Olimpo Informatico

ballack01 · Eroe Registrato: 21/05/08 00:19 Messaggi: 60 Residenza: capriolo(bs)

salve...ho il computer invaso da questi due file...spybot search and destroy me li localizza ma non riesce a eliminarli...mi potreste per caso dire che file.exe li genera???grazie 1000

bdoriano

Ciao ballack01, Ciao

Segui le istruzioni di questo topic per postare il log di hijackthis.

PS: se vuoi, puoi presentarti qui

ballack01 · Eroe Registrato: 21/05/08 00:19 Messaggi: 60 Residenza: capriolo(bs)

ho fatto fare a hijacktthis una scansione del mio pc...posto qui di seguito il file log

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Massimo\Documenti\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.it/news?ned=it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {02BFDFDC-876F-4CAA-99A2-29610AA2F5A5} - C:\WINDOWS\system32\hgGywvUL.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: (no name) - {2F85D76C-0569-466F-A488-493E6BD0E955} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {40B05B07-4DD6-484E-9B9B-413779BDD716} - (no file)
O2 - BHO: (no name) - {45d92dce-02ed-4fa3-b5d2-90b48084c92a} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5D3D9D15-3BBC-4B57-A467-7077E77C93DB} - C:\WINDOWS\system32\ssqQkHAs.dll (file missing)
O2 - BHO: (no name) - {68F0C540-8213-4A0D-991F-4E9BAFDAF3C9} - C:\WINDOWS\system32\yayYoOfg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9B088A37-68C2-48E9-BC7B-6BB1E6CECE89} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B3102264-D09D-4322-B625-503FBF18DD7E} - C:\WINDOWS\system32\awtUnkkh.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D0289460-E621-4704-A2BF-696C2B4068B1} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Programmi\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programmi\File comuni\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [24601154] rundll32.exe "C:\WINDOWS\system32\qknwhugr.dll",b
O4 - HKLM\..\Run: [BM275322c8] Rundll32.exe "C:\WINDOWS\system32\mswppdqo.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LClock] C:\Programmi\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Programmi\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Programmi\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Programmi\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Programmi\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &MSN Search - res://C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll/search.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/230?ca17ac8f33bd418b822794213e219fe8
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/229?ca17ac8f33bd418b822794213e219fe8
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {13EC2BEE-5CAE-48CD-9F55-2074CCAEDF1C} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://maxi13mb.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://maxi13mb.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33E448CD-0EE1-4FC6-A400-5F57C8630964}: NameServer = 85.37.17.7 85.38.28.95
O17 - HKLM\System\CS2\Services\Tcpip\..\{33E448CD-0EE1-4FC6-A400-5F57C8630964}: NameServer = 85.37.17.7 85.38.28.95
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: awtUnkkh - C:\WINDOWS\SYSTEM32\awtUnkkh.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe

--
End of file - 12361 bytes

bdoriano

Ciao ballack01, Ciao

mancano le prime righe del log (dove c'è scritta la versione di hijackthis, del sistema operativo, di IE, etc...).

A grandi linee sembra che tu sia invaso da VirtuMonde. Think

Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
Segui le istruzioni di questo topic per usare vundofix.
Segui le istruzioni di questo topic per usare virtumondebegone.
Segui le istruzioni di questo topic per usare Norman Malware Cleaner.
Segui le istruzioni di questo topic per postare il log di combofix.

grifone1900 · Dio maturo Registrato: 21/05/08 14:50 Messaggi: 1397 Residenza: roma

bdoriano

grifone1900 · Dio maturo Registrato: 21/05/08 14:50 Messaggi: 1397 Residenza: roma

ottimo a sapersi Very Happy

ballack01 · Eroe Registrato: 21/05/08 00:19 Messaggi: 60 Residenza: capriolo(bs)

salve...ho scaricato un antispyware chiamato superantispyware free e credo di essere riuscito a togliere virtumonde....lo noto dal fatto che il pc va più veloce e non ha gli stessi problemi di prima....però superantispyware mi rileva un file chiamato adware.vundo variant...posto il log di hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.54.23, on 22/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Massimo\Documenti\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.it/news?ned=it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {02BFDFDC-876F-4CAA-99A2-29610AA2F5A5} - C:\WINDOWS\system32\hgGywvUL.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: (no name) - {2F85D76C-0569-466F-A488-493E6BD0E955} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {40B05B07-4DD6-484E-9B9B-413779BDD716} - (no file)
O2 - BHO: (no name) - {45d92dce-02ed-4fa3-b5d2-90b48084c92a} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5D3D9D15-3BBC-4B57-A467-7077E77C93DB} - C:\WINDOWS\system32\ssqQkHAs.dll (file missing)
O2 - BHO: (no name) - {68F0C540-8213-4A0D-991F-4E9BAFDAF3C9} - C:\WINDOWS\system32\yayYoOfg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7F5DDC76-1649-4EFD-B4FA-F9D353488F98} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9B088A37-68C2-48E9-BC7B-6BB1E6CECE89} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B3102264-D09D-4322-B625-503FBF18DD7E} - C:\WINDOWS\system32\awtUnkkh.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D0289460-E621-4704-A2BF-696C2B4068B1} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Programmi\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programmi\File comuni\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [24601154] rundll32.exe "C:\WINDOWS\system32\qknwhugr.dll",b
O4 - HKLM\..\Run: [BM275322c8] Rundll32.exe "C:\WINDOWS\system32\mswppdqo.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LClock] C:\Programmi\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Programmi\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Programmi\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Programmi\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &MSN Search - res://C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll/search.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/230?ca17ac8f33bd418b822794213e219fe8
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/229?ca17ac8f33bd418b822794213e219fe8
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {13EC2BEE-5CAE-48CD-9F55-2074CCAEDF1C} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://maxi13mb.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://maxi13mb.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33E448CD-0EE1-4FC6-A400-5F57C8630964}: NameServer = 85.37.17.7 85.38.28.95
O17 - HKLM\System\CS2\Services\Tcpip\..\{33E448CD-0EE1-4FC6-A400-5F57C8630964}: NameServer = 85.37.17.7 85.38.28.95
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awtUnkkh - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe

--
End of file - 12499 bytes

secondo voi ho rimosso virtumonde??e come posso eliminare adware.vundo variant???

bdoriano

C'è un motivo particolare per cui chiedi aiuto e poi non segui le istruzioni che ti vengono date? Think

ballack01 · Eroe Registrato: 21/05/08 00:19 Messaggi: 60 Residenza: capriolo(bs)

vundofix non mi ha trovato niente....posto qui il log di virtumundobegone

[05/22/2008, 10:21:09] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Massimo\Desktop\VirtumundoBeGone.exe" )
[05/22/2008, 10:21:16] - Detected System Information:
[05/22/2008, 10:21:16] - Windows Version: 5.1.2600, Service Pack 2
[05/22/2008, 10:21:16] - Current Username: Massimo (Admin)
[05/22/2008, 10:21:16] - Windows is in SAFE mode with Networking.
[05/22/2008, 10:21:16] - Searching for Browser Helper Objects:
[05/22/2008, 10:21:16] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[05/22/2008, 10:21:16] - BHO 2: {02BFDFDC-876F-4CAA-99A2-29610AA2F5A5} ()
[05/22/2008, 10:21:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/22/2008, 10:21:16] - Checking for HKLM\...\Winlogon\Notify\hgGywvUL
[05/22/2008, 10:21:16] - Key not found: HKLM\...\Winlogon\Notify\hgGywvUL, continuing.
[05/22/2008, 10:21:16] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/22/2008, 10:21:16] - BHO 4: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} ()
[05/22/2008, 10:21:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/22/2008, 10:21:16] - No filename found. Continuing.
[05/22/2008, 10:21:16] - BHO 5: {2F85D76C-0569-466F-A488-493E6BD0E955} ()
[05/22/2008, 10:21:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/22/2008, 10:21:16] - No filename found. Continuing.
[05/22/2008, 10:21:16] - BHO 6: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[05/22/2008, 10:21:16] - BHO 7: {40B05B07-4DD6-484E-9B9B-413779BDD716} ()
[05/22/2008, 10:21:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/22/2008, 10:21:16] - No filename found. Continuing.
[05/22/2008, 10:21:16] - BHO 8: {45d92dce-02ed-4fa3-b5d2-90b48084c92a} ()
[05/22/2008, 10:21:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/22/2008, 10:21:16] - No filename found. Continuing.
[05/22/2008, 10:21:16] - BHO 9: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[05/22/2008, 10:21:16] - BHO 10: {5D3D9D15-3BBC-4B57-A467-7077E77C93DB} ()
[05/22/2008, 10:21:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/22/2008, 10:21:16] - Checking for HKLM\...\Winlogon\Notify\ssqQkHAs
[05/22/2008, 10:21:16] - Key not found: HKLM\...\Winlogon\Notify\ssqQkHAs, continuing.
[05/22/2008, 10:21:16] - BHO 11: {68F0C540-8213-4A0D-991F-4E9BAFDAF3C9} ()
[05/22/2008, 10:21:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/22/2008, 10:21:16] - Checking for HKLM\...\Winlogon\Notify\yayYoOfg
[05/22/2008, 10:21:16] - Key not found: HKLM\...\Winlogon\Notify\yayYoOfg, continuing.
[05/22/2008, 10:21:16] - BHO 12: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/22/2008, 10:21:16] - BHO 13: {7F5DDC76-1649-4EFD-B4FA-F9D353488F98} ()
[05/22/2008, 10:21:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/22/2008, 10:21:16] - No filename found. Continuing.
[05/22/2008, 10:21:16] - BHO 14: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Guida per l'accesso a Windows Live)
[05/22/2008, 10:21:16] - BHO 15: {9B088A37-68C2-48E9-BC7B-6BB1E6CECE89} ()
[05/22/2008, 10:21:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/22/2008, 10:21:16] - No filename found. Continuing.
[05/22/2008, 10:21:16] - BHO 16: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/22/2008, 10:21:16] - BHO 17: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[05/22/2008, 10:21:16] - BHO 18: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[05/22/2008, 10:21:16] - BHO 19: {D0289460-E621-4704-A2BF-696C2B4068B1} ()
[05/22/2008, 10:21:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/22/2008, 10:21:16] - No filename found. Continuing.
[05/22/2008, 10:21:16] - Finished Searching Browser Helper Objects
[05/22/2008, 10:21:16] - Finishing up...
[05/22/2008, 10:21:16] - Nothing found! Exiting..

e qui il log di normal malware cleaner
NFix_2008-05-22_10-35-43.log

per disattivare l'antivirus devo disinstallarlo oppure si può fare qualche altra operazione???il mio antivirus è nod32...

ballack01 · Eroe Registrato: 21/05/08 00:19 Messaggi: 60 Residenza: capriolo(bs)

ho fatto quasi tutto quello che mi ha detto tranne combofix perchè non so come fare per disattivare l'antivirus....ho NOD32 come antivirus...i log di virtumundobegone e norman malware cleaner li ho postati...come posso disattivare l'antivirus????

bdoriano

Per disabilitare NOD32, clicca sull'icona vicino all'orologio.
Ti si apre la finestra di NOD32, clicca sulla X (Termina) che trovi in basso nella nuova finestra.
Comparirà un messaggio che ti avvisa della disabilitazione della protezione: "Se termini il programma non riceverai più allarmi sui virus. Vuoi terminare il programma comunque?"
Clicca su Si
A questo punto avrai disabilitato l'antivirus. Procedi con la scansione di Combofix.
Al termine della scansione, riavvia il pc.

ballack01 · Eroe Registrato: 21/05/08 00:19 Messaggi: 60 Residenza: capriolo(bs)

ho eseguito sia la scansione di combofix sia quella di hijackthis....posto i risultati qui...

combofix:

ComboFix 08-05-21.2 - Massimo 2008-05-23 9:24:36.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.418 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Massimo\Desktop\ComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\BM275322c8.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\CLlUtBeg.ini
C:\WINDOWS\system32\CLlUtBeg.ini2
C:\WINDOWS\system32\ecsxsqpx.ini
C:\WINDOWS\system32\gfOoYyay.ini
C:\WINDOWS\system32\gfOoYyay.ini2
C:\WINDOWS\system32\nknwyldr.dll
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\xpqsxsce.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-04-23 al 2008-05-23 )))))))))))))))))))))))))))))))))))
.

2008-05-22 10:03 . 2008-05-22 10:03 <DIR> d-------- C:\VundoFix Backups
2008-05-21 18:46 . 2008-05-21 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-05-21 18:45 . 2008-05-21 18:45 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2008-05-21 18:45 . 2008-05-21 18:45 <DIR> d-------- C:\Documents and Settings\Massimo\Dati applicazioni\SUPERAntiSpyware.com
2008-05-21 17:05 . 2008-05-21 17:05 2,624 --a------ C:\WINDOWS\system32\iakxptio.exe
2008-05-21 12:40 . 2008-05-23 09:19 2,148 --a------ C:\WINDOWS\system32\wpa.dbl
2008-05-20 15:20 . 2008-05-20 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Prevx
2008-05-20 15:18 . 2008-05-20 15:18 <DIR> d-------- C:\Temp
2008-05-20 13:21 . 2008-05-20 13:21 <DIR> d-------- C:\VEXPLITE
2008-05-19 12:42 . 2004-08-19 23:39 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-05-19 12:42 . 2004-08-19 23:39 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2008-05-19 12:41 . 2004-08-04 07:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-19 12:41 . 2004-08-04 07:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-18 23:46 . 2008-05-21 13:23 1,185 --a------ C:\WINDOWS\wininit.ini
2008-05-08 15:11 . 2008-05-08 15:11 <DIR> d-------- C:\WINDOWS\Easy CD-DA Extractor
2008-05-08 15:11 . 2008-05-08 15:11 <DIR> d-------- C:\Programmi\Easy CD-DA Extractor 10
2008-05-05 16:15 . 2008-05-05 16:15 <DIR> d-------- C:\Programmi\Windows Sidebar
2008-05-02 19:37 . 2008-05-02 19:38 0 --a------ C:\WINDOWS\PestPatrol5.INI
2008-05-01 02:54 . 2008-05-01 02:54 <DIR> d-------- C:\Documents and Settings\Massimo\Dati applicazioni\DataCast
2008-05-01 02:54 . 2007-12-14 17:19 44,544 --------- C:\WINDOWS\system32\msxml4a.dll
2008-05-01 02:53 . 2008-02-01 08:40 110,592 --a------ C:\WINDOWS\system32\TG_DUMP0708.DLL
2008-05-01 02:49 . 2008-05-01 02:49 <DIR> d-------- C:\Programmi\Lame MP3 Codec
2008-05-01 02:49 . 2002-12-03 22:13 1,048,576 --a------ C:\WINDOWS\system32\lameACM.acm
2008-05-01 02:49 . 2005-05-03 09:33 299,008 --a------ C:\WINDOWS\system32\LAME_MP3.dll
2008-05-01 02:49 . 2004-12-10 21:29 401 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-05-01 02:48 . 2008-05-01 02:48 <DIR> d-------- C:\Programmi\XviD
2008-05-01 02:48 . 2008-05-01 02:48 <DIR> d-------- C:\Programmi\MarkAny
2008-05-01 02:47 . 2008-05-01 02:47 <DIR> d-------- C:\Programmi\Samsung
2008-05-01 02:47 . 2002-10-05 08:04 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2008-05-01 02:47 . 2006-03-16 08:26 397,429 --a------ C:\WINDOWS\system32\PixtreeMP4FormatWriter.ax
2008-05-01 02:47 . 2004-11-01 13:13 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2008-05-01 02:47 . 2002-10-07 03:42 237,568 --a------ C:\WINDOWS\system32\OggDS.dll
2008-05-01 02:47 . 2002-10-05 08:04 188,416 --a------ C:\WINDOWS\system32\vorbis.dll
2008-05-01 02:47 . 2007-11-20 15:36 118,784 --a------ C:\WINDOWS\system32\MaDRM.dll
2008-05-01 02:47 . 2006-01-20 10:11 110,592 --a------ C:\WINDOWS\system32\tg_dump.dll
2008-05-01 02:47 . 2002-10-05 08:04 45,056 --a------ C:\WINDOWS\system32\Ogg.dll
2008-04-25 14:56 . 2008-04-25 14:56 <DIR> d-------- C:\Programmi\File comuni\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 00:48 65,024 ----a-w C:\WINDOWS\IFinst26.exe
2008-04-25 12:56 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-25 12:56 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-18 14:08 --------- d-----w C:\Programmi\Avanquest update
2008-04-18 14:07 24,192 ----a-w C:\Documents and Settings\Massimo\usbsermptxp.sys
2008-04-18 14:07 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys
2008-04-18 14:07 22,768 ----a-w C:\Documents and Settings\Massimo\usbsermpt.sys
2008-04-18 14:07 --------- d-----w C:\Programmi\Motorola Phone Tools
2008-04-17 09:45 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-17 09:45 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-11 17:51 --------- d-----w C:\Programmi\Anti-Trojan-55
2008-04-11 17:37 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-04-11 17:34 --------- d-----w C:\Programmi\Trojan Remover
2008-04-11 17:34 --------- d-----w C:\Documents and Settings\Massimo\Dati applicazioni\Simply Super Software
2008-04-03 16:17 57,632 ----a-w C:\StiImg.dat
2008-04-02 13:00 --------- d-----w C:\Programmi\MSXML 6.0
2008-03-29 09:45 --------- d-----w C:\Programmi\Windows Defender
2008-03-26 10:12 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Bluetooth
2008-03-26 10:03 --------- d-----w C:\Programmi\IVT Corporation
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 183,072 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-24 18:00 --------- d-----w C:\Programmi\Lavalys
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:06 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-12 22:06 274,432 ----a-w C:\WINDOWS\system32\imon.dll
2008-03-11 14:51 14,848 ----a-w C:\WINDOWS\system32\dllcache\register.exe
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-27 09:25 148,239 ----a-w C:\Documents and Settings\Massimo\Dati applicazioni\mdbu.bin
2007-04-23 10:45 92,064 ----a-w C:\Documents and Settings\Massimo\mqdmmdm.sys
2007-04-23 10:45 9,232 ----a-w C:\Documents and Settings\Massimo\mqdmmdfl.sys
2007-04-23 10:45 79,328 ----a-w C:\Documents and Settings\Massimo\mqdmserd.sys
2007-04-23 10:45 66,656 ----a-w C:\Documents and Settings\Massimo\mqdmbus.sys
2007-04-23 10:45 6,208 ----a-w C:\Documents and Settings\Massimo\mqdmcmnt.sys
2007-04-23 10:45 5,936 ----a-w C:\Documents and Settings\Massimo\mqdmwhnt.sys
2007-04-23 10:45 4,048 ----a-w C:\Documents and Settings\Massimo\mqdmcr.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02BFDFDC-876F-4CAA-99A2-29610AA2F5A5}]
C:\WINDOWS\system32\hgGywvUL.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D3D9D15-3BBC-4B57-A467-7077E77C93DB}]
C:\WINDOWS\system32\ssqQkHAs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68F0C540-8213-4A0D-991F-4E9BAFDAF3C9}]
C:\WINDOWS\system32\yayYoOfg.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 23:39 15360]
"Packard Bell Data Secure"="C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe" [ ]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 21:29 68856]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"LClock"="C:\Programmi\LClock\LClock.exe" [ ]
"Vista Sidebar"="C:\Programmi\Vista Sidebar\sidebar.exe" [ ]
"ViStart"="C:\Programmi\ViStart\ViStart.exe" [ ]
"ViOrb"="C:\Programmi\ViOrb\ViOrb.exe" [ ]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2003-10-02 20:05 36864 C:\WINDOWS\system32\VTTimer.exe]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SoundMan"="SOUNDMAN.EXE" [2003-09-23 09:09 57344 C:\WINDOWS\SOUNDMAN.EXE]
"Disk Monitor"="C:\Programmi\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" [2003-06-18 11:57 466944]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"CloneCDElbyCDFL"="C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2001-12-06 13:09 45056]
"CloneCDTray"="C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-04-15 09:12 57344]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-03-13 00:06 921600]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 23:39 110592 C:\WINDOWS\system32\bthprops.cpl]
"Windows Defender"="C:\Programmi\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"MsgCenterExe"="C:\Programmi\File comuni\Real\Update_OB\RealOneMessageCenter.exe" [2008-04-25 14:55 69632]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-04-25 14:55 185896]
"SMSTray"="C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 08:23 132624]
"24601154"="C:\WINDOWS\system32\qknwhugr.dll" [ ]
"BM275322c8"="C:\WINDOWS\system32\mswppdqo.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 23:39 15360]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:56 65588]
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2006-02-14 20:47:36 212992]
Acrobat Assistant.lnk - C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-10-24 17:06:37 49254]
Windows Desktop Search.lnk - C:\Programmi\Windows Desktop Search\WindowsSearch.exe [2006-03-26 22:44:08 257752]
BlueSoleil.lnk - C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-03-26 12:03:53 1183744]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmi\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtUnkkh]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
"Windows Defender"="C:\Programmi\Windows Defender\MSASCui.exe" -hide

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\uTorrent\\utorrent.exe"=
"C:\\Documents and Settings\\Massimo\\Desktop\\utorrent.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-04 07:00]
R3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 19:32]
R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
S3 gtermddo;gtermddo;C:\DOCUME~1\Massimo\IMPOST~1\Temp\gtermddo.sys []
S3 JL2005;JL2005A Toy Camera;C:\WINDOWS\system32\Drivers\toywdm.sys [2004-07-28 19:36]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 urusba;NEC 228 Command Port Driver;C:\WINDOWS\system32\DRIVERS\urusba.sys [2004-06-09 16:00]
S3 urusbc;NEC 228 CONTROL Driver;C:\WINDOWS\system32\DRIVERS\urusbc.sys [2004-06-09 16:00]
S3 urusbe;NEC 228 ENUMERATION Driver;C:\WINDOWS\system32\DRIVERS\urusbe.sys [2004-06-09 16:00]
S3 urusbm;NEC 228 Modem Driver;C:\WINDOWS\system32\DRIVERS\urusbm.sys [2004-06-09 16:00]
S3 urusbo;NEC 228 OBEX Port Driver;C:\WINDOWS\system32\DRIVERS\urusbo.sys [2004-06-09 16:00]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]
S3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]

.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-23 07:21:24 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
"2008-05-22 23:00:32 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-17 14:35:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-05-22 17:34:38 C:\WINDOWS\Tasks\User_Feed_Synchronization-{1794B3EC-3A3E-45FB-90E8-F3BE0E92163A}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2007-01-02 18:03:38 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 09:28:21
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-05-23 9:28:57
ComboFix-quarantined-files.txt 2008-05-23 07:28:56

21 Directory 25,125,355,520 byte disponibili
23 Directory 25,113,657,344 byte disponibili

229 --- E O F --- 2008-05-21 14:31:24

hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.31.31, on 23/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Massimo\Documenti\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.it/news?ned=it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {02BFDFDC-876F-4CAA-99A2-29610AA2F5A5} - C:\WINDOWS\system32\hgGywvUL.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: (no name) - {2F85D76C-0569-466F-A488-493E6BD0E955} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {40B05B07-4DD6-484E-9B9B-413779BDD716} - (no file)
O2 - BHO: (no name) - {45d92dce-02ed-4fa3-b5d2-90b48084c92a} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5D3D9D15-3BBC-4B57-A467-7077E77C93DB} - C:\WINDOWS\system32\ssqQkHAs.dll (file missing)
O2 - BHO: (no name) - {68F0C540-8213-4A0D-991F-4E9BAFDAF3C9} - C:\WINDOWS\system32\yayYoOfg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7F5DDC76-1649-4EFD-B4FA-F9D353488F98} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9B088A37-68C2-48E9-BC7B-6BB1E6CECE89} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D0289460-E621-4704-A2BF-696C2B4068B1} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Programmi\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programmi\File comuni\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [24601154] rundll32.exe "C:\WINDOWS\system32\qknwhugr.dll",b
O4 - HKLM\..\Run: [BM275322c8] Rundll32.exe "C:\WINDOWS\system32\mswppdqo.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LClock] C:\Programmi\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Programmi\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Programmi\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Programmi\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &MSN Search - res://C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll/search.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/230?ca17ac8f33bd418b822794213e219fe8
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/229?ca17ac8f33bd418b822794213e219fe8
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {13EC2BEE-5CAE-48CD-9F55-2074CCAEDF1C} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://maxi13mb.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://maxi13mb.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awtUnkkh - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe

--
End of file - 11886 bytes

bdoriano

Di infezioni mi sembra ce ne siano più d'una... Think

Cominciamo a eliminare qualche file:

Crea un file di testo con le seguenti istruzioni:

Codice:

File::
C:\WINDOWS\system32\iakxptio.exe
C:\WINDOWS\system32\hgGywvUL.dll
C:\WINDOWS\system32\ssqQkHAs.dll
C:\WINDOWS\system32\yayYoOfg.dll
C:\WINDOWS\system32\qknwhugr.dll
C:\WINDOWS\system32\mswppdqo.dll
C:\DOCUME~1\Massimo\IMPOST~1\Temp\gtermddo.sys

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02BFDFDC-876F-4CAA-99A2-29610AA2F5A5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D3D9D15-3BBC-4B57-A467-7077E77C93DB}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68F0C540-8213-4A0D-991F-4E9BAFDAF3C9}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtUnkkh]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"24601154"=-
"BM275322c8"=-

Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:

Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro. Wink

Fai questa scansione con VirIT
Posta i logs aggiornati di combofix e di hijackthis.

ballack01 · Eroe Registrato: 21/05/08 00:19 Messaggi: 60 Residenza: capriolo(bs)

ho eseguito ciò che mi hai detto di fare...posto qui i tre log files:

virit

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
23/05/2008 - 11:21:02

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 60291.
Files Totali: 60291.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
23/05/2008 - 11:56:16

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 60329.
Files Totali: 60329.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

combofix:

ComboFix 08-05-21.3 - Massimo 2008-05-23 11.05.41.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.409 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Massimo\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Massimo\Desktop\CfScript.txt
* Creato nuovo punto di ripristino
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\DOCUME~1\Massimo\IMPOST~1\Temp\gtermddo.sys
C:\WINDOWS\system32\hgGywvUL.dll
C:\WINDOWS\system32\iakxptio.exe
C:\WINDOWS\system32\mswppdqo.dll
C:\WINDOWS\system32\qknwhugr.dll
C:\WINDOWS\system32\ssqQkHAs.dll
C:\WINDOWS\system32\yayYoOfg.dll
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmi\Google\googletoolbar1.dll
C:\WINDOWS\system32\iakxptio.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-04-23 al 2008-05-23 )))))))))))))))))))))))))))))))))))
.

2008-05-22 10:03 . 2008-05-22 10:03 <DIR> d-------- C:\VundoFix Backups
2008-05-21 18:46 . 2008-05-21 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-05-21 18:45 . 2008-05-21 18:45 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2008-05-21 18:45 . 2008-05-21 18:45 <DIR> d-------- C:\Documents and Settings\Massimo\Dati applicazioni\SUPERAntiSpyware.com
2008-05-21 12:40 . 2008-05-23 09:35 2,148 --a------ C:\WINDOWS\system32\wpa.dbl
2008-05-20 15:20 . 2008-05-20 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Prevx
2008-05-20 15:18 . 2008-05-20 15:18 <DIR> d-------- C:\Temp
2008-05-20 13:21 . 2008-05-20 13:21 <DIR> d-------- C:\VEXPLITE
2008-05-19 12:42 . 2004-08-19 23:39 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-05-19 12:42 . 2004-08-19 23:39 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2008-05-19 12:41 . 2004-08-04 07:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-19 12:41 . 2004-08-04 07:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-18 23:46 . 2008-05-21 13:23 1,185 --a------ C:\WINDOWS\wininit.ini
2008-05-08 15:11 . 2008-05-08 15:11 <DIR> d-------- C:\WINDOWS\Easy CD-DA Extractor
2008-05-08 15:11 . 2008-05-08 15:11 <DIR> d-------- C:\Programmi\Easy CD-DA Extractor 10
2008-05-05 16:15 . 2008-05-05 16:15 <DIR> d-------- C:\Programmi\Windows Sidebar
2008-05-02 19:37 . 2008-05-02 19:38 0 --a------ C:\WINDOWS\PestPatrol5.INI
2008-05-01 02:54 . 2008-05-01 02:54 <DIR> d-------- C:\Documents and Settings\Massimo\Dati applicazioni\DataCast
2008-05-01 02:54 . 2007-12-14 17:19 44,544 --------- C:\WINDOWS\system32\msxml4a.dll
2008-05-01 02:53 . 2008-02-01 08:40 110,592 --a------ C:\WINDOWS\system32\TG_DUMP0708.DLL
2008-05-01 02:49 . 2008-05-01 02:49 <DIR> d-------- C:\Programmi\Lame MP3 Codec
2008-05-01 02:49 . 2002-12-03 22:13 1,048,576 --a------ C:\WINDOWS\system32\lameACM.acm
2008-05-01 02:49 . 2005-05-03 09:33 299,008 --a------ C:\WINDOWS\system32\LAME_MP3.dll
2008-05-01 02:49 . 2004-12-10 21:29 401 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-05-01 02:48 . 2008-05-01 02:48 <DIR> d-------- C:\Programmi\XviD
2008-05-01 02:48 . 2008-05-01 02:48 <DIR> d-------- C:\Programmi\MarkAny
2008-05-01 02:47 . 2008-05-01 02:47 <DIR> d-------- C:\Programmi\Samsung
2008-05-01 02:47 . 2002-10-05 08:04 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2008-05-01 02:47 . 2006-03-16 08:26 397,429 --a------ C:\WINDOWS\system32\PixtreeMP4FormatWriter.ax
2008-05-01 02:47 . 2004-11-01 13:13 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2008-05-01 02:47 . 2002-10-07 03:42 237,568 --a------ C:\WINDOWS\system32\OggDS.dll
2008-05-01 02:47 . 2002-10-05 08:04 188,416 --a------ C:\WINDOWS\system32\vorbis.dll
2008-05-01 02:47 . 2007-11-20 15:36 118,784 --a------ C:\WINDOWS\system32\MaDRM.dll
2008-05-01 02:47 . 2006-01-20 10:11 110,592 --a------ C:\WINDOWS\system32\tg_dump.dll
2008-05-01 02:47 . 2002-10-05 08:04 45,056 --a------ C:\WINDOWS\system32\Ogg.dll
2008-04-25 14:56 . 2008-04-25 14:56 <DIR> d-------- C:\Programmi\File comuni\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 00:48 65,024 ----a-w C:\WINDOWS\IFinst26.exe
2008-04-25 12:56 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-25 12:56 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-18 14:08 --------- d-----w C:\Programmi\Avanquest update
2008-04-18 14:07 24,192 ----a-w C:\Documents and Settings\Massimo\usbsermptxp.sys
2008-04-18 14:07 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys
2008-04-18 14:07 22,768 ----a-w C:\Documents and Settings\Massimo\usbsermpt.sys
2008-04-18 14:07 --------- d-----w C:\Programmi\Motorola Phone Tools
2008-04-17 09:45 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-17 09:45 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-11 17:51 --------- d-----w C:\Programmi\Anti-Trojan-55
2008-04-11 17:37 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-04-11 17:34 --------- d-----w C:\Programmi\Trojan Remover
2008-04-11 17:34 --------- d-----w C:\Documents and Settings\Massimo\Dati applicazioni\Simply Super Software
2008-04-03 16:17 57,632 ----a-w C:\StiImg.dat
2008-04-02 13:00 --------- d-----w C:\Programmi\MSXML 6.0
2008-03-29 09:45 --------- d-----w C:\Programmi\Windows Defender
2008-03-26 10:12 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Bluetooth
2008-03-26 10:03 --------- d-----w C:\Programmi\IVT Corporation
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 183,072 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-24 18:00 --------- d-----w C:\Programmi\Lavalys
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:06 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-12 22:06 274,432 ----a-w C:\WINDOWS\system32\imon.dll
2008-03-11 14:51 14,848 ----a-w C:\WINDOWS\system32\dllcache\register.exe
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-27 09:25 148,239 ----a-w C:\Documents and Settings\Massimo\Dati applicazioni\mdbu.bin
2007-04-23 10:45 92,064 ----a-w C:\Documents and Settings\Massimo\mqdmmdm.sys
2007-04-23 10:45 9,232 ----a-w C:\Documents and Settings\Massimo\mqdmmdfl.sys
2007-04-23 10:45 79,328 ----a-w C:\Documents and Settings\Massimo\mqdmserd.sys
2007-04-23 10:45 66,656 ----a-w C:\Documents and Settings\Massimo\mqdmbus.sys
2007-04-23 10:45 6,208 ----a-w C:\Documents and Settings\Massimo\mqdmcmnt.sys
2007-04-23 10:45 5,936 ----a-w C:\Documents and Settings\Massimo\mqdmwhnt.sys
2007-04-23 10:45 4,048 ----a-w C:\Documents and Settings\Massimo\mqdmcr.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-23_ 9.28.34.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-23 07:18:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-23 07:34:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 23:39 15360]
"Packard Bell Data Secure"="C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe" [ ]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 21:29 68856]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"LClock"="C:\Programmi\LClock\LClock.exe" [ ]
"Vista Sidebar"="C:\Programmi\Vista Sidebar\sidebar.exe" [ ]
"ViStart"="C:\Programmi\ViStart\ViStart.exe" [ ]
"ViOrb"="C:\Programmi\ViOrb\ViOrb.exe" [ ]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2003-10-02 20:05 36864 C:\WINDOWS\system32\VTTimer.exe]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SoundMan"="SOUNDMAN.EXE" [2003-09-23 09:09 57344 C:\WINDOWS\SOUNDMAN.EXE]
"Disk Monitor"="C:\Programmi\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" [2003-06-18 11:57 466944]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"CloneCDElbyCDFL"="C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2001-12-06 13:09 45056]
"CloneCDTray"="C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-04-15 09:12 57344]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-03-13 00:06 921600]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 23:39 110592 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"MsgCenterExe"="C:\Programmi\File comuni\Real\Update_OB\RealOneMessageCenter.exe" [2008-04-25 14:55 69632]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-04-25 14:55 185896]
"SMSTray"="C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 08:23 132624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 23:39 15360]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:56 65588]
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2006-02-14 20:47:36 212992]
Acrobat Assistant.lnk - C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-10-24 17:06:37 49254]
Windows Desktop Search.lnk - C:\Programmi\Windows Desktop Search\WindowsSearch.exe [2006-03-26 22:44:08 257752]
BlueSoleil.lnk - C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-03-26 12:03:53 1183744]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmi\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
"Windows Defender"="C:\Programmi\Windows Defender\MSASCui.exe" -hide

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\uTorrent\\utorrent.exe"=
"C:\\Documents and Settings\\Massimo\\Desktop\\utorrent.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-04 07:00]
R3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 19:32]
R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
S3 gtermddo;gtermddo;C:\DOCUME~1\Massimo\IMPOST~1\Temp\gtermddo.sys []
S3 JL2005;JL2005A Toy Camera;C:\WINDOWS\system32\Drivers\toywdm.sys [2004-07-28 19:36]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 urusba;NEC 228 Command Port Driver;C:\WINDOWS\system32\DRIVERS\urusba.sys [2004-06-09 16:00]
S3 urusbc;NEC 228 CONTROL Driver;C:\WINDOWS\system32\DRIVERS\urusbc.sys [2004-06-09 16:00]
S3 urusbe;NEC 228 ENUMERATION Driver;C:\WINDOWS\system32\DRIVERS\urusbe.sys [2004-06-09 16:00]
S3 urusbm;NEC 228 Modem Driver;C:\WINDOWS\system32\DRIVERS\urusbm.sys [2004-06-09 16:00]
S3 urusbo;NEC 228 OBEX Port Driver;C:\WINDOWS\system32\DRIVERS\urusbo.sys [2004-06-09 16:00]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]

.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-23 07:37:26 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
"2008-05-23 09:00:06 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-17 14:35:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-05-22 17:34:38 C:\WINDOWS\Tasks\User_Feed_Synchronization-{1794B3EC-3A3E-45FB-90E8-F3BE0E92163A}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2007-01-02 18:03:38 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 11:09:18
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-05-23 11.09.44
ComboFix-quarantined-files.txt 2008-05-23 09:09:42
ComboFix2.txt 2008-05-23 07:29:00

21 Directory 25,043,959,808 byte disponibili
23 Directory 25,034,326,016 byte disponibili

223 --- E O F --- 2008-05-21 14:31:24

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.23.12, on 23/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Massimo\Documenti\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.it/news?ned=it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {02BFDFDC-876F-4CAA-99A2-29610AA2F5A5} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: (no name) - {2F85D76C-0569-466F-A488-493E6BD0E955} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {40B05B07-4DD6-484E-9B9B-413779BDD716} - (no file)
O2 - BHO: (no name) - {45d92dce-02ed-4fa3-b5d2-90b48084c92a} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5D3D9D15-3BBC-4B57-A467-7077E77C93DB} - (no file)
O2 - BHO: (no name) - {68F0C540-8213-4A0D-991F-4E9BAFDAF3C9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7F5DDC76-1649-4EFD-B4FA-F9D353488F98} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9B088A37-68C2-48E9-BC7B-6BB1E6CECE89} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D0289460-E621-4704-A2BF-696C2B4068B1} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Programmi\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programmi\File comuni\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LClock] C:\Programmi\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Programmi\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Programmi\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Programmi\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &MSN Search - res://C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll/search.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/230?ca17ac8f33bd418b822794213e219fe8
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/229?ca17ac8f33bd418b822794213e219fe8
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {13EC2BEE-5CAE-48CD-9F55-2074CCAEDF1C} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://maxi13mb.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://maxi13mb.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33E448CD-0EE1-4FC6-A400-5F57C8630964}: NameServer = 85.37.17.7 85.38.28.95
O17 - HKLM\System\CS2\Services\Tcpip\..\{33E448CD-0EE1-4FC6-A400-5F57C8630964}: NameServer = 85.37.17.7 85.38.28.95
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awtUnkkh - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe

--
End of file - 12005 bytes

bdoriano

Andiamo già meglio. Razz

Fai questa scansione con Kaspersky.
Al termine della scansione, disinstallalo pure.

ballack01 · Eroe Registrato: 21/05/08 00:19 Messaggi: 60 Residenza: capriolo(bs)

ho fatto la scansione con kaspersky...posto qui di seguito il risultato ottenuto

mxc.txt

bdoriano

Molto bene, Kaspersky ha eliminato altre schifezzuole. Razz

Riscontri altri problemi?

ballack01 · Eroe Registrato: 21/05/08 00:19 Messaggi: 60 Residenza: capriolo(bs)

ogni tanto mi arrivano delle e-mail da un sito chiamato prestigedownloads...mi invita a giocare a un casinò on-line.....e quando ho riscontrato il problema di virtumonde, quando aprivo internet mi andava piano e molte volte si collegava a questo sito....non credo di aver preso dialer, in quanto nelle connessioni non risultavano altre connessioni alla rete...però da quando ho rimosso virtumonde internet mi è tornato alla velocità di prima e non mi ha fatto più quello scherzo...poteva essere un effetto di virtumonde???

bdoriano

Il rallentamento? Potrebbe. Razz

Le email di quel genere non aprirle e cancellale immediatamente (oramai sei nei premi e non puoi fare nulla per non riceverle). Rolling Eyes