| Precedente :: Successivo |
| Autore |
Messaggio |
sar
Mortale devoto
Registrato: 07/11/09 16:32
Messaggi: 9
|
 Inviato: 07 Nov 2009 17:04 Oggetto: avast e ie non funzionano più...colpa di un virus? |
 |
|
<ciao, da qualche giorno ho problemi con IE8, si apre la pagina ma rimane bianca e non si muove più, il pc è rallentatissimo, e avast non si aggiorna più nemmeno manualmente. Ho provato mozilla e con lui, anche se il pc è sempre rallentato si può navigare. ho fatto una scansione con avast ma arriva solo fino al 75% , ho scaricato malwarebytes ma non mi permette di aggiornarlo, ho comunque fatto la scansione, ha trovato vari virus ma quando ho provato a eliminarli il programma si è bloccato.
vi allego il risultato di hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 16.00.17, on 07/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\MSSQL7\binn\sqlservr.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\OGAEXEC.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\OGAExec.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\Apoint\Apoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\FixCamera.exe
C:\Programmi\Dell\Media Experience\DMXLauncher.exe
C:\Programmi\Dell Photo AIO Printer 924\dlccmon.exe
C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\Logitech\Profiler\lwemon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dwwin.exe
C:\hijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=it&l=it&s=gen
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmi\myBabylon_English\tbmyB1.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmi\myBabylon_English\tbmyB1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmi\myBabylon_English\tbmyB1.dll
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmi\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Programmi\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Programmi\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\marco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: wkcalrem.LNK = C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {4819DFDF-ABC4-488C-A323-919848C51175} (Rinera Streaming Control) - http://portal3.rinera.com/download/RineraProxy-1.4.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: IntelWireless - C:\Programmi\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c98b84b6e531ac) (gupdate1c98b84b6e531ac) - Unknown owner - C:\Programmi\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmi\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe |
|
| Top |
|
 |
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 07 Nov 2009 17:46 Oggetto: |
|
|
Ciao sar, 
Stai utilizzando una vecchia versione di Hijackthis. Scarica la versione aggiornata e salvala in una sua cartella non temporanea e non sul desktop.
Procedi con queste operazioni preliminari:
- Pulisci i files temporanei con CCleaner
- Segui le istruzioni di questo messaggio per rimuovere gli ADS con HiJackThis.
- Segui le istruzioni di questo topic per usare MBAM.
- scarica e installa la versione Free di SuperAntispyware:
la configuri come da immagini:
esegui una scansione completa del sistema
- Fai questa scansione con combofix.
- Fai questa scansione con SystemScan.
- Riferisci nella tua in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
- Carica il log di MBAM su WikiSend e posta il Forum Link che ti viene assegnato.
- Carica il log di SuperAntiSpyware su WikiSend e posta il Forum Link che ti viene assegnato.
- Carica il log di Combofix su WikiSend e posta il Forum Link che ti viene assegnato.
- Carica il log di SystemScan su WikiSend e posta il Forum Link che ti viene assegnato.
Per tutto il tempo che dedicheremo al controllo e alla pulizia del tuo pc, non installare software nuovi, onde evitare di rendere inefficaci i vari passaggi. |
|
| Top |
|
|
sar
Mortale devoto
Registrato: 07/11/09 16:32
Messaggi: 9
|
| Inviato: 07 Nov 2009 18:25 Oggetto: |
|
|
x bdoriano,
ho usato ccleenar tutto ok
ho rimosso gli ads ...credo
ho fatto una scansione con malwarebjtes, ho trovato 9 virus ma quando ho provato a metterli in quarantena il programmino si è bloccato, tra l'altro non mi ha permesso di aggiornarlo.
superantispywar l'ho scaricato ma non mi permette di aprirlo.
Sono un po...disperato.
adesso provo a riavviare il pc e rifaccio tutto. |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 08 Nov 2009 19:48 Oggetto: |
|
|
| Se trovi un punto che ti blocca, passa direttamente al punto successivo. |
|
| Top |
|
|
sar
Mortale devoto
Registrato: 07/11/09 16:32
Messaggi: 9
|
| Inviato: 09 Nov 2009 12:17 Oggetto: |
|
|
x bdoriano,
ho usato ccleenar tutto ok
ho rimosso gli ads
ho fatto una scansione con malwarebjtes, ho trovato 9 virus ma quando ho provato a metterli in quarantena il programmino si è bloccato, tra l'altro non mi ha permesso di aggiornarlo.
superantispywar l'ho scaricato ma non mi permette di aprirlo.
Quando vado ad aprire systemscan viene bloccato da avast perchè trova il virus "win32:Trojan-gen'!. Se disattivo avast riesco ad aprire super.... arrivo solo al primo passaggio dove devo cliccare su proceed e subito dopo si blocca e non si muove più.
qui trovi il log di combofix log combofix.txt ....spero di aver fatto la procedura esatta.
Ciao e grazie in anticipo |
|
| Top |
|
|
sar
Mortale devoto
Registrato: 07/11/09 16:32
Messaggi: 9
|
| Inviato: 09 Nov 2009 13:02 Oggetto: |
|
|
Credo di non aver capito come allegare il log di combofix quindi l'ho copiato qui sotto
ComboFix 09-11-06.03 - marco 09/11/2009 10.01.02.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.298 [GMT 1:00]
Eseguito da: c:\documents and settings\marco\Desktop\Combo.ex.exe
AV: avast! antivirus 4.8.1356 [VPS 091106-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Files Creati Da 2009-10-09 al 2009-11-09 )))))))))))))))))))))))))))))))))))
.
2009-11-09 08:48 . 2009-11-09 08:48 -------- d-----w- c:\documents and settings\marco\Dati applicazioni\SUPERAntiSpyware.com
2009-11-07 15:52 . 2009-11-09 08:09 -------- d-----w- C:\hijackthis 2
2009-11-07 14:40 . 2009-11-07 14:40 -------- d-----w- c:\documents and settings\marco\Dati applicazioni\Malwarebytes
2009-11-07 14:40 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-07 14:40 . 2009-11-07 14:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-11-07 14:40 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-07 14:40 . 2009-11-07 14:40 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-11-07 14:26 . 2009-11-07 14:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-11-07 14:25 . 2009-11-09 08:50 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-11-07 13:58 . 2009-11-07 14:05 -------- dc-h--w- c:\windows\ie8
2009-11-06 09:03 . 2009-11-06 09:03 -------- d-----w- c:\documents and settings\luca\Impostazioni locali\Dati applicazioni\myBabylon_English
2009-11-06 09:03 . 2009-11-06 09:03 -------- d-----w- c:\documents and settings\luca\Impostazioni locali\Dati applicazioni\Conduit
2009-11-05 17:19 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-05 17:19 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-05 17:19 . 2009-09-15 11:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-05 17:19 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-05 17:19 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-05 17:19 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-05 17:19 . 2009-09-15 11:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-05 17:19 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-05 17:18 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-05 11:35 . 2009-11-05 11:35 -------- d-----w- c:\documents and settings\HelpAssistant.MARCO2\WINDOWS
2009-11-05 11:35 . 2009-11-05 11:35 -------- d-----w- c:\documents and settings\HelpAssistant.MARCO2\UserData
2009-11-05 11:35 . 2009-11-05 11:35 -------- d-----w- c:\documents and settings\HelpAssistant.MARCO2\Tracing
2009-11-05 11:35 . 2009-11-05 11:35 -------- d-----w- c:\documents and settings\HelpAssistant.MARCO2\RadiumMp3Codec
2009-11-05 11:09 . 2009-11-05 11:29 -------- d--h--w- c:\documents and settings\HelpAssistant.MARCO2\Impostazioni locali
2009-11-05 11:09 . 2004-09-09 08:43 -------- d--h--w- c:\documents and settings\HelpAssistant.MARCO2\Risorse di stampa
2009-11-05 11:09 . 2004-09-09 08:43 -------- d--h--w- c:\documents and settings\HelpAssistant.MARCO2\Modelli
2009-11-05 11:09 . 2004-09-09 08:43 -------- d-----r- c:\documents and settings\HelpAssistant.MARCO2\Menu Avvio
2009-11-05 11:09 . 2009-11-09 07:39 -------- d-----w- c:\documents and settings\HelpAssistant.MARCO2
2009-11-05 10:57 . 2009-11-05 10:57 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-05 09:42 . 2009-11-05 10:50 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
2009-11-05 09:42 . 2009-11-05 09:42 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2009-11-05 09:42 . 2009-11-05 10:50 -------- d-----w- c:\documents and settings\HelpAssistant\RadiumMp3Codec
2009-11-05 09:36 . 2009-11-05 09:36 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache
2009-10-30 11:09 . 2008-08-22 13:43 105216 ----a-w- c:\windows\system32\drivers\zgwhsmdm.sys
2009-10-30 11:09 . 2008-08-22 13:44 105216 ----a-w- c:\windows\system32\drivers\zgwhsnmea.sys
2009-10-30 11:09 . 2009-10-30 11:09 -------- d-----w- c:\programmi\PC Suite MD-301
2009-10-30 11:04 . 2008-08-22 13:43 105216 ----a-w- c:\windows\system32\drivers\zgwhsdiag.sys
2009-10-16 15:28 . 2009-10-16 15:28 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-16 15:27 . 2009-10-16 15:27 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-09 08:48 . 2007-07-16 12:35 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-11-08 14:42 . 2008-05-07 09:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-11-05 11:07 . 2006-01-23 18:17 -------- d-----w- c:\programmi\Dl_cats
2009-11-02 17:46 . 2008-02-21 09:36 -------- d-----w- c:\programmi\File comuni\Teleca Shared
2009-11-02 17:20 . 2004-09-09 08:37 85070 ----a-w- c:\windows\system32\perfc010.dat
2009-11-02 17:20 . 2004-09-09 08:37 490898 ----a-w- c:\windows\system32\perfh010.dat
2009-10-30 11:09 . 2006-01-16 22:58 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-23 15:59 . 2009-09-10 12:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-09-30 14:18 . 2007-02-26 08:15 -------- d-----w- c:\programmi\Windows Defender
2009-09-15 10:43 . 2009-09-15 10:37 -------- d-----w- c:\programmi\Docfa305
2009-09-11 14:17 . 2004-09-09 08:37 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 13:27 . 2009-09-09 12:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Dell
2009-09-10 13:21 . 2006-01-23 11:46 54176 -c--a-w- c:\documents and settings\marco\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-09-10 13:17 . 2008-05-27 14:45 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-09-10 12:44 . 2006-01-16 23:03 -------- d-----w- c:\programmi\Microsoft Works
2009-09-10 12:44 . 2009-09-10 12:44 -------- d-----w- c:\programmi\Microsoft.NET
2009-09-04 21:03 . 2004-09-09 08:37 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:56 . 2004-09-09 08:37 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-09-09 08:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 15:04 . 2009-08-14 15:04 239088 -c--a-w- c:\documents and settings\marco\Dati applicazioni\Mozilla\plugins\npgoogletalk.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\programmi\myBabylon_English\tbmyB1.dll" [2009-07-27 2215960]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2009-07-27 19:32 2215960 ----a-w- c:\programmi\myBabylon_English\tbmyB1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\programmi\myBabylon_English\tbmyB1.dll" [2009-07-27 2215960]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\programmi\myBabylon_English\tbmyB1.dll" [2009-07-27 2215960]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-07 68856]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"Start WingMan Profiler"="c:\programmi\Logitech\Profiler\lwemon.exe" [2004-04-23 77824]
"Google Update"="c:\documents and settings\marco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-05-07 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-10 270336]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"IntelWireless"="c:\programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Apoint"="c:\programmi\Apoint\Apoint.exe" [2004-09-13 155648]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2006-06-07 282624]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-10 20480]
"DMXLauncher"="c:\programmi\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dlccmon.exe"="c:\programmi\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\programmi\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
c:\documents and settings\marco\Menu Avvio\Programmi\Esecuzione automatica\
wkcalrem.LNK - c:\programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe [2005-1-28 24651]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 ----a-w- c:\programmi\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dlcccoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlccPSWX.EXE"=
"c:\\VTrader\\vttrade.exe"=
"c:\\VTrader\\Vttools.exe"=
"c:\\VTrader\\vt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\StreamerOne\\streamerone.exe"=
"c:\\Programmi\\Internet Explorer\\iexplore.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\marco\\Impostazioni locali\\Dati applicazioni\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\marco\\Impostazioni locali\\Dati applicazioni\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:*:Disabled:TCP Port 5000
"5001:TCP"= 5001:TCP:*:Disabled:TCP Port 5001
"5002:TCP"= 5002:TCP:*:Disabled:TCP Port 5002
"5003:TCP"= 5003:TCP:*:Disabled:TCP Port 5003
"5004:TCP"= 5004:TCP:*:Disabled:TCP Port 5004
"5005:TCP"= 5005:TCP:*:Disabled:TCP Port 5005
"5006:TCP"= 5006:TCP:*:Disabled:TCP Port 5006
"5007:TCP"= 5007:TCP:*:Disabled:TCP Port 5007
"5008:TCP"= 5008:TCP:*:Disabled:TCP Port 5008
"5009:TCP"= 5009:TCP:*:Disabled:TCP Port 5009
"5010:TCP"= 5010:TCP:*:Disabled:TCP Port 5010
"5011:TCP"= 5011:TCP:*:Disabled:TCP Port 5011
"5012:TCP"= 5012:TCP:*:Disabled:TCP Port 5012
"5013:TCP"= 5013:TCP:*:Disabled:TCP Port 5013
"5014:TCP"= 5014:TCP:*:Disabled:TCP Port 5014
"5015:TCP"= 5015:TCP:*:Disabled:TCP Port 5015
"5016:TCP"= 5016:TCP:*:Disabled:TCP Port 5016
"5017:TCP"= 5017:TCP:*:Disabled:TCP Port 5017
"5018:TCP"= 5018:TCP:*:Disabled:TCP Port 5018
"5019:TCP"= 5019:TCP:*:Disabled:TCP Port 5019
"5020:TCP"= 5020:TCP:*:Disabled:TCP Port 5020
"7039:TCP"= 7039:TCP:emule
"7049:UDP"= 7049:UDP:emule
"4661:TCP"= 4661:TCP:*:Disabled:emule
"3389:TCP"= 3389:TCP:Remote Desktop
R0 IABFilt;Iomega Snapshot Volume Filter;c:\windows\system32\drivers\IABFilt.sys [03/11/2006 14.38.59 25344]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [05/11/2009 18.19.41 114768]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 21.24.52 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/11/2009 18.19.41 20560]
S1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [12/10/2009 21.24.54 9968]
S2 gupdate1c98b84b6e531ac;Google Update Service (gupdate1c98b84b6e531ac);c:\programmi\Google\Update\GoogleUpdate.exe [10/02/2009 14.37.23 133104]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [15/04/2008 13.58.50 8192]
S3 SMA_USBBus;SMA USB Serial Converter;c:\windows\system32\drivers\FTD2XX.sys [21/01/2009 10.04.53 29292]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [30/10/2009 12.04.18 105216]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [30/10/2009 12.09.55 105216]
S3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\drivers\zgwhsnmea.sys [30/10/2009 12.09.54 105216]
--- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - MBAMSwissArmy
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contenuto della cartella 'Scheduled Tasks'
2009-11-09 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-05 08:18]
2009-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-10 13:37]
2009-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-10 13:37]
2009-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2631782256-389326454-269548942-1005Core.job
- c:\documents and settings\marco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-06-05 12:19]
2009-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2631782256-389326454-269548942-1005UA.job
- c:\documents and settings\marco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-06-05 12:19]
2009-11-09 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=it&l=it&s=gen
uInternet Settings,ProxyOverride = 127.0.0.1
mSearchAssistant =
IE: Aggiungi a PDF esistente - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti destinazione link in Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {4819DFDF-ABC4-488C-A323-919848C51175} - hxxp://portal3.rinera.com/download/RineraProxy-1.4.cab
FF - ProfilePath - c:\documents and settings\marco\Dati applicazioni\Mozilla\Firefox\Profiles\zb4eoswd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - plugin: c:\documents and settings\marco\Dati applicazioni\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\marco\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
SafeBoot-AVG Anti-Spyware Driver
MSConfigStartUp-CTFMON - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-09 10:10
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8608BB00]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8608bb00
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> 0x860c8200
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0950E4C1
malicious code @ sector 0x0950E4C4 !
PE file found in sector at 0x0950E4DA !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-2631782256-389326454-269548942-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2631782256-389326454-269548942-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-2631782256-389326454-269548942-1005)
@Allowed: (Read) (S-1-5-21-2631782256-389326454-269548942-1005)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(1032)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\programmi\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'explorer.exe'(4528)
c:\windows\system32\WININET.dll
c:\programmi\Logitech\Profiler\LWEHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-11-09 10.15.24
ComboFix-quarantined-files.txt 2009-11-09 09:15
Pre-Run: 21.112.127.488 byte disponibili
Post-Run: 22.468.059.136 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 126CFE4265BA3ECE63D0E1A6F510DFE1 |
|
| Top |
|
|
sar
Mortale devoto
Registrato: 07/11/09 16:32
Messaggi: 9
|
| Inviato: 09 Nov 2009 13:50 Oggetto: |
|
|
Copio anche il log di mbam
Malwarebytes' Anti-Malware 1.41
Versione del database: 2775
Windows 5.1.2600 Service Pack 3
09/11/2009 9.35.09
mbam-log-2009-11-09 (09-35-02).txt
Tipo di scansione: Scansione rapida
Elementi scansionati: 133339
Tempo trascorso: 7 minute(s), 29 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 4
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 3
File infetti: 2
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} (Adware.180Solutions) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{db893839-10f0-4af9-92fa-b23528f530af} (Trojan.Dialer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5792aa9-d373-4039-8670-2cdab6a71f15} (Trojan.Swizzor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Agent) -> No action taken.
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
C:\Programmi\Advantage (Adware.Advantage) -> No action taken.
C:\Programmi\BitDownload (Trojan.Swizzor) -> No action taken.
C:\Programmi\BitDownload\ZM (Trojan.Swizzor) -> No action taken.
File infetti:
C:\Programmi\BitDownload\BitDownload.TRC (Trojan.Swizzor) -> No action taken.
C:\WINDOWS\system32\secpol.exe (Trojan.Agent) -> No action taken. |
|
| Top |
|
|
R16
Dio maturo
Registrato: 07/03/08 22:58
Messaggi: 10129
|
| Inviato: 09 Nov 2009 22:47 Oggetto: |
|
|
Ciao.
Elimina quello che ha trovato Malwarebytes.
Poi esegui queste indicazioni:
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema.
http://forum.zeusnews.com/viewtopic.php?t=22084
Scarica MBR:EXE direttamente nella Directory C:\ (è di fondamentale importanza che venga scaricato dove si trova il Sistema Operativo,nel tuo caso in C: )
link
Riavvia il Pc in modalità provvisoria.
Da Start - Esegui - digita C:\mbr.exe -f e clicca su OK (fai un copia-incolla, in quanto c'è uno "spazio" da rispettare)
Posta il log, che troverai, dove hai scaricato il Tooll, e cioè in C:
Poi:
Segui le istruzioni di questo topic per usare Systemscan:
http://forum.zeusnews.com/viewtopic.php?p=210548#210548
Carica i log su WikiSend (o FreeFileHosting) e posta il Forum Link che ti viene assegnato.
link |
|
| Top |
|
|
sar
Mortale devoto
Registrato: 07/11/09 16:32
Messaggi: 9
|
| Inviato: 10 Nov 2009 12:52 Oggetto: |
|
|
Ciao r1,
ho fatto la scansione con Malwarebytes, ha trovato 5 virus ma quando provo ad eliminarli Malwarebytes si blocca e non si muove più impedendo l'eliminazione dei virus, non mi permette nemmeno di salvare il log.
Adesso provo i passaggi successivi che mi hai indicato.
A presto |
|
| Top |
|
|
sar
Mortale devoto
Registrato: 07/11/09 16:32
Messaggi: 9
|
| Inviato: 10 Nov 2009 13:04 Oggetto: |
|
|
Ecco il log di mbr.
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x0950E4C1
malicious code @ sector 0x0950E4C4 !
PE file found in sector at 0x0950E4DA ! |
|
| Top |
|
|
sar
Mortale devoto
Registrato: 07/11/09 16:32
Messaggi: 9
|
| Inviato: 10 Nov 2009 18:35 Oggetto: |
|
|
Dunque, ricapitoliamo un po di cose,
in modalità provvisoria sono riuscito a cancellare qualche virus con malwarebytes
sempre in modalità provvisoria ho eseguito mbr (per il log vedi post precedente)
in fine ho fatto un scansione con systemscan , ho caricato il log report (2).txt qui.
Spero di aver fatto tutto giusto. A presto. |
|
| Top |
|
|
sar
Mortale devoto
Registrato: 07/11/09 16:32
Messaggi: 9
|
| Inviato: 12 Nov 2009 16:15 Oggetto: |
|
|
| Nessuno che mi possa aiutare? |
|
| Top |
|
|
R16
Dio maturo
Registrato: 07/03/08 22:58
Messaggi: 10129
|
| Inviato: 12 Nov 2009 16:31 Oggetto: |
 |
|
Scusa, ma proprio ti avevo perso. 
Non è andata bene l'eliminazione del rootkit dell'MBR.
Riprova così:
Elimina il tooll che ti ho fatto scaricare (MBR.exe) compreso il suo log.
Riavvia il pc.
Scarica MBR:EXE direttamente nella Directory C:\ (Devi scaricarlo obligatoriamente in C: )
link
Clicca Start
Clicca Esegui...
Digita: cmd
si apre la finestra DOS, digita: CD \
premi invio
digita: mbr -f (fai il Copia-Incolla)
premi invio
Poi digita: exit
premi invio
Riavvia il pc
Posta qui il contenuto del log C:\mbr.log |
|
| Top |
|
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
