Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Non riesco a capire che virus è.

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Non riesco a capire che virus è.

Messaggioda luposolitario38 » sab apr 17, 2010 5:58 pm

Ciao a tutti vorrei sottoporvi il log di hijackthis del pc di un amico.

Gentilmente mi aiutate a capire qualcosa.?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.49.17, on 17/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\kaspersky lab\kaspersky internet security 2009\avp .exe
c:\programmi\kaspersky lab\kaspersky internet security 2009\avp .exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Prevx\prevx.exe
C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\gearsec.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
C:\Programmi\Prevx\prevx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Documents and Settings\LuPo\Documenti\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [AVP] "c:\programmi\kaspersky lab\kaspersky internet security 2009\avp .exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe_Reader] c:\programmi\internet explorer\wmpscfgs.exe
O4 - HKCU\..\Run: [BrowserChoice] "C:\WINDOWS\system32\browserchoice.exe" /run
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Aggiungi al banner Blocco pubblicità - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {15D151C8-5180-43C1-9360-4D794663BD6E} (Posto di Lavoro del Cittadino - Attestazione) - http://www.crs.regione.lombardia.it/com ... tadino.cab
O16 - DPF: {3263F297-5CB9-4D8C-A2DB-CDFB8C69CB6D} (Posto di Lavoro del Cittadino - Autenticazione utente) - http://www.crs.regione.lombardia.it/com ... Update.cab
O16 - DPF: {4384AA75-43AB-4095-84F9-C5B35EC62B5D} (Posto di Lavoro del Cittadino - Interprete dati) - http://www.crs.regione.lombardia.it/com ... rsInfo.cab
O16 - DPF: {877E14A6-0ACF-4509-8CF3-E4A0F4ED46F4} (Postazione di Lavoro del Cittadino 3.0) - http://supportsiss.lispa.it/components/pdlc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (file missing)
O23 - Service: avp - Unknown owner - c:\programmi\kaspersky lab\kaspersky internet security 2009\avp .exe (file missing)
O23 - Service: avp - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp .exe (file missing)
O23 - Service: avp - Kaspersky Lab - c:\programmi\kaspersky lab\kaspersky internet security 2009\avp .exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: CSIScanner - Prevx - C:\Programmi\Prevx\prevx.exe
O23 - Service: digiSPTIService - Unknown owner - C:\Programmi\Digidesign\Pro Tools\digiSPTIService.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 7258 bytes
Avatar utente
luposolitario38
Aficionado
Aficionado
 
Messaggi: 51
Iscritto il: gio gen 31, 2008 10:49 pm

Re: Non riesco a capire che virus è.

Messaggioda ste_95 » sab apr 17, 2010 6:26 pm

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:
Codice: Seleziona tutto
[LOG]qui va inserito il log[/LOG]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Non riesco a capire che virus è.

Messaggioda M. Francesco Rossi » sab apr 17, 2010 7:39 pm

Secondo il file di log di Hijackthis nel tuo eleboratore è presente un cavallo di Troia. Si chiama Trojan.Agent/Gen-Alway e il suo Message Digest algorithm 5 corrisponde a BD165EC7F73440EB899325D37813867A.
Per eliminarlo, ti consiglio di scaricarti la versione gratuita di Superantispyware.
Avatar utente
M. Francesco Rossi
Neo Iscritto
Neo Iscritto
 
Messaggi: 12
Iscritto il: mer apr 14, 2010 7:51 am


Re: Non riesco a capire che virus è.

Messaggioda luposolitario38 » sab apr 17, 2010 9:00 pm

Ecco il log di combofix

ComboFix 10-04-17.01 - LuPo 17/04/2010 21.55.24.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3327.2985 [GMT 2:00]
Eseguito da: c:\documents and settings\LuPo\Desktop\Pippo.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
c:\programmi\Adobe\acrotray .exe
c:\windows\system32\browserchoice .exe
c:\windows\system32\rundll32 .exe

.
((((((((((((((((((((((((( Files Creati Da 2010-03-17 al 2010-04-17 )))))))))))))))))))))))))))))))))))
.

2010-04-16 21:01 . 2010-04-16 21:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-04-16 21:01 . 2010-04-16 21:01 -------- d-----r- c:\documents and settings\NetworkService\Preferiti
2010-04-15 17:06 . 2010-04-15 17:06 53160 ----a-w- c:\windows\system32\PxSecure.dll
2010-04-15 17:06 . 2010-04-15 17:06 53088 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-15 17:06 . 2010-04-15 17:06 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-15 17:06 . 2010-04-15 17:06 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-15 17:06 . 2010-04-15 17:06 -------- d-----w- c:\programmi\Prevx
2010-04-15 17:06 . 2010-04-15 17:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PrevxCSI
2010-04-15 16:59 . 2010-04-15 16:59 -------- d-----w- c:\windows\system32\wbem\snmp
2010-04-15 16:59 . 2010-04-15 16:59 -------- d-----w- c:\windows\system32\xircom
2010-04-15 16:59 . 2010-04-15 16:59 -------- d-----w- c:\programmi\microsoft frontpage
2010-04-14 23:05 . 2010-04-14 23:05 4 ----a-w- c:\programmi\426093.dat
2010-04-14 20:15 . 2010-04-14 20:15 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-04-14 20:12 . 2010-04-14 20:12 -------- d-----w- c:\documents and settings\LuPo\Dati applicazioni\Malwarebytes
2010-04-14 20:12 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-14 20:12 . 2010-04-15 17:28 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-14 20:12 . 2010-04-14 20:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-04-14 20:12 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-14 20:10 . 2010-02-12 04:28 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-04-14 20:10 . 2010-02-11 11:36 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2010-04-14 20:10 . 2009-12-24 06:43 178176 ------w- c:\windows\system32\dllcache\wintrust.dll
2010-04-01 20:52 . 2010-04-01 20:52 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-03-25 17:50 . 2010-03-28 18:52 -------- d-----w- C:\download
2010-03-24 22:52 . 2010-03-24 22:52 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-03-23 22:42 . 2010-04-15 16:56 -------- d-----w- c:\programmi\WiFi Engine
2010-03-23 22:42 . 2010-03-23 22:42 -------- d-----w- c:\windows\WiFi Engine
2010-03-22 19:37 . 2010-03-22 19:39 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 19:43 . 2001-08-31 14:00 605494 ----a-w- c:\windows\system32\perfh010.dat
2010-04-17 19:43 . 2001-08-31 14:00 137436 ----a-w- c:\windows\system32\perfc010.dat
2010-04-17 19:40 . 2009-04-13 09:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2010-04-17 19:39 . 2009-04-13 09:40 884768 ----a-w- c:\windows\system32\drivers\fidbox2.dat
2010-04-17 19:39 . 2009-04-13 09:40 8296 ----a-w- c:\windows\system32\drivers\fidbox2.idx
2010-04-17 19:37 . 2009-04-13 09:40 13042208 ----a-w- c:\windows\system32\drivers\fidbox.dat
2010-04-17 19:37 . 2009-04-13 09:40 119740 ----a-w- c:\windows\system32\drivers\fidbox.idx
2010-04-15 17:35 . 2009-08-25 14:28 -------- d-----w- c:\documents and settings\LuPo\Dati applicazioni\FileZilla
2010-04-15 16:56 . 2010-01-31 17:06 -------- d-----w- c:\programmi\QuickTime
2010-04-15 16:56 . 2009-05-02 14:07 -------- d-----w- c:\programmi\Microsoft LifeCam
2010-04-15 16:56 . 2010-01-31 17:07 -------- d-----w- c:\programmi\iTunes
2010-04-14 21:02 . 2010-04-14 21:02 4 ----a-w- c:\programmi\709078.dat
2010-04-01 21:20 . 2010-04-01 21:20 4 ----a-w- c:\programmi\514312.dat
2010-03-30 22:35 . 2008-04-13 08:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-30 22:27 . 2009-08-25 14:26 -------- d-----w- c:\programmi\FileZilla FTP Client
2010-03-30 17:09 . 2010-03-30 17:09 12 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\zcbmvn.dat
2010-03-30 17:05 . 2009-05-10 09:51 -------- d-----w- c:\documents and settings\LuPo\Dati applicazioni\Skype
2010-03-30 16:48 . 2009-05-10 09:52 -------- d-----w- c:\documents and settings\LuPo\Dati applicazioni\skypePM
2010-03-21 11:15 . 2009-04-14 16:28 -------- d-----w- c:\programmi\PokerStars.IT
2010-03-14 18:33 . 2010-03-14 18:33 -------- d-----w- c:\programmi\ScanSoft
2010-03-14 18:33 . 2009-04-13 09:11 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-03-14 13:03 . 2010-03-14 13:02 -------- d-----w- c:\programmi\MixMeister Fusion
2010-03-14 13:03 . 2010-03-14 13:03 -------- d-----w- c:\documents and settings\LuPo\Dati applicazioni\MixMeister Technology
2010-03-14 13:02 . 2010-03-14 13:02 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-03-14 12:34 . 2010-03-14 12:34 -------- d-----w- c:\documents and settings\LuPo\Dati applicazioni\vlc
2010-03-10 06:15 . 2009-01-22 19:05 420352 ------w- c:\windows\system32\vbscript.dll
2010-03-07 17:04 . 2009-04-13 12:59 84864 ----a-w- c:\documents and settings\LuPo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-07 17:04 . 2009-08-22 10:39 -------- d-----w- c:\programmi\yDGpatch
2010-03-07 16:02 . 2010-03-07 15:57 -------- d-----w- c:\programmi\JDownloader
2010-03-07 15:43 . 2009-04-19 21:10 -------- d-----w- c:\documents and settings\LuPo\Dati applicazioni\uTorrent
2010-02-28 17:08 . 2010-02-27 15:09 -------- d-----w- c:\documents and settings\LuPo\Dati applicazioni\Steinberg
2010-02-28 17:08 . 2010-02-27 15:02 -------- d-----w- c:\programmi\Steinberg
2010-02-27 20:34 . 2010-02-14 17:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Cakewalk
2010-02-27 20:33 . 2010-02-13 16:00 -------- d-----w- c:\programmi\File comuni\Digidesign
2010-02-27 14:59 . 2010-02-27 14:59 -------- d-----w- c:\programmi\SyncroSoft
2010-02-27 13:06 . 2010-02-27 13:06 -------- d-----w- c:\programmi\M-Audio
2010-02-27 12:11 . 2009-04-13 09:11 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-27 12:10 . 2010-02-27 12:03 -------- d-----w- c:\programmi\Yamaha
2010-02-27 12:03 . 2010-02-27 12:03 4286 ----a-r- c:\documents and settings\LuPo\Dati applicazioni\Microsoft\Installer\{271A659B-A7D3-405E-AE31-3086133BE0B7}\ARPPRODUCTICON.exe
2010-02-25 06:16 . 2009-02-12 00:35 916480 ------w- c:\windows\system32\wininet.dll
2010-02-24 11:57 . 2009-01-22 19:03 457216 ------w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 18:59 . 2009-02-12 01:08 2028032 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 18:59 . 2009-02-12 00:20 2149888 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-12 04:28 . 2008-04-13 16:13 100864 ------w- c:\windows\system32\6to4svc.dll
2010-02-11 11:36 . 2009-01-22 19:05 226880 ------w- c:\windows\system32\drivers\tcpip6.sys
2010-01-31 17:00 . 2010-01-31 17:00 79144 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-07-13 16:53 . 2009-07-13 16:53 24 --sh--w- c:\windows\S3A1AE0BE.tmp
.
Codice: Seleziona tutto
<pre>
c:\programmi\CyberLink\PowerDVD9\pdvd9serv .exe
c:\programmi\CyberLink\PowerDVD9\Language\language .exe
c:\programmi\CyberLink\Shared Files\brs .exe
c:\programmi\iTunes\ituneshelper .exe
c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp   .exe
c:\programmi\Malwarebytes' Anti-Malware\mbam .exe
c:\programmi\Microsoft LifeCam\lifeexp .exe
c:\programmi\QuickTime\qttask .exe
c:\programmi\SlySoft\CloneCD\clonecdtray .exe
c:\programmi\WiFi Engine\wifi_engine .exe
</pre>


------- Sigcheck -------

[-] 2010-03-30 22:35 . 4D967CB1A03116137E06300371176C20 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\system32\DRIVERS\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

[-] 2009-01-23 . 5AE1C2695F6523AD98B948F2887D8C5E . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-02-12 . 94A1A243EF6861D230F31C86CDFDE756 . 486912 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2009-02-12 . 9EFFFA6DE5F17CB4172BDEB447E41968 . 1530880 . . [6.00.2900.5634] . . c:\windows\explorer.exe



c:\windows\System32\ctfmon.exe ... è mancante !!
c:\windows\System32\regsvc.dll ... è mancante !!
.
((((((((((((((((((((((((((((( SnapShot@2010-04-15_17.00.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-16 21:01 . 2010-04-16 21:00 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-13 09:01 . 2010-04-16 21:00 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2009-04-13 09:01 . 2010-04-14 20:49 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2010-04-16 21:01 . 2010-04-16 21:00 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2001-08-31 14:00 . 2010-04-17 19:43 511122 c:\windows\system32\perfh009.dat
+ 2001-08-31 14:00 . 2010-04-17 19:43 111002 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrowserChoice"="c:\windows\system32\browserchoice.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\programmi\kaspersky lab\kaspersky internet security 2009\avp .exe" [2009-04-13 201992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Adobe_Reader"="c:\programmi\internet explorer\wmpscfgs.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"=xgusb.cpl

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\italian\\setup.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Programmi\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Programmi\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 18.29.38 33808]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [12/02/2009 2.29.21 143360]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [15/04/2010 19.06.28 30280]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [20/11/2009 23.35.35 116560]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [20/11/2009 23.35.26 41424]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/13 22:39];c:\programmi\CyberLink\PowerDVD9\000.fcl [28/02/2009 20.40.18 87536]
R2 avp ;avp ;c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp .exe [25/04/2008 18.21.30 201992]
R2 CSIScanner;CSIScanner;c:\programmi\Prevx\prevx.exe [15/04/2010 19.06.27 6349008]
R2 gearsec;gearsec;c:\windows\system32\gearsec.exe [30/11/2005 12.43.00 58952]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [15/04/2010 19.06.28 53088]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 13.31.14 92008]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 19.02.46 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [25/03/2008 20.07.10 24592]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [15/04/2010 19.06.28 24368]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [20/11/2009 23.35.34 95568]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [10/11/2009 15.53.54 104016]
S0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys --> c:\windows\system32\drivers\DigiFilt.sys [?]
S0 rntbszp;rntbszp; [x]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16/01/2010 19.16.33 721904]
S2 avp ;avp ;"c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp .exe" -r --> c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp .exe [?]
S2 avp ;avp ;"c:\programmi\kaspersky lab\kaspersky internet security 2009\avp .exe" -r --> c:\programmi\kaspersky lab\kaspersky internet security 2009\avp .exe [?]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys --> c:\windows\system32\DRIVERS\diginet.sys [?]
S2 E2ECAP;CamDirector - WDM Video Capture;c:\windows\system32\drivers\e2eCap.sys [02/05/2009 2.40.55 156160]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [24/03/2006 19.14.46 33536]
S3 MAFW;Service for M-Audio FireWire;c:\windows\system32\drivers\mafw.sys [27/02/2010 15.06.10 192392]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [20/11/2009 23.35.29 32016]
.
.
------- Scansione supplementare -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Aggiungi al banner Blocco pubblicità - c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
DPF: {15D151C8-5180-43C1-9360-4D794663BD6E} - hxxp://www.crs.regione.lombardia.it/com ... tadino.cab
DPF: {3263F297-5CB9-4D8C-A2DB-CDFB8C69CB6D} - hxxp://www.crs.regione.lombardia.it/com ... Update.cab
DPF: {4384AA75-43AB-4095-84F9-C5B35EC62B5D} - hxxp://www.crs.regione.lombardia.it/com ... rsInfo.cab
DPF: {877E14A6-0ACF-4509-8CF3-E4A0F4ED46F4} - hxxp://supportsiss.lispa.it/components/pdlc.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-HijackThis - c:\documents and settings\LuPo\Impostazioni locali\Temporary Internet Files\Content.IE5\8X6QKU60\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 21:58
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cdfss]
"ImagePath"="\??\c:\docume~1\LuPo\IMPOST~1\Temp\cdfss"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1756)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\klogon.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1812)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
.
Ora fine scansione: 2010-04-17 22:00:13
ComboFix-quarantined-files.txt 2010-04-17 20:00
ComboFix2.txt 2010-04-15 17:03

Pre-Run: 51.221.598.208 byte disponibili
Post-Run: 51.200.249.856 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 4D57B5F48E1AE20C5D5ECB76657E8AB6
Avatar utente
luposolitario38
Aficionado
Aficionado
 
Messaggi: 51
Iscritto il: gio gen 31, 2008 10:49 pm

Re: Non riesco a capire che virus è.

Messaggioda stevens » sab apr 17, 2010 9:39 pm

Ora apri una pagina del blocco note e copia incolla quanto segue

file::
c:\docume~1\LuPo\IMPOST~1\Temp\cdfss
c:\windows\S3A1AE0BE.tmp

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\cdfss]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\cdfss]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\cdfss]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\cdfss]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\cdfss]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdfss]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdfss]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cdfss]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cdfss]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\cdfss]


Driver::
cdfss

FCopy::
c:\windows\ServicePackFiles\i386\ctfmon.exe|c:\windows\System32\ctfmon.exe
c:\windows\ServicePackFiles\i386\regsvc.dll|c:\windows\System32\regsvc.dll


salva la pagina nominandola obligatoriamente in CFScript.txt
a questo punto trascina e lascia il file CFScript.txt sull'icona di combofix

Immagine

lascialo lavorare fino alla fine e riposta il suo log ...
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: Non riesco a capire che virus è.

Messaggioda luposolitario38 » sab apr 17, 2010 10:06 pm

ecco il nuovo log

ComboFix 10-04-17.01 - LuPo 17/04/2010 22.54.56.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3327.3027 [GMT 2:00]
Eseguito da: c:\documents and settings\LuPo\Desktop\Pippo.exe
Opzioni usate :: c:\documents and settings\LuPo\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"c:\docume~1\LuPo\IMPOST~1\Temp\cdfss"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CDFSS


((((((((((((((((((((((((( Files Creati Da 2010-03-17 al 2010-04-17 )))))))))))))))))))))))))))))))))))
.

2010-04-17 20:05 . 2010-04-17 20:05 52224 ----a-w- c:\documents and settings\LuPo\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-17 20:05 . 2010-04-17 20:05 117760 ----a-w- c:\documents and settings\LuPo\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-17 20:05 . 2010-04-17 20:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-04-17 20:04 . 2010-04-17 20:05 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-04-17 20:04 . 2010-04-17 20:04 -------- d-----w- c:\documents and settings\LuPo\Dati applicazioni\SUPERAntiSpyware.com
2010-04-16 21:01 . 2010-04-16 21:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-04-16 21:01 . 2010-04-16 21:01 -------- d-----r- c:\documents and settings\NetworkService\Preferiti
2010-04-15 17:06 . 2010-04-15 17:06 53160 ----a-w- c:\windows\system32\PxSecure.dll
2010-04-15 17:06 . 2010-04-15 17:06 53088 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-15 17:06 . 2010-04-15 17:06 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-15 17:06 . 2010-04-15 17:06 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-15 17:06 . 2010-04-15 17:06 -------- d-----w- c:\programmi\Prevx
2010-04-15 17:06 . 2010-04-15 17:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PrevxCSI
2010-04-15 16:59 . 2010-04-15 16:59 -------- d-----w- c:\windows\system32\wbem\snmp
2010-04-15 16:59 . 2010-04-15 16:59 -------- d-----w- c:\windows\system32\xircom
2010-04-15 16:59 . 2010-04-15 16:59 -------- d-----w- c:\programmi\microsoft frontpage
2010-04-14 23:05 . 2010-04-14 23:05 4 ----a-w- c:\programmi\426093.dat
2010-04-14 20:15 . 2010-04-14 20:15 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-04-14 20:12 . 2010-04-14 20:12 -------- d-----w- c:\documents and settings\LuPo\Dati applicazioni\Malwarebytes
2010-04-14 20:12 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-14 20:12 . 2010-04-15 17:28 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-14 20:12 . 2010-04-14 20:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-04-14 20:12 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-14 20:10 . 2010-02-12 04:28 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-04-14 20:10 . 2010-02-11 11:36 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2010-04-14 20:10 . 2009-12-24 06:43 178176 ------w- c:\windows\system32\dllcache\wintrust.dll
2010-04-01 20:52 . 2010-04-01 20:52 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-03-25 17:50 . 2010-03-28 18:52 -------- d-----w- C:\download
2010-03-24 22:52 . 2010-03-24 22:52 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-03-23 22:42 . 2010-04-15 16:56 -------- d-----w- c:\programmi\WiFi Engine
2010-03-23 22:42 . 2010-03-23 22:42 -------- d-----w- c:\windows\WiFi Engine
2010-03-22 19:37 . 2010-03-22 19:39 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 21:03 . 2009-04-13 09:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2010-04-17 21:00 . 2009-04-13 09:40 884768 ----a-w- c:\windows\system32\drivers\fidbox2.dat
2010-04-17 21:00 . 2009-04-13 09:40 8296 ----a-w- c:\windows\system32\drivers\fidbox2.idx
2010-04-17 21:00 . 2009-04-13 09:40 13042208 ----a-w- c:\windows\system32\drivers\fidbox.dat
2010-04-17 21:00 . 2009-04-13 09:40 119740 ----a-w- c:\windows\system32\drivers\fidbox.idx
2010-04-17 20:57 . 2001-08-31 14:00 606224 ----a-w- c:\windows\system32\perfh010.dat
2010-04-17 20:57 . 2001-08-31 14:00 137772 ----a-w- c:\windows\system32\perfc010.dat
2010-04-17 20:45 . 2009-08-13 09:16 -------- d-----w- c:\programmi\VoiceRipper
2010-04-17 20:04 . 2010-03-14 13:02 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-04-15 17:35 . 2009-08-25 14:28 -------- d-----w- c:\documents and settings\LuPo\Dati applicazioni\FileZilla
2010-04-15 16:56 . 2010-01-31 17:06 -------- d-----w- c:\programmi\QuickTime
2010-04-15 16:56 . 2009-05-02 14:07 -------- d-----w- c:\programmi\Microsoft LifeCam
2010-04-15 16:56 . 2010-01-31 17:07 -------- d-----w- c:\programmi\iTunes
2010-04-14 21:02 . 2010-04-14 21:02 4 ----a-w- c:\programmi\709078.dat
2010-04-01 21:20 . 2010-04-01 21:20 4 ----a-w- c:\programmi\514312.dat
2010-03-30 22:35 . 2008-04-13 08:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-30 22:27 . 2009-08-25 14:26 -------- d-----w- c:\programmi\FileZilla FTP Client
2010-03-30 17:09 . 2010-03-30 17:09 12 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\zcbmvn.dat
2010-03-30 17:05 . 2009-05-10 09:51 -------- d-----w- c:\documents and settings\LuPo\Dati applicazioni\Skype
2010-03-30 16:48 . 2009-05-10 09:52 -------- d-----w- c:\documents and settings\LuPo\Dati applicazioni\skypePM
2010-03-21 11:15 . 2009-04-14 16:28 -------- d-----w- c:\programmi\PokerStars.IT
2010-03-14 18:33 . 2010-03-14 18:33 -------- d-----w- c:\programmi\ScanSoft
2010-03-14 18:33 . 2009-04-13 09:11 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-03-14 13:03 . 2010-03-14 13:02 -------- d-----w- c:\programmi\MixMeister Fusion
2010-03-14 13:03 . 2010-03-14 13:03 -------- d-----w- c:\documents and settings\LuPo\Dati applicazioni\MixMeister Technology
2010-03-14 12:34 . 2010-03-14 12:34 -------- d-----w- c:\documents and settings\LuPo\Dati applicazioni\vlc
2010-03-10 06:15 . 2009-01-22 19:05 420352 ------w- c:\windows\system32\vbscript.dll
2010-03-07 17:04 . 2009-04-13 12:59 84864 ----a-w- c:\documents and settings\LuPo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-07 17:04 . 2009-08-22 10:39 -------- d-----w- c:\programmi\yDGpatch
2010-03-07 16:02 . 2010-03-07 15:57 -------- d-----w- c:\programmi\JDownloader
2010-03-07 15:43 . 2009-04-19 21:10 -------- d-----w- c:\documents and settings\LuPo\Dati applicazioni\uTorrent
2010-02-28 17:08 . 2010-02-27 15:09 -------- d-----w- c:\documents and settings\LuPo\Dati applicazioni\Steinberg
2010-02-28 17:08 . 2010-02-27 15:02 -------- d-----w- c:\programmi\Steinberg
2010-02-27 20:34 . 2010-02-14 17:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Cakewalk
2010-02-27 20:33 . 2010-02-13 16:00 -------- d-----w- c:\programmi\File comuni\Digidesign
2010-02-27 14:59 . 2010-02-27 14:59 -------- d-----w- c:\programmi\SyncroSoft
2010-02-27 13:06 . 2010-02-27 13:06 -------- d-----w- c:\programmi\M-Audio
2010-02-27 12:11 . 2009-04-13 09:11 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-27 12:10 . 2010-02-27 12:03 -------- d-----w- c:\programmi\Yamaha
2010-02-27 12:03 . 2010-02-27 12:03 4286 ----a-r- c:\documents and settings\LuPo\Dati applicazioni\Microsoft\Installer\{271A659B-A7D3-405E-AE31-3086133BE0B7}\ARPPRODUCTICON.exe
2010-02-25 06:16 . 2009-02-12 00:35 916480 ------w- c:\windows\system32\wininet.dll
2010-02-24 11:57 . 2009-01-22 19:03 457216 ------w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 18:59 . 2009-02-12 01:08 2028032 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 18:59 . 2009-02-12 00:20 2149888 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-12 04:28 . 2008-04-13 16:13 100864 ------w- c:\windows\system32\6to4svc.dll
2010-02-11 11:36 . 2009-01-22 19:05 226880 ------w- c:\windows\system32\drivers\tcpip6.sys
2010-01-31 17:00 . 2010-01-31 17:00 79144 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-07-13 16:53 . 2009-07-13 16:53 24 --sh--w- c:\windows\S3A1AE0BE.tmp
.
Codice: Seleziona tutto
<pre>
c:\programmi\CyberLink\PowerDVD9\pdvd9serv .exe
c:\programmi\CyberLink\PowerDVD9\Language\language .exe
c:\programmi\CyberLink\Shared Files\brs .exe
c:\programmi\iTunes\ituneshelper .exe
c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp   .exe
c:\programmi\Malwarebytes' Anti-Malware\mbam .exe
c:\programmi\Microsoft LifeCam\lifeexp .exe
c:\programmi\QuickTime\qttask .exe
c:\programmi\SlySoft\CloneCD\clonecdtray .exe
c:\programmi\WiFi Engine\wifi_engine .exe
</pre>


------- Sigcheck -------

[-] 2010-03-30 22:35 . 4D967CB1A03116137E06300371176C20 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\system32\DRIVERS\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

[-] 2009-01-23 . 5AE1C2695F6523AD98B948F2887D8C5E . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-02-12 . 94A1A243EF6861D230F31C86CDFDE756 . 486912 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2009-02-12 . 9EFFFA6DE5F17CB4172BDEB447E41968 . 1530880 . . [6.00.2900.5634] . . c:\windows\explorer.exe



c:\windows\System32\ctfmon.exe ... è mancante !!
c:\windows\System32\regsvc.dll ... è mancante !!
.
((((((((((((((((((((((((((((( SnapShot@2010-04-15_17.00.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-16 21:01 . 2010-04-16 21:00 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-13 09:01 . 2010-04-14 20:49 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2009-04-13 09:01 . 2010-04-16 21:00 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2010-04-17 20:05 . 2010-04-17 20:05 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2010-04-17 20:05 . 2010-04-17 20:05 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2010-04-17 20:05 . 2010-04-17 20:05 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2001-08-31 14:00 . 2010-04-17 20:57 511566 c:\windows\system32\perfh009.dat
+ 2001-08-31 14:00 . 2010-04-17 20:57 111254 c:\windows\system32\perfc009.dat
+ 2010-04-17 20:05 . 2010-04-17 20:05 1583616 c:\windows\Installer\18a73a.msi
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrowserChoice"="c:\windows\system32\browserchoice.exe" [N/A]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-03-29 2012912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\programmi\kaspersky lab\kaspersky internet security 2009\avp .exe" [2009-04-13 201992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Adobe_Reader"="c:\programmi\internet explorer\wmpscfgs.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"=xgusb.cpl

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\italian\\setup.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Programmi\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Programmi\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 18.29.38 33808]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [12/02/2009 2.29.21 143360]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [15/04/2010 19.06.28 30280]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16/01/2010 19.16.33 721904]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11.25.50 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11.15.58 66632]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [20/11/2009 23.35.35 116560]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [20/11/2009 23.35.26 41424]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/13 22:39];c:\programmi\CyberLink\PowerDVD9\000.fcl [28/02/2009 20.40.18 87536]
R2 avp ;avp ;c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp .exe [25/04/2008 18.21.30 201992]
R2 CSIScanner;CSIScanner;c:\programmi\Prevx\prevx.exe [15/04/2010 19.06.27 6349008]
R2 gearsec;gearsec;c:\windows\system32\gearsec.exe [30/11/2005 12.43.00 58952]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [15/04/2010 19.06.28 53088]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 13.31.14 92008]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 19.02.46 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [25/03/2008 20.07.10 24592]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [15/04/2010 19.06.28 24368]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11.15.58 12872]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [20/11/2009 23.35.34 95568]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [10/11/2009 15.53.54 104016]
S0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys --> c:\windows\system32\drivers\DigiFilt.sys [?]
S0 rntbszp;rntbszp; [x]
S2 avp ;avp ;"c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp .exe" -r --> c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp .exe [?]
S2 avp ;avp ;"c:\programmi\kaspersky lab\kaspersky internet security 2009\avp .exe" -r --> c:\programmi\kaspersky lab\kaspersky internet security 2009\avp .exe [?]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys --> c:\windows\system32\DRIVERS\diginet.sys [?]
S2 E2ECAP;CamDirector - WDM Video Capture;c:\windows\system32\drivers\e2eCap.sys [02/05/2009 2.40.55 156160]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [24/03/2006 19.14.46 33536]
S3 MAFW;Service for M-Audio FireWire;c:\windows\system32\drivers\mafw.sys [27/02/2010 15.06.10 192392]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [20/11/2009 23.35.29 32016]
.
.
------- Scansione supplementare -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Aggiungi al banner Blocco pubblicità - c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
DPF: {15D151C8-5180-43C1-9360-4D794663BD6E} - hxxp://www.crs.regione.lombardia.it/com ... tadino.cab
DPF: {3263F297-5CB9-4D8C-A2DB-CDFB8C69CB6D} - hxxp://www.crs.regione.lombardia.it/com ... Update.cab
DPF: {4384AA75-43AB-4095-84F9-C5B35EC62B5D} - hxxp://www.crs.regione.lombardia.it/com ... rsInfo.cab
DPF: {877E14A6-0ACF-4509-8CF3-E4A0F4ED46F4} - hxxp://supportsiss.lispa.it/components/pdlc.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 23:03
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spkz.sys >>UNKNOWN [0x8496E938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cf28
\Driver\ACPI -> ACPI.sys @ 0xba666cb8
\Driver\atapi -> atapi.sys @ 0xba5fbb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Periferica Bluetooth (Personal Area Network) -> SendCompleteHandler -> NDIS.sys @ 0xba4a0bb0
PacketIndicateHandler -> NDIS.sys @ 0xba48fa0d
SendHandler -> NDIS.sys @ 0xba4a3b40
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1776)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\klogon.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1832)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll

- - - - - - - > 'explorer.exe'(2932)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\programmi\Windows Media Player\wmpband.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\wudfhost.exe
c:\windows\System32\SCardSvr.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\documents and settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\programmi\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-17 23:06:02 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-17 21:06
ComboFix2.txt 2010-04-17 20:00
ComboFix3.txt 2010-04-15 17:03

Pre-Run: 51.063.730.176 byte disponibili
Post-Run: 51.035.361.280 byte disponibili

- - End Of File - - 8B18F868AA9D57782B1D2F75DC8C0CC0
Avatar utente
luposolitario38
Aficionado
Aficionado
 
Messaggi: 51
Iscritto il: gio gen 31, 2008 10:49 pm

Re: Non riesco a capire che virus è.

Messaggioda ste_95 » sab apr 17, 2010 10:24 pm

Scarica mbr.exe e salvalo nella directory C:\
Quindi vai su Start>> Esegui e digita mbr.exe -f
Mbr.exe metterà qualche secondo a fare la scansione. Fatto ciò postami qui il contenuto del log creato che troverai in c:\mbr.log
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Non riesco a capire che virus è.

Messaggioda luposolitario38 » sab apr 17, 2010 10:35 pm

riesco ad ottenere solo questo...

Spero sia corretto...

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Avatar utente
luposolitario38
Aficionado
Aficionado
 
Messaggi: 51
Iscritto il: gio gen 31, 2008 10:49 pm

Re: Non riesco a capire che virus è.

Messaggioda Uomo_Senza_Sonno » sab apr 17, 2010 10:42 pm

Dal log di combofix sembra ci sia un rootkit nell'MBR... molto fastidioso da eliminare, ma non per questo impossibile. Oltrettutto sembra del tipo che aveva infettato i miei pc qualche mese fa, perché mbr.exe non rilevava nulla, ma combofix rilevava la presenza di questa stirpe maledetta di rootkit.
Quindi, per esperienza personale, segui questo thread, in particolare da qui e poi i seguenti post. Altre strade possibili sono la formattazione a basso livello o uno zerofilling da linux (Masterz3d docet [8D]).
Grazie per tutto Zane

conosciamo l'1% delle leggi che governano l'universo, le altre non le abbiamo ancora comprese a fondo o addirittura nemmeno intuite
Avatar utente
Uomo_Senza_Sonno
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3255
Iscritto il: gio feb 07, 2008 9:00 am
Località: http://turbolab.it

Re: Non riesco a capire che virus è.

Messaggioda stevens » sab apr 17, 2010 10:53 pm

abilita la visualizzazione dei file nascosti (apri una cartella qualsiasi, vai su Strumenti--> Opzioni cartella--> Visualizzazione e spunta Visualizza file e cartelle nascosti


segui questo percorso

c:\windows\system32\dllCache e copia i file mancanti nella cartella c:\windows\system32

ctfmon.exe

regsvc.dll



@ Uomo_Senza_Sonno

l'MBR SEMBRA A POSTO

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: Non riesco a capire che virus è.

Messaggioda luposolitario38 » sab apr 17, 2010 11:05 pm

scusa stevens, non trovo quei 2 file.. [cry]
Avatar utente
luposolitario38
Aficionado
Aficionado
 
Messaggi: 51
Iscritto il: gio gen 31, 2008 10:49 pm

Re: Non riesco a capire che virus è.

Messaggioda stevens » sab apr 17, 2010 11:10 pm

che sistema operativo hai?
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: Non riesco a capire che virus è.

Messaggioda luposolitario38 » sab apr 17, 2010 11:13 pm

xp
Avatar utente
luposolitario38
Aficionado
Aficionado
 
Messaggi: 51
Iscritto il: gio gen 31, 2008 10:49 pm

Re: Non riesco a capire che virus è.

Messaggioda stevens » sab apr 17, 2010 11:17 pm

hai il cd di windows?
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: Non riesco a capire che virus è.

Messaggioda luposolitario38 » sab apr 17, 2010 11:17 pm

yes
Avatar utente
luposolitario38
Aficionado
Aficionado
 
Messaggi: 51
Iscritto il: gio gen 31, 2008 10:49 pm

Re: Non riesco a capire che virus è.

Messaggioda stevens » sab apr 17, 2010 11:22 pm

adesso vado a dormire

domattina se vuoi finiamo con la procedura
nel frattempo controlla in c:\windows\system32\dllCache se ci sono i due file, vedi meglio
Ultima modifica di stevens il sab apr 17, 2010 11:24 pm, modificato 1 volta in totale.
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: Non riesco a capire che virus è.

Messaggioda luposolitario38 » sab apr 17, 2010 11:23 pm

li prendo dal cd quei file e li metto in system32..??
Avatar utente
luposolitario38
Aficionado
Aficionado
 
Messaggi: 51
Iscritto il: gio gen 31, 2008 10:49 pm

Re: Non riesco a capire che virus è.

Messaggioda stevens » sab apr 17, 2010 11:25 pm

c'e' una procedura da seguire, se vuoi la facciamo domattina
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: Non riesco a capire che virus è.

Messaggioda luposolitario38 » sab apr 17, 2010 11:26 pm

ok
Avatar utente
luposolitario38
Aficionado
Aficionado
 
Messaggi: 51
Iscritto il: gio gen 31, 2008 10:49 pm

Re: Non riesco a capire che virus è.

Messaggioda ste_95 » dom apr 18, 2010 6:23 am

È sufficiente che tu inserisca il CD di Windows nel lettore e da Start > Esegui digiti sfc /scannow.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Prossimo

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising