[aiuto] Vari Virus (credo)

sergioz · July 22, 2008

ciao ragazzi spero possiate aiutarmi.

ieri ho preso dei virus aprendo dal web un clip con wmp,come un pirla...

ora i problemi che mi si presentano sono:

- non riesco ad accedere al taskmanager

- il pc va molto lento

- si apre un banner ogni tanto e avira mi trova sempre i medesimi virus che metto in quarantena ma riescono sempre

- super antispyware rileva le minaccie,le cancella ma poi si ripresentano

- la propietà del desktop è limititata nelle opzioni

ora come previsto ho fatto le dovute scansioni in modalità provvisoria con a-squared,panda rootkit,cccleaner,adsr,super antispyware...ma purtroppo ad ogni riavvio il problema si ripresenta.

ovviamente ho disabilitato il ripristino di sistema.

vi posto i screen cosi vedete bene:

banner piu scansione syperantispyware:

propietà desktop piu task manager bloccato:

hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.33.57, on 22/07/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Programmi\a-squared Free\a2service.exe

C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programmi\Bonjour\mDNSResponder.exe

C:\Programmi\CyberLink\Shared files\RichVideo.exe

C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\All Users\Dati applicazioni\jexalqdc\lqvyxule.exe

C:\Programmi\Analog Devices\Core\smax4pnp.exe

C:\Programmi\Analog Devices\SoundMAX\Smax4.exe

C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe

C:\Programmi\iTunes\iTunesHelper.exe

C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ebqdubot.exe

C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\Programmi\Stardock\ObjectDock\ObjectDock.exe

C:\Programmi\Opera\Opera.exe

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FILECO~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [srvsh] C:\WINDOWS\system32\ebqdubot.exe

O4 - HKLM\..\Policies\Explorer\Run: [ax6h5HOvxv] C:\Documents and Settings\All Users\Dati applicazioni\jexalqdc\lqvyxule.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Blaero Start Orb.lnk = ?

O4 - Startup: Stardock ObjectDock.lnk = C:\Programmi\Stardock\ObjectDock\ObjectDock.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D298EC61-A375-4910-A986-A9F903842DFB}: NameServer = 85.37.17.57 85.38.28.80

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: wincmd - {0F8E63EA-2CBD-D9F6-51F6-05E32152AF5A} - C:\Programmi\curznzb\wincmd.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Programmi\File comuni\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--

End of file - 9775 bytes

grazie a chiunque leggerà questo post e cercherà di aiutarmi

thesorrow83 · July 22, 2008

Da fixare:

C:\Documents and Settings\All Users\Dati applicazioni\jexalqdc\lqvyxule.exe

C:\WINDOWS\system32\ebqdubot.exe

O4 - HKCU\..\Run: [srvsh] C:\WINDOWS\system32\ebqdubot.exe

O4 - HKLM\..\Policies\Explorer\Run: [ax6h5HOvxv] C:\Documents and Settings\All Users\Dati applicazioni\jexalqdc\lqvyxule.exe

Poi scarica MalwareBytes, aggiornalo e fai una scansione completa. Riavvia il pc, abilità il ripristino configurazione di sistema e posta un nuovo log hijackthis.

sergioz · July 22, 2008

ok sto facendo scan completo da ormai 25 minuti (sto lavorando anche con premiere) e la cpu tra i due programmi sta lavorando un bel po

le voci da fixare che mi hai detto alla fine sono 2...?

le ho fixate,ora aspetto lo scan riavvio e riattivo il ripristino configurazione di sistema e poi ti posto il log.

questione di minuti

grazie mille

sergioz · July 22, 2008

task manager e propietà desktop ok

sembra essere tornato tutto a posto,qua i log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.22.22, on 22/07/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Programmi\a-squared Free\a2service.exe

C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programmi\Bonjour\mDNSResponder.exe

C:\Programmi\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Analog Devices\Core\smax4pnp.exe

C:\Programmi\Analog Devices\SoundMAX\Smax4.exe

C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe

C:\Programmi\iTunes\iTunesHelper.exe

C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\Programmi\Stardock\ObjectDock\ObjectDock.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FILECO~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Blaero Start Orb.lnk = ?

O4 - Startup: Stardock ObjectDock.lnk = C:\Programmi\Stardock\ObjectDock\ObjectDock.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: wincmd - {0F8E63EA-2CBD-D9F6-51F6-05E32152AF5A} - C:\Programmi\curznzb\wincmd.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Programmi\File comuni\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--

End of file - 9409 bytes

Malwarebytes' Anti-Malware 1.22
Versione del database: 979

Windows 5.1.2600 Service Pack 3

22.19.12 22/07/2008

mbam-log-7-22-2008 (22-19-12).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|)

Elementi scansionati: 174847

Tempo trascorso: 53 minute(s), 26 second(s)

Processi delle memoria infetti: 0

Moduli della memoria infetti: 0

Chiavi di registro infette: 19

Valori di registro infetti: 3

Elementi dato del registro infetti: 3

Cartelle infette: 12

File infetti: 74

Processi delle memoria infetti:

(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:

(Nessun elemento malevolo rilevato)

Chiavi di registro infette:

HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\rhccftj0e75v (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Valori di registro infetti:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Cartelle infette:

C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\sergio\Dati applicazioni\rhccftj0e75v (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\sergio\Dati applicazioni\rhccftj0e75v\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\sergio\Dati applicazioni\rhccftj0e75v\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\sergio\Dati applicazioni\rhccftj0e75v\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\sergio\Dati applicazioni\rhccftj0e75v\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\sergio\Dati applicazioni\rhccftj0e75v\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\sergio\Dati applicazioni\rhccftj0e75v\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\sergio\Dati applicazioni\rhccftj0e75v\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\sergio\Dati applicazioni\rhccftj0e75v\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\sergio\Dati applicazioni\rhccftj0e75v\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\sergio\Dati applicazioni\rhccftj0e75v\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

File infetti:

E:\System Volume Information\_restore{6F06312C-F225-42FC-83FC-26E2DAC84501}\RP61\A0048660.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{6F06312C-F225-42FC-83FC-26E2DAC84501}\RP61\A0048661.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\14869781.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\654281.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\1004078.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\1006796.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\1027250.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\1032843.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\1036281.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\1047656.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\104781.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\1057250.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\1068625.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\1069531.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\1080515.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\1083921.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\1095578.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\1098593.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\1104015.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\112500.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\1294343.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\1317125.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\1337625.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\1353093.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\1395281.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\14800890.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\675484.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\681625.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\685890.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\698031.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\705046.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\70609.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\724234.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\742625.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\78015.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\844015.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\857468.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\86156.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\875500.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\889593.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\904875.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\923234.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\932921.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\941062.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\951187.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\95312.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\957171.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\973375.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\976500.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\977640.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\988187.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\988218.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\14950515.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\15065171.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\15172203.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\15249125.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\15294281.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\1754406.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\1763968.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\1779296.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\21119046.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\337546.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\372390.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\386593.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\393843.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\444796.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\461093.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\472218.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\477390.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\637203.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\643031.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\blphc9ftj0e75v.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\sergio\Impostazioni locali\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\sergio\Impostazioni locali\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

sergioz · July 23, 2008

up up

chiedo conferma

$angelique!? · July 24, 2008

Ciao sergioz,

Con tutte le applicazioni chiuse

Avvia Hijack e clicca su "do a system scan only"

Metti la spunta a queste voci e clicca su "fix checked"

O21 - SSODL: wincmd - {0F8E63EA-2CBD-D9F6-51F6-05E32152AF5A} - C:\Programmi\curznzb\wincmd.dll

Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://subs.geekstogo.com/ComboFix.exe

Salvalo sul desktop.

(se il file salvato dal primo link non dovesse funzionare, scaricalo dal secondo link)

Disconnettiti da internet...

1. Doppio click su combofix.exe, comparirà la seguente videata:

http://img293.imageshack.us/img293/8500/combofix01fn6zj1.jpg

2. Digita 1, premi Invio e segui le indicazioni.

3. Al termine, verrà creato un file log chiamato C:\ComboFix.txt.

4. Posta il log creato

Nota: Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.

Nota: ComboFix non funziona in modalità provvisoria.

thesorrow83 · July 24, 2008

Direi che ti ha fatto una bella pulizia. Posso dirti che il tuo log ora sembra pulito fatta eccezione per una voce di cui non ho trovato però nessun riscontro:

O21 - SSODL: wincmd - {0F8E63EA-2CBD-D9F6-51F6-05E32152AF5A} - C:\Programmi\curznzb\wincmd.dll

Il wincmd.dll è un file che molto probabilmente non dovrebbe stare in quella cartella con quel nome strano, potrebbe essere una cartella che è stata creata dal trojan, però dovresti aspettare la conferma di altri utenti più esperti!

Duca Bianco · July 24, 2008

però dovresti aspettare la conferma di altri utenti più esperti!

Lo hanno già fatto %3b%29.gif

thesorrow83 · July 24, 2008

però dovresti aspettare la conferma di altri utenti più esperti!

Lo hanno già fatto

Scusa il post di Angelique non l'avevo proprio visto, sarà colpa della stanchezza!

$angelique!? · July 25, 2008

Scusa il post di Angelique non l'avevo proprio visto, sarà colpa della stanchezza!

Di nulla..figurati

sergioz · July 29, 2008

eccomi ragazzi.

scusate l'assenza ma ho avuto da fare,grazie per i consigli.

ecco i log dopo aver eseguito questi passaggi:

log hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.09.01, on 30/07/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programmi\Bonjour\mDNSResponder.exe

C:\Programmi\CyberLink\Shared files\RichVideo.exe

C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Analog Devices\Core\smax4pnp.exe

C:\Programmi\Analog Devices\SoundMAX\Smax4.exe

C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe

C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Programmi\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\Programmi\Stardock\ObjectDock\ObjectDock.exe

C:\Programmi\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FILECO~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Blaero Start Orb.lnk = ?

O4 - Startup: Stardock ObjectDock.lnk = C:\Programmi\Stardock\ObjectDock\ObjectDock.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D298EC61-A375-4910-A986-A9F903842DFB}: NameServer = 85.37.17.57 85.38.28.80

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Programmi\File comuni\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--

End of file - 8956 bytes

log combofix:

ComboFix 08-07-29.1 - sergio 2008-07-30 0.03.35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1531 [GMT 2:00]

Eseguito da: C:\Documents and Settings\sergio\Desktop\ComboFix.exe

* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\lsprst7.dll

C:\WINDOWS\system32\mswinup.exe

C:\WINDOWS\system32\ssprs.dll

C:\WINDOWS\system32\winsvcup.exe

C:\WINDOWS\system32\winupsvc.exe

.

((((((((((((((((((((((((( Files Creati Da 2008-06-28 al 2008-07-29 )))))))))))))))))))))))))))))))))))

.

2008-07-29 18:55 . 2008-07-30 00:01 12,030 --a------ C:\huff_value.dat

2008-07-28 18:13 . 2008-07-28 18:13 <DIR> d-------- C:\Programmi\iTunes

2008-07-28 18:13 . 2008-07-28 18:13 <DIR> d-------- C:\Programmi\iPod

2008-07-28 18:10 . 2008-07-28 18:10 <DIR> d-------- C:\Programmi\File comuni\Apple

2008-07-28 18:10 . 2008-07-28 18:10 <DIR> d-------- C:\Programmi\Apple Software Update

2008-07-23 11:08 . 2008-07-23 11:08 <DIR> d-------- C:\Programmi\Motive

2008-07-23 11:08 . 2008-07-23 11:08 <DIR> d-------- C:\Programmi\Alice ti aiuta

2008-07-23 11:06 . 2008-07-23 11:06 <DIR> d-------- C:\Programmi\Telecom Italia

2008-07-22 21:24 . 2008-07-22 21:24 <DIR> d-------- C:\Documents and Settings\sergio\Dati applicazioni\Malwarebytes

2008-07-22 21:24 . 2008-07-22 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes

2008-07-22 14:36 . 2008-07-22 14:36 <DIR> d-------- C:\Programmi\Trend Micro

2008-07-22 13:54 . 2008-07-22 14:41 <DIR> d-------- C:\Documents and Settings\sergio\Pavark

2008-07-22 13:51 . 2008-07-22 22:27 <DIR> d-------- C:\Programmi\a-squared Free

2008-07-22 12:54 . 2008-07-22 12:54 <DIR> d-------- C:\Documents and Settings\LocalService\Documenti

2008-07-22 12:41 . 2008-07-22 12:41 77,824 --a------ C:\WINDOWS\system32\ebqdubot.exe

2008-07-22 00:30 . 2008-07-22 00:30 <DIR> d-------- C:\Programmi\curznzb

2008-07-22 00:30 . 2008-07-22 00:30 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\jexalqdc

2008-07-14 11:49 . 2008-07-28 14:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-07-14 11:49 . 2008-07-14 11:49 1,409 --a------ C:\WINDOWS\QTFont.for

2008-07-13 16:13 . 2008-07-13 16:13 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-07-11 00:09 . 2008-06-14 19:32 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-07-11 00:09 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-07-03 21:08 . 2008-07-03 21:08 268 --ah----- C:\sqmdata04.sqm

2008-07-03 21:08 . 2008-07-03 21:08 244 --ah----- C:\sqmnoopt04.sqm

2008-07-01 15:06 . 2008-07-01 15:06 <DIR> d-------- C:\Documents and Settings\sergio\Dati applicazioni\VoipStunt

2008-06-30 19:02 . 2002-07-10 19:38 435,712 --a------ C:\WINDOWS\system32\QTMPEG2.qtx

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-29 21:57 --------- d-----w C:\Programmi\eMule

2008-07-29 21:23 --------- d-----w C:\Documents and Settings\sergio\Dati applicazioni\Skype

2008-07-29 14:07 --------- d-----w C:\Documents and Settings\sergio\Dati applicazioni\skypePM

2008-07-28 16:12 --------- d-----w C:\Programmi\QuickTime

2008-07-28 16:12 --------- d-----w C:\Programmi\Bonjour

2008-07-23 22:39 --------- d-----w C:\Documents and Settings\sergio\Dati applicazioni\uTorrent

2008-07-23 09:08 --------- d--h--w C:\Programmi\InstallShield Installation Information

2008-07-13 13:29 --------- d-----w C:\Programmi\Java

2008-07-10 22:12 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help

2008-07-08 18:21 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Ulead Systems

2008-07-04 12:57 --------- d-----w C:\Documents and Settings\sergio\Dati applicazioni\Apple Computer

2008-06-20 17:46 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-18 17:02 --------- d-----w C:\Programmi\MSECache

2008-06-18 16:03 --------- d-----w C:\Programmi\Opera

2008-06-14 17:32 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-05 22:55 --------- d-----w C:\Programmi\Microsoft Silverlight

2008-06-05 19:45 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll

2008-06-05 19:45 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll

2008-06-05 19:45 --------- d-----w C:\Programmi\ArcSoft

2008-06-05 19:43 --------- d-----w C:\Programmi\Trust

2008-06-05 19:43 --------- d-----w C:\Programmi\File comuni\PCCamera

2008-06-05 11:22 --------- d-----w C:\Programmi\SUPERAntiSpyware

2008-06-03 13:25 --------- d-----w C:\Programmi\Windows Live

2008-06-03 13:22 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller

2008-06-01 22:03 --------- d-----w C:\Programmi\Google

2008-05-29 14:23 --------- d-----w C:\Programmi\NCH Software

2008-05-29 13:29 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\NCH Software

2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll

2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll

2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll

2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll

2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe

2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe

2008-05-07 05:10 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll

2008-03-12 13:05 22,328 ----a-w C:\Documents and Settings\sergio\Dati applicazioni\PnkBstrK.sys

2007-12-01 12:19 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat

2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe

2004-10-13 16:24 1,694,208 --sha-w C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:14 15360]

"AlcoholAutomount"="C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:29 220544]

"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-05 13:22 1506544]

"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Programmi\Analog Devices\Core\smax4pnp.exe" [2006-05-18 08:22 843776]

"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"Acrobat Assistant 8.0"="C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 23:14 624248]

"Adobe_ID0EYTHM"="C:\PROGRA~1\FILECO~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160]

"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 13:46 266497]

"AppleSyncNotifier"="C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]

"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:14 15360]

C:\Documents and Settings\sergio\Menu Avvio\Programmi\Esecuzione automatica\

Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-06-05 13:22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"Msacm.dvacm"= C:\PROGRA~1\FILECO~1\ULEADS~1\Vio\dvacm.acm

"msacm.mpegacm"= mpegacm.acm

"msacm.ulmp3acm"= ulmp3acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programmi\\uTorrent\\uTorrent.exe"=

"C:\\Programmi\\Adobe\\Adobe After Effects 7.0\\Support Files\\AfterFX.exe"=

"C:\\Programmi\\Sorenson Media\\Sorenson Squeeze\\Squeeze.exe"=

"C:\\Programmi\\eMule\\emule.exe"=

"C:\\Programmi\\Adobe\\Adobe Premiere Pro 2.0\\Adobe Premiere Pro.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programmi\\NetMeeting\\conf.exe"=

"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programmi\\File comuni\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=

"C:\\Programmi\\iTunes\\iTunes.exe"=

"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys []

S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fcb2b02-2bea-11dd-86e9-001731685c19}]

\Shell\AutoRun\command - I:\LaunchU3.exe -a

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Contenuto della cartella 'Scheduled Tasks'

2008-07-29 C:\WINDOWS\Tasks\Verifica e correzione automatica.job

- C:\Programmi\TuneUp Utilities 2008\OneClickStarter.exe []

.

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.it/

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

O8 -: Append to existing PDF - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 -: Convert link target to Adobe PDF - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 -: Convert link target to existing PDF - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 -: Convert selected links to Adobe PDF - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 -: Convert selected links to existing PDF - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 -: Convert selection to Adobe PDF - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 -: Convert selection to existing PDF - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 -: Convert to Adobe PDF - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-30 00:05:39

Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo

Files nascosti: 0

**************************************************************************

.

Ora fine scansione: 2008-07-30 0:07:28

ComboFix-quarantined-files.txt 2008-07-29 22:06:36

Pre-Run: 41,666,224,128 byte disponibili

Post-Run: 41,724,690,432 byte disponibili

193 --- E O F --- 2008-06-05 23:01:20

atacry · July 30, 2008

ei ragazzi salve a tutti

ma perché non gli facciamo fixxare tutto a troppe cose in avvio secondo me meglio snellire il pc

poi avira e un ottimo antivirus lo uso anche io spesso ma alle volte confonde qualche krak con dei virus io fossi in te lo disinstallerei per qualche giorno magari un mesetto il tempo giusto per provare chesso una versione demo di un internet security ma c'è ne sono tanti tipo il ca antivirus ma come dice gia il nome mi fa cagare poi c'è il panda ma forse e troppo pesante se hai un pc datato ma e il migliore come blindatura sempre a mio parere ma quello che ti consiglio di piu vivamente e il kaspersky security 2009 che e potente e veloce kaspersky-labs.trial-kis8.0.0.357it.exe

thesorrow83 · July 30, 2008

Il log è pulito, se i problemi che avevi si sono risolti direi che al massimo puoi cercare di snellire un pò la procedura di avvio togliendo qualche programma che hai in esecuzione automatica, se vuoi qualche consiglio clicca su Start - Esegui e scrivi msconfig, poi apri la scheda "Avvio" e posta qui uno screen o una lista delle voci che si trovano in quella scheda.

$angelique!? · July 30, 2008

Ciao sergioz,

Scarica the Avenger

http://swandog46.geekstogo.com/avenger.zip

lo salvi in una cartella, scompatti il file .zip.

individua avenger.exe, lo avvii.

inserisci questo script nel box bianco

Registry values to replace with dummy:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Files to delete:

C:\WINDOWS\system32\ebqdubot.exe

C:\Documents and Settings\All Users\Dati applicazioni\jexalqdc

folders to delete:

C:\WINDOWS\temp

C:\WINDOWS\Tasks

C:\Programmi\curznzb

Clicca su Execute

Il pc dovrebbe riavviarsi ( se così non fosse, fallo tu)

Posta il log che verrà creato in C:\Avenger

_________________________________________________________________________

Scarica SDFix http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

e salvalo sul desktop

- Doppio click su SDFix.exe e il tool andrà ad estrarsi in C:\SDFix

* Adesso avvia il sistema in modalità provvisoria http://www.kuma215.it/WI/Mod_Provv.html

- Apri la cartella SDFix situata in C:\ e fai un doppio click su RunThis.bat per lanciare lo script

- seleziona Y per avviare la pulizia

- Quando te lo chiederà premi un tasto per riavviare

(il sistema sarà piu lungo nell'avviarsi perchè lo script eseguirà l'eliminazione dei file trovati)

- Quando apparirà il desktop il tool terminerà il suo lavoro e visualizzerà il messaggio "Finished"

- Premi un tasto per terminare lo script e ricaricare le icone del desktop

- Il log sarà visualizzato automaticamente,altrimenti potrai trovarlo in C:\SDFix\Report.txt

____________________________________________________________________

Ps: Antivir è un ottimo antivirus non hai alcun bisogno di cambiarlo

Per la gestione dei programmi in avvio puoi usare Starter

questi di seguito puoi disabilitarli in avvio...

[sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"

[Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[Adobe_ID0EYTHM] C:\PROGRA~1\FILECO~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime

[iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"

[AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

[MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background

Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

Startup: Blaero Start Orb.lnk = ?

Startup: Stardock ObjectDock.lnk = C:\Programmi\Stardock\ObjectDock\ObjectDock.exe

sergioz · July 31, 2008

grazie mille.

ho fatto tutti i passaggi pero il programma starter non ho ben capito se l'ho usato bene.

io ho eliminato i processi che mi hai elencato meno objectdock.exe che mi fa comodo (pseudo fake mac doc

ora pero ho paura che antivir e antispyware non mi si avviano automaticamente,non li visualizzo nella barra applicazioni.

ho sbagliato qualcosa?

se si potete dirmi passo passo come fare?

ecco i log:

avenger:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

File "C:\WINDOWS\system32\ebqdubot.exe" deleted successfully.

Error: "C:\Documents and Settings\All Users\Dati applicazioni\jexalqdc" is a folder, not a file!

Deletion of file "C:\Documents and Settings\All Users\Dati applicazioni\jexalqdc" failed!

Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)

--> use "Folders to delete:" instead of "Files to delete:" to delete a directory

Folder "C:\WINDOWS\temp" deleted successfully.

Folder "C:\WINDOWS\Tasks" deleted successfully.

Error: folder "C:\Programmi\curznzb" not found!

Deletion of folder "C:\Programmi\curznzb" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Registry value "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

sdfix:

SDFix: Version 1.210
Run by sergio on 31/07/2008 at 01.51

Microsoft Windows XP [Versione 5.1.2600]

Running From: C:\SDFix

Checking Services :

Restoring Default Security Values

Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\DOCUME~1\sergio\IMPOST~1\Temp\tmpD1.tmp - Deleted

C:\DOCUME~1\sergio\IMPOST~1\Temp\tmpD2.tmp - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-31 01:58:20

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:6d,10,b9,53,9b,34,ae,11,e6,af,c6,86,46,05,97,6c,b2,9c,1d,40,15,..

"p0"="C:\Programmi\Alcohol Soft\Alcohol 120\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:6d,10,b9,53,9b,34,ae,11,e6,af,c6,86,46,05,97,6c,b2,9c,1d,40,15,..

"p0"="C:\Programmi\Alcohol Soft\Alcohol 120\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:6d,10,b9,53,9b,34,ae,11,e6,af,c6,86,46,05,97,6c,b2,9c,1d,40,15,..

"p0"="C:\Programmi\Alcohol Soft\Alcohol 120\"

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Programmi\\uTorrent\\uTorrent.exe"="C:\\Programmi\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

"C:\\Programmi\\Adobe\\Adobe After Effects 7.0\\Support Files\\AfterFX.exe"="C:\\Programmi\\Adobe\\Adobe After Effects 7.0\\Support Files\\AfterFX.exe:*:Enabled:Adobe After Effects"

"C:\\Programmi\\Sorenson Media\\Sorenson Squeeze\\Squeeze.exe"="C:\\Programmi\\Sorenson Media\\Sorenson Squeeze\\Squeeze.exe:*:Enabled:Squeeze Application"

"C:\\Programmi\\eMule\\emule.exe"="C:\\Programmi\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\Programmi\\Adobe\\Adobe Premiere Pro 2.0\\Adobe Premiere Pro.exe"="C:\\Programmi\\Adobe\\Adobe Premiere Pro 2.0\\Adobe Premiere Pro.exe:*:Enabled:Adobe Premiere Pro"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Programmi\\NetMeeting\\conf.exe"="C:\\Programmi\\NetMeeting\\conf.exe:*:Enabled:Windows© NetMeeting©"

"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\\Programmi\\File comuni\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"="C:\\Programmi\\File comuni\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"

"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"="C:\\Programmi\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Programmi\\Bonjour\\mDNSResponder.exe"="C:\\Programmi\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\\Programmi\\iTunes\\iTunes.exe"="C:\\Programmi\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Programmi\\Skype\\Phone\\Skype.exe"="C:\\Programmi\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"="C:\\Programmi\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 13 Oct 2004 1,694,208 A.SH. --- "C:\Programmi\Messenger\msmsgs.exe"

Mon 24 Mar 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Wed 13 Oct 2004 1,694,208 A.SH. --- "C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe"

Wed 5 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Mon 7 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4844df1d57a292079101da42a26d7d72\BIT1.tmp"

Sun 13 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\78670cbd6a90baaa408a8a72f52fdce2\BIT1.tmp"

Mon 7 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT2.tmp"

Wed 4 Oct 2006 3,072,000 A..H. --- "C:\Documents and Settings\sergio\Dati applicazioni\U3\temp\Launchpad Removal.exe"

Finished!

hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2.10.18, on 31/07/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programmi\Bonjour\mDNSResponder.exe

C:\Programmi\CyberLink\Shared files\RichVideo.exe

C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Stardock\ObjectDock\ObjectDock.exe

C:\Programmi\Opera\Opera.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\notepad.exe

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - Startup: Stardock ObjectDock.lnk = C:\Programmi\Stardock\ObjectDock\ObjectDock.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D298EC61-A375-4910-A986-A9F903842DFB}: NameServer = 85.37.17.57 85.38.28.80

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Programmi\File comuni\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--

End of file - 7173 bytes

$angelique!? · July 31, 2008

Ciao sergioz,

il log di HIjackthis è ok...

rimetti la spunta ai programmi che non si avviano più in automatico

[aiuto] Vari Virus (credo)

16 messaggi in questa discussione

Condividi questo messaggio

Link di questo messaggio

Condividi su altri siti

Condividi questo messaggio

Link di questo messaggio

Condividi su altri siti

Condividi questo messaggio

Link di questo messaggio

Condividi su altri siti

Condividi questo messaggio

Link di questo messaggio

Condividi su altri siti

Condividi questo messaggio

Link di questo messaggio

Condividi su altri siti

Condividi questo messaggio

Link di questo messaggio

Condividi su altri siti

Condividi questo messaggio

Link di questo messaggio

Condividi su altri siti

Condividi questo messaggio

Link di questo messaggio

Condividi su altri siti

Condividi questo messaggio

Link di questo messaggio

Condividi su altri siti

Condividi questo messaggio

Link di questo messaggio

Condividi su altri siti

Condividi questo messaggio

Link di questo messaggio

Condividi su altri siti

Condividi questo messaggio

Link di questo messaggio

Condividi su altri siti

Condividi questo messaggio

Link di questo messaggio

Condividi su altri siti

Condividi questo messaggio

Link di questo messaggio

Condividi su altri siti

Condividi questo messaggio

Link di questo messaggio

Condividi su altri siti

Condividi questo messaggio

Link di questo messaggio

Condividi su altri siti

Crea un account o accedi per lasciare un commento

Crea un account

Accedi