Olimpo Informatico

ste077 · Mortale adepto Registrato: 15/11/08 02:15 Messaggi: 33

Hola!

ieri sera antimalware doctore si e' installato nel mio laptop...
ogni volta che mi connetto ad internet avira blocca tra 7 e 15 file, riconoscendoli come virus e il computer mi rallenta moltissimo...

sto facendo una scansione con malwarebytes... la allego appena terminata...

c'e' altro che posso fare?

ste077 · Mortale adepto Registrato: 15/11/08 02:15 Messaggi: 33

questo e' il log del malawarebytes...prima della rimozione:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4070

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/7/2010 2:56:07 PM
mbam-log-2010-05-07 (14-56-07).txt

Scan type: Full scan (C:\|)
Objects scanned: 247682
Time elapsed: 1 hour(s), 35 minute(s), 42 second(s)

Memory Processes Infected: 7
Memory Modules Infected: 1
Registry Keys Infected: 22
Registry Values Infected: 8
Registry Data Items Infected: 0
Folders Infected: 10
Files Infected: 70

Memory Processes Infected:
C:\Documents and Settings\Administrator\Local Settings\Temp\Cpd.exe (Trojan.Fraudpack) -> No action taken.
C:\WINDOWS\cidrive32.exe (Trojan.Dropper) -> No action taken.
C:\WINDOWS\Chahia.exe (Trojan.Fraudpack) -> No action taken.
C:\WINDOWS\system32\regedit.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\715.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\awkvrft.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\425.exe (Trojan.Dropper) -> No action taken.

Memory Modules Infected:
c:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0ab7732c-e767-9936-a0bf-caace117b7f5} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ab7732c-e767-9936-a0bf-caace117b7f5} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ab7732c-e767-9936-a0bf-caace117b7f5} (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ab7732c-e767-9936-a0bf-caace117b7f5} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> No action taken.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ezLife (Adware.EzLife) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ezLife (Adware.EzLife) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Ads-Solutions (Adware.SmartAds) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CLASSES_ROOT\adhlpr.adhlpr (Adware.Adrotator) -> No action taken.
HKEY_CLASSES_ROOT\adhlpr.adhlpr.1.0 (Adware.Adrotator) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{391bab23-d355-4441-8701-082986db123a} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{391bab23-d355-4441-8701-082986db123a} (Trojan.BHO) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.Fraudpack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft driver setup (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft driver setup (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-12sf-n85p (Worm.Autorun.B) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dhrhyuuktvfrwgz (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ezlife (Adware.EZlife) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> No action taken.
C:\Program Files\Smart-Ads-Solutions (Adware.SmartAds) -> No action taken.
C:\Program Files\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> No action taken.
C:\Program Files\Smart-Ads-Solutions\SmartAds\1.5.5.0 (Adware.SmartAds) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\Smart-Ads-Solutions (Adware.SmartAds) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> No action taken.
C:\Program Files\ezLife (Adware.EzLife) -> No action taken.
C:\Program Files\ezLife\ezLife (Adware.EzLife) -> No action taken.
C:\Program Files\ezLife\ezLife\1.5.5.0 (Adware.EzLife) -> No action taken.
C:\cleansweep.exe (Trojan.Agent) -> No action taken.

Files Infected:
C:\Documents and Settings\Administrator\Local Settings\Temp\Cpd.exe (Trojan.Fraudpack) -> No action taken.
C:\WINDOWS\cidrive32.exe (Trojan.Dropper) -> No action taken.
C:\WINDOWS\Chahia.exe (Trojan.Fraudpack) -> No action taken.
C:\WINDOWS\system32\regedit.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\715.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\awkvrft.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\425.exe (Trojan.Dropper) -> No action taken.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Worm.Autorun.B) -> No action taken.
C:\WINDOWS\system32\gjladmlgxjviw.dll (Adware.BHO) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\AA5D5341BA61284A13CDA66C5546AC13\hookdll.dll (Rogue.AntimalwareDoctor) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\CLAVE\Instalar.exe (EmailWorm.VB) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\082.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\129.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\265.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\294.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\mcillbuu.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\imiyus.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\727.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\87d08acc.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\951.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cpb.exe (Trojan.Fraudpack) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cpc.exe (Trojan.Fraudpack) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\nrktcvy.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\327.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\337.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\406.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\596.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\649.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\664.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6059L8O7\pr3xy[2].data (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6059L8O7\loaderadv600[1].exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6059L8O7\loaderadv600[2].exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6059L8O7\msall[1].data (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6059L8O7\fjnvpk[1].htm (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6059L8O7\fwevpovto[1].htm (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6059L8O7\fwevpovto[2].htm (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6059L8O7\imwaic[1].htm (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6059L8O7\hypwhc[1].htm (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6059L8O7\hypwhc[2].htm (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\B1OD7O7Z\loaderadv600[1].exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\B1OD7O7Z\loaderadv600[2].exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\B1OD7O7Z\imwaic[1].htm (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\B1OD7O7Z\fjnvpk[1].htm (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\B1OD7O7Z\msall[1].data (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLPI0059\hypwhc[1].htm (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\P7PXTBOK\imwaic[1].htm (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SWUYUF17\rvqxfn[1].htm (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SWUYUF17\rvqxfn[2].htm (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SWUYUF17\rvqxfn[3].htm (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SWUYUF17\msall[1].data (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SWUYUF17\imwaic[1].htm (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SWUYUF17\imwaic[2].htm (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\VVQU2BOW\hypwhc[1].htm (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\VVQU2BOW\hypwhc[3].htm (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\VVQU2BOW\msall[1].data (Trojan.Dropper) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ckvo1.dll.vir (Spyware.OnlineGames) -> No action taken.
C:\RECYCLER\S-1-5-21-1084797807-7694297175-475514118-5746\mgrls32.exe (Worm.Autorun.B) -> No action taken.
C:\System Volume Information\_restore{1D6DF797-DFD2-4905-8188-8EDF65EBEF39}\RP267\A0068977.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ckvo0.VIR000 (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\drivers\750.exe (Trojan.Dropper) -> No action taken.
C:\WINDOWS\system32\drivers\906.exe (Trojan.Dropper) -> No action taken.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> No action taken.
C:\Program Files\Smart-Ads-Solutions\SmartAds\1.5.5.0\uninstall.exe (Adware.SmartAds) -> No action taken.
C:\Program Files\ezLife\ezLife\1.5.5.0\uninstall.exe (Adware.EzLife) -> No action taken.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> No action taken.
C:\cleansweep.exe\cleansweep.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\fzawlcqe.dll (Trojan.BHO) -> No action taken.

ste077 · Mortale adepto Registrato: 15/11/08 02:15 Messaggi: 33

ho lanciato il CCleaner pero si blocca nella sezione Temporary Internet file....quando mi compare la finestra di avira che blocca un virus chiamato
TR/Crypt.CFI.Gen (troyan)
se clicco elimina il file(su avira) mi parte il malware doctor...

che posso fare...aiutatemi per favore...hoo grande bisogno del pc in questi giorni
grazie

R16 · Dio maturo Registrato: 07/03/08 22:58 Messaggi: 10129

Ciao:
1)Scarica ed avvia rkill.com per terminare i processi in esecuzione del malware
link

2)Senza riavviare il pc, fai una scansione completa con Malwarebytes.
Se ti chiederà di riavviare il pc, per eliminare i file infetti, acconsenti.

3)Segui le istruzioni di questo topic per usare Combofix:
http://forum.zeusnews.com/viewtopic.php?t=45224
Leggi bene la guida.
Specialmente quando consiglia di rinominare Combofix, con un nome di fantasia.

Esegui le indicazioni, cronologicamente.(comincia dal punto 1 al punto 3 )

Carica i log di, MBAM, Combofix, su WikiSend (o FreeFileHosting) e posta il Forum Link che ti viene assegnato.
link

ste077 · Mortale adepto Registrato: 15/11/08 02:15 Messaggi: 33

ok,
rieseguo le istruzioni nell'ordine che mi hai indicato,
pero ti mando adesso i log che avevo gia' effettuato...

1) ho eseguito malawarebytes..in modalita' normale e mi ha dato il seguente log:
http://wikisend.com/download/508078/mbam-log-2010-05-07 (14-56-07).txt

2) in modalida safe, ho eseguito mbr (C:\mbr.exe -f),
quindi sempre in modalita' safe ho eseguito combofix, che mi ha eseguito il reboot automaticamente e mi ha fornito il seguente log:
http://wikisend.com/download/754862/logcombofix.txt

il problema sembra risolto...pero rieseguo le tue istruzioni ..a presto

ste077 · Mortale adepto Registrato: 15/11/08 02:15 Messaggi: 33

ho seguito le istruzioni alla lettera,

qui riporto il log di MBAM
mbam-log-2010-05-07 (18-17-58).txt

qui il log di combofix
log.txt

R16 · Dio maturo Registrato: 07/03/08 22:58 Messaggi: 10129

Disattiva il ripristino configurazione di sistema
http://forum.zeusnews.com/viewtopic.php?t=22084

Segui le istruzioni di questo topic per rimuovere combofix, e gli altri eventuali tooll installati:
http://forum.zeusnews.com/viewtopic.php?t=47670

Segui questo percorso, ed elimina il file in rosso:
c:\windows\system32\qfoeqnnaig.exe
Se non usi la Toolbar Ask.com eliminala.

Poi segui queste indicazioni:
Pulisci i files temporanei con CCleaner
http://forum.zeusnews.com/viewtopic.php?p=282670#282670

Segui questo percorso e svuota la cartella Prefetch : (non eliminare la cartella)
C:\Windows\Prefetch

Segui le istruzioni di questo topic per eliminare gli ADS:
http://forum.zeusnews.com/viewtopic.php?t=45223

Fai una deframmentazione del HD.
Esegui anche uno Scandisk.

Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.

Se non riscontri problemi, abbiamo finito.

ste077 · Mortale adepto Registrato: 15/11/08 02:15 Messaggi: 33

ciao...
ho eseguito leistruzioni,

una volta eliminati gli ADS, ho eseguito uno scan con hijakings,
allego il log
hijackthis.log

puoi indicarmi un link con istruzioni per una frammentazione del HD?

1000 grazie...

R16 · Dio maturo Registrato: 07/03/08 22:58 Messaggi: 10129

Per la deframmentazione del HD:
Start / Programmi / Accessori / Utilità di sistema / Utilità di deframmentazione dischi.
Clicca su "Analizza".
La finestra che ti comparirà, ti dirà se l'HD, necessita di una deframmentazione.
Clicca "Deframmenta".

Possiamo levare alcuni programmi all'avvio di Windows, per snellirlo.
N.B:
Nessun programma verrà eliminato, continueranno a funzionare perfettamente lo stesso.

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su "fix checked":
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2120366
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

Per concludere, fai una pulizia con CCleaner.