Olimpo Informatico

moreno267 · Mortale devoto Registrato: 20/10/08 19:17 Messaggi: 12

Se qualcuno può aiutarmi....

Windows xp,hijack mi da questo...

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19.15.45, on 20/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\snag\HiJackThis_v2.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.altavista.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.altavista.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Firewall Updater] updatees.exe
O4 - HKLM\..\Run: [Windows Config System] config.exe
O4 - HKLM\..\Run: [Windows Update Firewall System] winmsfw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunServices: [Windows Firewall Updater] updatees.exe
O4 - HKLM\..\RunServices: [Windows Config System] config.exe
O4 - HKLM\..\RunServices: [Windows Update Firewall System] winmsfw.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: numlock.vbs
O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Point&&Go - C:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programmi\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174741981886
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174744952357
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat4,avgrsstx.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - (no file)

--
End of file - 5439 bytes

bdoriano

Ciao moreno267 e benvenuto, Ciao

Si vedono parecchi ospiti indesiderati. Razz

Comincia a scaricare la versione aggiornata di Hijackthis e salvalo in una sua cartella non temporanea e non sul desktop.

Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
Segui le istruzioni di questo topic per usare MBAM.
scarica e installa la versione Free di SuperAntispyware:
la configuri come è stato spiegato a un'altra utente in questa discussione
esegui una scansione completa del sistema
Segui le istruzioni di questo topic per postare il log di HiJackThis.
Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
- Carica il log di MBAM su WikiSend e posta il Forum Link che ti viene assegnato.
- Carica il log di SuperAntiSpyware su WikiSend e posta il Forum Link che ti viene assegnato.
- Carica il log di HiJackThis su WikiSend e posta il Forum Link che ti viene assegnato.

PS: se vuoi, puoi presentarti qui

moreno267 · Mortale devoto Registrato: 20/10/08 19:17 Messaggi: 12

Ciao e grazie per il benvenuto e per il tuo interessamento Smile

Ho scaricato ccleaner da un sito diverso,non riesco a connettermi a nessuno dei siti che mi consigli,così come non riesco a connettermi a nessun sito di download di questi programmi.
Li trovo in diversi link,ma nessuno mi permette il download.
Pensa che hijack l'ho trovato su Emule...
Grazie cmq. Crying or Very sad

bdoriano

Orpo!

Comincia a usare questi:
Clicca qui per scaricare MBAM
Clicca qui per scaricare Hijack.This

Li ho rinominati per evitarti problemi. Razz

moreno267 · Mortale devoto Registrato: 20/10/08 19:17 Messaggi: 12

Beh BDORIANO,senza parole.
Alla fine della scansione con ccleaner e mbam,di nuovo tutto funzionante.
Avg, Ad-aware,tutti i siti, gli aggiornamenti di windows e tutti i programmi.
Dopo SETTIMANE di mal di testa e tentativi vari,finalmente sono di nuovo operativo.
Grazie di tutto. Smile

Che dio ti benedica.E ti assista.

bdoriano

Mi fa piacere saperlo... ma non abbiamo ancora finito. Razz

Ora, posta i logs che ti ho chiesto, così vediamo di completare la pulizia. Wink

moreno267 · Mortale devoto Registrato: 20/10/08 19:17 Messaggi: 12

ok BD,e grazie ancora Smile

questo il log di HIJACK:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.03.57, on 21/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\scaricati\hijack\Hi-Jack-This.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.altavista.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.altavista.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Firewall Updater] updatees.exe
O4 - HKLM\..\Run: [Windows Config System] config.exe
O4 - HKLM\..\Run: [Windows Update Firewall System] winmsfw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunServices: [Windows Firewall Updater] updatees.exe
O4 - HKLM\..\RunServices: [Windows Config System] config.exe
O4 - HKLM\..\RunServices: [Windows Update Firewall System] winmsfw.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: numlock.vbs
O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Point&&Go - C:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programmi\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174741981886
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174744952357
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B7AB59D-FF39-4DAA-8327-2C09C7633140}: NameServer = 85.37.17.48 85.38.28.88
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat4,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - (no file)

--
End of file - 5422 bytes

e questi i link degli altri log:

SUPERAntiSpyware Scan Log - 10-21-2008 - 19-39-39.log

mbam-log-2008-10-21 (19-59-33).txt

hijackthis.log

Grazie di tutto BD Rolling Eyes

bdoriano

Avvia Hijackthis e procedi così:
- clicca sulla voce Open the misc tool section
- clicca su Open ads spy
- togli la spunta alla voce Quick scan (windows base folder only)
- clicca su Scan
- se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected

Avvia il pc in modalità provvisoria

esegui hijackthis
clicca su do a system scan only

metti il segno di spunta a queste voci:

Citazione:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [Windows Firewall Updater] updatees.exe
O4 - HKLM\..\Run: [Windows Config System] config.exe
O4 - HKLM\..\Run: [Windows Update Firewall System] winmsfw.exe
O4 - HKLM\..\RunServices: [Windows Firewall Updater] updatees.exe
O4 - HKLM\..\RunServices: [Windows Config System] config.exe
O4 - HKLM\..\RunServices: [Windows Update Firewall System] winmsfw.exe
O4 - Global Startup: numlock.vbs

clicca fix checked
Riavvia il pc in modalità normale, rifai il log di hijackthis e postalo

Rifai la scansione con MBAM e fagli eliminare le minacce che trova. Carica il log su WikiSend e posta il Forum Link che ti viene assegnato.
Segui le istruzioni di questo topic per postare il log di combofix.

moreno267 · Mortale devoto Registrato: 20/10/08 19:17 Messaggi: 12

Ecco il log di hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.54.29, on 22/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\scaricati\hijack\Hi-Jack-This.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.altavista.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.altavista.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [EPSON Stylus COLOR 580] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 580" /O6 "USB001" /M "Stylus COLOR 580"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Point&&Go - C:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174741981886
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174744952357
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B7AB59D-FF39-4DAA-8327-2C09C7633140}: NameServer = 85.37.17.48 85.38.28.88
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat4,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - (no file)

--
End of file - 5384 bytes

Qui il link di MBAM:

mbam-log-2008-10-22 (20-51-48).txt

e qui il log di COMBOFIX

ComboFix 08-10-21.05 - Administrator 2008-10-22 20.57.05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.233 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Administrator\Desktop\snag\32625626.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2008-09-22 al 2008-10-22 )))))))))))))))))))))))))))))))))))
.

2008-10-21 22:18 . 2008-10-21 22:18 <DIR> d-------- C:\Programmi\EPSON
2008-10-21 22:18 . 2008-10-21 22:18 <DIR> d-------- C:\epson
2008-10-21 22:18 . 2001-06-29 20:13 166,400 --a------ C:\WINDOWS\system32\EBAPI3.DLL
2008-10-21 22:18 . 2001-03-30 08:47 60,457 --a------ C:\WINDOWS\system32\EBPMON3.DLL
2008-10-21 22:18 . 2001-03-29 02:21 57,344 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2008-10-21 22:18 . 2000-06-07 01:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2008-10-21 22:18 . 2001-03-08 10:23 145 --a------ C:\WINDOWS\system32\EBPPORT3.DAT
2008-10-21 19:31 . 2008-10-21 19:31 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-10-21 19:31 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-21 19:31 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-21 18:58 . 2008-10-21 19:04 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2008-10-21 18:58 . 2008-10-21 18:58 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-10-21 18:58 . 2008-10-21 19:04 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com
2008-10-21 12:43 . 2008-10-21 12:43 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Malwarebytes
2008-10-21 12:42 . 2008-10-21 12:42 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-10-20 22:40 . 2008-10-20 22:40 <DIR> d-------- C:\Programmi\Yahoo!
2008-10-20 13:29 . 2008-10-20 13:30 <DIR> d-------- C:\gtfyftyft
2008-10-20 12:35 . 2008-10-20 18:44 <DIR> d-------- C:\VEXPLITE
2008-10-20 12:35 . 2008-08-30 12:11 40,960 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-10-19 23:13 . 2008-10-19 23:17 <DIR> d-------- C:\Programmi\Eusing Free Registry Cleaner
2008-10-19 19:50 . 2008-10-22 12:38 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-19 19:50 . 2008-10-21 12:58 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-19 19:49 . 2008-10-21 12:58 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-19 19:49 . 2008-10-21 12:59 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-19 17:27 . 2004-08-04 07:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-10-19 17:27 . 2004-08-04 07:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-10-19 15:00 . 2001-08-31 12:00 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys
2008-10-19 15:00 . 2001-08-31 12:00 4,224 --a--c--- C:\WINDOWS\system32\dllcache\beep.sys
2008-10-19 13:00 . 2008-10-19 13:00 17,801 --a------ C:\WINDOWS\yhylikec._sy
2008-10-19 13:00 . 2008-10-19 13:00 15,056 --a------ C:\WINDOWS\system32\telysike.sys
2008-10-19 13:00 . 2008-10-19 13:00 13,478 --a------ C:\WINDOWS\muhofo.com
2008-10-19 13:00 . 2008-10-19 13:00 12,788 --a------ C:\WINDOWS\ijytiqaj.dl
2008-10-19 13:00 . 2008-10-19 13:00 12,616 --a------ C:\Documents and Settings\Administrator\Dati applicazioni\ajoxok.bat
2008-10-19 13:00 . 2008-10-19 13:00 12,556 --a------ C:\WINDOWS\acasaf.com
2008-10-19 13:00 . 2008-10-19 13:00 12,359 --a------ C:\Documents and Settings\All Users\Dati applicazioni\dybozetave.com
2008-10-18 22:43 . 2008-10-18 22:43 164 --a------ C:\WINDOWS\system32\TDSSosvd.dat
2008-10-08 22:14 . 2008-10-08 22:14 <DIR> d-------- C:\Programmi\K-Lite Codec Pack
2008-10-02 21:32 . 2008-10-02 21:33 <DIR> d-------- C:\Programmi\TVAnts
2008-09-27 18:02 . 2008-09-27 18:02 <DIR> d-------- C:\WINDOWS\system32\RMBin
2008-09-27 18:02 . 2008-09-27 18:02 <DIR> d-------- C:\Programmi\SoftwareClub.ws
2008-09-26 19:45 . 2008-09-26 19:45 <DIR> d-------- C:\Programmi\File comuni\Adobe AIR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 18:03 --------- d-----w C:\Programmi\scaricati
2008-10-21 17:03 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-10-21 16:50 --------- d-----w C:\Programmi\eMule
2008-10-19 19:24 --------- d-----w C:\Programmi\Burn4Free
2008-10-19 17:49 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Avg8
2008-10-19 12:08 --------- d-----w C:\Programmi\MSN Messenger
2008-10-08 20:15 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Media Player Classic
2008-10-02 19:15 --------- d-----w C:\Programmi\PPstream ITA
2008-09-27 13:02 --------- d-----w C:\Programmi\Power Translator 10
2008-09-27 12:59 --------- d-----w C:\Programmi\Ahead
2008-09-26 17:39 --------- d-----w C:\Programmi\File comuni\Adobe
2008-09-15 15:38 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-24 19:03 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\OEC
2008-08-24 11:13 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Skype
2008-08-24 11:12 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\skypePM
2008-08-20 05:35 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:42 2,139,648 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:42 2,019,328 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-09 12:45 360 ----a-w C:\drmHeader.bin
2007-07-28 16:45 524,300 ----a-w C:\Documents and Settings\Administrator\Dati applicazioni\position.bin
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus COLOR 580"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE" [2001-09-13 220672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-07-20 7110656]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-07-20 86016]
"CnxDslTaskBar"="C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2002-08-22 397312]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-21 1234712]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2005-07-20 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=karna.dat4,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo"= CSvidcap.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-725345543-1960408961-682003330-500\Scripts\Logon\0\0]
"Script"=numlock.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSpaxt.sys]
@="driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\PPstream ITA\\PPStream_lista.exe"=
"C:\\VTrader\\vt.exe"=
"C:\\VTrader\\vttrade.exe"=
"C:\\VTrader\\Vttools.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Programmi\\Infogrames\\Grand Prix 4\\GP4.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Programmi\\Paltalk Messenger\\paltalk.exe"=
"C:\\Programmi\\PPstream ITA\\PPStream.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\Programmi\\TVAnts\\Tvants.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"C:\\Programmi\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"C:\\Programmi\\Malwarebytes' Anti-Malware\\mbam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:127.0.0.1
"4672:UDP"= 4672:UDP:127.0.0.1

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 77312]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-21 97928]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-21 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-21 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-21 76040]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2002-08-19 117388]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2002-08-19 554948]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2002-08-22 108259]
.
.
------- Supplementare di scansione -------
.
R0 -: HKCU-Main,Start Page = hxxp://it.altavista.com
R0 -: HKLM-Main,Start Page = hxxp://it.altavista.com
O8 -: &eBay Search - C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 -: &Point&&Go - C:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
O17 -: HKLM\CCS\Interface\{7B7AB59D-FF39-4DAA-8327-2C09C7633140}: NameServer = 85.37.17.48 85.38.28.88
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-22 20:59:32
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-10-22 21:01:58
ComboFix-quarantined-files.txt 2008-10-22 19:01:47
ComboFix2.txt 2008-10-21 21:54:05

Pre-Run: 4.470.427.648 byte disponibili
Post-Run: 4,468,629,504 byte disponibili

166 --- E O F --- 2008-10-21 16:50:56

Grazie ancora BD Rolling Eyes

bdoriano

Ok, vedo che ci sono altri animaletti da eliminare... Wink

Cominciamo a cambiare antivirus:

Scarica Antivir
Disinstalla AVG
Installa AntiVir.
Guida alla configurazione in formato Word.
Guida alla configurazione in formato OpenOffice
Esegui una scansione completa con il nuovo Antivirus e posta il log generato.

moreno267 · Mortale devoto Registrato: 20/10/08 19:17 Messaggi: 12

Allora BD,ho fatto come hai detto,il file dovrebbe essere questo

Avira AntiVir Personal
Report file date: giovedì 23 ottobre 2008 12:40

Scanning for 1704994 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: A-3ICDI96C0LOFP

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.7.59 4366336 Bytes 19/10/2008 10:32:55
ANTIVIR3.VDF : 7.0.7.77 155136 Bytes 23/10/2008 10:32:56
Engineversion : 8.2.0.5
AEVDF.DLL : 8.1.0.6 102772 Bytes 23/10/2008 10:33:11
AESCRIPT.DLL : 8.1.1.9 319867 Bytes 23/10/2008 10:33:10
AESCN.DLL : 8.1.1.3 123252 Bytes 23/10/2008 10:33:09
AERDL.DLL : 8.1.1.2 438644 Bytes 23/10/2008 10:33:09
AEPACK.DLL : 8.1.2.4 369014 Bytes 23/10/2008 10:33:07
AEOFFICE.DLL : 8.1.0.28 196987 Bytes 23/10/2008 10:33:06
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 23/10/2008 10:33:05
AEHELP.DLL : 8.1.1.2 115062 Bytes 23/10/2008 10:33:01
AEGEN.DLL : 8.1.0.41 319861 Bytes 23/10/2008 10:33:01
AEEMU.DLL : 8.1.0.9 393588 Bytes 23/10/2008 10:32:59
AECORE.DLL : 8.1.2.6 172406 Bytes 23/10/2008 10:32:58
AEBB.DLL : 8.1.0.3 53618 Bytes 23/10/2008 10:32:57
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 23/10/2008 10:32:57
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: C:\Programmi\Avira\AntiVir PersonalEdition Classic\sysscan.avp
Logging..........................: low
Primary action...................: delete
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: giovedì 23 ottobre 2008 12:40

Starting search for hidden objects.
'44668' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'CnxDslTb.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
27 processes with 27 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '49' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\KHEVC56N\Epson%20Stylus%20COLOR%20580%20driver%7CEpson%20Stylus%20COLOR%20580%20driver[1].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] A backup was created as '497355e0.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\KHEVC56N\MediaTubeCodec_ver1.725.1[1].exe
[DETECTION] Is the TR/Dldr.Zlob.aajg Trojan
[NOTE] A backup was created as '496455d8.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\SX6ZC12V\MediaTubeCodec_ver1.725.1[1].exe
[DETECTION] Is the TR/Dldr.Zlob.aajg Trojan
[NOTE] A backup was created as '496455e9.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Programmi\scaricati\sc.exe
[DETECTION] Contains recognition pattern of the DR/Relevant.N.4 dropper
[NOTE] A backup was created as '492e5830.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{ACE82469-03C1-402C-A64C-BC5E0FC4C90F}\RP412\A0234975.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] A backup was created as '493259f1.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{ACE82469-03C1-402C-A64C-BC5E0FC4C90F}\RP412\A0234977.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] A backup was created as '484d9752.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{ACE82469-03C1-402C-A64C-BC5E0FC4C90F}\RP412\A0234978.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] A backup was created as '493259f3.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{ACE82469-03C1-402C-A64C-BC5E0FC4C90F}\RP412\A0234979.sys
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] A backup was created as '493259f2.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{ACE82469-03C1-402C-A64C-BC5E0FC4C90F}\RP412\A0234980.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] A backup was created as '484d9753.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{ACE82469-03C1-402C-A64C-BC5E0FC4C90F}\RP412\A0234981.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] A backup was created as '493259f4.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{ACE82469-03C1-402C-A64C-BC5E0FC4C90F}\RP424\A0236742.exe
[DETECTION] Contains recognition pattern of the DR/Relevant.N.4 dropper
[NOTE] A backup was created as '49325a1b.qua' ( QUARANTINE )
[NOTE] The file was deleted!

End of the scan: giovedì 23 ottobre 2008 13:15
Used time: 34:56 Minute(s)

The scan has been done completely.

4424 Scanning directories
250414 Files were scanned
11 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
11 files were deleted
0 files were repaired
11 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
250402 Files not concerned
1632 Archives were scanned
1 Warnings
11 Notes
44668 Objects were scanned with rootkit scan
0 Hidden objects were found

ciao Razz

bdoriano

Ottimo, vedo che ha fatto una bella pulizia. Razz

Disabilita temporaneamente AntiVir e fai questa scansione con Kaspersky.

moreno267 · Mortale devoto Registrato: 20/10/08 19:17 Messaggi: 12

BD,tutto fatto.
Ecco il link di freefilehosting:

nhjbn.txt

A risentirci Laughing

bdoriano

Perfetto, posta un log aggiornato di Combofix e uno aggiornato di Hijackthis.

moreno267 · Mortale devoto Registrato: 20/10/08 19:17 Messaggi: 12

Ecco BD,questo è Combofix:

ComboFix 08-10-23.08 - Administrator 2008-10-24 12.47.45.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.307 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Administrator\Desktop\6252525.exe
* Creato nuovo punto di ripristino
.
Error: Cfiles.dat

((((((((((((((((((((((((( Files Creati Da 2008-09-24 al 2008-10-24 )))))))))))))))))))))))))))))))))))
.

2008-10-23 20:55 . 2008-10-23 23:37 5,079,072 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-23 20:55 . 2008-10-23 23:37 60,596 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-21 22:18 . 2008-10-21 22:18 <DIR> d-------- C:\Programmi\EPSON
2008-10-21 22:18 . 2008-10-22 22:28 <DIR> d-------- C:\epson
2008-10-21 22:18 . 2001-06-29 20:13 166,400 --a------ C:\WINDOWS\system32\EBAPI3.DLL
2008-10-21 22:18 . 2001-03-30 08:47 60,457 --a------ C:\WINDOWS\system32\EBPMON3.DLL
2008-10-21 22:18 . 2001-03-29 02:21 57,344 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2008-10-21 22:18 . 2000-06-07 01:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2008-10-21 22:18 . 2008-10-21 22:21 12,287 --a------ C:\WINDOWS\EPSTPLOG.BAK
2008-10-21 22:18 . 2001-03-08 10:23 145 --a------ C:\WINDOWS\system32\EBPPORT3.DAT
2008-10-21 19:31 . 2008-10-21 19:31 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-10-21 19:31 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-21 19:31 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-21 18:58 . 2008-10-23 23:25 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2008-10-21 18:58 . 2008-10-21 18:58 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-10-21 18:58 . 2008-10-23 23:25 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com
2008-10-21 12:43 . 2008-10-21 12:43 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Malwarebytes
2008-10-21 12:42 . 2008-10-21 12:42 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-10-20 22:40 . 2008-10-20 22:40 <DIR> d-------- C:\Programmi\Yahoo!
2008-10-20 13:29 . 2008-10-20 13:30 <DIR> d-------- C:\gtfyftyft
2008-10-20 12:35 . 2008-10-20 18:44 <DIR> d-------- C:\VEXPLITE
2008-10-20 12:35 . 2008-08-30 12:11 40,960 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-10-19 23:13 . 2008-10-19 23:17 <DIR> d-------- C:\Programmi\Eusing Free Registry Cleaner
2008-10-19 17:27 . 2004-08-04 07:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-10-19 17:27 . 2004-08-04 07:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-10-19 15:00 . 2001-08-31 12:00 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys
2008-10-19 15:00 . 2001-08-31 12:00 4,224 --a--c--- C:\WINDOWS\system32\dllcache\beep.sys
2008-10-19 13:00 . 2008-10-19 13:00 17,801 --a------ C:\WINDOWS\yhylikec._sy
2008-10-19 13:00 . 2008-10-19 13:00 15,056 --a------ C:\WINDOWS\system32\telysike.sys
2008-10-19 13:00 . 2008-10-19 13:00 13,478 --a------ C:\WINDOWS\muhofo.com
2008-10-19 13:00 . 2008-10-19 13:00 12,788 --a------ C:\WINDOWS\ijytiqaj.dl
2008-10-19 13:00 . 2008-10-19 13:00 12,616 --a------ C:\Documents and Settings\Administrator\Dati applicazioni\ajoxok.bat
2008-10-19 13:00 . 2008-10-19 13:00 12,556 --a------ C:\WINDOWS\acasaf.com
2008-10-19 13:00 . 2008-10-19 13:00 12,359 --a------ C:\Documents and Settings\All Users\Dati applicazioni\dybozetave.com
2008-10-18 22:43 . 2008-10-18 22:43 164 --a------ C:\WINDOWS\system32\TDSSosvd.dat
2008-10-08 22:14 . 2008-10-08 22:14 <DIR> d-------- C:\Programmi\K-Lite Codec Pack
2008-10-02 21:32 . 2008-10-02 21:33 <DIR> d-------- C:\Programmi\TVAnts
2008-09-27 18:02 . 2008-09-27 18:02 <DIR> d-------- C:\WINDOWS\system32\RMBin
2008-09-27 18:02 . 2008-09-27 18:02 <DIR> d-------- C:\Programmi\SoftwareClub.ws
2008-09-26 19:45 . 2008-09-26 19:45 <DIR> d-------- C:\Programmi\File comuni\Adobe AIR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 10:41 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Avg8
2008-10-24 10:33 --------- d-----w C:\Programmi\eMule
2008-10-23 21:25 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-10-23 17:19 --------- d-----w C:\Programmi\Windows Media Connect 2
2008-10-23 10:54 --------- d-----w C:\Programmi\scaricati
2008-10-19 19:24 --------- d-----w C:\Programmi\Burn4Free
2008-10-19 12:08 --------- d-----w C:\Programmi\MSN Messenger
2008-10-08 20:15 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Media Player Classic
2008-10-02 19:15 --------- d-----w C:\Programmi\PPstream ITA
2008-09-27 13:02 --------- d-----w C:\Programmi\Power Translator 10
2008-09-27 12:59 --------- d-----w C:\Programmi\Ahead
2008-09-26 17:39 --------- d-----w C:\Programmi\File comuni\Adobe
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-24 19:03 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\OEC
2008-08-24 11:13 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Skype
2008-08-24 11:12 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\skypePM
2008-08-09 12:45 360 ----a-w C:\drmHeader.bin
2007-07-28 16:45 524,300 ----a-w C:\Documents and Settings\Administrator\Dati applicazioni\position.bin
.

((((((((((((((((((((((((((((( snapshot@2008-10-21_23.53.32.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-09-10 08:55:20 2,201 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_AI25X3.DAT
+ 2001-09-17 08:03:00 2,201 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_AI25X3.DAT
- 1999-10-25 08:48:56 40,448 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_ARESE3.DLL
+ 2001-09-20 09:50:42 29,184 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_ARESE3.DLL
- 2001-09-04 06:41:52 899,584 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_XI01ZE.DLL
+ 2001-09-20 14:11:24 932,352 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_XI01ZE.DLL
- 2000-06-07 23:00:00 76,288 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EPUI25E4.DLL
+ 2000-06-25 23:00:00 82,432 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EPUI25E4.DLL
- 2001-09-10 08:55:20 2,201 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_583c6b\E_AI25X3.DAT
+ 2001-09-17 08:03:00 2,201 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_583c6b\E_AI25X3.DAT
- 1999-10-25 08:48:56 40,448 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_583c6b\E_ARESE3.DLL
+ 2001-09-20 09:50:42 29,184 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_583c6b\E_ARESE3.DLL
- 2001-09-04 06:41:52 899,584 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_583c6b\E_XI01ZE.DLL
+ 2001-09-20 14:11:24 932,352 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_583c6b\E_XI01ZE.DLL
- 2000-06-07 23:00:00 76,288 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_583c6b\EPUI25E4.DLL
+ 2000-06-25 23:00:00 82,432 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_583c6b\EPUI25E4.DLL
- 2001-08-03 03:50:00 406,560 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\EPUPDATE.EXE
+ 2001-08-03 03:50:00 407,232 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\EPUPDATE.EXE
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus COLOR 580"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE" [2001-09-13 220672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-07-20 7110656]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-07-20 86016]
"CnxDslTaskBar"="C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2002-08-22 397312]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2005-07-20 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo"= CSvidcap.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-725345543-1960408961-682003330-500\Scripts\Logon\0\0]
"Script"=numlock.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\PPstream ITA\\PPStream_lista.exe"=
"C:\\VTrader\\vt.exe"=
"C:\\VTrader\\vttrade.exe"=
"C:\\VTrader\\Vttools.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Programmi\\Infogrames\\Grand Prix 4\\GP4.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Programmi\\Paltalk Messenger\\paltalk.exe"=
"C:\\Programmi\\PPstream ITA\\PPStream.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\Programmi\\TVAnts\\Tvants.exe"=
"C:\\Programmi\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"C:\\Programmi\\Malwarebytes' Anti-Malware\\mbam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:127.0.0.1
"4672:UDP"= 4672:UDP:127.0.0.1

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 77312]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2002-08-19 117388]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2002-08-19 554948]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2002-08-22 108259]
.
- - - - ORFÃOS REMOVIDOS - - - -

SafeBoot-TDSSpaxt.sys

.
------- Supplementare di scansione -------
.
R0 -: HKCU-Main,Start Page = hxxp://it.altavista.com
R0 -: HKLM-Main,Start Page = hxxp://it.altavista.com
O8 -: &eBay Search - C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 -: &Point&&Go - C:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-24 12:52:04
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Ora fine scansione: 2008-10-24 12:56:37 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-10-24 10:56:34
ComboFix2.txt 2008-10-22 19:02:00
ComboFix3.txt 2008-10-21 21:54:05

Pre-Run: 3.542.110.208 byte disponibili
Post-Run: 3,659,653,120 byte disponibili

178 --- E O F --- 2008-10-21 16:50:56

e questo hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.11.54, on 24/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\snag\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.altavista.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.altavista.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [EPSON Stylus COLOR 580] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 580" /O6 "USB001" /M "Stylus COLOR 580"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Point&&Go - C:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174741981886
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174744952357
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - (no file)

--
End of file - 4543 bytes

bdoriano

Ok, ci sono alcuni files che mi insospettiscono assai. Think

Comincia a disinstallare Lavasoft Ad-Aware (è meno affidabile rispetto a SuperAntiSpyware e MBAM).

Segui queste istruzioni per visualizzare i files e le cartelle nascoste o di sistema.
Dopo, carica (uno alla volta) i seguenti files su VirusTotal per farli analizzare:

moreno267 · Mortale devoto Registrato: 20/10/08 19:17 Messaggi: 12

BD,ancora grazie per i tuoi consigli 8) .
Tutto fatto,i files analizzati mi danno tutti 0/36,nessun commento.
Nella cartella C:\gtfyftyft C'è un'applicazione per MS-DOS di nome nircmd,e un documento MSinfo di nome xprd completamente vuoto.

Ciao e a risentirci. Smile

bdoriano

Aspè...

Disinstalla Combofix:
Clicca Start
Clicca Esegui...
Digita:

moreno267 · Mortale devoto Registrato: 20/10/08 19:17 Messaggi: 12

BD,questo il risultato di Avenger:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\yhylikec._sy" deleted successfully.
File "C:\WINDOWS\system32\telysike.sys" deleted successfully.
File "C:\WINDOWS\muhofo.com" deleted successfully.
File "C:\WINDOWS\ijytiqaj.dl" deleted successfully.
File "C:\Documents and Settings\Administrator\Dati applicazioni\ajoxok.bat" deleted successfully.
File "C:\WINDOWS\acasaf.com" deleted successfully.
File "C:\Documents and Settings\All Users\Dati applicazioni\dybozetave.com" deleted successfully.
File "C:\WINDOWS\system32\TDSSosvd.dat" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

e questo il log di hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.13.15, on 24/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\scaricati\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.altavista.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.altavista.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [EPSON Stylus COLOR 580] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 580" /O6 "USB001" /M "Stylus COLOR 580"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Point&&Go - C:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174741981886
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174744952357
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B7AB59D-FF39-4DAA-8327-2C09C7633140}: NameServer = 85.37.17.48 85.38.28.88
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - (no file)

--
End of file - 4428 bytes

Grazie ancora.
Alla prox. Smile

bdoriano

Ehm... ci sarebbero ancora un paio di cosette... Razz

Assicurati di aver chiuso Internet Explorer
esegui hijackthis
clicca su do a system scan only
metti il segno di spunta a queste voci:

Citazione:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"

clicca fix checked

Installa il service pack3 di Windows XP
Installa Internet Explorer 7
Scarica e installa tutti gli altri aggiornamenti di Windows (escludendo quelli riferiti al Genuine Advantage, che non servono a nulla):
- Clicca sul bottone Personalizzato
- Clicca su Priorità alta
- De-seleziona (togli il segno di spunta) gli aggiornamenti riferiti al Genuine Advantage
- Clicca su Verifica e installa aggiornamenti
- Clicca su Installa aggiornamenti
- segui il resto delle istruzioni a video
rifai il log di hijackthis e postalo