+ Rispondi alla discussione
Pagina 2 di 2 PrimoPrimo 12
Mostra risultati da 11 a 15 di 15

infezione ignota: Forse qualcosa come zero access

Questa discussione si intitola infezione ignota: Forse qualcosa come zero access nella sezione Security, appartenente alla categoria Area Tecnica; Originariamente scritto da Crystal Altra domandina: quale diavolo aggiornamento kb di microsoft fa sì che lo scroll non funzioni in ...

  1. 06-02-12, 00: 37 #11
    L'avatar di LadyHawke
    LadyHawke
    LadyHawke non è in linea Administrator
    Data registrazione
    28 August 2009
    Sesso
    Donna
    Messaggi
    1,041
    vCash
    600
    Grazie
    271
    Ringraziato 1,471 volte in 556 post

    Predefinito Riferimento: infezione ignota: Forse qualcosa come zero access

    Citazione Originariamente scritto da Crystal Vedi messaggio
    Altra domandina: quale diavolo aggiornamento kb di microsoft fa sì che lo scroll non funzioni in internet?
    prima della disinfezione funzionava..
    Perché pensi ad un aggiornamento? Potrebbe essere una piccola conseguenza della pulitura. Lo fa su tutti i browser?

    sto facendo una scansione con un aggeggio chiamato gmer]vediamo cosa dice.sempre che sia comprensibile
    Ahi ahi... si un po' ostico lo è, ed è parecchio tempo che non lo uso neppure io (grazie al cielo non vi infettate più come una volta )

    NB: quando apro il pc come admin, mi trovo ,oltre all'cona a me conosciuta della ranocchia che apro con password, un'altra icona administrator.
    E' normale?
    In modalità provvisoria si, è normale


    Rispondi citando Rispondi citando Il mio PC
  2. 06-02-12 00: 37 # ADS
    Google Adsense Circuito Adsense
    Data registrazione
    da sempre
    Messaggi
    molti
     
  3. 19-02-12, 17: 58 #12
    Crystal
    Crystal non è in linea Member CT
    Data registrazione
    24 January 2010
    Messaggi
    128
    vCash
    600
    Grazie
    75
    Ringraziato 78 volte in 36 post

    Predefinito Riferimento: infezione ignota: Forse qualcosa come zero access

    Nuova scansione con combofix....

    Codice:
    ComboFix 12-02-19.02 - papà 19/02/2012  17.44.33.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.39.1040.18.1007.534 [GMT 1:00]
Eseguito da: c:\documents and settings\papÓ\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\windows\help\wmplayer.bak
c:\windows\IsUn0410.exe
c:\windows\system32\config\systemprofile\WINDOWS
.
La copia infetta di c:\windows\system32\userinit.exe è stata trovata e disinfettata 
ipristinata copia da - c:\windows\ServicePackFiles\i386\userinit.exe 
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-01-19 al 2012-02-19  )))))))))))))))))))))))))))))))))))
.
.
2012-02-19 15:38 . 2012-02-19 15:38	97961	----a-w-	c:\windows\system32\drivers\klick.dat
2012-02-19 15:38 . 2012-02-19 15:38	115369	----a-w-	c:\windows\system32\drivers\klin.dat
2012-02-19 15:36 . 2012-02-19 15:36	--------	d-----w-	c:\programmi\Kaspersky Lab
2012-02-19 15:36 . 2012-02-19 16:53	--------	d-----w-	c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2012-02-19 14:46 . 2009-08-06 18:23	274288	----a-w-	c:\windows\system32\mucltui.dll
2012-02-17 22:30 . 2012-02-17 22:31	1492	----a-w-	C:\user.js
2012-02-17 22:30 . 2012-02-17 22:30	--------	d-----w-	c:\documents and settings\All Users\Dati applicazioni\Babylon
2012-02-16 23:20 . 2012-02-16 23:20	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 23:02 . 2012-02-16 23:02	--------	d-----w-	c:\documents and settings\Proprietario
2012-02-16 23:01 . 2008-04-13 18:13	26624	----a-w-	c:\documents and settings\LocalService\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2012-02-16 22:37 . 2012-02-16 22:37	--------	d-----w-	c:\programmi\CCleaner
2012-02-16 21:51 . 2003-06-25 15:05	266360	----a-w-	c:\windows\system32\TweakUI.exe
2012-02-16 20:40 . 2012-02-16 20:40	73728	----a-w-	c:\windows\system32\javacpl.cpl
2012-02-16 20:40 . 2012-02-16 20:40	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-02-16 20:37 . 2012-02-16 20:37	--------	d-----w-	c:\windows\Sun
2012-02-16 20:08 . 2012-02-16 20:08	--------	d-----w-	c:\windows\system32\winrm
2012-02-16 20:07 . 2012-02-16 20:08	--------	dc-h--w-	c:\windows\$968930Uinstall_KB968930$
2012-02-16 20:07 . 2012-02-16 20:29	--------	d-----w-	c:\programmi\Windows Desktop Search
2012-02-16 20:07 . 2012-02-16 20:07	--------	d-----w-	c:\windows\system32\GroupPolicy
2012-02-16 20:06 . 2008-03-07 17:02	98304	-c----w-	c:\windows\system32\dllcache\nlhtml.dll
2012-02-16 20:06 . 2008-03-07 17:02	29696	-c----w-	c:\windows\system32\dllcache\mimefilt.dll
2012-02-16 20:06 . 2008-03-07 17:02	192000	-c----w-	c:\windows\system32\dllcache\offfilt.dll
2012-02-16 20:05 . 2012-02-16 20:05	--------	d-----w-	c:\programmi\Windows Media Connect 2
2012-02-16 20:03 . 2012-02-16 20:04	--------	d-----w-	c:\windows\system32\drivers\UMDF
2012-02-15 23:50 . 2012-02-15 23:50	--------	d-----w-	c:\documents and settings\All Users\Dati applicazioni\Canneverbe Limited
2012-02-15 23:50 . 2009-11-12 12:48	5504	----a-w-	c:\windows\system32\drivers\StarOpen.sys
2012-02-15 23:50 . 2012-02-15 23:50	--------	d-----w-	c:\programmi\CDBurnerXP
2012-02-15 23:43 . 2011-03-11 14:10	471552	-c----w-	c:\windows\system32\dllcache\aclayers.dll
2012-02-15 22:58 . 2012-02-15 22:58	--------	d-----w-	C:\e4efb83eff05049dd7ef3f25ce
2012-02-15 22:57 . 2012-02-15 23:04	--------	d-----w-	c:\windows\SxsCaPendDel
2012-02-15 22:46 . 2012-02-15 22:46	--------	d-----w-	c:\programmi\MSBuild
2012-02-15 22:46 . 2012-02-15 22:59	--------	d-----w-	c:\windows\system32\XPSViewer
2012-02-15 22:46 . 2012-02-15 22:46	--------	d-----w-	c:\programmi\Reference Assemblies
2012-02-15 22:46 . 2008-07-06 12:06	89088	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-02-15 22:46 . 2006-06-29 12:07	14048	------w-	c:\windows\system32\spmsg2.dll
2012-02-15 22:17 . 2012-02-15 22:17	--------	d-----w-	c:\programmi\MSXML 4.0
2012-02-15 21:06 . 2012-02-15 21:06	--------	d-----w-	c:\documents and settings\All Users\Dati applicazioni\WEBREG
2012-02-15 21:05 . 2012-02-15 21:05	--------	d-sh--w-	c:\documents and settings\LocalService\IETldCache
2012-02-15 21:05 . 2009-06-09 00:43	122880	----a-w-	c:\windows\system32\hpf3l092.dll
2012-02-15 21:05 . 2009-06-09 00:43	316928	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\hpfpp092.dll
2012-02-15 21:04 . 2009-05-21 13:14	452408	----a-r-	c:\windows\system32\hpzids01.dll
2012-02-15 21:04 . 2009-05-26 17:32	716288	----a-r-	c:\windows\system32\hpwwiax9.dll
2012-02-15 21:04 . 2009-05-26 17:32	593920	----a-r-	c:\windows\system32\hpwtscl5.dll
2012-02-15 21:04 . 2009-05-26 17:32	315392	----a-r-	c:\windows\system32\hpwvst01.dll
2012-02-15 21:04 . 2009-05-18 21:49	372736	----a-r-	c:\windows\system32\hppldcoi.dll
2012-02-15 21:04 . 2009-05-18 21:49	309760	----a-r-	c:\windows\system32\difxapi.dll
2012-02-15 21:04 . 2001-08-30 21:28	6912	-c--a-w-	c:\windows\system32\dllcache\serscan.sys
2012-02-15 21:04 . 2001-08-30 21:28	6912	----a-w-	c:\windows\system32\drivers\serscan.sys
2012-02-15 21:00 . 2012-02-15 21:01	--------	d-----w-	c:\documents and settings\All Users\Dati applicazioni\HP
2012-02-15 21:00 . 2012-02-15 21:00	--------	d-----w-	c:\programmi\File comuni\HP
2012-02-15 21:00 . 2012-02-15 21:00	--------	d-----w-	c:\programmi\File comuni\Hewlett-Packard
2012-02-15 20:59 . 2012-02-15 20:59	--------	d-----w-	c:\windows\hpoj4500g510n-z
2012-02-15 20:58 . 2012-02-15 20:58	--------	dc----w-	c:\windows\system32\DRVSTORE
2012-02-15 20:58 . 2008-04-13 10:45	15104	-c--a-w-	c:\windows\system32\dllcache\usbscan.sys
2012-02-15 20:58 . 2008-04-13 10:45	15104	----a-w-	c:\windows\system32\drivers\usbscan.sys
2012-02-15 20:58 . 2008-04-13 10:45	32128	-c--a-w-	c:\windows\system32\dllcache\usbccgp.sys
2012-02-15 20:58 . 2008-04-13 10:45	32128	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2012-02-15 20:58 . 2008-04-13 10:47	25856	-c--a-w-	c:\windows\system32\dllcache\usbprint.sys
2012-02-15 20:58 . 2008-04-13 10:47	25856	----a-w-	c:\windows\system32\drivers\usbprint.sys
2012-02-15 20:57 . 2012-02-15 21:01	--------	d-----w-	c:\programmi\HP
2012-02-14 21:57 . 2011-08-16 10:45	6144	-c----w-	c:\windows\system32\dllcache\iecompat.dll
2012-02-14 21:56 . 2011-12-17 19:43	12800	-c----w-	c:\windows\system32\dllcache\xpshims.dll
2012-02-14 21:56 . 2011-12-17 19:43	602112	-c----w-	c:\windows\system32\dllcache\msfeeds.dll
2012-02-14 21:56 . 2011-12-17 19:43	55296	-c----w-	c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-14 21:56 . 2011-12-17 19:43	247808	-c----w-	c:\windows\system32\dllcache\ieproxy.dll
2012-02-14 21:56 . 2011-12-17 19:43	2000384	-c----w-	c:\windows\system32\dllcache\iertutil.dll
2012-02-14 21:56 . 2011-12-18 13:43	11082240	-c----w-	c:\windows\system32\dllcache\ieframe.dll
2012-02-14 21:56 . 2011-12-17 19:43	743424	-c----w-	c:\windows\system32\dllcache\iedvtool.dll
2012-02-14 21:54 . 2012-02-14 21:56	--------	dc-h--w-	c:\windows\ie8
2012-02-14 21:33 . 2012-01-11 19:06	3072	-c----w-	c:\windows\system32\dllcache\iacenc.dll
2012-02-14 21:33 . 2012-01-11 19:06	3072	------w-	c:\windows\system32\iacenc.dll
2012-02-14 21:28 . 2011-07-15 13:29	456320	-c----w-	c:\windows\system32\dllcache\mrxsmb.sys
2012-02-14 21:28 . 2011-06-24 14:10	139656	-c----w-	c:\windows\system32\dllcache\rdpwd.sys
2012-02-14 21:28 . 2011-07-08 14:02	10496	-c----w-	c:\windows\system32\dllcache\ndistapi.sys
2012-02-14 21:27 . 2011-04-21 13:37	105472	-c----w-	c:\windows\system32\dllcache\mup.sys
2012-02-14 21:24 . 2010-11-02 15:17	40960	-c----w-	c:\windows\system32\dllcache\ndproxy.sys
2012-02-14 21:24 . 2010-10-11 14:59	45568	-c----w-	c:\windows\system32\dllcache\wab.exe
2012-02-14 21:24 . 2010-08-16 08:44	590848	-c----w-	c:\windows\system32\dllcache\rpcrt4.dll
2012-02-14 21:23 . 2010-09-18 06:53	954368	-c----w-	c:\windows\system32\dllcache\mfc40.dll
2012-02-14 21:23 . 2010-09-18 06:53	953856	-c----w-	c:\windows\system32\dllcache\mfc40u.dll
2012-02-14 21:23 . 2011-02-08 13:34	978944	-c----w-	c:\windows\system32\dllcache\mfc42.dll
2012-02-14 21:22 . 2010-08-23 16:12	617472	-c----w-	c:\windows\system32\dllcache\comctl32.dll
2012-02-14 21:22 . 2010-06-18 13:36	3558912	-c----w-	c:\windows\system32\dllcache\moviemk.exe
2012-02-14 21:21 . 2010-06-14 14:31	744448	-c----w-	c:\windows\system32\dllcache\helpsvc.exe
2012-02-14 21:20 . 2010-02-12 10:03	293376	------w-	c:\windows\system32\browserchoice.exe
2012-02-14 21:19 . 2010-08-27 08:02	119808	-c----w-	c:\windows\system32\dllcache\t2embed.dll
2012-02-14 21:19 . 2009-10-15 16:29	81920	-c----w-	c:\windows\system32\dllcache\fontsub.dll
2012-02-14 21:17 . 2010-06-14 07:41	1172480	-c----w-	c:\windows\system32\dllcache\msxml3.dll
2012-02-14 21:16 . 2009-06-21 21:47	153088	-c----w-	c:\windows\system32\dllcache\triedit.dll
2012-02-14 21:12 . 2010-07-16 12:02	221696	-c----w-	c:\windows\system32\dllcache\wordpad.exe
2012-02-14 21:12 . 2008-10-15 16:36	337408	-c----w-	c:\windows\system32\dllcache\netapi32.dll
2012-02-14 21:11 . 2008-05-01 14:34	331776	-c----w-	c:\windows\system32\dllcache\msadce.dll
2012-02-14 21:11 . 2008-06-14 17:32	272768	-c----w-	c:\windows\system32\dllcache\bthport.sys
2012-02-14 21:10 . 2008-05-08 14:02	203136	-c----w-	c:\windows\system32\dllcache\rmcast.sys
2012-02-12 15:49 . 2012-02-12 15:49	--------	d-----w-	c:\windows\system32\wbem\Repository
2012-02-12 15:39 . 2012-02-12 15:39	--------	d-----w-	c:\windows\system32\config\systemprofile\IETldCache
2012-02-12 14:20 . 2008-06-18 00:09	100864	-c----w-	c:\windows\system32\dllcache\logagent.exe
2012-02-12 14:18 . 2008-04-13 08:36	144384	------w-	c:\windows\system32\drivers\hdaudbus.sys
2012-02-12 14:18 . 2008-04-13 10:40	10240	------w-	c:\windows\system32\drivers\sffp_mmc.sys
2012-02-12 14:17 . 2006-12-28 11:01	19569	----a-w-	c:\windows\004880_.tmp
2012-02-12 14:02 . 2012-02-16 20:08	--------	d--h--w-	c:\windows\$hf_mig$
2012-02-12 13:51 . 2012-02-12 13:51	--------	d-----w-	c:\documents and settings\LocalService\Menu Avvio
2012-02-12 13:51 . 2012-02-15 22:56	--------	d-----w-	c:\windows\system32\wbem\AutoRecover
2012-02-12 13:44 . 2012-02-12 13:44	--------	d-----w-	c:\windows\ServicePackFiles
2012-02-12 13:40 . 2004-07-17 10:40	19528	----a-w-	c:\windows\002133_.tmp
2012-02-12 13:40 . 2009-05-12 14:12	26144	----a-w-	c:\windows\system32\spupdsvc.exe
2012-02-12 13:38 . 2012-02-12 14:14	--------	d-----w-	c:\windows\EHome
2012-02-11 21:25 . 2012-02-19 15:33	--------	d-----w-	c:\documents and settings\All Users\Dati applicazioni\AVAST Software
2012-02-11 21:25 . 2012-02-11 21:25	--------	d-----w-	c:\programmi\AVAST Software
2012-02-11 20:26 . 2008-04-13 18:13	94208	----a-w-	c:\programmi\File comuni\Microsoft Shared\web server extensions\40\bin\fpencode.dll
2012-02-11 20:25 . 2012-02-11 20:25	--------	d-----w-	c:\windows\ShellNew
2012-02-11 20:04 . 2008-04-13 18:13	221184	----a-w-	c:\windows\system32\wmpns.dll
2012-02-11 20:04 . 2012-02-11 20:04	--------	d-----w-	c:\documents and settings\Default User\Risorse di rete
2012-02-11 20:04 . 2012-02-19 16:30	--------	d-----w-	c:\documents and settings\papà
2012-02-11 20:03 . 2012-02-11 20:03	14037	----a-w-	c:\windows\system32\drivers\mdc8021x.sys
2012-02-11 20:03 . 2012-02-19 16:32	--------	d-----w-	c:\windows\system32\LogFiles
2012-02-11 19:59 . 2001-08-30 19:41	12160	-c--a-w-	c:\windows\system32\dllcache\mouhid.sys
2012-02-11 19:59 . 2001-08-30 19:41	12160	----a-w-	c:\windows\system32\drivers\mouhid.sys
2012-02-11 19:59 . 2008-04-13 10:45	10368	----a-w-	c:\windows\system32\drivers\hidusb.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 17:20 . 2004-04-16 07:16	1859968	----a-w-	c:\windows\system32\win32k.sys
2011-12-17 19:43 . 2004-04-16 07:16	916992	----a-w-	c:\windows\system32\wininet.dll
2011-12-17 19:43 . 2004-04-16 07:16	43520	------w-	c:\windows\system32\licmgr10.dll
2011-12-17 19:43 . 2004-04-16 07:16	1469440	------w-	c:\windows\system32\inetcpl.cpl
2011-11-25 21:57 . 2004-04-16 07:16	293888	----a-w-	c:\windows\system32\winsrv.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 65536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-01-26 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-01-26 118784]
"00THotkey"="c:\windows\System32\00THotkey.exe" [2004-03-29 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"TFNF5"="TFNF5.exe" [2003-12-02 73728]
"SmoothView"="c:\programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-30 118784]
"SigmaTel StacMon"="c:\programmi\SigmaTel\Driver audio di SigmaTel AC97\stacmon.exe" [2003-08-03 86073]
"Apoint"="c:\programmi\Apoint2K\Apoint.exe" [2003-10-30 192512]
"TouchED"="c:\programmi\TOSHIBA\TouchED\TouchED.Exe" [2003-03-11 122880]
"PadTouch"="c:\programmi\TOSHIBA\PadTouch\PadExe.exe" [2004-02-12 1019904]
"LTSMMSG"="LTSMMSG.exe" [2003-04-18 32768]
"TPSMain"="TPSMain.exe" [2004-04-01 266240]
"TFncKy"="TFncKy.exe" [BU]
"NDSTray.exe"="NDSTray.exe" [BU]
"PRONoMgr.exe"="c:\programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 86016]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-12-16 15:49	110592	----a-w-	c:\windows\system32\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows 
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 13.23.20 11352]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 18.34.46 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20.27.24 19472]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [16/04/2004 8.16.49 14336]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
WINRM	REG_MULTI_SZ   	WINRM
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Aggiungi ad Anti-Banner - c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Download with &Media Finder - c:\programmi\Media Finder\hook.html
TCP: DhcpNameServer = 192.168.123.254
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0410.exe
AddRemove-Power Saver - c:\windows\IsUn0410.exe
AddRemove-TouchED - c:\windows\IsUn0410.exe
AddRemove-Utilità di diagnostica del PC - c:\windows\IsUn0410.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-02-19 17:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ... 
.
scansione entrate autostart nascoste ... 
.
Scansione files nascosti ... 
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(1316)
c:\windows\System32\LgNotify.dll
.
- - - - - - - > 'explorer.exe'(3736)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\S24EvMon.exe
c:\windows\system32\ZCfgSvc.exe
c:\programmi\TOSHIBA\ConfigFree\CFSvcs.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\windows\System32\RegSrvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\System32\1XConfig.exe
c:\windows\system32\TFNF5.exe
c:\windows\LTSMMSG.exe
c:\windows\system32\TPSMain.exe
c:\programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\programmi\TOSHIBA\ConfigFree\NDSTray.exe
c:\programmi\Apoint2K\Apntex.exe
c:\windows\system32\TPSBattM.exe
.
**************************************************************************
.
Ora fine scansione: 2012-02-19  17:56:39 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2012-02-19 16:56
.
Pre-Run: 122.465.185.792 byte disponibili
Post-Run: 122.447.568.896 byte disponibili
.
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 28EB6E50308CF91C0915503EE239BEB8

    Rispondi citando Rispondi citando
  4. 20-02-12, 23: 48 #13
    Crystal
    Crystal non è in linea Member CT
    Data registrazione
    24 January 2010
    Messaggi
    128
    vCash
    600
    Grazie
    75
    Ringraziato 78 volte in 36 post

    Predefinito Riferimento: infezione ignota: Forse qualcosa come zero access

    Ricominciamo da capo:

    ho appena ripristinato il disco col cd di ripristino.
    Col sistema vergine , senza installare nessun antivirus, ho lanciato combofix: ecco il report

    Codice:
    ix 12-02-19.02 - papà 20/02/2012  22.31.21.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.1.1252.39.1040.18.1007.645 [GMT 1:00]
Eseguito da: c:\documents and settings\papÓ\Desktop\dippo.exe
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\windows\help\wmplayer.bak
c:\windows\IsUn0410.exe
c:\windows\system32\config\systemprofile\WINDOWS
.
c:\windows\system32\qmgr.dll . . . è infetto!!
.
c:\windows\system32\drivers\intelppm.sys . . . is missing!!
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-01-20 al 2012-02-20  )))))))))))))))))))))))))))))))))))
.
.
2012-02-20 20:21 . 2002-08-29 00:32	21760	-c--a-w-	c:\windows\system32\dllcache\usbstor.sys
2012-02-20 20:18 . 2002-12-11 23:34	208896	----a-w-	c:\windows\system32\wmpns.dll
2012-02-20 20:18 . 2012-02-20 20:18	--------	d-----w-	c:\documents and settings\Default User\Risorse di rete
2012-02-20 20:17 . 2012-02-20 20:18	--------	d-----w-	c:\documents and settings\papà
2012-02-20 20:17 . 2004-04-16 11:04	--------	d-----w-	c:\windows\system32\config\systemprofile\Dati applicazioni\toshiba
2012-02-20 20:17 . 2004-04-16 08:51	--------	d-----w-	c:\windows\system32\config\systemprofile\Impostazioni locali\Dati applicazioni\{7148F0A6-6813-11D6-A77B-00B0D0142030}
2012-02-20 20:17 . 2012-02-20 20:17	--------	d-----w-	c:\windows\LastGood
2012-02-20 20:16 . 2012-02-20 20:16	14037	----a-w-	c:\windows\system32\drivers\mdc8021x.sys
2012-02-20 20:16 . 2012-02-20 20:16	--------	d-----w-	c:\windows\system32\LogFiles
2012-02-20 20:15 . 2001-08-30 19:41	12160	----a-w-	c:\windows\system32\drivers\mouhid.sys
2012-02-20 20:15 . 2001-08-17 21:02	9600	----a-w-	c:\windows\system32\drivers\hidusb.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
.
[-] 2002-12-17 16:47 . 8718CF284545073A31B80FA71B60E228 . 52736 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll
.
[-] 2003-05-30 07:00 . 7BA80564F369A96AF84E3AA27E75E90B . 1634304 . . [5.3.0000001.902 built by: DIRECTX] . . c:\windows\system32\d3d9.dll
.
c:\windows\System32\wscntfy.exe ... è mancante !!
c:\windows\System32\xmlprov.dll ... è mancante !!
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 65536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\Java\j2re1.4.2_03\bin\jusched.exe" [2004-04-16 32881]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-01-26 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-01-26 118784]
"00THotkey"="c:\windows\System32\00THotkey.exe" [2004-03-29 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"TFNF5"="TFNF5.exe" [2003-12-02 73728]
"SmoothView"="c:\programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-30 118784]
"SigmaTel StacMon"="c:\programmi\SigmaTel\Driver audio di SigmaTel AC97\stacmon.exe" [2003-08-03 86073]
"Apoint"="c:\programmi\Apoint2K\Apoint.exe" [2003-10-30 192512]
"TouchED"="c:\programmi\TOSHIBA\TouchED\TouchED.Exe" [2003-03-11 122880]
"PadTouch"="c:\programmi\TOSHIBA\PadTouch\PadExe.exe" [2004-02-12 1019904]
"LTSMMSG"="LTSMMSG.exe" [2003-04-18 32768]
"TPSMain"="TPSMain.exe" [2004-04-01 266240]
"TFncKy"="TFncKy.exe" [BU]
"NDSTray.exe"="NDSTray.exe" [BU]
"PRONoMgr.exe"="c:\programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 86016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2003-04-08 13312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-12-16 15:49	110592	----a-w-	c:\windows\system32\LgNotify.dll
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - ALG
*NewlyCreated* - IPNAT
*NewlyCreated* - SHAREDACCESS
.
.
------- Scansione supplementare -------
.
uStart Page = file:///c:\programmi\TOSHIBA\Free Update Service\splash.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
TCP: DhcpNameServer = 192.168.123.254
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0410.exe
AddRemove-Power Saver - c:\windows\IsUn0410.exe
AddRemove-TouchED - c:\windows\IsUn0410.exe
AddRemove-Utilità di diagnostica del PC - c:\windows\IsUn0410.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-02-20 22:33
Windows 5.1.2600 Service Pack 1 NTFS
.
scansione processi nascosti ... 
.
scansione entrate autostart nascoste ... 
.
Scansione files nascosti ... 
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\windows\System32\ODBC32.dll
c:\windows\System32\LgNotify.dll
.
- - - - - - - > 'lsass.exe'(836)
c:\windows\System32\dssenh.dll
.
Ora fine scansione: 2012-02-20  22:34:48
ComboFix-quarantined-files.txt  2012-02-20 21:34
.
Pre-Run: 133.688.524.800 byte disponibili
Post-Run: 133.659.545.600 byte disponibili
.
winxpsp1_it_hom_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
.
- - End Of File - - 09549745975DCD13E691A7AF88C31746
    come è possibile che ci siano già infezioni?

    Mettiamola così. Aiuto.

    --- Post unito in modo automatico ---

    Non riesco a lanciare tdsskiller da chiavetta, non riesco a collegarmi con siti sensibili, digitando il nome
    tipo k o c o tdss.
    per arrivare in certi siti di sicurezza devo digitare solo parte del nome o mi si blocca ie.
    Non capisco, non è possibile , ho ripristinato l'hd col disco di ripristino.
    Non è possibile che io sia infettato dopo un ripristino con disco originale che cancell atutti i file del hd.
    Se c'è qualcuno in linea, sarò grato per un consiglio, ciao a tutti.

    Rispondi citando Rispondi citando
  5. 25-02-12, 23: 19 #14
    L'avatar di Kirk78
    Kirk78
    Kirk78 non è in linea Senior Member CT
    Data registrazione
    28 February 2010
    Località
    NCC1701
    Messaggi
    2,475
    vCash
    1325
    Grazie
    651
    Ringraziato 829 volte in 647 post

    alert Riferimento: infezione ignota: Forse qualcosa come zero access

    Cristal per cortesia potresti mettere i log o come allegato o al minimo come spoiler (diverso per ogni log) che così veramente non ci aiuti ad aiutarti. E anche usare il modifica post come chiesto. Veramente stà divendando illeggibile la discussione...
    Comunque l'ultima frase che hai detto è che ti si blocca ie. Prova con altro browser, meglio portable come Firefox o Chrome e facci sapere se quello non ti si blocca. Il resto ho bisogno di leggerlo a fondo... meglio come allegato TXT (se vuoi zippato).

    Il disco di ripristino (se é il CD originale) non può essere infettato. Ma spero che tu l'abbia inserito con il collegamento Internet staccato.
    Ultima modifica di Kirk78; 25-02-12 alle 23: 26.

    Rispondi citando Rispondi citando Il mio PC
  6. 26-02-12, 15: 34 #15
    Crystal
    Crystal non è in linea Member CT
    Data registrazione
    24 January 2010
    Messaggi
    128
    vCash
    600
    Grazie
    75
    Ringraziato 78 volte in 36 post

    Predefinito Riferimento: infezione ignota: Forse qualcosa come zero access

    Mi scuso davvero per tutto il casino che ho combinato.Ero un pò impanicato.
    Credo di aver risolto
    Scroll non funziona in Internet .Non funziona su pagine web

    Grazie ancora .

    Rispondi citando Rispondi citando
+ Rispondi alla discussione
Pagina 2 di 2 PrimoPrimo 12
« Discussione precedente | Discussione successiva »

Segnalibri

Regole di scrittura

  • Tu non puoi inviare nuove discussioni
  • Tu non puoi inviare risposte
  • Tu non puoi inviare allegati
  • Tu non puoi modificare i tuoi messaggi
  •  

Regole Forum