Vai al contenuto

  • Connettiti con Facebook Log In with Google      Connettiti   
  • Registrati

Foto
- - - - -

Ho Il Computer Conqulache Virus Helpppp!!


  • Per cortesia connettiti per rispondere
9 risposte a questa discussione

#1 salewa2022

salewa2022

    Member

  • Members
  • StellettaStelletta
  • 20 messaggi

Inviato 29 dicembre 2008 - 12:26

Aiutatemi, quando accedo ad internet il processore va al 100% e tra i processi c'è internetexplore.exe che mi frega tutto il processore e se termino quel processo rispunta un secondo dopo ciucciandomi di nuovo tutto il procesore.
Inoltre sempre in contemporanea il disguido di prima con una pagina di internet explorer aperta aumenta la memoria ram allocata di 10 mb al secondo, se chiudo internet va a livelli normali!
Non capisco...ho fatto vare scansioni (ewido, avast avg e altri...ma non trova niente)

posto il log...kissà ke voi ne veniate fuori:

#2 salewa2022

salewa2022

    Member

  • Members
  • StellettaStelletta
  • 20 messaggi

Inviato 29 dicembre 2008 - 12:30

ecco il log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.27.22, on 29/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\expiorer.exe
C:\Programmi\VIAudioi\SBADeck\ADeck.exe
C:\Programmi\Microsoft IntelliType Pro\itype.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programmi\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
D:\programmi\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {029d3336-28c9-4315-8cef-609fe4c44db8} - C:\WINDOWS\system32\herifolu.dll (file missing)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programmi\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\ieso0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programmi\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [itype] "C:\Programmi\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Ashampoo FireWall PRO] "C:\Programmi\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [hugufuyuju] Rundll32.exe "C:\WINDOWS\system32\kabifoti.dll",s
O4 - HKLM\..\Run: [Byte Tool Tons Mail] C:\Documents and Settings\All Users\Dati applicazioni\Ping Sign Byte Tool\Dupe wave.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [c0667872] rundll32.exe "C:\WINDOWS\system32\lapujide.dll",b
O4 - HKLM\..\Run: [CPMc3554bee] Rundll32.exe "c:\windows\system32\tiwedihu.dll",a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [vamsoft] C:\WINDOWS\system32\vamsoft.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [noun remote] C:\DOCUME~1\Ale\DATIAP~1\32BIRD~1\BodyReadmeWin.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [hugufuyuju] Rundll32.exe "C:\WINDOWS\system32\kabifoti.dll",s (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDDDB472-F935-459B-A7CC-BA79F39375B4}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\jubevuto.dll c:\windows\system32\tiwedihu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tiwedihu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tiwedihu.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10444 bytes

#3 astrus

astrus

    Advanced Member

  • Moderatore
  • StellettaStellettaStellettaStelletta
  • 200 messaggi

Inviato 29 dicembre 2008 - 06:30

ciao salewa, hai parecchi ospiti indesiderati

scarica combofix da QUI e salvalo su desktop,disconnetti e chiudi tutti i programmi ,compreso antivirus,lancia combofix e fagli fare una scansione.
Al termine riavvia il sistema,scarica malwarebytes da QUI ed installalo.
Come detto in precedenza chiudi tutti i programmi, lancia malwarebytes ed aggiornalo,quindi disconnettiti da internet e fagli fare una scansione completa.
Al termine della scansione seleziona tutti gli elementi rilevati e clicca su "Rimuovi elementi rilevati". Ti si aprirà un file log,riportane il contenuto.
Riporta anche il contenuto del file C:\combofix.txt
Not everything that can be counted counts, and not everything that counts can be counted. (Einstein)

#4 salewa2022

salewa2022

    Member

  • Members
  • StellettaStelletta
  • 20 messaggi

Inviato 02 gennaio 2009 - 05:13

Ciao, ho fatto come mi hai detto va molto meglio il pc e non mi da piu problemi di processore o ram, incollo i log:

ComboFix 08-12-29.02 - Ale 2009-01-02 14.57.53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1279.696 [GMT 1:00]
Eseguito da: c:\documents and settings\Ale\Desktop\combofix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
Os seguintes ficheiros foram desabilitados durante a rodagem:
c:\programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\bold.log
c:\documents and settings\Ale\Ale.exe
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
C:\nq0cq.cmd
C:\rqb0v2ot.bat
c:\windows\expiorer.exe
c:\windows\system32\~.exe
c:\windows\system32\a.exe
c:\windows\system32\aduyuliz.ini
c:\windows\system32\Bitkv0.dll
c:\windows\system32\Bitkv1.dll
c:\windows\system32\ckvo.exe
c:\windows\system32\ckvo0.dll
c:\windows\system32\ckvo1.dll
c:\windows\system32\ckvo2.dll
c:\windows\system32\ckvo3.dll
c:\windows\system32\edijupal.ini
c:\windows\system32\fool0.dll
c:\windows\system32\ieso0.dll
c:\windows\system32\imagasap.ini
c:\windows\system32\izuregat.ini
c:\windows\system32\kxvo.exe
c:\windows\system32\uguhodek.ini
c:\windows\system32\wGxs472v.exe.a_a
c:\windows\system32\zanilepi.dll
C:\xih9.cmd
D:\Autorun.inf
D:\nq0cq.cmd
D:\rqb0v2ot.bat
D:\xih9.cmd
G:\autorun.inf
G:\rqb0v2ot.bat

----- BITS: Sites possivelmente infetados -----

hxxp://77.74.48.105
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VFILT


((((((((((((((((((((((((( Files Creati Da 2008-12-02 al 2009-01-02 )))))))))))))))))))))))))))))))))))
.

2009-01-02 15:01 . 2009-01-02 15:01 <DIR> d-------- c:\windows\system32\xircom
2009-01-02 15:01 . 2009-01-02 15:01 <DIR> d-------- c:\programmi\microsoft frontpage
2008-12-26 23:27 . 2008-12-30 09:28 31,232 --a------ c:\windows\system32\eQ7fH365.dll
2008-12-26 22:06 . 2008-12-26 22:06 <DIR> d-------- c:\programmi\32 Bird Second
2008-12-23 20:16 . 2008-12-23 20:16 <DIR> d-------- c:\programmi\Security Task Manager
2008-12-23 20:16 . 2008-12-23 20:23 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\SecTaskMan
2008-12-23 19:53 . 2008-12-23 19:57 <DIR> d-------- C:\fixwareout
2008-12-23 11:54 . 2008-12-23 11:54 <DIR> d-------- c:\programmi\TorrentSpeeder
2008-12-23 11:54 . 2008-12-26 22:07 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Ping Sign Byte Tool
2008-12-23 11:54 . 2008-12-26 22:07 <DIR> d-------- c:\documents and settings\Ale\Dati applicazioni\32 Bird Second
2008-12-21 16:50 . 2008-12-21 16:50 <DIR> d-------- c:\programmi\foobar2000
2008-12-21 16:50 . 2008-12-21 17:47 <DIR> d-------- c:\documents and settings\Ale\Dati applicazioni\foobar2000
2008-12-20 16:55 . 2008-12-20 16:54 32,256 --a------ c:\windows\system32\wGxs472v.exe
2008-12-19 19:07 . 2008-12-19 21:01 <DIR> d-------- c:\programmi\Opera
2008-12-19 18:52 . 2009-01-02 15:01 <DIR> d-------- c:\programmi\DNA
2008-12-19 18:52 . 2008-12-19 18:52 <DIR> d-------- c:\programmi\BitTorrent
2008-12-19 18:52 . 2009-01-02 15:01 <DIR> d-------- c:\documents and settings\Ale\Dati applicazioni\DNA
2008-12-19 18:52 . 2008-12-30 12:12 <DIR> d-------- c:\documents and settings\Ale\Dati applicazioni\BitTorrent
2008-12-19 18:51 . 2008-12-19 18:51 <DIR> d-------- c:\programmi\AskBarDis
2008-12-17 20:42 . 2008-12-23 19:50 85,504 -r-hs---- c:\windows\system32\vbsdfe2.dll
2008-12-17 20:41 . 2009-01-02 14:51 85,504 -r-hs---- c:\windows\system32\vbsdfe0.dll
2008-12-13 22:00 . 2008-12-26 20:58 85,504 -r-hs---- c:\windows\system32\vbsdfe1.dll
2008-12-10 20:34 . 2008-12-26 20:58 115,869 -r-hs---- c:\windows\system32\vamsoft.exe
2008-12-04 09:27 . 2008-12-04 09:26 106,664 -r-hs---- C:\rcukd.cmd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 13:51 --------- d-----w c:\documents and settings\Ale\Dati applicazioni\AVG7
2008-12-29 11:29 --------- d-----w c:\documents and settings\Ale\Dati applicazioni\Skype
2008-12-26 19:29 87,323 ------w c:\windows\system32\ziluyuda.dll
2008-12-04 08:32 --------- d-----w c:\documents and settings\Ale\Dati applicazioni\U3
2008-11-25 16:07 --------- d-----w c:\programmi\Lexmark 1200 Series
2008-11-25 14:45 --------- d-----w c:\programmi\Virtual Earth 3D
2008-11-25 14:34 104,480 --sh--r C:\ij.bat
2008-11-07 18:41 109,879 --sh--r C:\sq.com
2008-11-02 15:58 139,664 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-02 15:56 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-10-22 15:49 104,123 --sh--r C:\xlk9.com
2008-10-21 08:58 105,553 --sh--r C:\2fiji.com
2008-10-01 14:59 24,192 ----a-w c:\documents and settings\Ale\usbsermptxp.sys
2008-10-01 14:59 22,768 ----a-w c:\documents and settings\Ale\usbsermpt.sys
2008-09-05 14:17 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-09-05 14:17 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
2008-09-05 14:17 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008090520080906\index.dat
2008-09-05 14:17 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 17:24 325000 --a------ c:\programmi\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools"="c:\programmi\DAEMON Tools\daemon.exe" [2007-11-17 171464]
"Yahoo! Pager"="c:\programmi\Yahoo!\Messenger\YahooMessenger.exe" [2008-02-29 4670704]
"vamsoft"="c:\windows\system32\vamsoft.exe" [2008-12-26 115869]
"BitTorrent DNA"="c:\programmi\DNA\btdna.exe" [2008-12-19 342848]
"noun remote"="c:\docume~1\Ale\DATIAP~1\32BIRD~1\BodyReadmeWin.exe" [2008-12-26 540160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="c:\programmi\VIAudioi\SBADeck\ADeck.exe" [2005-04-08 512000]
"itype"="c:\programmi\Microsoft IntelliType Pro\itype.exe" [2005-12-04 437008]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"Ashampoo FireWall PRO"="c:\programmi\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" [2008-09-17 3543552]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-17 413696]
"Lexmark 1200 Series"="c:\programmi\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 57344]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LogitechCameraAssistant"="c:\programmi\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"LogitechVideo[inspector]"="c:\programmi\Logitech\Video\InstallHelper.exe" [2005-12-07 09:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"Byte Tool Tons Mail"="c:\documents and settings\All Users\Dati applicazioni\Ping Sign Byte Tool\Dupe wave.exe" [2009-01-02 688128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-09-05 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-01-03 c:\windows\system32\advpack.dll]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Programmi\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Programmi\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Programmi\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\manager.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\server.exe"=
"c:\\Programmi\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\imapi.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Programmi\\File comuni\\Autodesk Shared\\Service\\AdskScSrv.exe"=
"c:\\Programmi\\RocketDock\\RocketDock.exe"=
"c:\\Programmi\\Logitech\\Video\\CameraAssistant.exe"=
"c:\\Programmi\\Microsoft IntelliType Pro\\itype.exe"=
"c:\\Programmi\\Lexmark 1200 Series\\lxczbmgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:Port 6881_TCP
"6881:UDP"= 6881:UDP:Port 6881_UDP
"6882:TCP"= 6882:TCP:Port 6882_TCP
"6882:UDP"= 6882:UDP:Port 6882_UDP
"6883:TCP"= 6883:TCP:Port 6883_TCP
"6883:UDP"= 6883:UDP:Port 6883_UDP
"6884:TCP"= 6884:TCP:Port 6884_TCP
"6884:UDP"= 6884:UDP:Port 6884_UDP
"6885:TCP"= 6885:TCP:Port 6885_TCP
"6885:UDP"= 6885:UDP:Port 6885_UDP
"6886:TCP"= 6886:TCP:Port 6886_TCP
"6886:UDP"= 6886:UDP:Port 6886_UDP
"6887:TCP"= 6887:TCP:Port 6887_TCP
"6887:UDP"= 6887:UDP:Port 6887_UDP
"6888:TCP"= 6888:TCP:Port 6888_TCP
"6888:UDP"= 6888:UDP:Port 6888_UDP
"6889:TCP"= 6889:TCP:Port 6889_TCP
"6889:UDP"= 6889:UDP:Port 6889_UDP
"6890:TCP"= 6890:TCP:Port 6890_TCP
"6890:UDP"= 6890:UDP:Port 6890_UDP
"6891:TCP"= 6891:TCP:Port 6891_TCP
"6891:UDP"= 6891:UDP:Port 6891_UDP
"6892:TCP"= 6892:TCP:Port 6892_TCP
"6892:UDP"= 6892:UDP:Port 6892_UDP
"6893:TCP"= 6893:TCP:Port 6893_TCP
"6893:UDP"= 6893:UDP:Port 6893_UDP
"6894:TCP"= 6894:TCP:Port 6894_TCP
"6894:UDP"= 6894:UDP:Port 6894_UDP
"6895:TCP"= 6895:TCP:Port 6895_TCP
"6895:UDP"= 6895:UDP:Port 6895_UDP
"6896:TCP"= 6896:TCP:Port 6896_TCP
"6896:UDP"= 6896:UDP:Port 6896_UDP
"6897:TCP"= 6897:TCP:Port 6897_TCP
"6897:UDP"= 6897:UDP:Port 6897_UDP
"6898:TCP"= 6898:TCP:Port 6898_TCP
"6898:UDP"= 6898:UDP:Port 6898_UDP
"6899:TCP"= 6899:TCP:Port 6899_TCP
"6899:UDP"= 6899:UDP:Port 6899_UDP
"6900:TCP"= 6900:TCP:Port 6900_TCP
"6900:UDP"= 6900:UDP:Port 6900_UDP
"6901:TCP"= 6901:TCP:Port 6901_TCP
"6901:UDP"= 6901:UDP:Port 6901_UDP
"6902:TCP"= 6902:TCP:Port 6902_TCP
"6902:UDP"= 6902:UDP:Port 6902_UDP
"6903:TCP"= 6903:TCP:Port 6903_TCP
"6903:UDP"= 6903:UDP:Port 6903_UDP
"6904:TCP"= 6904:TCP:Port 6904_TCP
"6904:UDP"= 6904:UDP:Port 6904_UDP
"6905:TCP"= 6905:TCP:Port 6905_TCP
"6905:UDP"= 6905:UDP:Port 6905_UDP
"6906:TCP"= 6906:TCP:Port 6906_TCP
"6906:UDP"= 6906:UDP:Port 6906_UDP
"6907:TCP"= 6907:TCP:Port 6907_TCP
"6907:UDP"= 6907:UDP:Port 6907_UDP
"6908:TCP"= 6908:TCP:Port 6908_TCP
"6908:UDP"= 6908:UDP:Port 6908_UDP
"6909:TCP"= 6909:TCP:Port 6909_TCP
"6909:UDP"= 6909:UDP:Port 6909_UDP

R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;"c:\programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe" [2008-03-09 65536]
R3 DrvFltIp;DrvFltIp;\??\c:\documents and settings\Ale\Impostazioni locali\TEMP\DrvFltIp [2009-01-02 29184]
S3 S3chipid;S3chipid;\??\c:\docume~1\Ale\IMPOST~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a4df61e-7bf9-11dd-a18d-00508d67bcfa}]
\Shell\AutoRun\command - G:\rqb0v2ot.bat
\Shell\explore\Command - G:\rqb0v2ot.bat
\Shell\open\Command - G:\rqb0v2ot.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d04e19d-cead-11dd-a20a-00508d67bcfa}]
\Shell\AutoRun\command - G:\rqb0v2ot.bat
\Shell\explore\Command - G:\rqb0v2ot.bat
\Shell\open\Command - G:\rqb0v2ot.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e573e6b2-9606-11dd-a1d4-00508d67bcfa}]
\Shell\AutoRun\command - G:\xlk9.com
\Shell\explore\Command - G:\xlk9.com
\Shell\open\Command - G:\xlk9.com
.
Contenuto della cartella 'Scheduled Tasks'

2008-12-30 c:\windows\Tasks\AF89CCCA91DE7FF6.job
- c:\docume~1\ale\datiap~1\32bird~1\Burn Five Cool.exe [2008-12-26 22:07]

2008-12-29 c:\windows\Tasks\At1.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-30 c:\windows\Tasks\At10.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-30 c:\windows\Tasks\At11.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-30 c:\windows\Tasks\At12.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-30 c:\windows\Tasks\At13.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-29 c:\windows\Tasks\At14.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-29 c:\windows\Tasks\At15.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-29 c:\windows\Tasks\At16.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-29 c:\windows\Tasks\At17.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-29 c:\windows\Tasks\At18.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-29 c:\windows\Tasks\At19.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-30 c:\windows\Tasks\At2.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-29 c:\windows\Tasks\At20.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-29 c:\windows\Tasks\At21.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-29 c:\windows\Tasks\At22.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-29 c:\windows\Tasks\At23.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-29 c:\windows\Tasks\At24.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-30 c:\windows\Tasks\At3.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-30 c:\windows\Tasks\At4.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-30 c:\windows\Tasks\At5.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-30 c:\windows\Tasks\At6.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-30 c:\windows\Tasks\At7.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-30 c:\windows\Tasks\At8.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-30 c:\windows\Tasks\At9.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{029d3336-28c9-4315-8cef-609fe4c44db8} - c:\windows\system32\herifolu.dll
HKLM-Run-hugufuyuju - c:\windows\system32\kabifoti.dll
HKLM-Run-c0667872 - c:\windows\system32\pasagami.dll


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www2.iesearch.com/
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
TCP: {CDDDB472-F935-459B-A7CC-BA79F39375B4} = 208.67.222.222,208.67.220.220
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 15:01:48
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\Ale\IMPOST~1\Temp\ASFWHide"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DrvFltIp]
"ImagePath"="\??\c:\documents and settings\Ale\Impostazioni locali\TEMP\DrvFltIp"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\SHSVCS.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\CLBCATQ.DLL
c:\programmi\Ashampoo\Ashampoo FireWall PRO\MD5.dll

- - - - - - - > 'lsass.exe'(820)
c:\windows\system32\WLDAP32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\ipsecsvc.dll
c:\programmi\Ashampoo\Ashampoo FireWall PRO\MD5.dll

- - - - - - - > 'csrss.exe'(736)
c:\programmi\Ashampoo\Ashampoo FireWall PRO\MD5.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\programmi\File comuni\Logitech\LVMVFM\LVPrcSrv.exe
c:\programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\windows\system32\PnkBstrA.exe
c:\programmi\Lexmark 1200 Series\lxczbmon.exe
c:\programmi\Internet Explorer\IEXPLORE.EXE
c:\programmi\Internet Explorer\IEXPLORE.EXE
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-01-02 15:04:06 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2009-01-02 14:03:56

Pre-Run: 16.422.363.136 byte disponibili
Post-Run: 16,528,433,152 byte disponibili

360



ed ecco l'altro:


Malwarebytes' Anti-Malware 1.31
Versione del database: 1596
Windows 5.1.2600 Service Pack 2

02/01/2009 17.03.30
mbam-log-2009-01-02 (17-03-21).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 89250
Tempo trascorso: 32 minute(s), 12 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 1
Elementi dato del registro infetti: 1
Cartelle infette: 0
File infetti: 24

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vamsoft (Trojan.Agent) -> No action taken.

Elementi dato del registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://www2.iesearch.com/) Good: (http://www.google.com/) -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Documents and Settings\All Users\Dati applicazioni\SecTaskMan\herifolu.dll.q_804EE00_q (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\All Users\Dati applicazioni\SecTaskMan\jubevuto.dll.q_804EE00_q (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP51\A0020024.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP52\A0020138.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP53\A0020196.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP54\A0020197.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP56\A0020222.exe (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP57\A0021350.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP58\A0022358.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP58\A0022367.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP58\A0022390.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP58\A0022391.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP58\A0022392.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP58\A0022393.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP58\A0022397.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP58\A0022400.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP59\A0022509.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP59\A0022427.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\BIT9.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\BITA.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ziluyuda.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vamsoft.exe (Trojan.Agent) -> No action taken.
C:\rcukd.cmd (Trojan.Agent) -> No action taken.


Ti ringrazio dell'aiuto e approffitto anche per farti gli auguri di buon anno!

#5 astrus

astrus

    Advanced Member

  • Moderatore
  • StellettaStellettaStellettaStelletta
  • 200 messaggi

Inviato 03 gennaio 2009 - 10:08

buon dì,
Combofix ha eliminato parte dell'infezione ma sono rimasti dei residui.
Hai fatto la scansione con malwaresbyte ma al termine non hai fatto eliminare le infezioni trovate, ripeti la scansione e al termine seleziona tutti le voci segnalate come infette e premi rimuovi.
Riavvia il sistema.
Scarica e salva su desktop il file CFScript.txt che ti ho allegato,lasciandogli quel nome,quindi lo trascini sull'icona di combofix che partirà in automatico,lasciagli fare un'ulteriore scansione
Per un'ultimo controllo potresti allegare un nuovo log di hijackthis

Allega File(s)


Not everything that can be counted counts, and not everything that counts can be counted. (Einstein)

#6 salewa2022

salewa2022

    Member

  • Members
  • StellettaStelletta
  • 20 messaggi

Inviato 08 gennaio 2009 - 12:02

Ciao, ho eseguito tutto come mi hai detto, ecco qui il log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.00.53, on 08/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\VIAudioi\SBADeck\ADeck.exe
C:\Programmi\Microsoft IntelliType Pro\itype.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\Logitech\Video\CameraAssistant.exe
C:\Programmi\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
D:\programmi\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {029d3336-28c9-4315-8cef-609fe4c44db8} - C:\WINDOWS\system32\safevayi.dll (file missing)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programmi\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programmi\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [itype] "C:\Programmi\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Ashampoo FireWall PRO] "C:\Programmi\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Byte Tool Tons Mail] C:\Documents and Settings\All Users\Dati applicazioni\Ping Sign Byte Tool\Meet hold.exe
O4 - HKLM\..\Run: [hugufuyuju] Rundll32.exe "C:\WINDOWS\system32\zahenese.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDDDB472-F935-459B-A7CC-BA79F39375B4}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8264 bytes

#7 astrus

astrus

    Advanced Member

  • Moderatore
  • StellettaStellettaStellettaStelletta
  • 200 messaggi

Inviato 08 gennaio 2009 - 12:40

seleziona le seguenti voci
O2 - BHO: (no name) - {029d3336-28c9-4315-8cef-609fe4c44db8} -C:\WINDOWS\system32\safevayi.dll (file missing)
O4 - HKLM\..\Run: [Byte Tool Tons Mail] C:\Documents and Settings\All Users\Datiapplicazioni\Ping Sign Byte Tool\Meet hold.exe
O4 - HKLM\..\Run: [hugufuyuju] Rundll32.exe "C:\WINDOWS\system32\zahenese.dll",s
premi Fix Checked
Not everything that can be counted counts, and not everything that counts can be counted. (Einstein)

#8 salewa2022

salewa2022

    Member

  • Members
  • StellettaStelletta
  • 20 messaggi

Inviato 09 gennaio 2009 - 03:46

ok ho fatto grazie,
il computer sembra un altro ora, riposto il log per scaramanzia:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.44.46, on 09/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\VIAudioi\SBADeck\ADeck.exe
C:\Programmi\Microsoft IntelliType Pro\itype.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\DNA\btdna.exe
C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
D:\programmi\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programmi\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programmi\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [itype] "C:\Programmi\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Ashampoo FireWall PRO] "C:\Programmi\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [noun remote] C:\DOCUME~1\Ale\DATIAP~1\32BIRD~1\BodyReadmeWin.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDDDB472-F935-459B-A7CC-BA79F39375B4}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8300 bytes

grazie ancora dell'aiuto

#9 astrus

astrus

    Advanced Member

  • Moderatore
  • StellettaStellettaStellettaStelletta
  • 200 messaggi

Inviato 10 gennaio 2009 - 05:52

Mi fa piacere che la situazione sia migliorata,l'infezione più fastidiosa,da Vundo, è stata debellata.
L'altra infezione che viene trasmessa tramite chiavette USB sembra essersi riattivata,probabilmente utilizzi una chiavetta che va ripulita altrimenti continui a reinfettare il sistema.
Puoi provare due strade, inserisci le chiavette e fai una scnasione completa con malwaresbyte,assicurandoti che scansioni anche le chiavette,oppure sempre a chiavette inserite fai una nuova scansione con combofix che dovrebbe eliminare i files infetti.
Per il resto hai anche per caso un problema di pop-up pubblicitari CID ?
Not everything that can be counted counts, and not everything that counts can be counted. (Einstein)

#10 salewa2022

salewa2022

    Member

  • Members
  • StellettaStelletta
  • 20 messaggi

Inviato 11 gennaio 2009 - 08:36

Appena ho tempo faro' la pulizia che mi ahi consigliato...ad essere sinceri mi compare un pop up fastidiosetto...

TI aggiorno fra aqualche giorno che sono pieno di impegni, grazie mille del supporto :OKOK:




1 utente(i) stanno leggendo questa discussione

0 utenti, 1 ospiti, 0 utenti anonimi