rimini81

"antivirus Xp 2008"

17 messaggi in questa discussione

Salve a tutti...ho un virus nel Pc,AVG me ne trova in continuazione...ultimamente mi è comparso anche un fantomatico "Antivirus XP 2008".

Vi posto il Log di hijackthis.

Mi date una mano voi a ripulirlo??? ;-)

Grazie mille

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 12.20.24, on 22/08/08

Platform: Windows XP SP3 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\All Users\Dati applicazioni\vcvypgfa\xehynuto.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

I:\iTunesHelper.exe

C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe

C:\PROGRA~1\AVG\AVG8\avgfws8.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programmi\OpenOffice.org 1.9.79\program\soffice.exe

C:\Programmi\OpenOffice.org 1.9.79\program\soffice.BIN

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\Programmi\Windows Live\Messenger\usnsvc.exe

I:\eMule AdunanzA\eMule_AdnzA.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\grobazkt.exe

C:\Programmi\rhcrroj0enbj\rhcrroj0enbj.exe

C:\WINDOWS\system32\pphcvroj0enbj.exe

C:\Documents and Settings\MATTIA\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - I:\Programmi\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll

O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - I:\Programmi\TechSmith\SnagIt 7\SnagItIEAddin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "I:\iTunesHelper.exe"

O4 - HKLM\..\Run: [lphcvroj0enbj] C:\WINDOWS\system32\lphcvroj0enbj.exe

O4 - HKLM\..\Run: [sMrhcrroj0enbj] C:\Programmi\rhcrroj0enbj\rhcrroj0enbj.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [5e300hMnGa] C:\Documents and Settings\All Users\Dati applicazioni\vcvypgfa\xehynuto.exe

O4 - Startup: OpenOffice.org 1.9.79.lnk = C:\Programmi\OpenOffice.org 1.9.79\program\quickstart.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe

O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 7534 bytes

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Grazie del consiglio...

Ecco il log aggiornato alla 2.0.2

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12.48.19, on 22/08/08

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\All Users\Dati applicazioni\vcvypgfa\xehynuto.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

I:\iTunesHelper.exe

C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe

C:\PROGRA~1\AVG\AVG8\avgfws8.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programmi\OpenOffice.org 1.9.79\program\soffice.exe

C:\Programmi\OpenOffice.org 1.9.79\program\soffice.BIN

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\Programmi\Windows Live\Messenger\usnsvc.exe

I:\eMule AdunanzA\eMule_AdnzA.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\grobazkt.exe

C:\Programmi\rhcrroj0enbj\rhcrroj0enbj.exe

C:\WINDOWS\system32\pphcvroj0enbj.exe

C:\Documents and Settings\MATTIA\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - I:\Programmi\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll

O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - I:\Programmi\TechSmith\SnagIt 7\SnagItIEAddin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "I:\iTunesHelper.exe"

O4 - HKLM\..\Run: [lphcvroj0enbj] C:\WINDOWS\system32\lphcvroj0enbj.exe

O4 - HKLM\..\Run: [sMrhcrroj0enbj] C:\Programmi\rhcrroj0enbj\rhcrroj0enbj.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [5e300hMnGa] C:\Documents and Settings\All Users\Dati applicazioni\vcvypgfa\xehynuto.exe

O4 - Startup: OpenOffice.org 1.9.79.lnk = C:\Programmi\OpenOffice.org 1.9.79\program\quickstart.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe

O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 7270 bytes

Stò facendo anche la scansione con MBA appena termina la posto di seguito.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

ED ECCO IL LOG DI MBA:

Malwarebytes' Anti-Malware 1.25

Versione del database: 1062

Windows 5.1.2600 Service Pack 3

1.37.40 22/08/08

mbam-log-08-22-2008 (13-37-36).txt

Tipo di scansione: Scansione completa (C:\|I:\|J:\|)

Elementi scansionati: 100109

Tempo trascorso: 46 minute(s), 10 second(s)

Processi delle memoria infetti: 2

Moduli della memoria infetti: 3

Chiavi di registro infette: 34

Valori di registro infetti: 7

Elementi dato del registro infetti: 3

Cartelle infette: 16

File infetti: 78

Processi delle memoria infetti:

C:\Programmi\rhcrroj0enbj\rhcrroj0enbj.exe (Rogue.Multiple) -> No action taken.

C:\WINDOWS\system32\pphcvroj0enbj.exe (Trojan.FakeAlert) -> No action taken.

Moduli della memoria infetti:

C:\Programmi\rhcrroj0enbj\MFC71.dll (Rogue.Multiple) -> No action taken.

C:\Programmi\rhcrroj0enbj\msvcp71.dll (Rogue.Multiple) -> No action taken.

C:\Programmi\rhcrroj0enbj\msvcr71.dll (Rogue.Multiple) -> No action taken.

Chiavi di registro infette:

HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcrroj0enbj (Rogue.Multiple) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\rhcrroj0enbj (Rogue.Multiple) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> No action taken.

HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> No action taken.

HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> No action taken.

HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> No action taken.

HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.

Valori di registro infetti:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcrroj0enbj (Rogue.Multiple) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcvroj0enbj (Trojan.FakeAlert) -> No action taken.

HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.

HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.

HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.

HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.

Elementi dato del registro infetti:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:

C:\WINDOWS\mslagent (Adware.EGDAccess) -> No action taken.

C:\Programmi\akl (Fake.Dropped.Malware) -> No action taken.

C:\Programmi\Inet Delivery (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> No action taken.

C:\Programmi\rhcrroj0enbj (Rogue.Multiple) -> No action taken.

C:\Documents and Settings\MATTIA\Dati applicazioni\rhcrroj0enbj (Rogue.Multiple) -> No action taken.

C:\Documents and Settings\MATTIA\Dati applicazioni\rhcrroj0enbj\Quarantine (Rogue.Multiple) -> No action taken.

C:\Documents and Settings\MATTIA\Dati applicazioni\rhcrroj0enbj\Quarantine\Autorun (Rogue.Multiple) -> No action taken.

C:\Documents and Settings\MATTIA\Dati applicazioni\rhcrroj0enbj\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.

C:\Documents and Settings\MATTIA\Dati applicazioni\rhcrroj0enbj\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.

C:\Documents and Settings\MATTIA\Dati applicazioni\rhcrroj0enbj\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.

C:\Documents and Settings\MATTIA\Dati applicazioni\rhcrroj0enbj\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.

C:\Documents and Settings\MATTIA\Dati applicazioni\rhcrroj0enbj\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.

C:\Documents and Settings\MATTIA\Dati applicazioni\rhcrroj0enbj\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.

C:\Documents and Settings\MATTIA\Dati applicazioni\rhcrroj0enbj\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.

C:\Documents and Settings\MATTIA\Dati applicazioni\rhcrroj0enbj\Quarantine\Packages (Rogue.Multiple) -> No action taken.

File infetti:

C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> No action taken.

C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> No action taken.

C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> No action taken.

C:\Programmi\akl\akl.dll (Fake.Dropped.Malware) -> No action taken.

C:\Programmi\akl\akl.exe (Fake.Dropped.Malware) -> No action taken.

C:\Programmi\akl\uninstall.exe (Fake.Dropped.Malware) -> No action taken.

C:\Programmi\akl\unsetup.exe (Fake.Dropped.Malware) -> No action taken.

C:\Programmi\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> No action taken.

C:\Programmi\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> No action taken.

C:\Programmi\rhcrroj0enbj\database.dat (Rogue.Multiple) -> No action taken.

C:\Programmi\rhcrroj0enbj\license.txt (Rogue.Multiple) -> No action taken.

C:\Programmi\rhcrroj0enbj\MFC71.dll (Rogue.Multiple) -> No action taken.

C:\Programmi\rhcrroj0enbj\MFC71ENU.DLL (Rogue.Multiple) -> No action taken.

C:\Programmi\rhcrroj0enbj\msvcp71.dll (Rogue.Multiple) -> No action taken.

C:\Programmi\rhcrroj0enbj\msvcr71.dll (Rogue.Multiple) -> No action taken.

C:\Programmi\rhcrroj0enbj\rhcrroj0enbj.exe (Rogue.Multiple) -> No action taken.

C:\Programmi\rhcrroj0enbj\rhcrroj0enbj.exe.local (Rogue.Multiple) -> No action taken.

C:\Programmi\rhcrroj0enbj\Uninstall.exe (Rogue.Multiple) -> No action taken.

C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk (Rogue.Antivirus) -> No action taken.

C:\Documents and Settings\MATTIA\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> No action taken.

C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\bdn.com (Trojan.Agent) -> No action taken.

C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\mssecu.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> No action taken.

C:\WINDOWS\system32\lphcvroj0enbj.exe (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\pphcvroj0enbj.exe (Trojan.FakeAlert) -> No action taken.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

aiaiaiai...quanti amichetti che hai nel sistema  :)

fai cosi nell'ordine;

1.con malwarebytes rimuovi tutto quello che ha trovato

2. fai un fix con combofix e posta il suo log

3. rifai un log hijackthis

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Log di COMBOFIX

ComboFix 08-08-21.02 - MATTIA 2008-08-22 21:47:46.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1558 [GMT 2:00]

Eseguito da: C:\Documents and Settings\MATTIA\Desktop\ComboFix.exe

* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Antivirus XP 2008

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Antivirus XP 2008\Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Antivirus XP 2008\License Agreement.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Antivirus XP 2008\Register Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Antivirus XP 2008\Uninstall.lnk

.

((((((((((((((((((((((((( Files Creati Da 2008-07-22 al 2008-08-22 )))))))))))))))))))))))))))))))))))

.

2008-08-22 21:45 . 2008-08-18 22:49 <DIR> d-------- C:\SDFix

2008-08-22 17:34 . 2008-08-22 17:34 <DIR> d-------- C:\Programmi\Alice ti aiuta

2008-08-22 17:31 . 2008-08-22 17:31 81,920 --a------ C:\WINDOWS\system32\jsvkhyba.exe

2008-08-22 12:48 . 2008-08-22 12:48 <DIR> d-------- C:\Documents and Settings\MATTIA\Dati applicazioni\Malwarebytes

2008-08-22 12:48 . 2008-08-22 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes

2008-08-22 12:48 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-08-22 12:48 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-08-22 12:33 . 2008-08-22 13:17 <DIR> d-------- C:\Documents and Settings\MATTIA\.housecall6.6

2008-08-20 12:48 . 2008-08-20 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\vcvypgfa

2008-08-20 12:48 . 2008-08-20 12:48 81,920 --a------ C:\WINDOWS\system32\vwponufa.exe

2008-08-20 09:45 . 2008-08-22 17:31 <DIR> d--h----- C:\$AVG8.VAULT$

2008-08-15 12:30 . 2008-08-15 12:30 <DIR> d-------- C:\Programmi\Apple Software Update

2008-08-12 20:34 . 2008-05-01 16:34 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

2008-08-12 20:33 . 2008-04-11 21:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-08-10 18:13 . 2008-08-10 18:13 <DIR> d-------- C:\Programmi\Realtek

2008-08-08 20:44 . 2008-08-08 20:44 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-08-08 20:41 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002686_.tmp

2008-08-08 20:40 . 2008-08-08 20:40 <DIR> d-------- C:\WINDOWS\EHome

2008-08-01 13:15 . 2008-08-01 13:15 <DIR> d-------- C:\Programmi\iPod

2008-08-01 13:10 . 2008-08-01 13:10 <DIR> d-------- C:\Programmi\Safari

2008-07-30 21:26 . 2008-07-30 21:26 <DIR> d--h----- C:\WINDOWS\system32\CyberInstallerUninstallerSystem

2008-07-30 21:25 . 2008-08-10 18:36 <DIR> d-------- C:\Ludopoli

2008-07-30 21:24 . 2008-07-30 21:24 <DIR> d-------- C:\Documents and Settings\MATTIA\Dati applicazioni\CyberInstaller Studio 2008

2008-07-26 13:04 . 2008-07-26 13:04 <DIR> d-------- C:\Programmi\Bonjour

2008-07-26 13:04 . 2008-08-01 13:21 <DIR> d-------- C:\Documents and Settings\MATTIA\Dati applicazioni\Apple Computer

2008-07-26 13:03 . 2008-07-26 13:03 <DIR> d-------- C:\Programmi\QuickTime

2008-07-26 13:03 . 2008-08-01 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer

2008-07-26 13:02 . 2008-07-26 13:02 <DIR> d-------- C:\Programmi\File comuni\Apple

2008-07-26 13:02 . 2008-07-26 13:02 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple

2008-07-23 21:52 . 2008-08-08 22:23 <DIR> d-------- C:\Programmi\Everest Poker

2008-07-23 21:45 . 2008-07-23 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!

2008-07-22 11:38 . 2008-07-28 10:00 <DIR> d-------- C:\Documents and Settings\MATTIA\Contacts

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-22 15:31 --------- d-----w C:\Documents and Settings\MATTIA\Dati applicazioni\OpenOffice.org1.9.79

2008-08-10 16:13 --------- d--h--w C:\Programmi\InstallShield Installation Information

2008-07-26 06:43 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-07-22 10:11 --------- d-----w C:\Programmi\Windows Live

2008-07-22 10:08 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller

2008-07-21 12:28 --------- d-----w C:\Programmi\Windows Media Connect 2

2008-07-21 10:21 --------- d-----w C:\Programmi\Java

2008-07-21 06:20 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys

2008-07-21 06:19 45,568 ----a-w C:\WINDOWS\system32\avgfwdx.dll

2008-07-21 06:19 23,296 ----a-w C:\WINDOWS\system32\drivers\avgfwdx.sys

2008-07-21 06:19 12,936 ----a-w C:\WINDOWS\system32\drivers\avgrkx86.sys

2008-07-21 06:19 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-07-21 00:20 --------- d-----w C:\Programmi\TRUST

2008-07-20 18:39 --------- d-----w C:\Programmi\File comuni\Adobe

2008-07-20 18:19 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg8

2008-07-20 12:08 --------- d-----w C:\Documents and Settings\MATTIA\Dati applicazioni\Philips

2008-07-19 18:40 47,104 ------w C:\WINDOWS\AKDeInstall.exe

2008-07-19 18:40 --------- d-----w C:\Programmi\mpegable

2008-07-19 18:19 --------- d-----w C:\Documents and Settings\MATTIA\Dati applicazioni\AVGTOOLBAR

2008-07-19 18:16 --------- d-----w C:\Documents and Settings\MATTIA\Dati applicazioni\Ahead

2008-07-19 18:14 --------- d-----w C:\Programmi\Ahead

2008-07-19 18:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Ahead

2008-07-19 18:11 --------- d-----w C:\Programmi\File comuni\Ahead

2008-07-19 18:06 --------- d-----w C:\Programmi\AVG

2008-07-19 12:20 --------- d-----w C:\Programmi\OpenOffice.org 1.9.79

2008-07-19 11:57 --------- d-----w C:\Programmi\Windows Live Toolbar

2008-07-19 11:57 --------- d-----w C:\Programmi\Windows Live Favorites

2008-07-19 11:57 --------- d-----w C:\Programmi\Microsoft SQL Server Compact Edition

2008-07-19 11:48 --------- dcsh--w C:\Programmi\File comuni\WindowsLiveInstaller

2008-07-19 11:43 36,734 ----a-w C:\WINDOWS\system32\OggDSuninst.exe

2008-07-19 11:43 --------- d-----w C:\Programmi\DivX

2008-07-19 11:39 --------- d-----w C:\Programmi\AC3Filter

2008-07-19 11:07 --------- d-----w C:\Documents and Settings\MATTIA\Dati applicazioni\eMule AdunanzA

2008-07-19 10:54 --------- d-----w C:\Documents and Settings\MATTIA\Dati applicazioni\SopCast

2008-07-19 10:45 --------- d-----w C:\Programmi\File comuni\Java

2008-07-19 10:37 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-07-19 10:37 --------- d-----w C:\Programmi\File comuni\InstallShield

2008-07-19 10:35 --------- d-----w C:\Programmi\ATI Technologies

2008-07-19 10:26 --------- d-----w C:\Programmi\microsoft frontpage

2008-07-19 10:25 --------- d-----w C:\Programmi\Servizi in linea

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-18 18:38 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR

2008-07-09 16:47 589,885 ----a-w C:\WINDOWS\system32\wbtapi.dll

2008-07-09 16:47 507,904 ----a-w C:\WINDOWS\system32\btwapi.dll

2008-07-07 20:27 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:42 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:15 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:46 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:14 15360]

"AppProcSet"="C:\WINDOWS\system32\jsvkhyba.exe" [2008-08-22 17:31 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-20 06:05 8429568]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-20 06:05 81920]

"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-26 08:43 1235736]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"AppleSyncNotifier"="C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]

"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

"iTunesHelper"="I:\iTunesHelper.exe" [2008-07-30 10:47 289064]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 19:14 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"5e300hMnGa"="C:\Documents and Settings\All Users\Dati applicazioni\vcvypgfa\xehynuto.exe" [2008-08-20 12:48 61440]

C:\Documents and Settings\MATTIA\Menu Avvio\Programmi\Esecuzione automatica\

OpenOffice.org 1.9.79.lnk - C:\Programmi\OpenOffice.org 1.9.79\program\quickstart.exe [2005-02-14 17:48:14 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= DivXa32.acm

"msacm.l3codec"= L3codecp.acm

"msvideo8"= STV680tg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"I:\\eMule AdunanzA\\eMule_AdnzA.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=

"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=

"C:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=

"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=

"I:\\iTunes.exe"=

"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-07-21 08:19]

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-26 08:43]

R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-16 09:18]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-26 08:43]

R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-07-26 08:43]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-21 08:20]

R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-07-21 08:19]

S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-07-21 08:19]

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Contenuto della cartella 'Scheduled Tasks'

2008-08-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-08-22 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job

- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

.

- - - - ORFÃOS REMOVIDOS - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\MATTIA\Dati applicazioni\Mozilla\Firefox\Profiles\16u89apr.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.it/ig?hl=it

FF -: plugin - I:\Mozilla Plugins\npitunes.dll

FF -: plugin - I:\Reader\browser\nppdf32.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-22 21:49:15

Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo

Files nascosti: 0

**************************************************************************

.

Ora fine scansione: 2008-08-22 21:50:03

ComboFix-quarantined-files.txt 2008-08-22 19:50:00

Pre-Run: 22,182,973,440 byte disponibili

Post-Run: 23,753,428,992 byte disponibili

193 --- E O F --- 2008-08-13 01:02:23

E nuovo log di Hijack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:59, on 22/08/08

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgfws8.exe

C:\Programmi\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Documents and Settings\All Users\Dati applicazioni\vcvypgfa\xehynuto.exe

C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

I:\iTunesHelper.exe

C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\OpenOffice.org 1.9.79\program\soffice.exe

C:\Programmi\OpenOffice.org 1.9.79\program\soffice.BIN

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\WINDOWS\system32\jsvkhyba.exe

C:\Programmi\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\Documents and Settings\MATTIA\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - I:\Programmi\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll

O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - I:\Programmi\TechSmith\SnagIt 7\SnagItIEAddin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "I:\iTunesHelper.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AppProcSet] C:\WINDOWS\system32\jsvkhyba.exe

O4 - HKLM\..\Policies\Explorer\Run: [5e300hMnGa] C:\Documents and Settings\All Users\Dati applicazioni\vcvypgfa\xehynuto.exe

O4 - Startup: OpenOffice.org 1.9.79.lnk = C:\Programmi\OpenOffice.org 1.9.79\program\quickstart.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe

O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 7027 bytes

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

fai cosi;

con Avenger inserisci questo script;

files to delete:

C:\Documents and Settings\All Users\Dati applicazioni\vcvypgfa\xehynuto.exe

C:\WINDOWS\system32\jsvkhyba.exe

C:\WINDOWS\system32\vwponufa.exe

folders to delete:

C:\Documents and Settings\All Users\Dati applicazioni\vcvypgfa

Con Hijackthis fixa queste due voci;

O4 - HKCU\..\Run: [AppProcSet] C:\WINDOWS\system32\jsvkhyba.exe

O4 - HKLM\..\Policies\Explorer\Run: [5e300hMnGa] C:\Documents and Settings\All Users\Dati applicazioni\vcvypgfa\xehynuto.exe

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ho fatto tutto quello che mi è stato detto...ho seguito alla lettere,questo è il log hijack aggiornato:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:29, on 23/08/08

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\AVG\AVG8\avgfws8.exe

C:\Programmi\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

I:\iTunesHelper.exe

C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\xijqlqji.exe

C:\Programmi\OpenOffice.org 1.9.79\program\soffice.exe

C:\Programmi\OpenOffice.org 1.9.79\program\soffice.BIN

C:\Programmi\Mozilla Firefox\firefox.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\Programmi\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\MATTIA\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - I:\Programmi\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll

O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - I:\Programmi\TechSmith\SnagIt 7\SnagItIEAddin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "I:\iTunesHelper.exe"

O4 - HKLM\..\Run: [lphcvroj0enbj] C:\WINDOWS\system32\lphcvroj0enbj.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [mondsc] C:\WINDOWS\system32\xijqlqji.exe

O4 - Startup: OpenOffice.org 1.9.79.lnk = C:\Programmi\OpenOffice.org 1.9.79\program\quickstart.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O21 - SSODL: websrv - {4DCA1F22-5E16-C684-CCE8-022AD84EAFB0} - C:\Programmi\kxdyroc\websrv.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe

O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 7023 bytes

Spero vada tutto bene,che sia pulito!

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

si infatti sei ancora infetto... fai cosi nell'ordine;

* Scarica ed installa Ccleaner

(Quando lo installi ricordati che se lasci le spunte di defuat ,verrà installata anche la toolbar yahoo)

* Disconnetiti da internet

* disattiva il ripristino configurazione di sistema

Avvia in modalità provvisoria 

* Avvia hijackthis, metti la spunta alle voci che andro ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked (Ovviamente se qualcuna la conosci trascurala)

O4 - HKLM\..\Run: [lphcvroj0enbj] C:\WINDOWS\system32\lphcvroj0enbj.exe

O4 - HKCU\..\Run: [mondsc] C:\WINDOWS\system32\xijqlqji.exe

O21 - SSODL: websrv - {4DCA1F22-5E16-C684-CCE8-022AD84EAFB0} - C:\Programmi\kxdyroc\websrv.dll

* Assicurati di avere accesso a file e cartelle nascosti

(Pannello di controllo-> Opzioni Cartella-> Visualizzazione) 

1) metti la spunta su: Visualizza file e cartelle nascoste

2) Disattiva: nascondi file protetti di sistema

* Adesso cerca ed elimina;

C:\WINDOWS\system32\xijqlqji.exe

C:\Programmi\kxdyroc

* Dai una ripulita a cookie,cache e prefetch con Ccleaner

(prima di usarlo vai in Opzioni/avanzate e togli la spunta da :Elimina file temp di Windows solo se piu vecchi di 48 ore)

* ritorna in modalità normale , sempre disconnesso da Internet rifai uno scan completo con MBA elimina tutto quello che trova

* posta il suo log insieme ad un nuovo log HJT

* Fai anche uno scan online Kaspersky in questo modo 

_____________________________________________

Alla fine delle procedure di pulizia è fondamentale :

1) ri-nascondere i file e le cartelle di sistema

2) Riattivare il ripristino configurazione di sistema (XP / ME)

3) Creare un nuovo punto di ripristino

 :)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

ecco i due nuovi log....

Malwarebytes' Anti-Malware 1.25

Versione del database: 1062

Windows 5.1.2600 Service Pack 3

2.21.44 25/08/08

mbam-log-08-25-2008 (02-21-44).txt

Tipo di scansione: Scansione completa (C:\|I:\|J:\|)

Elementi scansionati: 95823

Tempo trascorso: 37 minute(s), 42 second(s)

Processi delle memoria infetti: 0

Moduli della memoria infetti: 0

Chiavi di registro infette: 3

Valori di registro infetti: 4

Elementi dato del registro infetti: 2

Cartelle infette: 0

File infetti: 0

Processi delle memoria infetti:

(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:

(Nessun elemento malevolo rilevato)

Chiavi di registro infette:

HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Valori di registro infetti:

HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Cartelle infette:

(Nessun elemento malevolo rilevato)

File infetti:

(Nessun elemento malevolo rilevato)

Ed ecco i file di hijackthis......................................................................

...........

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:22, on 25/08/08

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgfws8.exe

C:\Programmi\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\rundll32.exe

I:\iTunesHelper.exe

C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\OpenOffice.org 1.9.79\program\soffice.exe

C:\Programmi\OpenOffice.org 1.9.79\program\soffice.BIN

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\Programmi\Windows Live\Messenger\usnsvc.exe

I:\eMule AdunanzA\eMule_AdnzA.exe

C:\Documents and Settings\MATTIA\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - I:\Programmi\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll

O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - I:\Programmi\TechSmith\SnagIt 7\SnagItIEAddin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "I:\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "I:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: OpenOffice.org 1.9.79.lnk = C:\Programmi\OpenOffice.org 1.9.79\program\quickstart.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe

O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 6910 bytes

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

allega anche lo scan Kaspersky

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

attenzione a cosa scarichi , ma nel disco sistema non c'é niente di infetto...

hai ancora problemi?

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

No ora và tutto bene...tutto è nato per aver scaricato una finta versione di java,era fatto molto bene e ci sono cascato come un pollo...una volta fatto partire l'eseguibile il "gioco" è fatto!!!

Cmq grazie di tutto!

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

e si... i malware writer sono sempre piu all'avanguardia...

contento che hai risolto

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora