ciao , anche io ho un problema simile qualcuno mi può aiutare , premetto che di pc ne capisco poco
vi posto il log
ComboFix 12-11-16.02 - Utente 16/11/2012 18.03.10.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.383.131 [GMT 1:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
La copia infetta di c:\windows\system32\msgsvc.dll è stata trovata e disinfettata
ipristinata copia da - c:\windows\erdnt\cache\msgsvc.dll
.
c:\windows\system32\drivers\usbehci.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Creati Da 2012-10-16 al 2012-11-16 )))))))))))))))))))))))))))))))))))
.
.
2012-11-10 13:04 . 2012-11-15 20:12 -------- d-----r- C:\Programmi
2012-11-10 13:01 . 2012-11-10 12:31 -------- d-----w- C:\Documents and Settings
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\programmi\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\programmi\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"SpywareTerminatorShield"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2012-11-09 2777296]
"SpywareTerminatorUpdater"="c:\programmi\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-11-09 3673808]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]
.
c:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\
lolipop.lnk - c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Lollipop\lolipop.exe [2012-11-16 858112]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Utente^Menu Avvio^Programmi^Esecuzione automatica^caqoeck.lnk]
path=c:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\caqoeck.lnk
backup=c:\windows\pss\caqoeck.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-04-21 16:03 94208 ----a-w- c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2002-12-31 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 12:03 36975 ----a-w- c:\programmi\Java\jre1.5.0_06\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Programmi\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/11/2012 17.19.45 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/11/2012 17.19.50 361032]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [15/11/2012 21.14.36 32768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/11/2012 17.19.50 21256]
R2 MBAMScheduler;MBAMScheduler;c:\programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe [13/11/2012 20.32.42 399432]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [13/11/2012 20.32.42 676936]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\programmi\Spyware Terminator\st_rsser.exe [15/11/2012 21.14.24 587472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13/11/2012 20.32.33 22856]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-11-16 c:\windows\Tasks\avast! Emergency Update.job
- c:\programmi\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-10 22:50]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-507921405-1060284298-1003Core.job
- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-11-10 15:35]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-507921405-1060284298-1003UA.job
- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-11-10 15:35]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/index.htmlIE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2012-11-16 18:17
Windows 5.1.2600 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.EXE'(1676)
c:\windows\system32\MSCTF.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\AVAST Software\Avast\AvastSvc.exe
c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2012-11-16 18:22:53 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-11-16 17:22
ComboFix2.txt 2012-11-16 16:33
.
Pre-Run: 29.436.657.664 byte disponibili
Post-Run: 29.431.115.776 byte disponibili
.
- - End Of File - - E9995CB459D92D18D6BEBF0A21827B47