Condividi:        

Problema virus...

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Problema virus...

Postdi Black Carnival » 11/04/10 11:26

Salve a tutti! Innanzi tutto mi devo scusare per il titolo della discussione ma non saprei quale altro mettere...comunque iniziamo ad esporvi il mio problema! :-?
Allora, tutto è iniziato quando, dopo qualche tempo da quando era acceso, appariva una schermata nera con una finestrella con su scritto "Assenza segnale". So che cosa provoca questo problema, e si tratta di un virus di cui credo anche di conoscere il nome. Allora, dato che sono impossibilitata ad accedere normalmente al computer, da un pò accedo in modalità provvisoria per cercare di risolvere il problema, ma quando faccio la scansione con norton 2010 non mi trova alcn virus. Allora ho cercato di installare nod32 sempre in modalità provvisoria, ma mi appare una finestra che dice "Non è possibile effettuare l'installazione a causa dei criteri impostati dal'amministratore del sistema." Adesso non so proprio come fare...Spero di essere stata chiara e aspetto speraznosa un vostro aiuto!! :(
Black Carnival
Newbie
 
Post: 2
Iscritto il: 11/04/10 10:58

Sponsor
 

Re: Problema virus...

Postdi shel » 11/04/10 12:05

ciao Black Carnival

prima di installare un aktro antivirus dovresti disinstallare il norton con un tool specifico ovvero il Norton Removal Tool

esegui nel frattempo una scansione con combofix

disattiva l'antivirus

scaricalo ed eseguilo sul desktop
-
- digita 1
- segui le instruzioni
- finita la scansione portati in C:\ e copia/incolla, nella tua prossima risposta, il contenuto del file di testo Combofix.txt
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Problema virus...

Postdi Black Carnival » 11/04/10 14:16

Sono riuscita a disinstallare Norton, adesso posso installare nod32? Ah, ecco cosa mi è uscito


ComboFix 10-04-10.02 - LUIGI IL MITO 11/04/2010 15.40.23.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.41 [GMT 2:00]
Eseguito da: c:\documents and settings\LUIGI IL MITO\Desktop\ComboFix.exe

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dati applicazioni\1ppt2pdf.dll
c:\programmi\GooglePlusVideos
c:\programmi\GooglePlusVideos\8.GooglePlusVideos.dll
c:\programmi\GooglePlusVideos\DeploymentHelper.exe
c:\programmi\GooglePlusVideos\FFExt\chrome.manifest
c:\programmi\GooglePlusVideos\FFExt\chrome\content\googleplusvideos.xul
c:\programmi\GooglePlusVideos\FFExt\chrome\content\script-injector.js
c:\programmi\GooglePlusVideos\FFExt\install.rdf
c:\programmi\GooglePlusVideos\GooglePlusVideosLicense.txt
c:\programmi\GooglePlusVideos\GVConfig.ini
c:\programmi\GooglePlusVideos\MFC42U.DLL
c:\programmi\GooglePlusVideos\Uninstall.bat
c:\windows\system32\VB6KO.DLL
c:\windows\TEMP\mpengine.dll

.
((((((((((((((((((((((((( Files Creati Da 2010-03-11 al 2010-04-11 )))))))))))))))))))))))))))))))))))
.

2010-04-11 09:50 . 2010-04-11 09:50 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Mozilla
2010-04-11 09:50 . 2010-04-11 09:50 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-03-19 19:08 . 2010-03-19 19:08 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-19 19:02 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-03-19 19:01 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 14:00 . 2009-02-22 15:01 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-04-11 14:00 . 2009-10-21 16:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Norton
2010-04-11 13:56 . 2009-03-15 15:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-04-11 13:38 . 2004-08-19 17:27 649988 ----a-w- c:\windows\system32\perfh010.dat
2010-04-11 13:38 . 2004-08-19 17:27 141018 ----a-w- c:\windows\system32\perfc010.dat
2010-04-11 13:19 . 2010-04-11 13:19 443912 ----a-w- c:\documents and settings\LUIGI IL MITO\Dati applicazioni\Real\Update\setup3.10\setup.exe
2010-03-05 18:16 . 2010-03-05 18:16 -------- d-----w- c:\documents and settings\LUIGI IL MITO\Dati applicazioni\Tific
2010-03-05 17:55 . 2009-10-21 16:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2010-03-05 17:49 . 2009-02-22 14:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2010-03-05 17:42 . 2009-10-21 16:02 -------- d-----w- c:\programmi\NortonInstaller
2010-03-05 17:41 . 2009-05-15 14:09 -------- d-----w- c:\programmi\Norton Security Scan
2010-03-05 17:09 . 2010-03-05 17:09 -------- d-----w- c:\documents and settings\LUIGI IL MITO\Dati applicazioni\InstallShield
2010-03-05 17:09 . 2010-03-05 17:09 -------- d-----w- c:\programmi\Windows Sidebar
2010-03-05 17:09 . 2010-03-05 17:09 -------- d-----w- c:\programmi\Norton Internet Security
2010-03-05 17:08 . 2010-03-05 17:08 -------- d-----w- c:\programmi\Ubisoft
2010-03-05 17:08 . 2010-03-05 17:08 -------- d-----w- c:\programmi\Lineage II
2010-03-05 17:07 . 2010-02-27 18:01 -------- d-----w- c:\programmi\ESET(2)
2009-03-05 16:08 . 2009-09-01 13:36 49664 ----a-w- c:\programmi\mozilla firefox\components\FFComm.dll
2009-04-07 18:52 . 2009-04-07 18:52 28672 ----a-w- c:\programmi\mozilla firefox\components\GooglePlusVideosXPCOM.dll
2008-10-19 09:58 . 2008-10-19 09:58 49152 ----a-w- c:\programmi\mozilla firefox\components\SiteVacuumXPCOM.dll
2009-11-17 16:41 . 2009-04-17 16:50 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{F4F10C1D-87C7-404A-B4B3-000000000000}"= "c:\progra~1\DAP\SBSearch.dll" [2009-02-22 38384]

[HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DownloadAccelerator"="c:\programmi\DAP\DAP.EXE" [2009-02-22 2807296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"CheckBO"="c:\documents and settings\LUIGI IL MITO\Documenti\My Completed Downloads\checkbo\CheckBO.exe" [1999-12-22 692224]
"USB Storage Toolbox"="c:\programmi\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-05-30 198160]
"ISUSPM Startup"="c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DownloadAccelerator"="c:\programmi\DAP\DAP.EXE" /STARTUP
"DAEMON Tools Pro Agent"="c:\programmi\DAEMON Tools Pro\DTProAgent.exe" -autorun
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" /background
"EPSON Stylus DX4400 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "c:\windows\TEMP\E_S503.tmp" /EF "HKCU"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe"
"Ad-Watch"=c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe
"PDVD9LanguageShortcut"=c:\programmi\CyberLink\PowerDVD9\Language\Language.exe
"BDRegion"=c:\programmi\Cyberlink\Shared Files\brs.exe
"ISUSPM Startup"="c:\programmi\File comuni\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
"NeroCheck"=c:\windows\system32\\NeroCheck.exe
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
"RemoteControl9"=c:\programmi\CyberLink\PowerDVD9\PDVD9Serv.exe
"SiteVacuum"=c:\programmi\EasySearch\SiteVacuumClient.exe
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Italian\\setup.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Activision\\Prototype\\prototypef.exe"=
"c:\\Documents and Settings\\LUIGI IL MITO\\Documenti\\My Completed Downloads\\checkbo\\CheckBO.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Programmi\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Programmi\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Programmi\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22/02/2009 16.47.09 64160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/03/2009 0.24.05 717296]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [12/12/2003 17.49.07 77312]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/06/14 23:56];c:\programmi\CyberLink\PowerDVD9\000.fcl [28/02/2009 19.40.18 87536]
S2 Norton Internet Security;Norton Internet Security;c:\programmi\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [18/12/2009 17.02.48 117640]
S3 EraserUtilDrv10920;EraserUtilDrv10920;\??\c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilDrv10920.sys --> c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilDrv10920.sys [?]
S3 npkycryp;npkycryp;\??\c:\programmi\Lineage II\system\npkycryp.sys --> c:\programmi\Lineage II\system\npkycryp.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-11 c:\windows\Tasks\Manutenzione in 1 clic.job
- c:\programmi\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 10:28]

2009-09-10 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-04-11 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.europowersearch.com/Search.h ... rchLang=IT
mStart Page = hxxp://www.europowersearch.com/Search.h ... rchLang=IT
IE: &Clean Traces - c:\programmi\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\programmi\DAP\dapextie.htm
IE: Download &all with DAP - c:\programmi\DAP\dapextie2.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\LUIGI IL MITO\Dati applicazioni\Mozilla\Firefox\Profiles\msunh9ns.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.europowersearch.com/Search.h ... rchLang=IT
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresult ... default&q=
FF - component: c:\programmi\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\programmi\Mozilla Firefox\components\FFComm.dll
FF - component: c:\programmi\Mozilla Firefox\components\GooglePlusVideosXPCOM.dll
FF - component: c:\programmi\Mozilla Firefox\components\SiteVacuumXPCOM.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\nppopcaploader.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.homepage.dontask - true.
- - - - CHIAVI ORFANE RIMOSSE - - - -

URLSearchHooks-{15c93148-34fe-47e6-88e5-37607a3002f3} - (no file)
BHO-{C8CD2017-F1E5-4F1A-B58A-EE0B1AF0D0D8} - (no file)
BHO-{FF6C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
Toolbar-{15c93148-34fe-47e6-88e5-37607a3002f3} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 16:00
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82D701F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf868af28
\Driver\ACPI -> ACPI.sys @ 0xf83e5cb8
\Driver\atapi -> atapi.sys @ 0xf837ab40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: 3Com Gigabit LOM (3C940) -> SendCompleteHandler -> NDIS.sys @ 0xf8236bb0
PacketIndicateHandler -> NDIS.sys @ 0xf8225a0d
SendHandler -> NDIS.sys @ 0xf8239b40
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\programmi\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\programmi\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD9\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(996)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2272)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\TUProgSt.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-11 16:07:08 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-11 14:07

Pre-Run: 353.942.786.048 byte disponibili
Post-Run: 354.214.027.264 byte disponibili

- - End Of File - - 65B69F49BC2B0F32AC4DB475DC73966F
Black Carnival
Newbie
 
Post: 2
Iscritto il: 11/04/10 10:58

Re: Problema virus...

Postdi shel » 13/04/10 16:15

ciao Black Carnival

facciamo un controllo di sicurezza dell'MBR

scarica mbr.exe direttamente nella Directory C:\

vai in modalita' provvisoria

Da Start - Esegui - digita C:\mbr.exe e clicca su OK

Posta il log che troverai in C:\ come mbr.log
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56


Torna a Sicurezza e Privacy


Topic correlati a "Problema virus...":

Problema con il mouse
Autore: crisge73
Forum: Discussioni
Risposte: 9

Chi c’è in linea

Visitano il forum: Nessuno e 49 ospiti