Olimpo Informatico

Daniele52 · Mortale devoto Registrato: 27/07/08 17:49 Messaggi: 10

Mille virus nel pc!!! Qualcuno sa esserm d aiuto??

Logfile of HijackThis v1.99.1
Scan saved at 17:41: VIRUS ALERT!, on 27/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TrayIcon.exe
C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Intel\NCS\PROSet\PRONoMgr.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Win Antivir 2008\Win Antivir 2008.exe
C:\Programmi\XP Antivirus\xpa.exe
C:\Programmi\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\File comuni\Sony Shared\GMR\GMRMan.exe
C:\Programmi\Sony\CONNECTAutoUpdate\CONNECTAutoUpdate.exe
C:\Documents and Settings\Daniele\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Programmi\Multi_Media\tbMult.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QXK Olive - {AEFFF7D6-917C-4D8D-A780-7C2D69F1B01A} - C:\WINDOWS\nfavxwdbsxb.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Programmi\Multi_Media\tbMult.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Programmi\Multi_Media\tbMult.dll
O3 - Toolbar: fdkowvbp - {BF53502D-3BEF-4273-9925-89D7526A5F87} - C:\WINDOWS\fdkowvbp.dll
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmi\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P40 "EPSON Stylus Photo R200 Series (Copia 1)" /O5 "LPT1:" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Programmi\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\Daniele\IMPOST~1\Temp\scksexde.exe/r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo R200 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P40 "EPSON Stylus Photo R200 Series (Copia 1)" /M "Stylus Photo R200" /EF "HKCU"
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Shim Team] C:\DOCUME~1\Daniele\DATIAP~1\ITCHPI~1\save link clock.exe
O4 - HKCU\..\Run: [Win Antivir 2008] C:\Programmi\Win Antivir 2008\Win Antivir 2008.exe
O4 - HKCU\..\Run: [10484078053538647600008346577398] C:\Programmi\XP Antivirus\xpa.exe
O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Programmi\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157396803515
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: wnslvxtf - {F909BB2D-6EFA-49C8-A865-56B35785EA54} - C:\WINDOWS\wnslvxtf.dll
O21 - SSODL: eqvwamkl - {D67A389C-60FF-4262-8811-11862332C45B} - C:\WINDOWS\eqvwamkl.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DirectX Service (DirectZidf) - Unknown owner - c:\windows\system32\directx.exe (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmi\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

bdoriano

Ciao Daniele52 e benvenuto, Ciao

Fai queste operazioni:

Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
Segui le istruzioni di questo topic per usare MBAM.
Segui le istruzioni di questo topic per eseguire combofix.
Scarica la versione aggiornata di Hijackthis e salvalo in una sua cartella non temporanea e non sul desktop.
Segui le istruzioni di questo topic per postare il log di HiJackThis.
Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
- Carica il log di MBAM su WikiSend e posta il Forum Link che ti viene assegnato.
- Carica il log di Combofix su WikiSend e posta il Forum Link che ti viene assegnato.
- Carica il log di HiJackThis su WikiSend e posta il Forum Link che ti viene assegnato.

PS: se vuoi, puoi presentarti qui

Daniele52 · Mortale devoto Registrato: 27/07/08 17:49 Messaggi: 10

ComboFix 08-07-27.2 - Daniele 2008-07-27 20.28.12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.637 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Daniele\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Daniele\Dati applicazioni\macromedia\Flash Player\#SharedObjects\DNJAYA86\iforex.com
C:\Documents and Settings\Daniele\Dati applicazioni\macromedia\Flash Player\#SharedObjects\DNJAYA86\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Daniele\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Daniele\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINDOWS\system32\ban_list.txt

.
((((((((((((((((((((((((( Files Creati Da 2008-06-27 al 2008-07-27 )))))))))))))))))))))))))))))))))))
.

2008-07-27 19:43 . 2008-07-27 19:43 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-07-27 19:43 . 2008-07-27 19:43 <DIR> d-------- C:\Documents and Settings\Daniele\Dati applicazioni\Malwarebytes
2008-07-27 19:43 . 2008-07-27 19:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-07-27 19:43 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-27 19:43 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 15:59 --------- d-----w C:\Documents and Settings\Daniele\Dati applicazioni\AVG7
2008-07-26 19:03 319 ----a-w C:\drmHeader.bin
2008-07-23 21:29 --------- d-----w C:\Documents and Settings\Daniele\Dati applicazioni\Skype
2008-07-22 18:46 --------- d-----w C:\Documents and Settings\Daniele\Dati applicazioni\LimeWire
2008-07-04 06:33 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\pdf995
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-04 12:16 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-05-16 15:07 69,480 ----a-w C:\Documents and Settings\Daniele\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2003-05-07 15:13 131,072 ----a-w C:\WINDOWS\inf\DriverInstaller.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:39 15360]
"EPSON Stylus Photo R200 Series (Copia 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 03:00 99840]
"NBJ"="C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" [2005-04-08 18:43 1953792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DisplayTrayIcon"="C:\WINDOWS\System32\TrayIcon.exe" [2001-10-17 15:27 147456]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-04-02 09:40 4616192]
"GhostStartTrayApp"="C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 15:21 94208]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"PRONoMgr.exe"="C:\Programmi\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24 86016]
"EPSON Stylus Photo R200 Series (Copia 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 03:00 99840]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2005-11-13 18:28 77824]
"DAEMON Tools-1033"="C:\Programmi\D-Tools\daemon.exe" [2004-08-22 18:05 81920]
"CONNECTScheduler"="C:\Programmi\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" [2006-03-23 19:01 75336]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-28 09:47 580096]
"!AVG Anti-Spyware"="C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"SoundMan"="SOUNDMAN.EXE" [2003-03-27 10:34 53248 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:39 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-25 11:52 219136]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
CONNECTAUTrayApp.lnk - C:\Programmi\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe [2006-03-30 19:20:04 124488]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2005-08-21 18:43:52 118784]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windr00.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windt44.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winlr32.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsy61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\eMule\\emule.exe"=
"C:\\WINDOWS\\$NtUninstallKB828741$\\IEXPLORE.EXE"=
"D:\\Stè Dj\\eMule\\emule.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgcc.exe"=
"D:\\Stè Dj\\LimeWire\\LimeWire.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 d364bus;d364bus;C:\WINDOWS\system32\DRIVERS\d364bus.sys [2004-08-22 17:31]
R0 d364prt;d364prt;C:\WINDOWS\system32\Drivers\d364prt.sys [2004-08-22 17:31]
R1 GhPciScan;GhostPciScanner;C:\Programmi\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 15:11]
S0 Windr00;Windr00;C:\WINDOWS\system32\Drivers\Windr00.sys []
S0 Windt44;Windt44;C:\WINDOWS\system32\Drivers\Windt44.sys []
S0 Winlr32;Winlr32;C:\WINDOWS\system32\Drivers\Winlr32.sys []
S0 Winsy61;Winsy61;C:\WINDOWS\system32\Drivers\Winsy61.sys []
S2 DirectZidf;DirectX Service;c:\windows\system32\directx.exe []
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 10:05]
S3 ForteUSB;PERSTEL Chic USB Driver Service;C:\WINDOWS\system32\Drivers\ForteUSB.sys [2001-09-08 04:18]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 09:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f7fdb08-73e8-11db-aaa2-0020ed8f8e7c}]
\Shell\AutoRun\command - H:\load.exe /CDROM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d83dcc57-574f-11da-8ae9-00105ab45e7d}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d83dcc59-574f-11da-8ae9-00105ab45e7d}]
\Shell\AutoRun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d83dcc5a-574f-11da-8ae9-00105ab45e7d}]
\Shell\AutoRun\command - K:\autorun.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
2008-07-27 C:\WINDOWS\Tasks\OGADaily.job - C:\WINDOWS\system32\OGAVerify.exe [2008-04-23 17:17]
2008-07-27 C:\WINDOWS\Tasks\OGALogon.job - C:\WINDOWS\system32\OGAVerify.exe [2008-04-23 17:17]
2008-07-27 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Programmi\Symantec\LiveUpdate\NDETECT.EXE [2005-03-16 12:48]
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-MSMSGS - C:\Programmi\Messenger\msmsgs.exe
HKCU-Run-Shim Team - C:\DOCUME~1\Daniele\DATIAP~1\ITCHPI~1\save link clock.exe
HKLM-Run-InCD - C:\Programmi\Ahead\InCD\InCD.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 20:30:25
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus Photo R200 Series (Copia 1) = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P40 "EPSON Stylus Photo R200 Series (Copia 1)" /M "Stylus Photo R200" /EF "HKCU"????????a?w????????????????p????????????????????b?w????p???????? ??8???????????h??w????p???????z??wp??????????????|???????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-07-27 20:31:41
ComboFix-quarantined-files.txt 2008-07-27 18:31:18

Pre-Run: 9,874,034,688 byte disponibili
Post-Run: 11,687,075,840 byte disponibili

153 --- E O F --- 2008-07-13 17:09:41

Logfile of HijackThis v1.99.1
Scan saved at 20.33.57, on 27/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

edit by bdoriano: log eliminato perché incompleto. I logs vanno caricati su FreeFileHosting o WikiSend come indicato qui.

Daniele52 · Mortale devoto Registrato: 27/07/08 17:49 Messaggi: 10

e grazie bdoriano!!!

bdoriano

Prego, ma non abbiamo ancora finito. Razz

Dovresti postare i logs (anche quello di MBAM) su FreeFileHosting o WikiSend come indicato qui.
Diventa più semplice salvarli e analizzarli. Wink

Ricordati di scaricare la versione aggiornata di Hijackthis e salvalo in una sua cartella non temporanea e non sul desktop. Old

Dopo, fai questa scansione con SystemScan, carica il log su WikiSend e posta il Forum Link che ti viene assegnato.

PS: a una prima occhiata, la situazione dovrebbe essere leggermente migliorata. Think

Daniele52 · Mortale devoto Registrato: 27/07/08 17:49 Messaggi: 10

Ti ho postato il forum link di FreeFileHosting!! xò n mi parte il download x effettuare la scansione con SystemScan... mi dice ke o il browser o qualke firewall bloccano il download!!!

mbam-log-7-27-2008 (19-57-40)_1217241720587.txt

bdoriano

Prova uno dei seguenti links:
sys13200.zip
sys13200.zip

Daniele52 · Mortale devoto Registrato: 27/07/08 17:49 Messaggi: 10

Ecco il forum link di WikiSend... Fammi sapere bdoriano!!!

report.txt

bdoriano

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca Ok
Inserisci queste righe nel riquadro bianco:

Daniele52 · Mortale devoto Registrato: 27/07/08 17:49 Messaggi: 10

kaspersky
kaspersky.txt

hijackthis avenger:
hijackthis.log

bdoriano

Ciao Daniele52, Ciao

per cortesia, posta anche il file c:\avenger.txt.

Dopo, avvia AVENGER
Clicca Ok
Inserisci queste righe nel riquadro bianco:

Daniele52 · Mortale devoto Registrato: 27/07/08 17:49 Messaggi: 10

c:\avenger.txt :

cavenger.txt

avenger.txt :

avenger.txt

hijackthis log :

hijackthis.log

Un grande bdoriano...... comincio a volerti bene!!

bdoriano

Vedo che la voce di hijackthis è rimasta. Think

esegui hijackthis
clicca su do a system scan only
metti il segno di spunta a questa voce:

Daniele52 · Mortale devoto Registrato: 27/07/08 17:49 Messaggi: 10

n va via la citazione....

hijackthis.log

bdoriano

Ok, non farti problema. Procedi con il resto. Smile

Daniele52 · Mortale devoto Registrato: 27/07/08 17:49 Messaggi: 10

fatto tutto!!! finito???

bdoriano

Direi di si.
Riscontri altri problemi? Think

Daniele52 · Mortale devoto Registrato: 27/07/08 17:49 Messaggi: 10

no al momento funzia tutto alla perfezione... Laughing