Olimpo Informatico

[ciroinformatico]

Ciao...ho da un pò di giorni un grosso problema...
ogni tanto si apre una finestra di Internet Explorer con della pubblicità strana e soprattutto nel task manager c è un processo denominato "iexplore.exe" che continua a rubarmi memoria e cpu, nonostante lo uccida in continuazione(termina processo) lui ricompare ogni pochi minuti...
ho letto che questo tipo di virus è facilmente rimovibile grazie al log di HijackThis...ve lo posto nella speranza di un vostro aiuto...grazie.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.59.23, on 18/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Documents and Settings\ciro\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\ciro\IMPOST~1\Temp\Rar$EX01.141\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [bit4id csp store register (M)] RUNDLL32.EXE "C:\WINDOWS\system32\bit4upki-store.dll",RegisterMyPhysicalStore
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Date Army Wma SPAM] C:\Documents and Settings\All Users\Dati applicazioni\Peak ooze date army\tons ping.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Dartidle] C:\DOCUME~1\ciro\DATIAP~1\FREELO~1\Program Team.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ciro\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ZDWLan Utility.lnk = C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209562275093
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cirored89.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9042 bytes

[Er_Kratos]

è successo anche a me....è il virus CID probabilmente....
in attesa che ti risponda qualcuno più bravo ti consiglio quello che hanno fatto fare a me:

Inizia con pulizie generiche:

• Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
  
• Segui le istruzioni di questo topic per usare MBAM.
  
• Segui le istruzioni di questo topic per eseguire combofix.
  
• Segui le istruzioni di questo topic per postare il log di HiJackThis.
  
• Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc.

Posta i tre report su www.wikisend.com

il tutto da modalità provvisoria

[chemicalbit]

[ciroinformatico]

Grazie mille x le dritte ragazzi...cmq dopo aver fatto semplicemente partire AFT-Cleaner come per incanto nn ho più quel fastidioso processo nel task manager e non mi si apre più la finestra di IE con la pubblicità (il virus CID probabilmente...).
Non ho dovuto neanche partire in modalità provvisoria per eliminare i processi da HiJackThis...strano...
comunque grazie mille....se dovessi avere nuovi problemi ve lo farò saxe...
ciao ciao

[chemicalbit]

Fai comunque i controlli che ti hai indicato Er_Kratos .

[baciami]

non è un fastidioso processo..avrai nel task manager iexplore.exe per ogni finestra che apri.una volta chiusa una finestra si chiude dal task manager anche un iexplorer.exe

[ciroinformatico]

baciami quello ke hai detto è giusto,lo so ank 'io...
ma se io nn uso assolutamente IE, c è qlc ke nn va no??

[baciami]

[chemicalbit]

[ciroinformatico]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.14.46, on 22/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\ciro\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [bit4id csp store register (M)] RUNDLL32.EXE "C:\WINDOWS\system32\bit4upki-store.dll",RegisterMyPhysicalStore
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ZDWLan Utility.lnk = C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209562275093
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cirored89.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7641 bytes

------------------------------------------------------------------------------------

ComboFix 08-09-20.05 - ciro 2008-09-22 12.11.05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1399 [GMT 2:00]
Eseguito da: C:\Documents and Settings\ciro\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((( Files Creati Da 2008-08-22 al 2008-09-22 )))))))))))))))))))))))))))))))))))
.

2008-09-21 14:30 . 2008-09-21 14:30 <DIR> d-------- C:\Programmi\Lavasoft
2008-09-21 14:30 . 2008-09-21 14:30 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-09-21 14:30 . 2008-09-21 14:30 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-09-17 11:13 . 2008-09-17 11:13 <DIR> d-------- C:\Programmi\Avira
2008-09-17 11:13 . 2008-09-17 11:13 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-09-16 13:23 . 2008-09-19 14:32 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-16 11:55 . 2008-09-22 11:28 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-16 11:55 . 2008-09-16 11:55 <DIR> d-------- C:\Programmi\AVG
2008-09-16 11:55 . 2008-09-17 10:46 <DIR> d-------- C:\Documents and Settings\ciro\Dati applicazioni\AVGTOOLBAR
2008-09-16 11:55 . 2008-09-16 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-09-16 11:55 . 2008-09-17 10:44 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-16 11:55 . 2008-09-16 11:55 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-16 11:55 . 2008-09-16 11:55 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-15 20:02 . 2008-09-18 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Peak ooze date army
2008-09-14 14:41 . 2006-03-02 14:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll
2008-09-14 14:40 . 2001-08-30 23:07 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2008-09-14 14:33 . 2008-09-14 14:33 <DIR> d-------- C:\Programmi\TVAnts
2008-09-06 20:42 . 2008-09-06 20:42 <DIR> d-------- C:\Documents and Settings\ciro\Dati applicazioni\Apple Computer
2008-09-06 20:41 . 2008-09-06 20:41 <DIR> d-------- C:\Programmi\QuickTime
2008-09-06 20:41 . 2008-09-07 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-09-06 20:40 . 2008-09-06 20:40 <DIR> d-------- C:\Programmi\Apple Software Update
2008-09-06 20:40 . 2008-09-06 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-09-06 20:30 . 2008-09-06 20:31 <DIR> d-------- C:\Programmi\VDOWNLOADER
2008-08-31 15:00 . 2008-08-31 15:02 <DIR> d-------- C:\Programmi\TVUPlayer
2008-08-31 15:00 . 2008-08-31 15:01 <DIR> d-------- C:\Documents and Settings\ciro\Dati applicazioni\TVU Networks
2008-08-31 14:29 . 2008-08-31 14:29 <DIR> d-------- C:\Programmi\SopCast
2008-08-27 12:20 . 2008-04-13 20:45 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-08-27 12:20 . 2008-04-13 20:45 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-08-27 12:19 . 2008-08-27 12:19 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-27 12:19 . 2008-08-27 12:19 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-27 12:18 . 2008-08-27 12:20 <DIR> d-------- C:\Documents and Settings\ciro\Dati applicazioni\PC Suite
2008-08-27 12:18 . 2008-08-27 12:27 <DIR> d-------- C:\Documents and Settings\ciro\Dati applicazioni\Nokia
2008-08-27 12:18 . 2008-08-27 12:20 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2008-08-27 12:16 . 2008-08-27 12:16 <DIR> d-------- C:\Programmi\PC Connectivity Solution
2008-08-27 12:16 . 2008-08-27 12:16 <DIR> d-------- C:\Programmi\File comuni\PCSuite
2008-08-27 12:16 . 2008-08-27 12:16 <DIR> d-------- C:\Programmi\File comuni\Nokia
2008-08-27 12:16 . 2008-08-27 12:16 <DIR> d-------- C:\Programmi\DIFX
2008-08-27 12:16 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-08-27 12:16 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-08-27 12:16 . 2008-05-07 07:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-08-27 12:16 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-08-27 12:16 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-08-27 12:16 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-08-27 12:16 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-08-27 12:15 . 2008-08-27 12:16 <DIR> d-------- C:\Programmi\Nokia
2008-08-27 12:14 . 2008-08-27 12:15 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-08-26 15:57 . 2008-08-26 15:57 <DIR> d-------- C:\WINDOWS\system32\it-it
2008-08-26 15:57 . 2008-08-26 15:57 <DIR> d-------- C:\WINDOWS\system32\it
2008-08-26 15:57 . 2008-08-26 15:57 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-26 15:57 . 2008-08-26 15:57 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-26 15:55 . 2008-08-26 15:57 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-25 15:27 . 2008-08-25 15:29 <DIR> d-------- C:\Programmi\InfoCert
2008-08-25 15:24 . 2008-08-25 15:24 <DIR> d-------- C:\Programmi\Bit4Id
2008-08-25 15:20 . 2008-08-25 15:20 <DIR> d-------- C:\Programmi\minilector
2008-08-25 15:19 . 2005-08-09 20:10 110,592 --a------ C:\WINDOWS\system32\Usbr38.DLL
2008-08-25 15:19 . 2006-03-24 19:14 33,536 --a------ C:\WINDOWS\system32\drivers\a38usb.sys
2008-08-23 13:19 . 2008-08-23 13:19 <DIR> d-------- C:\Programmi\CoCoRiCo web
2008-08-23 13:18 . 2008-08-23 13:18 <DIR> d-------- C:\Programmi\CoCoRiCo Logo
2008-08-23 12:17 . 2007-06-28 18:43 123,602 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-08-23 12:16 . 2008-08-23 12:20 <DIR> d-------- C:\WINDOWS\NV11681096.TMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 10:10 --------- d-----w C:\Documents and Settings\ciro\Dati applicazioni\uTorrent
2008-09-22 09:26 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-09-06 18:25 114,688 ----a-w C:\WINDOWS\system32\liclock.dll
2008-09-04 11:37 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-08-26 14:01 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd2989.sys
2008-08-06 12:01 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\nView_Profiles
2008-08-05 14:44 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-05 14:44 --------- d--h--r C:\Documents and Settings\ciro\Dati applicazioni\SecuROM
2008-08-05 14:43 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-08-05 14:36 --------- d-----w C:\Programmi\KONAMI
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-16 10:30 909,312 ----a-w C:\WINDOWS\system32\bit4ipki.dll
2008-07-07 20:27 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:42 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 15:09 668,672 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"uTorrent"="C:\Programmi\uTorrent\uTorrent.exe" [2008-08-23 267056]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2005-11-09 128920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 81920]
"bit4id csp store register (M)"="C:\WINDOWS\system32\bit4upki-store.dll" [2008-05-13 122880]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-05-27 413696]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-17 1235736]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"VTTimer"="VTTimer.exe" [2005-03-11 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-11-04 C:\WINDOWS\system32\VTTrayp.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-06-28 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
ZDWLan Utility.lnk - C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-04-30 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\File comuni\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Programmi\\Aspyr\\Top Spin 2\\Data\\Top Spin 2.exe"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Programmi\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Programmi\\TVAnts\\Tvants.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"46010:TCP"= 46010:TCP:Port 46010_TCP
"46010:UDP"= 46010:UDP:Port 46010_UDP
"46011:TCP"= 46011:TCP:Port 46011_TCP
"46011:UDP"= 46011:UDP:Port 46011_UDP
"46012:TCP"= 46012:TCP:Port 46012_TCP
"46012:UDP"= 46012:UDP:Port 46012_UDP
"46013:TCP"= 46013:TCP:Port 46013_TCP
"46013:UDP"= 46013:UDP:Port 46013_UDP
"46014:TCP"= 46014:TCP:Port 46014_TCP
"46014:UDP"= 46014:UDP:Port 46014_UDP
"46015:TCP"= 46015:TCP:Port 46015_TCP
"46015:UDP"= 46015:UDP:Port 46015_UDP
"46016:TCP"= 46016:TCP:Port 46016_TCP
"46016:UDP"= 46016:UDP:Port 46016_UDP
"46017:TCP"= 46017:TCP:Port 46017_TCP
"46017:UDP"= 46017:UDP:Port 46017_UDP
"46018:TCP"= 46018:TCP:Port 46018_TCP
"46018:UDP"= 46018:UDP:Port 46018_UDP
"46019:TCP"= 46019:TCP:Port 46019_TCP
"46019:UDP"= 46019:UDP:Port 46019_UDP
"46020:TCP"= 46020:TCP:Port 46020_TCP
"46020:UDP"= 46020:UDP:Port 46020_UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-17 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-17 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-17 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-16 76040]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 12416]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 10752]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 477696]
S3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usb.sys [2006-03-24 33536]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92cb3c58-1dca-11dd-96d6-0002725c1607}]
\Shell\Auto\command - RavMon.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c75162eb-21df-11dd-96e2-0002725c1607}]
\Shell\Auto\command - F:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

*Newly Created Service* - PROCEXP90
.
- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-ASUSGamerOSD - C:\Program Files\ASUS\GamerOSD\GamerOSD.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\ciro\Dati applicazioni\Mozilla\Firefox\Profiles\5bjyzuuu.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.it/
FF -: plugin - C:\Programmi\Adobe\Acrobat 6.0 CE\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 12:13:13
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-09-22 12:14:08
ComboFix-quarantined-files.txt 2008-09-22 10:14:02

Pre-Run: 427.326.877.696 byte disponibili
Post-Run: 427,345,293,312 byte disponibili

212 --- E O F --- 2008-09-10 14:13:45


-------------------------------------------------------------------------------------


Malwarebytes' Anti-Malware 1.28
Versione del database: 1190
Windows 5.1.2600 Service Pack 3

22/09/2008 12.23.22
mbam-log-2008-09-22 (12-23-22).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 42986
Tempo trascorso: 3 minute(s), 33 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

[chemicalbit]

Era meglio se li hostavi su Wikisend, come indicato,

p.s. in che ordine hai eseguito i tre programmi?

[ciroinformatico]

Ora li posto anke lì...
cmq prima Combo poi HijackThis e infine Mbam...
ah mi sono dimenticato di fare il tutto in midalità provvisoria...è un grosso problema??

[ciroinformatico]

eccoli qua:
http://wikisend.com/download/959742/hijackthis.log
http://wikisend.com/download/950526/log_combo.txt
http://wikisend.com/download/475502/mbam-log.txt

[Sante62]

Dobbiamo anche quì pulire le chiavette/periferiche USB;

Disattiva momentaneamente il riconoscimento automatico delle periferiche USB;
serve il programma TweakUI scaricabile da questa pagina e installalo.
Una volta installato, eseguilo e procedi con questi passaggi:

[ciroinformatico]

ecco il file log di combo aggioranto (ve lo posto per intero perkè ho problemi con wikisend):


ComboFix 08-09-25.05 - ciro 2008-09-26 13.54.30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1395 [GMT 2:00]
Eseguito da: C:\Documents and Settings\ciro\Desktop\log\ComboFix.exe
Command switches used :: C:\Documents and Settings\ciro\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((( Files Creati Da 2008-08-26 al 2008-09-26 )))))))))))))))))))))))))))))))))))
.

2008-09-26 13:40 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-09-26 13:40 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-09-22 12:18 . 2008-09-22 12:19 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-09-22 12:18 . 2008-09-22 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-09-22 12:18 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-22 12:18 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-21 14:30 . 2008-09-21 14:30 <DIR> d-------- C:\Programmi\Lavasoft
2008-09-21 14:30 . 2008-09-21 14:30 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-09-21 14:30 . 2008-09-21 14:30 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-09-17 11:13 . 2008-09-17 11:13 <DIR> d-------- C:\Programmi\Avira
2008-09-17 11:13 . 2008-09-17 11:13 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-09-16 13:23 . 2008-09-19 14:32 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-16 11:55 . 2008-09-26 13:29 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-16 11:55 . 2008-09-16 11:55 <DIR> d-------- C:\Programmi\AVG
2008-09-16 11:55 . 2008-09-16 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-09-16 11:55 . 2008-09-17 10:44 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-16 11:55 . 2008-09-16 11:55 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-16 11:55 . 2008-09-16 11:55 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-15 20:02 . 2008-09-18 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Peak ooze date army
2008-09-14 14:41 . 2006-03-02 14:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll
2008-09-14 14:40 . 2001-08-30 23:07 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2008-09-14 14:33 . 2008-09-14 14:33 <DIR> d-------- C:\Programmi\TVAnts
2008-09-06 20:41 . 2008-09-06 20:41 <DIR> d-------- C:\Programmi\QuickTime
2008-09-06 20:41 . 2008-09-07 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-09-06 20:40 . 2008-09-06 20:40 <DIR> d-------- C:\Programmi\Apple Software Update
2008-09-06 20:40 . 2008-09-06 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-09-06 20:30 . 2008-09-06 20:31 <DIR> d-------- C:\Programmi\VDOWNLOADER
2008-08-31 15:00 . 2008-08-31 15:02 <DIR> d-------- C:\Programmi\TVUPlayer
2008-08-31 14:29 . 2008-08-31 14:29 <DIR> d-------- C:\Programmi\SopCast
2008-08-27 12:20 . 2008-04-13 20:45 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-08-27 12:20 . 2008-04-13 20:45 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-08-27 12:19 . 2008-08-27 12:19 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-27 12:19 . 2008-08-27 12:19 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-27 12:18 . 2008-08-27 12:20 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2008-08-27 12:16 . 2008-08-27 12:16 <DIR> d-------- C:\Programmi\PC Connectivity Solution
2008-08-27 12:16 . 2008-08-27 12:16 <DIR> d-------- C:\Programmi\File comuni\PCSuite
2008-08-27 12:16 . 2008-08-27 12:16 <DIR> d-------- C:\Programmi\File comuni\Nokia
2008-08-27 12:16 . 2008-08-27 12:16 <DIR> d-------- C:\Programmi\DIFX
2008-08-27 12:16 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-08-27 12:16 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-08-27 12:16 . 2008-05-07 07:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-08-27 12:16 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-08-27 12:16 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-08-27 12:16 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-08-27 12:16 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-08-27 12:15 . 2008-08-27 12:16 <DIR> d-------- C:\Programmi\Nokia
2008-08-27 12:14 . 2008-08-27 12:15 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-08-26 15:57 . 2008-08-26 15:57 <DIR> d-------- C:\WINDOWS\system32\it-it
2008-08-26 15:57 . 2008-08-26 15:57 <DIR> d-------- C:\WINDOWS\system32\it
2008-08-26 15:57 . 2008-08-26 15:57 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-26 15:57 . 2008-08-26 15:57 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-26 15:55 . 2008-08-26 15:57 <DIR> d-------- C:\WINDOWS\ServicePackFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-25 20:57 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-09-06 18:25 114,688 ----a-w C:\WINDOWS\system32\liclock.dll
2008-09-04 11:37 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-08-26 14:01 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd2989.sys
2008-08-25 13:29 --------- d-----w C:\Programmi\InfoCert
2008-08-25 13:24 --------- d-----w C:\Programmi\Bit4Id
2008-08-25 13:20 --------- d-----w C:\Programmi\minilector
2008-08-23 11:19 --------- d-----w C:\Programmi\CoCoRiCo web
2008-08-23 11:18 --------- d-----w C:\Programmi\CoCoRiCo Logo
2008-08-06 12:01 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\nView_Profiles
2008-08-05 14:44 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-05 14:43 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-08-05 14:36 --------- d-----w C:\Programmi\KONAMI
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-16 10:30 909,312 ----a-w C:\WINDOWS\system32\bit4ipki.dll
2008-07-07 20:27 253,952 ----a-w C:\WINDOWS\system32\es.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"uTorrent"="C:\Programmi\uTorrent\uTorrent.exe" [2008-08-23 267056]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2005-11-09 128920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 81920]
"bit4id csp store register (M)"="C:\WINDOWS\system32\bit4upki-store.dll" [2008-05-13 122880]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-05-27 413696]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-17 1235736]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"VTTimer"="VTTimer.exe" [2005-03-11 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-11-04 C:\WINDOWS\system32\VTTrayp.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-06-28 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
ZDWLan Utility.lnk - C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-04-30 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\File comuni\\Nero\\Nero Web\\SetupX.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Programmi\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Programmi\\TVAnts\\Tvants.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=
"C:\\Programmi\\Aspyr\\Top Spin 2\\Data\\Top Spin 2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"46010:TCP"= 46010:TCP:Port 46010_TCP
"46010:UDP"= 46010:UDP:Port 46010_UDP
"46011:TCP"= 46011:TCP:Port 46011_TCP
"46011:UDP"= 46011:UDP:Port 46011_UDP
"46012:TCP"= 46012:TCP:Port 46012_TCP
"46012:UDP"= 46012:UDP:Port 46012_UDP
"46013:TCP"= 46013:TCP:Port 46013_TCP
"46013:UDP"= 46013:UDP:Port 46013_UDP
"46014:TCP"= 46014:TCP:Port 46014_TCP
"46014:UDP"= 46014:UDP:Port 46014_UDP
"46015:TCP"= 46015:TCP:Port 46015_TCP
"46015:UDP"= 46015:UDP:Port 46015_UDP
"46016:TCP"= 46016:TCP:Port 46016_TCP
"46016:UDP"= 46016:UDP:Port 46016_UDP
"46017:TCP"= 46017:TCP:Port 46017_TCP
"46017:UDP"= 46017:UDP:Port 46017_UDP
"46018:TCP"= 46018:TCP:Port 46018_TCP
"46018:UDP"= 46018:UDP:Port 46018_UDP
"46019:TCP"= 46019:TCP:Port 46019_TCP
"46019:UDP"= 46019:UDP:Port 46019_UDP
"46020:TCP"= 46020:TCP:Port 46020_TCP
"46020:UDP"= 46020:UDP:Port 46020_UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-17 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-17 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-17 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-16 76040]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 12416]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 10752]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 477696]
S3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usb.sys [2006-03-24 33536]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-26 13:56:10
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-09-26 13:56:59
ComboFix-quarantined-files.txt 2008-09-26 11:56:55
ComboFix2.txt 2008-09-22 10:14:09

Pre-Run: 425.962.266.624 byte disponibili
Post-Run: 425,950,740,480 byte disponibili

190 --- E O F --- 2008-09-10 14:13:45

[Sante62]

Bene, adesso esegui queste scansioni online:
Panda Active Scan;

Kaspersky online scanner e procedi con entrambi alla scansione estesa del PC.

[ciroinformatico]

fatto, ecco il log di Kaspersky:
kasp.html
ho fatto anke la scansione con Panda ma a un certo punto si è arrestato,nn so xkè...
poi dove posso vedere i due file infetti che mi aveva segnalato Panda??

[chemicalbit]

Hai fatto caso in che punto ti si è bloccato Panda?

Prova a rifarlo.

[Sante62]

[ciroinformatico]

non riparte neanche più la scansione...
quando provo ad effettuarla mi dà quest'errore:
"Sorry, updating is incomplete due to an error. Please try again."