Olimpo Informatico

calendar · Mortale pio Registrato: 25/12/07 13:02 Messaggi: 21

Salve a tutti, sono nuovo del forum e spero che possiate aiutarmi...
come da titolo ha il computer infettato da instant access e ho cercato di seguire le vostre istruzioni...solo che facendo il lig con findawf mi si è presentato questo...

Find AWF report by noahdfear ©2006
Version 1.40

bak folders found
~~~~~~~~~~~

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

end of report

come mai non c'è scritto niente?

Grazie

bdoriano

Ciao calendar, Ciao

Probabilmente, perché sul tuo PC non c'è il virus che cerchi. Wink

Segui le istruzioni di questo topic per postare il log di hijackthis al PSV.

PS: se vuoi, puoi presentarti qui

calendar · Mortale pio Registrato: 25/12/07 13:02 Messaggi: 21

però il mio computer si connette da solo al sito crazy girl...come posso fare?

calendar · Mortale pio Registrato: 25/12/07 13:02 Messaggi: 21

questo è il log con Hijack:

bdoriano

Direi che sei messo male... Twisted Evil

Scarica ATF-Cleaner.
Avvia ATF-Cleaner (serve a eliminare i files temporanei)
Metti il segno di spunta a Select All
(se vuoi conservare i files del cestino, togli il segno di spunta a Recycle bin)
Clicca su Empty selected

Scarica Dr.Web CureIt.

Disabilita il ripristino di sistema e avvia il pc in modalità provvisoria
esegui hijackthis
clicca su do a system scan only
metti il segno di spunta a queste voci:

calendar · Mortale pio Registrato: 25/12/07 13:02 Messaggi: 21

questo è il nuovo log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16.09.02, on 26/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\smax4.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\File comuni\InstallShield\UpdateService\agent.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hi\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://italian.eazel.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [RaidTool] C:\Programmi\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll",AppEntry -REG "Pirelli\Access Gateway USB"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [kwhnlwje] C:\htkdolfm.bat
O4 - HKLM\..\Run: [Drive Software Does Noun] C:\Documents and Settings\All Users\Dati applicazioni\Extra Audio Drive Software\Ante wipe.exe
O4 - HKCU\..\Run: [AWMON] "C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AliceMessenger] C:\Programmi\Alice Messenger\alicemessenger.exe
O4 - HKCU\..\Run: [messengerskinner] C:\Programmi\MessengerSkinner\MessengerSkinner.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programmi\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programmi\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192292165328
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programmi\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programmi\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programmi\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programmi\Design Science\MathPlayer\MathMLMimer.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10910 bytes

bdoriano

E' rimasto ancora qualcosina. Laughing

Disabilita il ripristino di sistema e avvia il pc in modalità provvisoria
esegui hijackthis
clicca su do a system scan only
metti il segno di spunta a queste voci:

calendar · Mortale pio Registrato: 25/12/07 13:02 Messaggi: 21

questo l'ultimo log (quell'antivirus non mi ha segnalato niente):

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19.03.08, on 26/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\smax4.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\InstallShield\UpdateService\agent.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\Common\unyt.exe
C:\DOCUME~1\Rosario\IMPOST~1\Temp\GLB35.tmp
C:\DOCUME~1\Rosario\IMPOST~1\Temp\UNYT_P~1.EXE
C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
C:\hi\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [RaidTool] C:\Programmi\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll",AppEntry -REG "Pirelli\Access Gateway USB"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [AWMON] "C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programmi\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programmi\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192292165328
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6BBFD87-5DC8-4C73-9FE0-76F05115AE0F}: NameServer = 85.37.17.58 85.38.28.94
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programmi\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programmi\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programmi\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programmi\Design Science\MathPlayer\MathMLMimer.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8403 bytes

bdoriano

Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.

calendar · Mortale pio Registrato: 25/12/07 13:02 Messaggi: 21

ecco qui il risultato della scansione:

link

bdoriano

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

calendar · Mortale pio Registrato: 25/12/07 13:02 Messaggi: 21

questo il nuovo log con hij:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15.27.42, on 27/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\smax4.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\InstallShield\UpdateService\agent.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\hi\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [RaidTool] C:\Programmi\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll",AppEntry -REG "Pirelli\Access Gateway USB"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [AWMON] "C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programmi\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programmi\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192292165328
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6BBFD87-5DC8-4C73-9FE0-76F05115AE0F}: NameServer = 85.37.17.58 85.38.28.94
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programmi\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programmi\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programmi\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programmi\Design Science\MathPlayer\MathMLMimer.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8982 bytes

bdoriano

Il log di hijackthis sembra pulito. Riscontri ancora problemi? Smile

PS: grazie per il link. Wink

calendar · Mortale pio Registrato: 25/12/07 13:02 Messaggi: 21

purtroppo ancora mentre sto ad internet si collega ogni tanto con una certa frequenza a questo sito: http://fp.pc-on-internet.com/?id=50281&nums=N0A6IT7CZ-FBXARolAEF&login=672125&mediaid_prefix=005&asked_billing_id=15&time=312e3931 e mi chiede di installare instant access...io non so che sito sia, ma ha lo stesso indirizzo di crazy girl...i problemi di rallentamento del computer sono passati...

bdoriano

Allora c'è qualcos'altro... Think

Scarica SmitFraudFix! e salvalo sul desktop.
Avvialo
Premi 1 e poi Invio
Posta qui il log (c:\rapport.txt)

calendar · Mortale pio Registrato: 25/12/07 13:02 Messaggi: 21

grazie lo farò...adesso devo spegnere il pc...cmq ti ringrazio per la tua disponibilità

calendar · Mortale pio Registrato: 25/12/07 13:02 Messaggi: 21

ecco il log con SmitFraudFix! :

SmitFraudFix v2.274

Scan done at 19.53.10,25, 27/12/2007
Run from C:\Documents and Settings\Rosario\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\smax4.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\rosario\impostazioni locali\dati applicazioni\xqbtmdwhad.exe
C:\Programmi\File comuni\InstallShield\UpdateService\agent.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\eMule\emule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 legal-at-spybot.info
127.0.0.1 www.legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Rosario

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Rosario\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Rosario\PREFER~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Programmi

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Pagina iniziale corrente"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 85.37.17.58
DNS Server Search Order: 85.38.28.94

Description: Access Gateway USB Network Adapter - Miniport dell'Utilità di pianificazione pacchetti
DNS Server Search Order: 151.99.125.2
DNS Server Search Order: 151.99.125.3

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8EE95CCB-5B37-4750-820E-7A8F256521FD}: DhcpNameServer=151.99.125.2 151.99.125.3
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B6BBFD87-5DC8-4C73-9FE0-76F05115AE0F}: NameServer=85.37.17.58 85.38.28.94
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8EE95CCB-5B37-4750-820E-7A8F256521FD}: DhcpNameServer=151.99.125.2 151.99.125.3
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B6BBFD87-5DC8-4C73-9FE0-76F05115AE0F}: NameServer=85.37.17.58 85.38.28.94
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8EE95CCB-5B37-4750-820E-7A8F256521FD}: DhcpNameServer=151.99.125.2 151.99.125.3
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=151.99.125.2 151.99.125.3
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=151.99.125.2 151.99.125.3
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=151.99.125.2 151.99.125.3

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

calendar · Mortale pio Registrato: 25/12/07 13:02 Messaggi: 21

oltre al log con smitfraudfix di cui sopra ho fatto anche il report con comfix nel caso potesse risultare utile:

ComboFix 07-12-28.1 - Rosario 2007-12-27 20.59.47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.69 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Rosario\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\Documents and Settings\Rosario\Impostazioni locali\Dati applicazioni\xqbtmdwhad.dat
c:\documents and settings\rosario\impostazioni locali\dati applicazioni\xqbtmdwhad.exe
c:\Documents and Settings\Rosario\Impostazioni locali\Dati applicazioni\xqbtmdwhad_nav.dat
C:\Documents and Settings\Rosario\Impostazioni locali\Dati applicazioni\xqbtmdwhad_navps.dat
C:\WINDOWS\install.exe

.
((((((((((((((((((((((((( Files Creati Da 2007-11-28 al 2007-12-28 )))))))))))))))))))))))))))))))))))
.

2007-12-28 21:04 . 2007-12-28 21:04 <DIR> d-------- C:\WINDOWS\LastGood
2007-12-27 20:03 . 2007-12-27 20:06 <DIR> d-------- C:\Programmi\vanBasco's Karaoke Player
2007-12-27 19:53 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-27 19:53 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-27 19:53 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-27 19:53 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-27 19:53 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-27 19:53 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-27 19:53 . 2007-12-27 19:53 3,232 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-27 10:39 . 2007-12-27 10:39 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2007-12-27 10:38 . 2007-12-27 10:38 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-26 20:21 . 2007-12-26 20:22 <DIR> d-------- C:\WINDOWS\system32\it-it
2007-12-26 20:16 . 2007-10-11 00:49 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-26 20:16 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-26 20:16 . 2007-07-01 04:36 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-26 20:16 . 2007-10-11 00:49 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-26 20:16 . 2007-10-11 00:49 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-26 20:16 . 2007-10-11 00:49 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-26 20:16 . 2007-10-11 00:49 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-26 20:16 . 2007-10-11 00:49 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-26 20:16 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-26 19:27 . 2007-12-26 19:45 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-26 15:04 . 2006-03-24 18:39 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2007-12-26 15:04 . 2006-03-24 18:39 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2007-12-26 15:04 . 2006-03-24 18:39 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2007-12-26 15:04 . 2006-03-24 17:47 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2007-12-26 15:04 . 2006-03-24 18:39 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2007-12-26 15:04 . 2006-03-24 18:39 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2007-12-26 15:04 . 2006-03-24 18:39 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2007-12-26 15:04 . 2006-03-24 18:39 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2007-12-26 14:45 . 2007-12-26 14:45 <DIR> d-------- C:\Documents and Settings\Rosario\DoctorWeb
2007-12-26 13:20 . 2007-12-26 18:37 <DIR> d-------- C:\Programmi\Yahoo!
2007-12-26 13:20 . 2007-12-26 13:21 <DIR> d-------- C:\Programmi\CCleaner
2007-12-26 13:10 . 2007-12-26 13:10 <DIR> d-------- C:\Programmi\ToniArts
2007-12-26 11:33 . 2007-12-26 18:21 <DIR> d-------- C:\Programmi\Eusing Free Registry Cleaner
2007-12-26 11:26 . 2007-12-27 15:26 <DIR> d-------- C:\hi
2007-12-24 16:56 . 2007-12-24 16:56 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2007-12-24 09:41 . 2007-12-24 09:41 303,104 --a------ C:\WINDOWS\system32\dcccfl.exe
2007-12-22 16:22 . 2007-12-22 16:22 <DIR> d-------- C:\Documents and Settings\Rosario\Dati applicazioni\Windows Live Writer
2007-12-21 14:15 . 2007-12-26 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Extra Audio Drive Software
2007-12-20 15:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-20 15:01 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-20 15:01 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-20 12:44 . 2007-12-26 18:35 <DIR> d-------- C:\Programmi\Windows Live Toolbar
2007-12-20 12:42 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-12-20 12:41 . 2007-12-20 12:41 <DIR> d-------- C:\Programmi\Microsoft SQL Server Compact Edition
2007-12-20 12:25 . 2007-12-20 12:32 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2007-12-20 12:25 . 2007-12-26 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2007-12-19 15:03 . 2007-12-19 15:03 <DIR> d-------- C:\Programmi\EA SPORTS
2007-12-14 18:58 . 2007-12-14 18:58 <DIR> d-------- C:\Documents and Settings\Rosario\Dati applicazioni\Video DVD Maker FREE
2007-12-13 15:16 . 2007-12-13 15:16 <DIR> d-------- C:\Programmi\Motive
2007-12-13 15:09 . 2007-12-13 15:09 <DIR> d-------- C:\Programmi\File comuni\Motive
2007-12-13 15:09 . 2007-12-13 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Motive
2007-12-12 19:48 . 2007-12-26 18:20 <DIR> d-------- C:\Programmi\Celestia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 19:14 --------- d-----w C:\Programmi\eMule
2007-12-26 17:35 --------- d-----w C:\Programmi\Windows Live
2007-12-26 17:31 --------- d-----w C:\Programmi\Google
2007-12-26 17:29 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2007-12-26 12:10 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-12-13 14:18 --------- d-----w C:\Programmi\Alice ti aiuta
2007-11-29 15:48 --------- d-----w C:\Documents and Settings\Rosario\Dati applicazioni\StartPrintGadget
2007-11-29 15:13 --------- d-----w C:\Programmi\StartPrint
2007-11-26 14:59 --------- d-----w C:\Programmi\MP3 Player Utilities 4.00
2007-11-22 16:22 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2007-11-22 15:48 --------- d-----w C:\Documents and Settings\Rosario\Dati applicazioni\Autodesk
2007-11-19 14:02 --------- d-----w C:\Programmi\Picasa2
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 11:40 --------- d-----w C:\Documents and Settings\Rosario\Dati applicazioni\ScanSoft
2007-11-11 11:40 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\InstallShield
2007-11-11 11:39 --------- d-----w C:\Programmi\File comuni\Scansoft Shared
2007-11-11 11:39 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ScanSoft
2007-11-11 11:38 --------- d-----w C:\Programmi\ScanSoft
2007-10-29 22:42 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-23 16:49 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-14 10:19 298,104 ----a-w C:\WINDOWS\system32\imon.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AWMON"="C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 12:12]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 10:52]
"SoundMAX"="C:\Programmi\Analog Devices\SoundMAX\smax4.exe" [2004-03-26 14:40]
"RaidTool"="C:\Programmi\VIA\RAID\raid_tool.exe" [2005-04-26 20:22]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-10-14 11:19]
"AnyDVD"="C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe" [2005-02-04 08:01]
"Norton Ghost 9.0"="C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-29 04:41]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 13:00 C:\WINDOWS\system32\rundll32.exe]
"CnxTrApp"="C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll" [2004-04-20 16:24]
"ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"SSBkgdUpdate"="C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 16:00]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" []
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00]
"Picasa Media Detector"="C:\Programmi\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Controllo del Calendario di Ulead Photo Express.lnk]
backup=C:\WINDOWS\pss\Controllo del Calendario di Ulead Photo Express.lnkCommon Startup

R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-07-29 03:33]
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2005-04-26 20:22]
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2004-07-29 04:13]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-11-18 17:29]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0379b4d2-a749-11dc-8f29-0008275beab4}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06cba2fa-896f-11dc-8ec9-0008275beab4}]
\Shell\AutoRun\command - F:\ClickMe.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 21:09:01
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
RaidTool = C:\Programmi\VIA\RAID\raid_tool.exe???B?

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2007-12-28 21.09.31
.
2007-12-28 20:05:44 --- E O F ---

bdoriano

Ciao calendar, Ciao

scusa se ti rispondo solo ora. Razz

Ho visto che combofix ha eliminato ancora qualcosa.

Prima di procedere oltre, collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.