Con il ripristino disattivato , segui le istruzioni:
Scarica Combofix:
http://download.bleepingcomputer.co...33a2385b63596566b052477/4f2455d8/ComboFix.exe
● Disattiva antivirus , firewall e connessione
● Chiudi tutti i programmi aperti
● Se hai XP , doppio click su combofix.exe , se hai vista o 7 tasto destro sull'eseguibile e clicca su Esegui come Amministratore.(RIFIUTA la console di ripristino durante l'install)
● Avvialo , quindi segui le istruzioni a schermo e al termine delle istruzioni riavvierai il pc
● Posta nel forum il log creato dal programma
Scarica OTC:
http://oldtimer.geekstogo.com/OTC.exe
● doppio click sul tools
● clicca su Cleanup
Riavvia il pc.
Scarica
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
● Installalo e aggiornalo alle ultime definizioni
● Scansione completa del sistema
● Al termine , se individuerà le minaccie , selezionale e clicca su Rimuovi elementi selezionati.
Riavvia il pc e poi riattiva il ripristino configurazione di sistema.
ok,adesso faccio tutto!! ;)
---------- Post added at 21:56 ---------- Previous post was at 21:22 ----------
Ok,ho finito con ComboFix,ecco il log:
ComboFix 12-01-28.01 - Paolo 28/01/2012 21.31.14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.767.562 [GMT 4,5:30]
Eseguito da: c:\documents and settings\Alessandro\Desktop\Nuova cartella\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
c:\documents and settings\Alessandro\WINDOWS
c:\windows\alcrmv.exe
c:\windows\unin0410.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2011-12-28 al 2012-01-28 )))))))))))))))))))))))))))))))))))
.
.
2030-11-22 14:06 . 2030-11-22 14:06 -------- d-----w- c:\programmi\Bit Che
2030-11-22 14:06 . 2030-11-22 14:06 -------- d-----w- c:\documents and settings\Alessandro\Dati applicazioni\Convivea
2030-11-22 14:06 . 2004-03-08 19:30 152848 ----a-w- c:\windows\system32\comdlg32.OCX
2030-11-22 14:06 . 2004-03-08 19:30 124688 ----a-w- c:\windows\system32\mswinsck.ocx
2030-11-22 14:06 . 2004-03-08 19:30 1081616 ----a-w- c:\windows\system32\mscomctl.OCX
2030-11-22 14:06 . 2030-11-22 14:06 -------- d-----w- c:\programmi\uTorrent
2030-11-22 14:05 . 2030-11-22 14:05 -------- d-----w- c:\documents and settings\Alessandro\Impostazioni locali\Dati applicazioni\uTorrent
2030-11-22 14:05 . 2012-01-28 15:29 -------- d-----w- c:\documents and settings\Alessandro\Dati applicazioni\uTorrent
2030-11-22 14:04 . 2030-11-22 14:04 -------- d-----w- c:\programmi\VideoLAN
2030-11-22 13:56 . 2006-02-07 11:15 757760 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\50\In tel32\iKernel.dll
2030-11-22 13:56 . 2006-02-07 11:10 204800 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\50\In tel32\iuser.dll
2030-11-22 13:56 . 2006-02-07 11:10 69715 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\50\In tel32\ctor.dll
2030-11-22 13:56 . 2006-02-07 11:10 274432 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\50\In tel32\iscript.dll
2030-11-22 13:56 . 2005-11-13 18:49 5632 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\50\In tel32\DotNetInstaller.exe
2030-11-22 13:56 . 2030-11-22 13:56 200836 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\50\In tel32\iGdi.dll
2030-11-22 13:56 . 2030-11-22 13:56 331908 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\50\In tel32\setup.dll
2030-11-22 13:50 . 2030-11-22 13:50 -------- d-----w- c:\programmi\Lavalys
2012-01-25 13:10 . 2012-01-25 13:10 -------- d-----w- c:\documents and settings\Alessandro\Dati applicazioni\ImgBurn
2012-01-25 12:08 . 2012-01-25 12:08 -------- d-----w- c:\programmi\ImgBurn
2012-01-24 17:44 . 2012-01-24 17:45 -------- d-----w- c:\documents and settings\Alessandro\Impostazioni locali\Dati applicazioni\Facebook
2012-01-24 17:40 . 2008-04-13 05:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2012-01-24 17:40 . 2008-04-13 05:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2012-01-24 17:40 . 2008-04-13 05:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2012-01-24 17:40 . 2008-04-13 12:44 16384 ----a-w- c:\windows\system32\ipsink.ax
2012-01-24 17:40 . 2008-04-13 05:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2012-01-24 17:40 . 2008-04-13 05:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2012-01-24 17:39 . 2008-04-13 05:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2012-01-24 17:39 . 2008-04-13 05:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2012-01-24 17:39 . 2008-04-13 12:44 43008 ----a-w- c:\windows\system32\ksxbar.ax
2012-01-24 17:39 . 2008-04-13 12:44 28672 ----a-w- c:\windows\system32\vidcap.ax
2012-01-24 17:39 . 2008-04-13 12:43 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2012-01-24 17:39 . 2008-04-13 12:44 91648 ----a-w- c:\windows\system32\kswdmcap.ax
2012-01-24 17:39 . 2008-04-13 12:44 61952 ----a-w- c:\windows\system32\kstvtune.ax
2012-01-23 19:20 . 2007-10-04 13:12 48128 ----a-w- c:\windows\system32\Remove.exe
2012-01-23 19:20 . 2008-02-13 08:47 618112 ----a-w- c:\windows\system32\drivers\PFC027.SYS
2012-01-23 19:20 . 2007-11-02 06:37 6656 ----a-w- c:\windows\system32\CoInst_080213.dll
2012-01-23 19:20 . 2012-01-23 19:20 -------- d-----w- c:\programmi\Trust
2012-01-23 19:20 . 2008-03-28 19:30 129024 ----a-w- c:\windows\system32\SP207.ax
2012-01-23 19:20 . 2012-01-23 19:20 -------- d-----w- c:\programmi\File comuni\PAC207
2012-01-23 19:20 . 2012-01-23 19:20 -------- d-----w- c:\windows\PixArt
2012-01-23 19:20 . 2006-10-12 07:27 14336 ----a-w- c:\windows\system32\P207USD.dll
2012-01-14 16:02 . 2012-01-14 16:02 -------- d-----w- c:\documents and settings\Alessandro\Dati applicazioni\Malwarebytes
2012-01-14 16:01 . 2012-01-14 16:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2012-01-14 16:01 . 2011-12-10 10:54 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-14 16:01 . 2012-01-14 16:01 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2012-01-11 14:17 . 2012-01-11 14:17 -------- d-----w- C:\EPSON
2012-01-11 14:16 . 2008-04-13 05:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-01-11 14:10 . 2012-01-11 14:11 -------- d-----w- c:\programmi\EPSON
2012-01-11 14:10 . 2002-08-25 22:00 73116 ----a-w- c:\windows\system32\EBPMON2.DLL
2012-01-11 14:10 . 2002-07-30 21:55 61440 ----a-w- c:\windows\system32\ECBTEG.DLL
2012-01-11 14:10 . 2000-06-06 20:31 34304 ----a-w- c:\windows\system32\EBPCHP.DLL
2012-01-04 17:02 . 2001-08-30 14:11 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-01-03 18:40 . 2012-01-26 14:51 -------- d-----w- c:\documents and settings\Alessandro\Impostazioni locali\Dati applicazioni\Temp
2012-01-03 18:38 . 2012-01-03 18:39 -------- d-----w- c:\programmi\File comuni\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2012-01-14 15:54 . 2011-11-22 09:26 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-08 17:44 . 2011-12-08 17:44 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2011-12-08 16:42 . 2011-11-22 09:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-22 13:47 . 2011-11-22 13:47 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-11-21 04:35 . 2011-11-22 14:12 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-05-10 . E0593C5746742DFB99A45B9D1234EBFB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2009-05-10 . 147053DC221930382EA95915152B39B8 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"uTorrent"="c:\programmi\uTorrent\uTorrent.exe " [2030-11-22 642424]
"ISUSPM"="c:\documents and settings\All Users\Dati applicazioni\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"SpeedBitVideoAccelerator"="c:\programmi\Speed Bit Video Accelerator\VideoAccelerator.exe" [2011-12-08 1611368]
"Facebook Update"="c:\documents and settings\Alessandro\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" [2012-01-24 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-01 5562368]
"nwiz"="nwiz.exe" [2005-04-01 1495040]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2005-04-01 86016]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor .exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.ex e" [2007-12-10 323584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Alessandro\\Impostazioni locali\\Dati applicazioni\\Facebook\\Video\\Skype\\FacebookVide oCalling.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.s ys [22/11/2011 13.56.40 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [22/11/2011 13.56.41 86224]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz13 5_x32.sys [22/11/2011 18.16.19 21992]
S2 VideoAcceleratorService;VideoAcceleratorService;c: \progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\ DrvAgent32.sys [22/11/2011 18.17.24 23456]
S3 PAC207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [23/01/2012 23.50.24 618112]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-01-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-117609710-1767777339-1177238915-1003Core.job
- c:\documents and settings\Alessandro\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2012-01-24 17:44]
.
2012-01-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-117609710-1767777339-1177238915-1003UA.job
- c:\documents and settings\Alessandro\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2012-01-24 17:44]
.
2004-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1767777339-1177238915-1003Core.job
- c:\documents and settings\Alessandro\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2004-12-31 23:39]
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1767777339-1177238915-1003UA.job
- c:\documents and settings\Alessandro\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2004-12-31 23:39]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
FF - ProfilePath - c:\documents and settings\Alessandro\Dati applicazioni\Mozilla\Firefox\Profiles\ndgg2fck.def ault\
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-01-28 21:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
************************************************** ************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'lsass.exe'(708)
c:\progra~1\SPEEDB~1\sblsp.dll
c:\programmi\SpeedBit Video Accelerator\Accelerator.dll
c:\programmi\SpeedBit Video Accelerator\Collector.dll
.
Ora fine scansione: 2012-01-28 21:38:01
ComboFix-quarantined-files.txt 2012-01-28 17:07
.
Pre-Run: 10.158.223.360 byte disponibili
Post-Run: 10.827.120.640 byte disponibili
.
- - End Of File - - FA92A490F1FC653D393359021465CEDF
Adesso? continuo con gli altri 2 programmi che mi hai detto?