 20:22

Ciao, il tuo problema è già stato trattato e risolto qui.
viewtopic.php?p=441840
girovago
Newbie
 
Post: 8
Iscritto il: 05/02/09 20:56

Re: AVVISI DI PROTEZIONE

Postdi francois87 » 08/02/09 13:10

ciao girovago,se hai letto il mio post,avrai notato che ho fatto tutto ciò che c'èra scritto nel link in cui mi hai mandato.che posso fare adesso????non posso ancora aggironare il mio antivirus...c'è qualcosa che lo blocca. ;) ;)
francois87
Utente Junior
 
Post: 99
Iscritto il: 26/01/08 16:40

Re: AVVISI DI PROTEZIONE

Postdi Luke57 » 08/02/09 15:02

Ciao, scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
devi rinominare il file prima di salvarlo sul desktop in abc.exe
(per rinominare il file, quando lo scarichi ti chiede dove salvarlo e ti compare la casella "nome file" ,basta che cambi il nome che ti appare in abc.exe)
Fatto questo, clicca su start>esegui, nel box bianco copia e incolla questo comando, virgolette comprese:

"%userprofile%\desktop\abc.exe" /killall

Premi OK, se tutto va bene parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , posta il contenuto del file o allegalo.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: AVVISI DI PROTEZIONE

Postdi francois87 » 08/02/09 22:35

ciao luke,scusami ma pensavo che nel frattempo potevo esporre quest'altro problema del virus.allora faccio il procedimento che mi hai detto. ;) ;)
francois87
Utente Junior
 
Post: 99
Iscritto il: 26/01/08 16:40

Re: AVVISI DI PROTEZIONE

Postdi francois87 » 08/02/09 22:45

luke....scusa un attimo...ho provato a far partire il programma che ki hai consigliato,ma mi si è fermato perchè ha fatto conflitto con avast...mi ha detto di disabilitare lo scanners di avast...che faccio..???
francois87
Utente Junior
 
Post: 99
Iscritto il: 26/01/08 16:40

Re: AVVISI DI PROTEZIONE

Postdi francois87 » 09/02/09 11:17

ciao luke57 ecco i risultati:


ComboFix 09-02-08.01 - User 2009-02-09 11:06:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.256.86 [GMT 1:00]
Eseguito da: c:\documents and settings\User\desktop\abc.exe
Opzioni usate :: /killall
AV: avast! antivirus 4.8.1229 [VPS 080723-1] *On-access scanning enabled* (Outdated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\User\Dati applicazioni\inst.exe
C:\m0vnonh.bat
C:\pook.com
C:\uvsqfgwd.cmd
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
c:\windows\system32\olhrwef.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-01-09 al 2009-02-09 )))))))))))))))))))))))))))))))))))
.

2009-02-08 23:11 . 2009-02-08 23:11 <DIR> d-------- C:\SOPHTEMP
2009-02-08 18:43 . 2009-02-08 18:43 <DIR> d-------- c:\programmi\Sophos
2009-02-05 11:01 . 2009-02-05 11:01 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\EPSON
2009-02-05 11:01 . 2006-05-08 03:00 75,264 --a------ c:\windows\system32\E_FLBBOE.DLL
2009-02-05 11:01 . 2006-04-19 03:00 62,976 --a------ c:\windows\system32\E_FD4BBOE.DLL
2009-02-05 11:01 . 2004-09-10 21:12 49,152 --a------ c:\windows\system32\E_DCINST.DLL
2009-02-04 21:15 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-02-04 21:15 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-02-04 16:56 . 2009-02-04 16:56 32 --a------ c:\windows\album.ini
2009-02-04 16:43 . 2009-02-04 16:48 <DIR> d-------- c:\documents and settings\User\Contacts
2009-02-04 16:41 . 2009-02-04 16:41 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-02-04 16:41 . 2009-02-04 16:41 <DIR> d-------- c:\programmi\MSN Messenger
2009-02-03 19:24 . 2004-08-19 15:39 16,384 --a------ c:\windows\system32\ipsink.ax
2009-02-03 19:24 . 2004-08-03 23:10 15,360 --a------ c:\windows\system32\drivers\StreamIP.sys
2009-02-03 19:24 . 2004-08-03 23:10 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
2009-02-03 19:23 . 2004-08-03 23:10 85,376 --a------ c:\windows\system32\drivers\NABTSFEC.sys
2009-02-03 19:23 . 2004-08-03 23:10 85,376 --a--c--- c:\windows\system32\dllcache\nabtsfec.sys
2009-02-03 19:23 . 2004-08-03 23:07 59,264 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-02-03 19:23 . 2004-08-03 23:07 59,264 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2009-02-03 19:23 . 2004-08-03 23:10 19,328 --a------ c:\windows\system32\drivers\WSTCODEC.SYS
2009-02-03 19:23 . 2004-08-03 23:10 19,328 --a--c--- c:\windows\system32\dllcache\wstcodec.sys
2009-02-03 19:23 . 2004-08-03 23:10 17,024 --a------ c:\windows\system32\drivers\CCDECODE.sys
2009-02-03 19:23 . 2004-08-03 23:10 17,024 --a--c--- c:\windows\system32\dllcache\ccdecode.sys
2009-02-03 19:22 . 2009-02-03 19:22 <DIR> d-------- c:\programmi\File comuni\logishrd
2009-02-03 19:21 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-02-03 19:21 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-02-03 19:17 . 2009-02-03 19:17 <DIR> d-------- c:\programmi\Camfrog
2009-02-03 19:17 . 2009-02-03 19:17 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Camfrog
2009-02-03 17:50 . 2009-02-03 17:50 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\vlc
2009-02-03 17:16 . 2009-02-08 23:10 <DIR> d-------- c:\programmi\eMule
2009-02-03 16:54 . 2009-02-03 17:59 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-02-03 16:41 . 2009-02-03 16:41 <DIR> d-------- c:\programmi\Alwil Software
2009-02-03 16:13 . 2009-02-03 16:13 <DIR> d-------- c:\documents and settings\NetworkService\Menu Avvio
2009-02-03 16:02 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-03 15:29 . 2009-02-03 16:52 <DIR> d--h----- c:\windows\$hf_mig$
2009-02-02 22:48 . 2009-02-02 22:48 <DIR> d-------- c:\programmi\ArcSoft
2009-02-02 22:48 . 1998-10-06 18:57 327,168 --a------ c:\windows\IsUn0410.exe
2009-02-02 22:48 . 2001-06-20 09:59 21 --a------ c:\windows\PS_setup.ini
2009-02-02 22:46 . 2009-02-04 16:56 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\ArcSoft
2009-02-02 22:45 . 1999-05-26 09:46 212,480 --a------ c:\windows\pcdlib32.dll
2009-02-02 22:38 . 2009-02-02 22:38 <DIR> d-------- c:\programmi\VideoLAN
2009-02-02 21:40 . 2009-02-02 21:40 <DIR> d-------- c:\windows\Motive
2009-02-02 21:40 . 2009-02-02 21:40 <DIR> d-------- c:\programmi\Pirelli
2009-02-02 21:40 . 2009-02-02 21:40 <DIR> d-------- c:\programmi\Common Files
2009-02-02 21:40 . 2009-02-02 21:40 <DIR> d-------- c:\documents and settings\LocalService\Menu Avvio
2009-02-02 21:40 . 2004-10-05 17:41 52,864 --a------ c:\windows\system32\drivers\CnxTrUsb.sys
2009-02-02 21:40 . 2004-10-05 17:41 25,984 --a------ c:\windows\system32\drivers\CnxTrLan.sys
2009-02-02 21:39 . 2009-02-02 21:40 <DIR> d-------- c:\programmi\Motive
2009-02-02 21:39 . 2009-02-02 21:40 <DIR> d-------- c:\programmi\Alice ti aiuta
2009-02-02 21:38 . 2009-02-02 21:38 <DIR> d-------- c:\programmi\Telecom Italia
2009-02-02 21:38 . 2009-02-02 21:38 <DIR> d-------- c:\programmi\File comuni\InstallShield
2009-02-02 17:12 . 2009-02-02 17:12 <DIR> d-------- c:\programmi\DivX
2009-02-02 17:03 . 2009-02-02 17:03 <DIR> d-------- c:\programmi\Windows Media Connect 2
2009-02-02 17:01 . 2009-02-02 17:01 <DIR> d-------- c:\windows\system32\LogFiles
2009-02-02 17:01 . 2009-02-02 17:02 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-02-02 17:01 . 2006-09-25 17:58 23,856 --a------ c:\windows\system32\spupdsvc.exe
2009-02-02 16:59 . 2009-02-02 16:59 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-02-02 16:16 . 2009-02-02 16:16 25 --a------ c:\windows\mixerdef.ini
2009-01-31 13:22 . 2009-02-03 19:14 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-01-31 12:43 . 2009-01-31 12:44 <DIR> d-------- c:\programmi\File comuni\Adobe
2009-01-31 12:40 . 2009-01-31 12:40 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\CyberLink
2009-01-31 12:39 . 2009-02-02 22:45 <DIR> d--h----- c:\programmi\InstallShield Installation Information
2009-01-31 12:31 . 2009-02-06 17:45 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Ahead
2009-01-31 12:29 . 2009-01-31 12:29 <DIR> d-------- c:\programmi\Nero
2009-01-31 12:29 . 2009-01-31 12:32 <DIR> d-------- c:\programmi\File comuni\Ahead
2009-01-31 11:51 . 2009-01-31 11:52 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Vso
2009-01-31 11:51 . 2009-01-31 11:51 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2009-01-31 11:51 . 2009-01-31 11:52 47,360 --a------ c:\documents and settings\User\Dati applicazioni\pcouffin.sys
2009-01-31 11:23 . 2006-10-26 19:58 30,512 --a------ c:\windows\system32\mdimon.dll
2009-01-31 11:22 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-01-31 11:18 . 2009-01-31 11:18 <DIR> d-------- c:\programmi\Microsoft Works
2009-01-31 11:17 . 2009-01-31 11:17 <DIR> d-------- c:\programmi\MSBuild
2009-01-31 11:16 . 2009-01-31 11:16 <DIR> d-------- c:\programmi\Microsoft.NET
2009-01-31 11:06 . 2009-01-31 11:06 <DIR> d-------- c:\programmi\Microsoft Visual Studio 8
2009-01-31 11:06 . 2009-01-31 11:06 <DIR> d-------- C:\IDE
2009-01-31 11:05 . 2009-01-31 11:17 <DIR> d-------- c:\windows\SHELLNEW
2009-01-31 11:04 . 2009-01-31 11:04 <DIR> dr-h----- C:\MSOCache
2009-01-31 10:51 . 2009-01-31 11:23 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-01-31 09:39 . 2009-01-31 09:39 <DIR> d---s---- c:\documents and settings\User\UserData
2009-01-31 09:36 . 2007-10-15 15:57 182,784 --a------ c:\windows\system32\drivers\wg111v2.sys
2009-01-31 09:34 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 20:39 155,995 ----a-w c:\windows\java\Packages\7ZFHRFTJ.ZIP
2009-01-30 18:57 --------- d-----w c:\programmi\microsoft frontpage
2009-01-30 18:54 --------- d-----w c:\programmi\Servizi in linea
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"EPSON Stylus Photo R360 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE" [2006-05-29 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"C-Media Mixer"="Mixer.exe" [2002-06-12 c:\windows\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-02-02 212992]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-03 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-03 20560]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-01-31 182784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37409c04-f171-11dd-a288-000827dd3010}]
\Shell\AutoRun\command - G:\1utbfd.bat
\Shell\open\Command - G:\1utbfd.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ab02d12-f2f8-11dd-a296-000827dd3010}]
\Shell\AutoRun\command - G:\pook.com
\Shell\open\Command - G:\pook.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f453f50e-ef71-11dd-a283-9f856fefd662}]
\Shell\AutoRun\command - F:\uvsqfgwd.cmd
\Shell\open\Command - F:\uvsqfgwd.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f453f50f-ef71-11dd-a283-9f856fefd662}]
\Shell\AutoRun\command - G:\uvsqfgwd.cmd
\Shell\open\Command - G:\uvsqfgwd.cmd
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = hxxp://www.google.it/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-09 11:11:26
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5.tmp"
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
.
**************************************************************************
.
Ora fine scansione: 2009-02-09 11:14:49 - Il pc è stato riavviato [User]
ComboFix-quarantined-files.txt 2009-02-09 10:14:44

Pre-Run: 48,136,577,024 byte disponibili
Post-Run: 49,005,490,176 byte disponibili

197 --- E O F --- 2009-02-03 17:16:25
francois87
Utente Junior
 
Post: 99
Iscritto il: 26/01/08 16:40

Re: AVVISI DI PROTEZIONE

Postdi francois87 » 09/02/09 17:59

ciao luke...mentre controlli i risultati,ti volevo chiedere a te e a tutti coloro che ne sanno più di me,che mi è anke comparso un avviso da avast il quale mi dice che ha trovato:
C:/1utbfb.bat
Rootkit:processo nascosto
io provo ad eliminarlo e si elimina ma poi accendendo di nuovo il computer mi capitava di rivedere il messaggio di avast.scivo mi "capitava" perchè con il processo di scansione che mi hai consigliato con Cambofix non mi compare più,però altre al bloknotes su C:/ me ne è comparso un'altro nel desktop che dice:

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-09 11:06:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden files ...

IPC error: 2 Impossibile trovare il file specificato.
scan completed successfully
hidden files: 0

Che ne pensi???
francois87
Utente Junior
 
Post: 99
Iscritto il: 26/01/08 16:40

Re: AVVISI DI PROTEZIONE

Postdi Luke57 » 09/02/09 18:23

Ciao, apri un file di testo con il blocco note (da start>programmi>accessori>blocco note), incollaci il seguente testo:

Codice: Seleziona tutto
File::
G:\1utbfd.bat
G:\uvsqfgwd.cmd
G:\pook.com

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37409c04-f171-11dd-a288-000827dd3010}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ab02d12-f2f8-11dd-a296-000827dd3010}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f453f50e-ef71-11dd-a283-9f856fefd662}]


SALVA IL FILE DI TESTO NELLA STESSA DIRECTORY DI COMBOFIX, chiamandolo obbligatoriamente CFScript.txt
trascinalo con il puntatore del mouse sull'icona di combofix. Il programma avvierà una nuova scansione. Al termine riavvia il computer ed allega il nuovo report (C:\combofix.txt).
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: AVVISI DI PROTEZIONE

Postdi francois87 » 09/02/09 18:59

ciao luke,scusa la mia ignoranza, ma "SALVA IL FILE DI TESTO NELLA STESSA DIRECTORY DI COMBOFIX" significa che lo devo salvare dove?....scusami per queste domande sicuramente stupide. :roll:
francois87
Utente Junior
 
Post: 99
Iscritto il: 26/01/08 16:40

Re: AVVISI DI PROTEZIONE

Postdi Luke57 » 09/02/09 19:06

Nella stessa posizione che ti permetta il trascinamento con il puntatore del mouse, se combofix è sul dektop lo metterai nel desktop, se è nella crtella Programmi lo metterai nella cartella Programmi, guarda qui come devi fare:
http://img77.imageshack.us/img77/6174/cfscript08oy6.gif
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: AVVISI DI PROTEZIONE

Postdi francois87 » 09/02/09 19:13

ok luke,ma quando salvo il file,tu mi hai detto nella directory...cioè lo devo sostituire al file che si trova in C:/?oppure lo salvo normalmente e poi lo trascino?è questo passaggio che non capisco...e non vorrei fare danni.
francois87
Utente Junior
 
Post: 99
Iscritto il: 26/01/08 16:40

Re: AVVISI DI PROTEZIONE

Postdi francois87 » 09/02/09 19:25

luke scusami,ma sono veramente cretin.....ho riletto meglio il tuo messaggio ed ho capito....ora faccio l'operazione che mi hai chiesto...certe volte mi perdo in un bicchier d'acqua.
francois87
Utente Junior
 
Post: 99
Iscritto il: 26/01/08 16:40

Re: AVVISI DI PROTEZIONE

Postdi francois87 » 09/02/09 19:39

luke ecco i risultati:

ComboFix 09-02-08.01 - User 2009-02-09 19:29:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.256.84 [GMT 1:00]
Eseguito da: c:\documents and settings\User\Desktop\abc.exe
Opzioni usate :: c:\documents and settings\User\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1229 [VPS 080723-1] *On-access scanning enabled* (Outdated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
G:\1utbfd.bat
G:\pook.com
G:\uvsqfgwd.cmd
.

((((((((((((((((((((((((( Files Creati Da 2009-01-09 al 2009-02-09 )))))))))))))))))))))))))))))))))))
.

2009-02-08 23:11 . 2009-02-08 23:11 <DIR> d-------- C:\SOPHTEMP
2009-02-08 18:43 . 2009-02-08 18:43 <DIR> d-------- c:\programmi\Sophos
2009-02-05 11:01 . 2009-02-05 11:01 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\EPSON
2009-02-05 11:01 . 2006-05-08 03:00 75,264 --a------ c:\windows\system32\E_FLBBOE.DLL
2009-02-05 11:01 . 2006-04-19 03:00 62,976 --a------ c:\windows\system32\E_FD4BBOE.DLL
2009-02-05 11:01 . 2004-09-10 21:12 49,152 --a------ c:\windows\system32\E_DCINST.DLL
2009-02-04 21:15 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-02-04 21:15 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-02-04 16:56 . 2009-02-04 16:56 32 --a------ c:\windows\album.ini
2009-02-04 16:43 . 2009-02-04 16:48 <DIR> d-------- c:\documents and settings\User\Contacts
2009-02-04 16:41 . 2009-02-04 16:41 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-02-04 16:41 . 2009-02-04 16:41 <DIR> d-------- c:\programmi\MSN Messenger
2009-02-03 19:24 . 2004-08-19 15:39 16,384 --a------ c:\windows\system32\ipsink.ax
2009-02-03 19:24 . 2004-08-03 23:10 15,360 --a------ c:\windows\system32\drivers\StreamIP.sys
2009-02-03 19:24 . 2004-08-03 23:10 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
2009-02-03 19:23 . 2004-08-03 23:10 85,376 --a------ c:\windows\system32\drivers\NABTSFEC.sys
2009-02-03 19:23 . 2004-08-03 23:10 85,376 --a--c--- c:\windows\system32\dllcache\nabtsfec.sys
2009-02-03 19:23 . 2004-08-03 23:07 59,264 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-02-03 19:23 . 2004-08-03 23:07 59,264 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2009-02-03 19:23 . 2004-08-03 23:10 19,328 --a------ c:\windows\system32\drivers\WSTCODEC.SYS
2009-02-03 19:23 . 2004-08-03 23:10 19,328 --a--c--- c:\windows\system32\dllcache\wstcodec.sys
2009-02-03 19:23 . 2004-08-03 23:10 17,024 --a------ c:\windows\system32\drivers\CCDECODE.sys
2009-02-03 19:23 . 2004-08-03 23:10 17,024 --a--c--- c:\windows\system32\dllcache\ccdecode.sys
2009-02-03 19:22 . 2009-02-03 19:22 <DIR> d-------- c:\programmi\File comuni\logishrd
2009-02-03 19:21 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-02-03 19:21 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-02-03 19:17 . 2009-02-03 19:17 <DIR> d-------- c:\programmi\Camfrog
2009-02-03 19:17 . 2009-02-03 19:17 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Camfrog
2009-02-03 17:50 . 2009-02-03 17:50 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\vlc
2009-02-03 17:16 . 2009-02-09 18:46 <DIR> d-------- c:\programmi\eMule
2009-02-03 16:54 . 2009-02-03 17:59 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-02-03 16:41 . 2009-02-03 16:41 <DIR> d-------- c:\programmi\Alwil Software
2009-02-03 16:13 . 2009-02-03 16:13 <DIR> d-------- c:\documents and settings\NetworkService\Menu Avvio
2009-02-03 16:02 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-03 15:29 . 2009-02-03 16:52 <DIR> d--h----- c:\windows\$hf_mig$
2009-02-02 22:48 . 2009-02-02 22:48 <DIR> d-------- c:\programmi\ArcSoft
2009-02-02 22:48 . 1998-10-06 18:57 327,168 --a------ c:\windows\IsUn0410.exe
2009-02-02 22:48 . 2001-06-20 09:59 21 --a------ c:\windows\PS_setup.ini
2009-02-02 22:46 . 2009-02-04 16:56 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\ArcSoft
2009-02-02 22:45 . 1999-05-26 09:46 212,480 --a------ c:\windows\pcdlib32.dll
2009-02-02 22:38 . 2009-02-02 22:38 <DIR> d-------- c:\programmi\VideoLAN
2009-02-02 21:40 . 2009-02-02 21:40 <DIR> d-------- c:\windows\Motive
2009-02-02 21:40 . 2009-02-02 21:40 <DIR> d-------- c:\programmi\Pirelli
2009-02-02 21:40 . 2009-02-02 21:40 <DIR> d-------- c:\programmi\Common Files
2009-02-02 21:40 . 2009-02-02 21:40 <DIR> d-------- c:\documents and settings\LocalService\Menu Avvio
2009-02-02 21:40 . 2004-10-05 17:41 52,864 --a------ c:\windows\system32\drivers\CnxTrUsb.sys
2009-02-02 21:40 . 2004-10-05 17:41 25,984 --a------ c:\windows\system32\drivers\CnxTrLan.sys
2009-02-02 21:39 . 2009-02-02 21:40 <DIR> d-------- c:\programmi\Motive
2009-02-02 21:39 . 2009-02-02 21:40 <DIR> d-------- c:\programmi\Alice ti aiuta
2009-02-02 21:38 . 2009-02-02 21:38 <DIR> d-------- c:\programmi\Telecom Italia
2009-02-02 21:38 . 2009-02-02 21:38 <DIR> d-------- c:\programmi\File comuni\InstallShield
2009-02-02 17:12 . 2009-02-02 17:12 <DIR> d-------- c:\programmi\DivX
2009-02-02 17:03 . 2009-02-02 17:03 <DIR> d-------- c:\programmi\Windows Media Connect 2
2009-02-02 17:01 . 2009-02-02 17:01 <DIR> d-------- c:\windows\system32\LogFiles
2009-02-02 17:01 . 2009-02-02 17:02 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-02-02 17:01 . 2006-09-25 17:58 23,856 --a------ c:\windows\system32\spupdsvc.exe
2009-02-02 16:59 . 2009-02-02 16:59 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-02-02 16:16 . 2009-02-02 16:16 25 --a------ c:\windows\mixerdef.ini
2009-01-31 13:22 . 2009-02-03 19:14 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-01-31 12:43 . 2009-01-31 12:44 <DIR> d-------- c:\programmi\File comuni\Adobe
2009-01-31 12:40 . 2009-01-31 12:40 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\CyberLink
2009-01-31 12:39 . 2009-02-02 22:45 <DIR> d--h----- c:\programmi\InstallShield Installation Information
2009-01-31 12:31 . 2009-02-06 17:45 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Ahead
2009-01-31 12:29 . 2009-01-31 12:29 <DIR> d-------- c:\programmi\Nero
2009-01-31 12:29 . 2009-01-31 12:32 <DIR> d-------- c:\programmi\File comuni\Ahead
2009-01-31 11:51 . 2009-01-31 11:52 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Vso
2009-01-31 11:51 . 2009-01-31 11:51 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2009-01-31 11:51 . 2009-01-31 11:52 47,360 --a------ c:\documents and settings\User\Dati applicazioni\pcouffin.sys
2009-01-31 11:23 . 2006-10-26 19:58 30,512 --a------ c:\windows\system32\mdimon.dll
2009-01-31 11:22 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-01-31 11:18 . 2009-01-31 11:18 <DIR> d-------- c:\programmi\Microsoft Works
2009-01-31 11:17 . 2009-01-31 11:17 <DIR> d-------- c:\programmi\MSBuild
2009-01-31 11:16 . 2009-01-31 11:16 <DIR> d-------- c:\programmi\Microsoft.NET
2009-01-31 11:06 . 2009-01-31 11:06 <DIR> d-------- c:\programmi\Microsoft Visual Studio 8
2009-01-31 11:06 . 2009-01-31 11:06 <DIR> d-------- C:\IDE
2009-01-31 11:05 . 2009-01-31 11:17 <DIR> d-------- c:\windows\SHELLNEW
2009-01-31 11:04 . 2009-01-31 11:04 <DIR> dr-h----- C:\MSOCache
2009-01-31 10:51 . 2009-01-31 11:23 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-01-31 09:39 . 2009-01-31 09:39 <DIR> d---s---- c:\documents and settings\User\UserData
2009-01-31 09:36 . 2007-10-15 15:57 182,784 --a------ c:\windows\system32\drivers\wg111v2.sys
2009-01-31 09:34 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 20:39 155,995 ----a-w c:\windows\java\Packages\7ZFHRFTJ.ZIP
2009-01-30 18:57 --------- d-----w c:\programmi\microsoft frontpage
2009-01-30 18:54 --------- d-----w c:\programmi\Servizi in linea
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-02-09_11.13.40.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 16:36:40 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_618.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"EPSON Stylus Photo R360 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE" [2006-05-29 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"C-Media Mixer"="Mixer.exe" [2002-06-12 c:\windows\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-02-02 212992]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-03 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-03 20560]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-01-31 182784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37409c04-f171-11dd-a288-000827dd3010}]
\Shell\AutoRun\command - G:\1utbfd.bat
\Shell\open\Command - G:\1utbfd.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ab02d12-f2f8-11dd-a296-000827dd3010}]
\Shell\AutoRun\command - G:\pook.com
\Shell\open\Command - G:\pook.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f453f50e-ef71-11dd-a283-9f856fefd662}]
\Shell\AutoRun\command - F:\uvsqfgwd.cmd
\Shell\open\Command - F:\uvsqfgwd.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f453f50f-ef71-11dd-a283-9f856fefd662}]
\Shell\AutoRun\command - G:\uvsqfgwd.cmd
\Shell\open\Command - G:\uvsqfgwd.cmd
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {91E9D29B-50C9-44C5-BD10-478E0F5FFFAD} = 85.37.17.50 85.38.28.76
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-09 19:31:44
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5.tmp"
.
Ora fine scansione: 2009-02-09 19:33:51
ComboFix-quarantined-files.txt 2009-02-09 18:33:48
ComboFix2.txt 2009-02-09 10:14:51

Pre-Run: 47,486,320,640 byte disponibili
Post-Run: 47,616,512,000 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe

183 --- E O F --- 2009-02-03 17:16:25


PS quando l'ho trascinato nel programma,dopo un pò il file creato con il blocco note è scomparso.non so se può esserti di aiuto ;) ;)
francois87
Utente Junior
 
Post: 99
Iscritto il: 26/01/08 16:40

Re: AVVISI DI PROTEZIONE

Postdi Luke57 » 10/02/09 08:05

Ciao, ripeti nuovamente l'perazione nel fle ma nel CFScript.txt ci copi lo script seguente:

Codice: Seleziona tutto
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37409c04-f171-11dd-a288-000827dd3010}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ab02d12-f2f8-11dd-a296-000827dd3010}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f453f50e-ef71-11dd-a283-9f856fefd662}]
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: AVVISI DI PROTEZIONE

Postdi francois87 » 10/02/09 11:04

luke ecco i risultati:

ComboFix 09-02-08.01 - User 2009-02-10 10:57:08.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.256.42 [GMT 1:00]
Eseguito da: c:\documents and settings\User\Desktop\abc.exe
Opzioni usate :: c:\documents and settings\User\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1229 [VPS 080723-1] *On-access scanning enabled* (Outdated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-01-10 al 2009-02-10 )))))))))))))))))))))))))))))))))))
.

2009-02-08 23:11 . 2009-02-08 23:11 <DIR> d-------- C:\SOPHTEMP
2009-02-08 18:43 . 2009-02-08 18:43 <DIR> d-------- c:\programmi\Sophos
2009-02-05 11:01 . 2009-02-05 11:01 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\EPSON
2009-02-05 11:01 . 2006-05-08 03:00 75,264 --a------ c:\windows\system32\E_FLBBOE.DLL
2009-02-05 11:01 . 2006-04-19 03:00 62,976 --a------ c:\windows\system32\E_FD4BBOE.DLL
2009-02-05 11:01 . 2004-09-10 21:12 49,152 --a------ c:\windows\system32\E_DCINST.DLL
2009-02-04 21:15 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-02-04 21:15 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-02-04 16:56 . 2009-02-04 16:56 32 --a------ c:\windows\album.ini
2009-02-04 16:43 . 2009-02-04 16:48 <DIR> d-------- c:\documents and settings\User\Contacts
2009-02-04 16:41 . 2009-02-04 16:41 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-02-04 16:41 . 2009-02-04 16:41 <DIR> d-------- c:\programmi\MSN Messenger
2009-02-03 19:24 . 2004-08-19 15:39 16,384 --a------ c:\windows\system32\ipsink.ax
2009-02-03 19:24 . 2004-08-03 23:10 15,360 --a------ c:\windows\system32\drivers\StreamIP.sys
2009-02-03 19:24 . 2004-08-03 23:10 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
2009-02-03 19:23 . 2004-08-03 23:10 85,376 --a------ c:\windows\system32\drivers\NABTSFEC.sys
2009-02-03 19:23 . 2004-08-03 23:10 85,376 --a--c--- c:\windows\system32\dllcache\nabtsfec.sys
2009-02-03 19:23 . 2004-08-03 23:07 59,264 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-02-03 19:23 . 2004-08-03 23:07 59,264 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2009-02-03 19:23 . 2004-08-03 23:10 19,328 --a------ c:\windows\system32\drivers\WSTCODEC.SYS
2009-02-03 19:23 . 2004-08-03 23:10 19,328 --a--c--- c:\windows\system32\dllcache\wstcodec.sys
2009-02-03 19:23 . 2004-08-03 23:10 17,024 --a------ c:\windows\system32\drivers\CCDECODE.sys
2009-02-03 19:23 . 2004-08-03 23:10 17,024 --a--c--- c:\windows\system32\dllcache\ccdecode.sys
2009-02-03 19:22 . 2009-02-03 19:22 <DIR> d-------- c:\programmi\File comuni\logishrd
2009-02-03 19:21 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-02-03 19:21 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-02-03 19:17 . 2009-02-03 19:17 <DIR> d-------- c:\programmi\Camfrog
2009-02-03 19:17 . 2009-02-03 19:17 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Camfrog
2009-02-03 17:50 . 2009-02-03 17:50 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\vlc
2009-02-03 17:16 . 2009-02-09 21:34 <DIR> d-------- c:\programmi\eMule
2009-02-03 16:54 . 2009-02-03 17:59 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-02-03 16:41 . 2009-02-03 16:41 <DIR> d-------- c:\programmi\Alwil Software
2009-02-03 16:13 . 2009-02-03 16:13 <DIR> d-------- c:\documents and settings\NetworkService\Menu Avvio
2009-02-03 16:02 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-03 15:29 . 2009-02-03 16:52 <DIR> d--h----- c:\windows\$hf_mig$
2009-02-02 22:48 . 2009-02-02 22:48 <DIR> d-------- c:\programmi\ArcSoft
2009-02-02 22:48 . 1998-10-06 18:57 327,168 --a------ c:\windows\IsUn0410.exe
2009-02-02 22:48 . 2001-06-20 09:59 21 --a------ c:\windows\PS_setup.ini
2009-02-02 22:46 . 2009-02-04 16:56 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\ArcSoft
2009-02-02 22:45 . 1999-05-26 09:46 212,480 --a------ c:\windows\pcdlib32.dll
2009-02-02 22:38 . 2009-02-02 22:38 <DIR> d-------- c:\programmi\VideoLAN
2009-02-02 21:40 . 2009-02-02 21:40 <DIR> d-------- c:\windows\Motive
2009-02-02 21:40 . 2009-02-02 21:40 <DIR> d-------- c:\programmi\Pirelli
2009-02-02 21:40 . 2009-02-02 21:40 <DIR> d-------- c:\programmi\Common Files
2009-02-02 21:40 . 2009-02-02 21:40 <DIR> d-------- c:\documents and settings\LocalService\Menu Avvio
2009-02-02 21:40 . 2004-10-05 17:41 52,864 --a------ c:\windows\system32\drivers\CnxTrUsb.sys
2009-02-02 21:40 . 2004-10-05 17:41 25,984 --a------ c:\windows\system32\drivers\CnxTrLan.sys
2009-02-02 21:39 . 2009-02-02 21:40 <DIR> d-------- c:\programmi\Motive
2009-02-02 21:39 . 2009-02-02 21:40 <DIR> d-------- c:\programmi\Alice ti aiuta
2009-02-02 21:38 . 2009-02-02 21:38 <DIR> d-------- c:\programmi\Telecom Italia
2009-02-02 21:38 . 2009-02-02 21:38 <DIR> d-------- c:\programmi\File comuni\InstallShield
2009-02-02 17:12 . 2009-02-02 17:12 <DIR> d-------- c:\programmi\DivX
2009-02-02 17:03 . 2009-02-02 17:03 <DIR> d-------- c:\programmi\Windows Media Connect 2
2009-02-02 17:01 . 2009-02-02 17:01 <DIR> d-------- c:\windows\system32\LogFiles
2009-02-02 17:01 . 2009-02-02 17:02 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-02-02 17:01 . 2006-09-25 17:58 23,856 --a------ c:\windows\system32\spupdsvc.exe
2009-02-02 16:59 . 2009-02-02 16:59 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-02-02 16:16 . 2009-02-02 16:16 25 --a------ c:\windows\mixerdef.ini
2009-01-31 13:22 . 2009-02-03 19:14 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-01-31 12:43 . 2009-01-31 12:44 <DIR> d-------- c:\programmi\File comuni\Adobe
2009-01-31 12:40 . 2009-01-31 12:40 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\CyberLink
2009-01-31 12:39 . 2009-02-02 22:45 <DIR> d--h----- c:\programmi\InstallShield Installation Information
2009-01-31 12:31 . 2009-02-06 17:45 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Ahead
2009-01-31 12:29 . 2009-01-31 12:29 <DIR> d-------- c:\programmi\Nero
2009-01-31 12:29 . 2009-01-31 12:32 <DIR> d-------- c:\programmi\File comuni\Ahead
2009-01-31 11:51 . 2009-01-31 11:52 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Vso
2009-01-31 11:51 . 2009-01-31 11:51 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2009-01-31 11:51 . 2009-01-31 11:52 47,360 --a------ c:\documents and settings\User\Dati applicazioni\pcouffin.sys
2009-01-31 11:23 . 2006-10-26 19:58 30,512 --a------ c:\windows\system32\mdimon.dll
2009-01-31 11:22 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-01-31 11:18 . 2009-01-31 11:18 <DIR> d-------- c:\programmi\Microsoft Works
2009-01-31 11:17 . 2009-01-31 11:17 <DIR> d-------- c:\programmi\MSBuild
2009-01-31 11:16 . 2009-01-31 11:16 <DIR> d-------- c:\programmi\Microsoft.NET
2009-01-31 11:06 . 2009-01-31 11:06 <DIR> d-------- c:\programmi\Microsoft Visual Studio 8
2009-01-31 11:06 . 2009-01-31 11:06 <DIR> d-------- C:\IDE
2009-01-31 11:05 . 2009-01-31 11:17 <DIR> d-------- c:\windows\SHELLNEW
2009-01-31 11:04 . 2009-01-31 11:04 <DIR> dr-h----- C:\MSOCache
2009-01-31 10:51 . 2009-01-31 11:23 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-01-31 09:39 . 2009-01-31 09:39 <DIR> d---s---- c:\documents and settings\User\UserData
2009-01-31 09:36 . 2007-10-15 15:57 182,784 --a------ c:\windows\system32\drivers\wg111v2.sys
2009-01-31 09:34 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 20:39 155,995 ----a-w c:\windows\java\Packages\7ZFHRFTJ.ZIP
2009-01-30 18:57 --------- d-----w c:\programmi\microsoft frontpage
2009-01-30 18:54 --------- d-----w c:\programmi\Servizi in linea
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-02-09_11.13.40.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-10 09:50:25 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_62c.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"EPSON Stylus Photo R360 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE" [2006-05-29 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"C-Media Mixer"="Mixer.exe" [2002-06-12 c:\windows\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-02-02 212992]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-03 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-03 20560]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-01-31 182784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f453f50f-ef71-11dd-a283-9f856fefd662}]
\Shell\AutoRun\command - G:\uvsqfgwd.cmd
\Shell\open\Command - G:\uvsqfgwd.cmd
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 10:59:18
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5.tmp"
.
Ora fine scansione: 2009-02-10 11:01:31
ComboFix-quarantined-files.txt 2009-02-10 10:01:27
ComboFix2.txt 2009-02-09 18:33:53
ComboFix3.txt 2009-02-09 10:14:51

Pre-Run: 47,602,692,096 byte disponibili
Post-Run: 47,598,907,392 byte disponibili

169 --- E O F --- 2009-02-03 17:16:25
francois87
Utente Junior
 
Post: 99
Iscritto il: 26/01/08 16:40

Re: AVVISI DI PROTEZIONE

Postdi Luke57 » 10/02/09 11:28

Ciao, fai questa ultima manovra, apri un file di testo , al cui interno copie e incolli


Codice: Seleziona tutto
Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f453f50f-ef71-11dd-a283-9f856fefd662}]
;


salvi il file e lo chiami fix.reg (ovviamente cambi l'estensione da .txt a .reg) tipo di file=tutti i file.

Poi doppio clik su tale file e accetti le modifiche al registro proposte.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: AVVISI DI PROTEZIONE

Postdi francois87 » 10/02/09 11:51

luke ho come mi hai detto....ed ora???ho finito???
francois87
Utente Junior
 
Post: 99
Iscritto il: 26/01/08 16:40

Re: AVVISI DI PROTEZIONE

Postdi Luke57 » 10/02/09 18:36

Ciao, come va adesso?
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: AVVISI DI PROTEZIONE

Postdi francois87 » 10/02/09 18:43

ciao luke,il virus..precisamente il Rootkit non c'è più grazie al programma che mi hai consigliato...Combofix.però l'avviso di protezione mi compare sempre...(X rossa) e non mi fa aggiornare l'antivirus.
avrei qualche altra domanda...anzi aiuto da chiederti..però è meglio fare una cosa alla volta.che ne pensi di questo avviso di protezione che non va via????
francois87
Utente Junior
 
Post: 99
Iscritto il: 26/01/08 16:40

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "AVVISI DI PROTEZIONE":


Chi c’è in linea

Visitano il forum: Nessuno e 94 ospiti