www.MegaLab.it

da **turchettino** » sab ott 25, 2008 5:24 pm

Buona sera a tutti.
ieri ho riaccesso un computer dopo tanto tempo per me questo computer e i suoi file sono di notevole importanza (è un computer di lavoro).

ho fatto una bella scansione con:

* Avira antivirus pro
* ccleaner
* Uniblue registry booster
* Superantispanwere
* Asquered

ho anche fatto delle scansioni con hijackthis e runscanner e ho salvato i log che allegherò.

è cambiato anche lo sfondo ed è uscito una specie di antivirus. il compiuter è inutilizzabile. ci sono anche dei file nominati antivirus2009 o 2008 nn ricordo. cosa posso fare? grazie anticipatamente

Ecco i due log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.04.17, on 25/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Admin\Desktop\Pulizia pc\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Admin\Desktop\Pulizia pc\registrybooster.exe
C:\DOCUME~1\Admin\IMPOST~1\Temp\mia3.tmp\Uniblue RegistryBooster.exe
C:\Documents and Settings\Admin\Desktop\Pulizia pc\RunScanner.exe
C:\Documents and Settings\Admin\Desktop\Pulizia pc\RunScanner.exe
C:\WINDOWS\system32\msiexec.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {EF2CDA7B-D976-4DD5-A5F8-1694D3110690} - C:\WINDOWS\system32\cscdl.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programmi\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] C:\Programmi\lg_fwupdate\fwupdate.exe blrun
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programmi\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [explorer] C:\Programmi\iSecurity\{8BD8E8FA-92A5-4a5c-A044-FBF462517EB4}\install.exe
O4 - HKLM\..\Run: [lphcep0j0ev73] C:\WINDOWS\system32\lphcep0j0ev73.exe
O4 - HKLM\..\Run: [SMrhcap0j0ev73] C:\Programmi\rhcap0j0ev73\rhcap0j0ev73.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Programmi\File comuni\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FreePOPs.lnk = C:\Programmi\FreePOPs\freepopsd.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{76F972F2-385E-4390-B363-EA5C4E4709BC}: NameServer = 151.99.125.2
O20 - AppInit_DLLs: karina.dat
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 5460 bytes

Ecco l'altro:

Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

General info
------------
Computer name : ESSO1
Creation time : 25/10/2008 17.05.30
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 6.0.2900.2180
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.7.0.0
User Language : Italiano (Italia)
User rights : Administrator
Windows folder : C:\WINDOWS

Running processes
-----------------
* C:\WINDOWS\System32\alg.exe (Microsoft Corporation)
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
* C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\Documents and Settings\Admin\Desktop\Pulizia pc\HijackThis.exe (Trend Micro Inc.)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
* C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe (Trend Micro Incorporated.)
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (Trend Micro Incorporated.)
* C:\Documents and Settings\Admin\Desktop\Pulizia pc\RunScanner.exe (Runscanner.net)
* C:\Documents and Settings\Admin\Desktop\Pulizia pc\RunScanner.exe (Runscanner.net)
* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe (Trend Micro Incorporated.)
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (Trend Micro Inc.)
* c:\windows\System32\smss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation)
* C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation)
* C:\WINDOWS\system32\msiexec.exe (Microsoft Corporation)

Unrated items
-------------
002 C:\Programmi\lg_fwupdate\fwupdate.exe (BL)
002 * C:\Programmi\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
002 C:\WINDOWS\system32\lphcep0j0ev73.exe
002 C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
002 C:\Programmi\Trend Micro\Internet Security 12\pccguide.exe (Trend Micro Incorporated.)
002 C:\Programmi\QuickTime\qttask.exe (Apple Computer, Inc.)
002 C:\WINDOWS\system32\sistray.EXE (Silicon Integrated Systems Corporation)
002 C:\WINDOWS\system32\keyhook.exe (Silicon Integrated Systems Corporation)
002 C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
002 C:\Programmi\rhcap0j0ev73\rhcap0j0ev73.exe
004 C:\Programmi\FreePOPs\freepopsd.exe
005 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE (SEIKO EPSON CORPORATION)
005 C:\Programmi\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
010 C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe (EpsonBidirectionalService)
010 C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe (InstallDriver Table Manager)
010 C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (Trend Micro Central Control Component)
010 C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (Trend Micro Personal Firewall)
010 C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe (Trend Micro Proxy Service)
010 C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe (Trend Micro Real-time Service)
011 c:\windows\System32\Drivers\tm_cfw.sys (Common Firewall Driver)
011 C:\WINDOWS\system32\DRIVERS\eacfilt.sys (Eacfilt Miniport)
011 * C:\WINDOWS\system32\DRIVERS\lmimirr.sys (lmimirr)
011 * C:\Programmi\LogMeIn\x86\RaInfo.sys (LogMeIn Kernel Information Provider)
011 * C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn Remote File System Driver)
011 C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys (Nortel Extranet Access Protocol)
011 C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys (Nortel IPSECSHM Adapter)
011 C:\WINDOWS\System32\Drivers\PxHelp20.sys (PxHelp20)
011 c:\windows\System32\Drivers\tmtdi.sys (Trend Micro TDI Driver)
011 C:\WINDOWS\System32\Drivers\Winbf37.sys (Winbf37)
031 C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) {0A9007C0-4076-11D3-8789-0000F8105754}
052 C:\WINDOWS\system32\cscdl.dll (Alcohol Soft Development Team) {EF2CDA7B-D976-4DD5-A5F8-1694D3110690}
061 C:\Programmi\Trend Micro\Internet Security 12\Tmdshell.dll (Trend Micro Incorporated.) {48F45200-91E6-11CE-8A4F-0080C81A28D4}
061 C:\Programmi\Trend Micro\Internet Security 12\VBProp.dll (Trend Micro Incorporated.) {771A9DA0-731A-11CE-993C-00AA004ADB6C}
061 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}
061 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79305-84BE-11CE-9641-444553540000}
061 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79306-84BE-11CE-9641-444553540000}
061 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79307-84BE-11CE-9641-444553540000}
062 C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
064 C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation)
065 explorer.exe : c:\windows\system32\vbwguxae.old
067 * C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
067 C:\WINDOWS\system32\WinCtrl32.dll
069 C:\WINDOWS\system32\E_SL2027.DLL (SEIKO EPSON CORPORATION)
069 C:\WINDOWS\system32\E_SL2027.DLL (SEIKO EPSON CORPORATION)
069 * C:\WINDOWS\system32\LMIport.dll (LogMeIn, Inc.)
104 * C:\WINDOWS\Downloaded Program Files\RACtrl.dll {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}
105 E&sporta in Microsoft Excel : res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
120 NameServer {76F972F2-385E-4390-B363-EA5C4E4709BC} : 151.99.125.2
170 {87836592-8147-11dc-bf79-000b6a45ee8f} : C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
170 {e9485c3e-82c0-11dc-bf7f-000b6a45ee8f} : C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
170 {e9485c3f-82c0-11dc-bf7f-000b6a45ee8f} : C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
171 C:\WINDOWS\system32\blphcep0j0ev73.scr (Sysinternals)
172 * C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.)
173 C:\Programmi\Trend Micro\Internet Security 12\Tmdshell.dll (Trend Micro Incorporated.)
173 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}
221 C:\Programmi\Trend Micro\Internet Security 12\Tmdshell.dll (Trend Micro Incorporated.)
221 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}
225 C:\Programmi\Trend Micro\Internet Security 12\Tmdshell.dll (Trend Micro Incorporated.)
225 C:\Programmi\Trend Micro\Internet Security 12\Tmdshell.dll (Trend Micro Incorporated.)
225 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}
225 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}
227 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}
231 C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) PDF Column Info

Missing files
-------------
002 C:\Programmi\iSecurity\{8BD8E8FA-92A5-4a5c-A044-FBF462517EB4}\install.exe
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\WINDOWS\system32\drivers\abp480n5.sys
011 C:\WINDOWS\system32\drivers\adpu160m.sys
011 C:\WINDOWS\system32\drivers\Aha154x.sys
011 C:\WINDOWS\system32\drivers\aic78u2.sys
011 C:\WINDOWS\system32\drivers\aic78xx.sys
011 C:\WINDOWS\system32\drivers\AliIde.sys
011 C:\WINDOWS\system32\drivers\amsint.sys
011 C:\WINDOWS\system32\drivers\asc.sys
011 C:\WINDOWS\system32\drivers\asc3350p.sys
011 C:\WINDOWS\system32\drivers\asc3550.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\WINDOWS\system32\drivers\Beep.sys
011 C:\WINDOWS\system32\drivers\cd20xrnt.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 C:\WINDOWS\system32\drivers\CmdIde.sys
011 C:\WINDOWS\system32\drivers\Cpqarray.sys
011 C:\WINDOWS\system32\drivers\dac2w2k.sys
011 C:\WINDOWS\system32\drivers\dac960nt.sys
011 C:\WINDOWS\system32\drivers\dpti2o.sys
011 C:\WINDOWS\system32\drivers\hpn.sys
011 C:\WINDOWS\system32\drivers\i2omgmt.sys
011 C:\WINDOWS\system32\drivers\i2omp.sys
011 C:\WINDOWS\system32\drivers\ini910u.sys
011 C:\WINDOWS\system32\drivers\IntelIde.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys
011 C:\WINDOWS\system32\drivers\mraid35x.sys
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\WINDOWS\system32\drivers\perc2.sys
011 C:\WINDOWS\system32\drivers\perc2hib.sys
011 C:\WINDOWS\system32\drivers\ql1080.sys
011 C:\WINDOWS\system32\drivers\Ql10wnt.sys
011 C:\WINDOWS\system32\drivers\ql12160.sys
011 C:\WINDOWS\system32\drivers\ql1240.sys
011 C:\WINDOWS\system32\drivers\ql1280.sys
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 C:\WINDOWS\system32\drivers\Sparrow.sys
011 C:\WINDOWS\system32\drivers\sym_hi.sys
011 C:\WINDOWS\system32\drivers\sym_u3.sys
011 C:\WINDOWS\system32\drivers\symc810.sys
011 C:\WINDOWS\system32\drivers\symc8xx.sys
011 C:\WINDOWS\system32\drivers\TosIde.sys
011 C:\WINDOWS\system32\drivers\ultra.sys
011 C:\WINDOWS\system32\drivers\ViaIde.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys
061 deskpan.dll
121 karina.dat

da **crazy.cat** » sab ott 25, 2008 5:27 pm

scarica combofix o malwarebytes e aggiornalo, poi fai la scansione, è il metodo migliore.

www.MegaLab.it

Moltitudine di virus aiuto

Moltitudine di virus aiuto

Re: Moltitudine di virus aiuto

Chi c’è in linea