Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Virus aiuto!!!

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

Virus aiuto!!!

Messaggioda leos.leo » mar lug 27, 2010 9:22 pm

Ragazzi, viu prego ho bisogno di aiuto.
Un virus e piu virus sono entrati nel mio pc, non mi è un problema cosi grande. Si tratta di Trojan, avira mi avvisa ogni secondo o meglio mi avvisava ora avira non funziona, neanke posso aprirlo, mi da un avviso che application cannot be executed. The file avcenter.exe is infected. Do you want to activate your antivirus software now. Non mi apre neanke malware bytes con un avviso simile aiuto
sembra che sta scomparendo tutto mi spuntano avvisi assurdi, ora mentre scrivo, un avviso con 0X0000000 non poteva essere read, datemi indicazioni
fra un po non avro neanke internet aiutatemiiiiiiiiiiiiii

Mi si è installato pure antimalware doctor senza saperlo ne volerlo
vi prego aiutatemi
Leos.leo
Avatar utente
leos.leo
Neo Iscritto
Neo Iscritto
 
Messaggi: 13
Iscritto il: mer lug 30, 2008 12:51 pm
Località: Palermo
Top

Re: Virus aiuto!!!

Messaggioda stevens » mar lug 27, 2010 9:52 pm

ciao

segui queste indicazioni alla lettera

scarica e avvia rkill

Scarica e installa malwarebytes

Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto .
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm
Top

Re: Virus aiuto!!!

Messaggioda leos.leo » mar lug 27, 2010 10:53 pm

Ehm ho fatto un po a testa mia. Non sono cosi inesperto ma era la prima volta che mi trovavo in crisi.
Ebbene tutto non funzionava, ho riavviato in mod provv e ho avviato avira. Non gli ho ftt fare una scan completa., trp lunga.
Ho riavviato in modalità normale. Stavolta tutto funzionava. Allora ho avviato malwarebytes(che gia possedevo, ma grazie lo stesso) e ha trovato circa 45 i quali erano tutti adware, trojan, rogue. Eliminati tutti ora stofacendo una nuova scansione con Malwarebyte. Ho gia avviato Rkill che ha fatto il suo lavoro in circa 2 secondi. Ora posterò i log gia hjackthis e combofix.
Ma soprattutto un grazie
Leos.leo
Avatar utente
leos.leo
Neo Iscritto
Neo Iscritto
 
Messaggi: 13
Iscritto il: mer lug 30, 2008 12:51 pm
Località: Palermo
Top
Top

Re: Virus aiuto!!!

Messaggioda gio! » mar lug 27, 2010 10:55 pm

stevens ha scritto:
Scarica e installa malwarebytes

Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto .

Ha detto che non gli si avvia Malwarebytes.

Quella scritta mi fa pensare ad un rogue software.
Fai una scansione con combofix salvalo sul desktop e mentre lo stai salvando (ancora nel browser non dopo) rinominalo in 123.exe. Adesso chiudi tutte le applicazioni, avvia combofix e inizia la scansione (non installare la recovery console se richiesto). Il pc si riavvierà e comparirà un log a video, postacelo.

NB: può sembrare che combofix si blocchi o non stia lavorando: è normale l'importante è che non tocchi il pc neanche muovendo il mouse [^]
Avatar utente
gio!
Senior Member
Senior Member
 
Messaggi: 275
Iscritto il: sab gen 19, 2008 3:13 pm
Top

Re: Virus aiuto!!!

Messaggioda leos.leo » mar lug 27, 2010 11:58 pm

Ecco finalmente il log di combo

ComboFix 10-07-26.04 - Leandro 28/07/2010 0.42.53.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1279.850 [GMT 2:00]
Eseguito da: c:\documents and settings\Leandro\Desktop\FOTO VIAGGIO D'ISTRUZIONE A BERLINO\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Leandro\Dati applicazioni\A2FCB06279BC659B125E7912519E56AC
c:\documents and settings\Leandro\Dati applicazioni\A2FCB06279BC659B125E7912519E56AC\enemies-names.txt
c:\documents and settings\Leandro\Dati applicazioni\A2FCB06279BC659B125E7912519E56AC\local.ini
c:\documents and settings\Leandro\Menu Avvio\Programmi\Antimalware Doctor
c:\documents and settings\Leandro\Menu Avvio\Programmi\Antimalware Doctor\Antimalware Doctor.lnk
c:\documents and settings\Leandro\Menu Avvio\Programmi\Antimalware Doctor\Uninstall.lnk
C:\PIPPO.TMP
c:\programmi\SpeedBit Video Downloader\Toolbar\tbhelper.dll
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\Temp
c:\windows\system32\Temp\Kara_K5V.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((( Files Creati Da 2010-06-27 al 2010-07-27 )))))))))))))))))))))))))))))))))))
.

2010-07-27 21:05 . 2010-07-27 21:05 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Adobe
2010-07-27 20:58 . 2010-07-27 20:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-27 20:43 . 2010-07-27 20:43 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-27 20:16 . 2010-07-27 21:44 -------- d-----w- c:\documents and settings\Leandro\Impostazioni locali\Dati applicazioni\tffovctuh
2010-07-27 19:40 . 2004-12-19 22:04 13824 ----a-w- C:\dmg2iso.exe
2010-07-27 14:00 . 2010-07-27 14:00 -------- d-----w- c:\windows\nvidia icons
2010-07-27 13:59 . 2008-05-03 03:46 442368 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-27 13:58 . 2008-04-30 15:27 442368 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-07-24 08:56 . 2010-07-24 08:56 -------- d-----w- c:\documents and settings\Leandro\Dati applicazioni\Malwarebytes
2010-07-24 08:56 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-24 08:56 . 2010-07-24 08:56 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-07-24 08:56 . 2010-07-24 08:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-07-24 08:56 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-11 14:41 . 2008-04-10 10:08 71184 ----a-r- c:\windows\system32\drivers\DefragFS.sys
2010-07-11 14:41 . 2010-07-11 14:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Raxco
2010-07-11 14:40 . 2010-07-11 14:41 -------- d-----w- c:\programmi\Raxco
2010-07-08 09:46 . 2007-06-27 12:42 207488 ----a-r- c:\windows\system32\drivers\vinyl97.sys
2010-07-08 09:45 . 2010-07-08 09:46 -------- d-----w- c:\programmi\VIA
2010-07-08 09:45 . 2007-04-11 13:35 331184 ------w- c:\windows\system32\difxapi.dll
2010-07-07 20:09 . 2010-07-27 08:26 -------- d-----w- c:\programmi\SpeedFan
2010-07-07 20:03 . 2010-07-07 20:03 -------- d-----w- c:\programmi\Lavalys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-27 22:50 . 2010-01-09 14:19 -------- d-----w- c:\programmi\File comuni\Akamai
2010-07-27 22:48 . 2009-02-24 18:17 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-00000008-00001102-00000002-80271102}.dat
2010-07-27 22:48 . 2009-02-24 18:17 24 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-00000008-00001102-00000002-80271102}.dat
2010-07-27 22:48 . 2010-01-11 23:18 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-27 20:33 . 2009-02-25 12:03 -------- d-----w- c:\documents and settings\Leandro\Dati applicazioni\Orbit
2010-07-26 23:18 . 2009-04-15 16:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-07-24 10:57 . 2009-02-23 12:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2010-07-24 08:53 . 2009-03-09 16:49 -------- d-----w- c:\programmi\Google
2010-07-16 10:03 . 2009-04-17 15:55 -------- d-----w- c:\documents and settings\Leandro\Dati applicazioni\Media Player Classic
2010-07-15 15:11 . 2009-03-17 17:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-07-15 14:19 . 2009-02-19 16:10 122408 ----a-w- c:\documents and settings\Leandro\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-07-11 14:20 . 2009-03-30 08:05 -------- d-----w- c:\programmi\Avid
2010-07-11 14:17 . 2010-01-11 19:49 -------- d-----w- c:\programmi\Uninstall Tool
2010-07-11 14:16 . 2009-04-27 18:11 -------- d-----w- c:\programmi\Powerpoint-PPT to AVI-GIF Converter
2010-07-11 14:15 . 2010-04-12 12:09 -------- d-----w- c:\programmi\MemoriesOnTV4
2010-07-11 14:15 . 2009-04-30 14:26 -------- d-----w- c:\programmi\MAGIX
2010-07-11 14:15 . 2009-04-30 14:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MAGIX
2010-07-11 14:11 . 2010-04-09 19:25 -------- d-----w- c:\programmi\m.objects
2010-07-11 14:10 . 2009-04-27 18:42 -------- d-----w- c:\programmi\E.M. PowerPoint Video Converter
2010-07-11 14:09 . 2009-04-15 16:24 -------- d-----w- c:\programmi\CdCoverCreator
2010-07-11 14:07 . 2009-02-23 11:09 -------- d-----w- c:\programmi\File comuni\Adobe
2010-07-11 13:57 . 2009-02-23 13:05 -------- d-----w- c:\programmi\CCleaner
2010-07-09 22:41 . 2010-06-06 21:39 -------- d-----w- c:\documents and settings\Leandro\Dati applicazioni\uTorrent
2010-07-01 09:36 . 2003-04-08 11:00 48568 ----a-w- c:\windows\system32\perfc010.dat
2010-07-01 09:36 . 2003-04-08 11:00 347866 ----a-w- c:\windows\system32\perfh010.dat
2010-06-14 14:31 . 2009-02-19 16:02 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-06 21:43 . 2010-06-06 21:43 -------- d-----w- c:\programmi\uTorrent
2010-06-05 11:08 . 2009-07-16 21:14 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-06-03 12:37 . 2010-06-03 12:37 503808 ----a-w- c:\documents and settings\Leandro\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-41312316-n\msvcp71.dll
2010-06-03 12:37 . 2010-06-03 12:37 499712 ----a-w- c:\documents and settings\Leandro\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-41312316-n\jmc.dll
2010-06-03 12:37 . 2010-06-03 12:37 348160 ----a-w- c:\documents and settings\Leandro\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-41312316-n\msvcr71.dll
2010-06-03 12:37 . 2010-06-03 12:37 61440 ----a-w- c:\documents and settings\Leandro\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3c3ddc32-n\decora-sse.dll
2010-06-03 12:37 . 2010-06-03 12:37 12800 ----a-w- c:\documents and settings\Leandro\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3c3ddc32-n\decora-d3d.dll
2010-06-02 14:58 . 2010-06-02 14:58 1 ----a-w- c:\documents and settings\Leandro\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-02 14:58 . 2010-06-02 14:58 -------- d-----w- c:\documents and settings\Leandro\Dati applicazioni\OpenOffice.org
2010-06-02 14:55 . 2010-06-02 14:55 -------- d-----w- c:\programmi\JRE
2010-06-02 14:55 . 2010-06-02 14:55 -------- d-----w- c:\programmi\OpenOffice.org 3
2010-06-02 14:55 . 2010-06-02 14:55 -------- d-----w- c:\programmi\File comuni\Java
2010-06-02 14:54 . 2009-11-16 21:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-06-02 14:54 . 2010-06-02 14:54 -------- d-----w- c:\programmi\Java
2010-05-06 10:32 . 2008-04-13 17:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:06 . 2008-04-13 16:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2006-05-03 10:06 . 2009-05-12 14:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-05-12 14:54 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-05-12 14:54 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-02-08 20:07 2447360 ----a-w- c:\programmi\SpeedBit Video Downloader\Toolbar\tbcore3.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedBitVideoAccelerator"="c:\programmi\SpeedBit Video Accelerator\VideoAccelerator.exe" [2010-02-08 1611368]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-09 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DSLSTATEXE"="c:\program files\Hamlet\Adsl\dslstat.exe" [2005-10-24 344064]
"DSLAGENTEXE"="c:\program files\Hamlet\Adsl\dslagent.exe" [2005-08-25 65536]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"Jet Detection"="c:\programmi\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
"Disc Detector"="c:\programmi\Creative\ShareDLL\CtNotify.exe" [2001-12-26 191488]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"AudioDeck"="c:\programmi\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^Leandro^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma.lnk]
path=c:\documents and settings\Leandro\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Leandro^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Leandro\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\programmi\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-06-30 08:21 133104 ----atw- c:\documents and settings\Leandro\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NexusServer]
2007-03-26 15:45 389120 ----a-w- c:\programmi\File comuni\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-03 03:46 1630208 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 14:18 413696 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 13:21 246504 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-09 16:50 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15 15872 ----a-w- c:\programmi\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
2002-07-02 16:56 24576 ----a-w- c:\windows\system32\CTHELPER.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\hasplms.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\WINWORD.EXE"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [13/04/2008 19.14.22 14336]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [30/03/2009 10.08.47 16400]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 PD91Agent;PD91Agent;c:\programmi\Raxco\PerfectDisk2008\PD91Agent.exe [16/04/2008 13.00.10 689416]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [28/06/2009 18.02.45 17792]
S2 gupdate1c9bde4792687f2;Servizio di Google Update (gupdate1c9bde4792687f2);c:\programmi\Google\Update\GoogleUpdate.exe [15/04/2009 18.08.52 133104]
S3 PAC207;Look 110;c:\windows\system32\drivers\PFC027.SYS [26/06/2009 16.23.21 507264]
S3 PD91Engine;PD91Engine;c:\programmi\Raxco\PerfectDisk2008\PD91Engine.exe [16/04/2008 13.00.12 894216]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28/03/2009 17.14.12 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'

2010-07-27 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-09 16:05]

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-15 16:08]

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-15 16:08]

2010-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-764733703-1417001333-1004Core.job
- c:\documents and settings\Leandro\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-11-02 08:21]

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-764733703-1417001333-1004UA.job
- c:\documents and settings\Leandro\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-11-02 08:21]

2010-07-27 c:\windows\Tasks\User_Feed_Synchronization-{C1E840DE-AAB5-4615-8982-CD6428D1E3FC}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Apri in nuova scheda in primo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?15957414014a414b9e56934c7c780d22
IE: Apri in nuova scheda in secondo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?15957414014a414b9e56934c7c780d22
IE: Do&wnload selected by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Image Converter 2 ??? - c:\programmi\Sony\Image Converter 2\menu.htm
IE: Sothink SWF Catcher - c:\programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
IE: Trasferimento con Image Converter 2 - c:\programmi\Sony\Image Converter 2\menu.htm
LSP: c:\progra~1\SPEEDB~2\sblsp.dll
FF - ProfilePath - c:\documents and settings\Leandro\Dati applicazioni\Mozilla\Firefox\Profiles\k4rzzh4b.default\
FF - plugin: c:\documents and settings\Leandro\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-AdobeBridge - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-28 00:52
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = c:\programmi\Creative\ShareDLL\CtNotify.exe?` ??X???R???????????????E?@?Disc Detector?A????? ?A?@ ????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A?? ????B???@?????P?????@?` ??????~?:~??????????@???????????????????B?????? ??????????????????????????r?B

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-329068152-764733703-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{31A97C01-D1CE-345B-9C37-79C4C7D7CEAA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jaondabjdmmoennacafj"=hex:62,61,63,6d,00,00
"jaondabjdmmoennacabj"=hex:62,61,6a,6a,00,00
"iaocpdacfhnnoaalfe"=hex:6b,61,62,6d,70,6e,6b,6e,62,61,69,70,64,69,70,61,61,6b,
65,65,68,70,00,00
"haeejdmepdgmlmgi"=hex:6b,61,62,6d,70,6e,6e,6e,6e,63,69,62,61,70,62,62,6b,70,
67,61,65,6a,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(780)
c:\progra~1\SPEEDB~2\sblsp.dll
c:\programmi\SpeedBit Video Accelerator\Accelerator.dll
c:\windows\system32\WININET.dll
c:\programmi\SpeedBit Video Accelerator\Collector.dll

- - - - - - - > 'explorer.exe'(1976)
c:\windows\system32\WININET.dll
c:\programmi\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\CTsvcCDA.exe
c:\programmi\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\windows\system32\hasplms.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\programmi\Creative\ShareDLL\Mediadet.exe
c:\progra~1\SPEEDB~2\VideoAcceleratorEngine.exe
.
**************************************************************************
.
Ora fine scansione: 2010-07-28 00:59:30 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-07-27 22:59

Pre-Run: 9.217.429.504 byte disponibili
Post-Run: 17.927.655.424 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - C1096D950805D69C25D7938C632EEDE1
Leos.leo
Avatar utente
leos.leo
Neo Iscritto
Neo Iscritto
 
Messaggi: 13
Iscritto il: mer lug 30, 2008 12:51 pm
Località: Palermo
Top

Re: Virus aiuto!!!

Messaggioda gio! » mer lug 28, 2010 8:30 am

Questa cartella è sospetta, ha un nome random io la eliminerei.
c:\documents and settings\Leandro\Impostazioni locali\Dati applicazioni\tffovctuh

Poi disinstalla da cambia/rimuovi programmi la Speedbit Video Downloader toolbar, se non la dovessi trovare nell'elenco questo è il percorso per eliminarla:
c:\programmi\SpeedBit Video Downloader\Toolbar

Poi vai in start-->esegui-->msconfig e nella scheda avvio deseleziona le applicazioni inutili che si avviano all'accensione (ne ho viste parecchie) come le varie google toolbar notifier, quicktime ecc.. (io di solito deseleziono tutto senza problemi lasciando solo l'antivirus e l'avvio si velocizza di parecchio) [;)]

Infine se vuoi posta anche un log hijackthis.
Avatar utente
gio!
Senior Member
Senior Member
 
Messaggi: 275
Iscritto il: sab gen 19, 2008 3:13 pm
Top

Re: Virus aiuto!!!

Messaggioda stevens » mer lug 28, 2010 10:57 am

vai QUI e analizza questo file

c:\windows\system32\nvudisp.exe

vai in C:\Programmi ed elimina se presente la cartella Antimalware Doctor


Ora apri una pagina del blocco note e copia incolla quanto segue

Folder::
c:\documents and settings\Leandro\Impostazioni locali\Dati applicazioni\tffovctuh


RegNull::
[HKEY_USERS\S-1-5-21-329068152-764733703-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{31A97C01-D1CE-345B-9C37-79C4C7D7CEAA}*]


salva la pagina nominandola obligatoriamente in CFScript.txt
a questo punto trascina e lascia il file CFScript.txt sull'icona di combofix
lascialo lavorare fino alla fine e riposta il suo log ...
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm
Top

Re: Virus aiuto!!!

Messaggioda leos.leo » ven lug 30, 2010 2:46 pm

Scusate il ritardo ecco il log di Combo

ComboFix 10-07-26.04 - Leandro 30/07/2010 15.26.44.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1279.833 [GMT 2:00]
Eseguito da: c:\documents and settings\Leandro\Desktop\FOTO VIAGGIO D'ISTRUZIONE A BERLINO\ComboFix.exe
Opzioni usate :: c:\documents and settings\Leandro\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Creati Da 2010-06-28 al 2010-07-30 )))))))))))))))))))))))))))))))))))
.

2010-07-29 12:19 . 2010-07-29 12:19 -------- d-----w- c:\documents and settings\Leandro\Dati applicazioni\IconTweaker
2010-07-29 12:19 . 2010-07-29 12:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IconTweaker
2010-07-29 12:19 . 2010-07-29 12:19 -------- d-----w- c:\programmi\IconTweaker
2010-07-29 12:12 . 2010-07-29 12:13 -------- d-----w- c:\programmi\RocketDock
2010-07-29 12:09 . 2010-07-29 12:11 -------- d-----w- c:\documents and settings\Leandro\Dati applicazioni\XWindows Dock
2010-07-29 11:50 . 2010-07-29 11:50 -------- d-----w- c:\documents and settings\Leandro\Dati applicazioni\Styler
2010-07-29 11:46 . 2010-07-29 11:46 15086 ----a-r- c:\documents and settings\Leandro\Dati applicazioni\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_7b12541d.exe
2010-07-29 11:46 . 2010-07-29 11:46 15086 ----a-r- c:\documents and settings\Leandro\Dati applicazioni\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe
2010-07-28 11:06 . 2010-07-28 11:06 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-27 21:05 . 2010-07-27 21:05 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Adobe
2010-07-27 20:58 . 2010-07-27 20:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-27 20:43 . 2010-07-27 20:43 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-27 19:40 . 2004-12-19 22:04 13824 ----a-w- C:\dmg2iso.exe
2010-07-27 14:00 . 2010-07-27 14:00 -------- d-----w- c:\windows\nvidia icons
2010-07-27 13:59 . 2008-05-03 03:46 442368 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-27 13:58 . 2008-04-30 15:27 442368 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-07-24 08:56 . 2010-07-24 08:56 -------- d-----w- c:\documents and settings\Leandro\Dati applicazioni\Malwarebytes
2010-07-24 08:56 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-24 08:56 . 2010-07-24 08:56 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-07-24 08:56 . 2010-07-24 08:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-07-24 08:56 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-11 14:41 . 2008-04-10 10:08 71184 ----a-r- c:\windows\system32\drivers\DefragFS.sys
2010-07-11 14:41 . 2010-07-11 14:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Raxco
2010-07-11 14:40 . 2010-07-11 14:41 -------- d-----w- c:\programmi\Raxco
2010-07-08 09:46 . 2007-06-27 12:42 207488 ----a-r- c:\windows\system32\drivers\vinyl97.sys
2010-07-08 09:45 . 2010-07-08 09:46 -------- d-----w- c:\programmi\VIA
2010-07-08 09:45 . 2007-04-11 13:35 331184 ------w- c:\windows\system32\difxapi.dll
2010-07-07 20:09 . 2010-07-27 08:26 -------- d-----w- c:\programmi\SpeedFan
2010-07-07 20:03 . 2010-07-07 20:03 -------- d-----w- c:\programmi\Lavalys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 13:23 . 2010-01-09 14:19 -------- d-----w- c:\programmi\File comuni\Akamai
2010-07-30 13:22 . 2009-02-24 18:17 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-00000008-00001102-00000002-80271102}.dat
2010-07-30 13:22 . 2009-02-24 18:17 24 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-00000008-00001102-00000002-80271102}.dat
2010-07-30 13:22 . 2010-01-11 23:18 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-30 13:11 . 2009-04-15 16:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-07-30 11:35 . 2010-02-08 20:07 -------- d-----w- c:\programmi\SpeedBit Video Downloader
2010-07-30 11:35 . 2010-02-08 20:07 -------- d-----w- c:\documents and settings\Leandro\Dati applicazioni\Toolbar4
2010-07-29 11:50 . 2010-07-27 23:37 -------- d-----w- c:\programmi\Styler
2010-07-28 11:06 . 2010-07-28 11:06 -------- d-----w- c:\documents and settings\Leandro\Dati applicazioni\A2FCB06279BC659B125E7912519E56AC
2010-07-28 11:06 . 2010-07-27 23:37 -------- d-----w- c:\programmi\VisualTooltip
2010-07-28 11:06 . 2010-07-27 23:37 -------- d-----w- c:\programmi\ViOrb
2010-07-28 11:06 . 2010-07-27 23:37 -------- d-----w- c:\programmi\LClock
2010-07-28 11:04 . 2010-07-28 10:06 -------- d-----w- c:\programmi\YzShadow
2010-07-28 11:04 . 2010-07-28 10:06 -------- d-----w- c:\programmi\iColorFolder
2010-07-28 11:04 . 2010-07-28 10:07 -------- d-----w- c:\programmi\tclock2_120
2010-07-28 10:18 . 2010-07-28 10:18 -------- d-----w- c:\documents and settings\Leandro\Dati applicazioni\FindeXer
2010-07-28 10:12 . 2009-02-19 16:10 122408 ----a-w- c:\documents and settings\Leandro\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-07-28 10:09 . 2009-02-25 12:03 -------- d-----w- c:\documents and settings\Leandro\Dati applicazioni\Orbit
2010-07-28 10:08 . 2008-04-13 17:13 219648 ----a-w- c:\windows\system32\uxtheme(2).dll
2010-07-28 10:07 . 2010-07-28 10:07 -------- d-----w- c:\programmi\RK Launcher
2010-07-24 10:57 . 2009-02-23 12:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2010-07-24 08:53 . 2009-03-09 16:49 -------- d-----w- c:\programmi\Google
2010-07-16 10:03 . 2009-04-17 15:55 -------- d-----w- c:\documents and settings\Leandro\Dati applicazioni\Media Player Classic
2010-07-15 15:11 . 2009-03-17 17:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-07-11 14:20 . 2009-03-30 08:05 -------- d-----w- c:\programmi\Avid
2010-07-11 14:17 . 2010-01-11 19:49 -------- d-----w- c:\programmi\Uninstall Tool
2010-07-11 14:16 . 2009-04-27 18:11 -------- d-----w- c:\programmi\Powerpoint-PPT to AVI-GIF Converter
2010-07-11 14:15 . 2010-04-12 12:09 -------- d-----w- c:\programmi\MemoriesOnTV4
2010-07-11 14:15 . 2009-04-30 14:26 -------- d-----w- c:\programmi\MAGIX
2010-07-11 14:15 . 2009-04-30 14:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MAGIX
2010-07-11 14:11 . 2010-04-09 19:25 -------- d-----w- c:\programmi\m.objects
2010-07-11 14:10 . 2009-04-27 18:42 -------- d-----w- c:\programmi\E.M. PowerPoint Video Converter
2010-07-11 14:09 . 2009-04-15 16:24 -------- d-----w- c:\programmi\CdCoverCreator
2010-07-11 14:07 . 2009-02-23 11:09 -------- d-----w- c:\programmi\File comuni\Adobe
2010-07-11 13:57 . 2009-02-23 13:05 -------- d-----w- c:\programmi\CCleaner
2010-07-09 22:41 . 2010-06-06 21:39 -------- d-----w- c:\documents and settings\Leandro\Dati applicazioni\uTorrent
2010-07-01 09:36 . 2003-04-08 11:00 48568 ----a-w- c:\windows\system32\perfc010.dat
2010-07-01 09:36 . 2003-04-08 11:00 347866 ----a-w- c:\windows\system32\perfh010.dat
2010-06-14 14:31 . 2009-02-19 16:02 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-06 21:43 . 2010-06-06 21:43 -------- d-----w- c:\programmi\uTorrent
2010-06-05 11:08 . 2009-07-16 21:14 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-06-03 12:37 . 2010-06-03 12:37 503808 ----a-w- c:\documents and settings\Leandro\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-41312316-n\msvcp71.dll
2010-06-03 12:37 . 2010-06-03 12:37 499712 ----a-w- c:\documents and settings\Leandro\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-41312316-n\jmc.dll
2010-06-03 12:37 . 2010-06-03 12:37 348160 ----a-w- c:\documents and settings\Leandro\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-41312316-n\msvcr71.dll
2010-06-03 12:37 . 2010-06-03 12:37 61440 ----a-w- c:\documents and settings\Leandro\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3c3ddc32-n\decora-sse.dll
2010-06-03 12:37 . 2010-06-03 12:37 12800 ----a-w- c:\documents and settings\Leandro\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3c3ddc32-n\decora-d3d.dll
2010-06-02 14:58 . 2010-06-02 14:58 1 ----a-w- c:\documents and settings\Leandro\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-02 14:58 . 2010-06-02 14:58 -------- d-----w- c:\documents and settings\Leandro\Dati applicazioni\OpenOffice.org
2010-06-02 14:55 . 2010-06-02 14:55 -------- d-----w- c:\programmi\JRE
2010-06-02 14:55 . 2010-06-02 14:55 -------- d-----w- c:\programmi\OpenOffice.org 3
2010-06-02 14:55 . 2010-06-02 14:55 -------- d-----w- c:\programmi\File comuni\Java
2010-06-02 14:54 . 2009-11-16 21:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-06-02 14:54 . 2010-06-02 14:54 -------- d-----w- c:\programmi\Java
2010-05-06 10:32 . 2010-07-28 10:37 916480 ----a-w- c:\windows\system32\nsaDA.tmp
2010-05-06 10:32 . 2008-04-13 17:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-06 10:32 . 2010-07-28 10:37 206848 ----a-w- c:\windows\system32\nsmA6.tmp
2010-05-06 10:32 . 2010-07-28 10:37 5950976 ----a-w- c:\windows\system32\nsv8B.tmp
2010-05-06 10:32 . 2010-07-28 10:37 5950976 ----a-w- c:\windows\system32\nsw89.tmp
2010-05-06 10:32 . 2010-07-28 10:36 1469440 ----a-w- c:\windows\system32\nsx19.tmp
2010-05-06 10:32 . 2010-07-28 10:36 1469440 ----a-w- c:\windows\system32\nsz17.tmp
2010-05-06 10:32 . 2010-07-28 10:37 184320 ----a-w- c:\windows\system32\nsd73.tmp
2010-05-02 08:06 . 2008-04-13 16:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2006-05-03 10:06 . 2009-05-12 14:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-05-12 14:54 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-05-12 14:54 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-07-30_12.04.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-30 13:23 . 2010-07-30 13:23 16384 c:\windows\Temp\Perflib_Perfdata_674.dat
+ 2010-07-30 13:23 . 2010-07-30 13:23 16384 c:\windows\Temp\Perflib_Perfdata_1fc.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
"TrueTransparency"="c:\documents and settings\Leandro\Desktop\Download Mozilla\truetransparency-1.0\TrueTransparency\TrueTransparency.exe" [2009-04-19 263680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DSLSTATEXE"="c:\program files\Hamlet\Adsl\dslstat.exe" [2005-10-24 344064]
"DSLAGENTEXE"="c:\program files\Hamlet\Adsl\dslagent.exe" [2005-08-25 65536]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Disc Detector"="c:\programmi\Creative\ShareDLL\CtNotify.exe" [2001-12-26 191488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Leandro\Menu Avvio\Programmi\Esecuzione automatica\
Styler.lnk - c:\documents and settings\Leandro\Dati applicazioni\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2010-7-29 15086]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^Leandro^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma.lnk]
path=c:\documents and settings\Leandro\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Leandro^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Leandro\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
2007-08-09 13:48 528384 ----a-r- c:\programmi\VIA\VIAudioi\SBADeck\ADeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-13 17:14 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-13 17:14 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\programmi\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX8400 Series]
2007-04-12 06:00 182272 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICEE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-06-30 08:21 133104 ----atw- c:\documents and settings\Leandro\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-11-29 00:00 28672 ----a-w- c:\programmi\Creative\SBLive\Program\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 09:01 319488 ----a-w- c:\windows\PixArt\Pac207\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NexusServer]
2007-03-26 15:45 389120 ----a-w- c:\programmi\File comuni\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-03 03:46 13529088 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-03 03:46 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-03 03:46 1630208 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 14:18 413696 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
2010-02-08 20:07 1611368 ----a-w- c:\programmi\SpeedBit Video Accelerator\VideoAccelerator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 13:21 246504 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-09 16:50 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15 15872 ----a-w- c:\programmi\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
2002-07-02 16:56 24576 ----a-w- c:\windows\system32\CTHELPER.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\hasplms.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\WINWORD.EXE"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1041:TCP"= 1041:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [13/04/2008 19.14.22 14336]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [30/03/2009 10.08.47 16400]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 PD91Agent;PD91Agent;c:\programmi\Raxco\PerfectDisk2008\PD91Agent.exe [16/04/2008 13.00.10 689416]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [28/06/2009 18.02.45 17792]
S2 gupdate1c9bde4792687f2;Servizio di Google Update (gupdate1c9bde4792687f2);c:\programmi\Google\Update\GoogleUpdate.exe [15/04/2009 18.08.52 133104]
S3 PAC207;Look 110;c:\windows\system32\drivers\PFC027.SYS [26/06/2009 16.23.21 507264]
S3 PD91Engine;PD91Engine;c:\programmi\Raxco\PerfectDisk2008\PD91Engine.exe [16/04/2008 13.00.12 894216]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28/03/2009 17.14.12 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'

2010-07-30 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-09 16:05]

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-15 16:08]

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-15 16:08]

2010-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-764733703-1417001333-1004Core.job
- c:\documents and settings\Leandro\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-11-02 08:21]

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-764733703-1417001333-1004UA.job
- c:\documents and settings\Leandro\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-11-02 08:21]

2010-07-30 c:\windows\Tasks\User_Feed_Synchronization-{C1E840DE-AAB5-4615-8982-CD6428D1E3FC}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Apri in nuova scheda in primo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?15957414014a414b9e56934c7c780d22
IE: Apri in nuova scheda in secondo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?15957414014a414b9e56934c7c780d22
IE: Do&wnload selected by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Image Converter 2 ??? - c:\programmi\Sony\Image Converter 2\menu.htm
IE: Sothink SWF Catcher - c:\programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
IE: Trasferimento con Image Converter 2 - c:\programmi\Sony\Image Converter 2\menu.htm
LSP: c:\progra~1\SPEEDB~2\sblsp.dll
FF - ProfilePath - c:\documents and settings\Leandro\Dati applicazioni\Mozilla\Firefox\Profiles\k4rzzh4b.default\
FF - plugin: c:\documents and settings\Leandro\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-30 15:34
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = c:\programmi\Creative\ShareDLL\CtNotify.exe?? ??X???????????????????E?@?Disc Detector?A????? ?A?P ????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A?? ????B???@?????P?????@?? ??????~?:~??????????@?3?????????????????B?????? ??????????????????????????r?B

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(772)
c:\progra~1\SPEEDB~2\sblsp.dll
c:\programmi\SpeedBit Video Accelerator\Accelerator.dll
c:\windows\system32\WININET.dll
c:\programmi\SpeedBit Video Accelerator\Collector.dll
.
Ora fine scansione: 2010-07-30 15:36:23
ComboFix-quarantined-files.txt 2010-07-30 13:36
ComboFix2.txt 2010-07-30 12:13
ComboFix3.txt 2010-07-27 22:59

Pre-Run: 15.645.155.328 byte disponibili
Post-Run: 15.633.612.800 byte disponibili

- - End Of File - - D56D40F76F0781B69E9D8D0CCF5AD3AE



Ed ecco quello di Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.45.33, on 30/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\system32\hasplms.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
C:\WINDOWS\system32\PING.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programmi\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programmi\Orbitdownloader\GrabPro.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programmi\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Hamlet\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Hamlet\Adsl\dslagent.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min /nosplash
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [TrueTransparency] "C:\Documents and Settings\Leandro\Desktop\Download Mozilla\truetransparency-1.0\TrueTransparency\TrueTransparency.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Styler.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?15957414014a414b9e56934c7c780d22
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?15957414014a414b9e56934c7c780d22
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Image Converter 2 ??? - C:\Programmi\Sony\Image Converter 2\menu.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Trasferimento con Image Converter 2 - C:\Programmi\Sony\Image Converter 2\menu.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7D95C57-C3E2-4EBB-8752-AA5B7B22CF1C}: NameServer = 193.70.152.15 193.70.152.25
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Programmi\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate1c9bde4792687f2) (gupdate1c9bde4792687f2) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe

--
End of file - 9718 bytes


Per quanto riguarda "nvudsp.exe" Virus total a fine report mi parla di "nVidia Corporation quindi penso di poter stare tranquillo
Leos.leo
Avatar utente
leos.leo
Neo Iscritto
Neo Iscritto
 
Messaggi: 13
Iscritto il: mer lug 30, 2008 12:51 pm
Località: Palermo
Top

Re: Virus aiuto!!!

Messaggioda gio! » ven lug 30, 2010 6:21 pm

Allora iniziamo con il log di combofix.
Elimina questa cartella manualmente c:\documents and settings\Leandro\Dati applicazioni\Toolbar4

Questi file temporanei nella cartella system32 sono strani, ma ho visto che hai programmi per l'editing dell'aspetto grafico dell'OS, potrebbero dipendere da quelli. In ogni caso fai controllare su www.virustotal.com questi files e posta i link con i risultati:
c:\windows\system32\nsaDA.tmp
C:\windows\system32\nsmA6.tmp
c:\windows\system32\nsv8B.tmp
c:\windows\system32\nsw89.tmp
c:\windows\system32\nsx19.tmp
c:\windows\system32\nsz17.tmp
c:\windows\system32\nsd73.tmp

Su questo file, sempre di editing, ho letto opinioni contrastanti sulla sua reale bontà, fai controllare anche questo su virustotal:
c:\programmi\Creative\ShareDLL\CtNotify.exe

Adesso passiamo a hijackthis:
fixa questa voce inutile:
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll (file missing)

Queste altre possono essere disabilitate dall'avvio automatico, ma non ti assicuro che rimangono le modifiche visive che hai apportato all'OS:
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [TrueTransparency] "C:\Documents and Settings\Leandro\Desktop\Download Mozilla\truetransparency-1.0\TrueTransparency\TrueTransparency.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Styler.lnk = ?

Io fixerei inoltre anche questi per alleggerire un po' il browser:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab

Inoltre se posso darti un consiglio, disinstalla tutti quei programmi di personalizzazione, temi, effeti visivi e quant'altro che sono molto invasivi e appensantiscono non poco il computer.
Infine disinstallerei anche software che reputo inutili e pesanti come speedbit e gli altri acceleratori che hai.
Avatar utente
gio!
Senior Member
Senior Member
 
Messaggi: 275
Iscritto il: sab gen 19, 2008 3:13 pm
Top

Re: Virus aiuto!!!

Messaggioda leos.leo » sab lug 31, 2010 1:58 am

Mhmm mi sa che hai ragione infatti ho appena combinato un po di casino, e ripristinato più volte il sistema. Ora vedrò di controllare quei file e fixare un po' di cose. A proposito del discorso della personalizzazione, dopo avere fatto un po di casino con programmi per l'editing della grafica hai qualche consiglio da darmi per resettare un po' tutto il sistema. Mi senti tanto prossimo alla formattazione che vorrei evitare, magari qualche tool per la pulitura per eliminare un po di casino.
Comunque ti ringrazio sempre
Leos.leo
Avatar utente
leos.leo
Neo Iscritto
Neo Iscritto
 
Messaggi: 13
Iscritto il: mer lug 30, 2008 12:51 pm
Località: Palermo
Top
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising