Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Pagina 1 di 2 1 2 ultimoultimo
Visualizzazione dei risultati da 1 a 10 su 16
  1. 19-11-2007, 22:15 #1
    Liuba
    Liuba non è in linea
    Utente di HTML.it
    Registrato dal
    Nov 2007
    Messaggi
    71

    win 32:agent KIR - MEB small EPj - gen Delphie e pure vundo

    siete la mia speranza prima di portare a formattare il PC. Tutto è iniziato una 10 di giorni fa come già descritto da altri con una tool bar di security e icone sul PC con aperture di pagine e avvisi assillanti di virus. Ho provato con fix vundo, con vundofix, con search & destroy e ora pure con virit ma nulla da fare. Tutti dicono rimosso ma ad ogni avvio del PC me ne trovo altri (o lo stesso con un altro nome?) Il virtumone torna sempre e il WIN32 pure (
    Ora come ora sono in queste condizioni:
    Adaware mi trova : Win32 troyandownloader.Zlob
    Search $ destroy : drivecleaner 2006 - virtumone - win32.BHO.df
    Virit mi ha tolto un sacco di roba e ora trova : win32.vundo.ca - win32.agent.BFS
    AVAST mi trova : Win32.troyan-gen (Delphi)
    Leggendo i vostri messaggi ho visto che richiedete il log di Hijack, l'ho scaricato tramite vs. link e faccio un altro messaggio per allegarlo.
    Aiutatemi se possibile, grazie mille
    Rispondi quotando Rispondi quotando
  2. 19-11-2007, 22:20 #2
    Liuba
    Liuba non è in linea
    Utente di HTML.it
    Registrato dal
    Nov 2007
    Messaggi
    71

    ecco il log di Hijack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17.46.15, on 19/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    C:\Programmi\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\VEXPLITE\viritsvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    C:\Programmi\Analog Devices\Core\smax4pnp.exe
    C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA BE.EXE
    C:\WINDOWS\system32\nvsvc64.exe
    C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
    C:\VEXPLITE\MONLITE.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
    C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Programmi\MSN Messenger\msnmsgr.exe
    C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\TinMessenger\c6Messenger.exe
    C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: 205.238.40.53 www.winmx.com err.winmx.com
    O1 - Hosts: 205.238.40.1 cache0.winmx.com test3201.winmx.com test3205.winmx.com
    O1 - Hosts: 205.238.40.2 cache1.winmx.com test3202.winmx.com test3206.winmx.com
    O1 - Hosts: 82.43.224.20 cache2.winmx.com test3203.winmx.com test3207.winmx.com
    O1 - Hosts: 82.204.21.111 cache3.winmx.com test3204.winmx.com test3208.winmx.com
    O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
    O1 - Hosts: 82.43.224.20 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
    O1 - Hosts: 82.204.21.111 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
    O1 - Hosts: 82.204.21.111 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
    O1 - Hosts: 82.43.224.20 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
    O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
    O1 - Hosts: 82.204.21.111 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
    O1 - Hosts: 82.204.21.111 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
    O1 - Hosts: 205.238.40.53 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
    O1 - Hosts: 205.238.40.1 test0.winmxgroup.net test4.winmxgroup.net
    O1 - Hosts: 205.238.40.2 test1.winmxgroup.net test5.winmxgroup.net
    O1 - Hosts: 82.43.224.20 test2.winmxgroup.net test6.winmxgroup.net
    O1 - Hosts: 82.204.21.111 test3.winmxgroup.net
    O1 - Hosts: 205.238.40.1 cache0.winmxgroup.com cache4.winmxgroup.com cache8.winmxgroup.com cache2.winmxgroup.net cache6.winmxgroup.net cache10.winmxgroup.net cache14.winmxgroup.net cache18.winmxgroup.com
    O1 - Hosts: 205.238.40.2 cache1.winmxgroup.com cache5.winmxgroup.com cache9.winmxgroup.com cache3.winmxgroup.net cache7.winmxgroup.net cache11.winmxgroup.net cache15.winmxgroup.net cache19.winmxgroup.com
    O1 - Hosts: 82.43.224.20 cache2.winmxgroup.com cache6.winmxgroup.com cache0.winmxgroup.net cache4.winmxgroup.net cache8.winmxgroup.net cache12.winmxgroup.net cache16.winmxgroup.net
    O1 - Hosts: 82.204.21.111 cache3.winmxgroup.com cache7.winmxgroup.com cache1.winmxgroup.net cache5.winmxgroup.net cache9.winmxgroup.net cache13.winmxgroup.net cache17.winmxgroup.net
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

    continua
    Rispondi quotando Rispondi quotando
  3. 19-11-2007, 22:20 #3
    Liuba
    Liuba non è in linea
    Utente di HTML.it
    Registrato dal
    Nov 2007
    Messaggi
    71

    ...e questo :(

    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA BE.EXE /P23 "EPSON Stylus D88 Series" /O5 "LPT1:" /M "Stylus D88"
    O4 - HKLM\..\Run: [Nvidia System Driver Utilities] nvsvc64.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [2c213e16] rundll32.exe "C:\WINDOWS\system32\jivqqrus.dll",b
    O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
    O4 - HKCU\..\Run: [Steam] "C:\Programmi\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: C6 Messenger.lnk = C:\TinMessenger\c6Messenger.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\utente\Menu Avvio\Programmi\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {9F9AAACA-18CC-40F7-A7AD-8E5F70960865} (LiveView Control) - http://www.flexwatch.com/app_link/download/LiveView.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B10D4ECC-0E1F-4F5E-900E-68A01027F33D}: NameServer = 62.211.69.150,212.48.4.15
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0080024.dat
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

    --
    End of file - 12959 bytes
    Rispondi quotando Rispondi quotando
  4. 19-11-2007, 22:26 #4
    bdori@no
    bdori@no non è in linea
    Utente di HTML.it L'avatar di bdori@no
    Registrato dal
    Sep 2007
    Messaggi
    51
    Mi sa che dovevi continuare la prima discussione...


    Scaricati Combofix da qui o da qui.
    Salvalo sul desktop.

    1. Doppio click su combofix.exe, comparirà la seguente videata:

    2. Digita 1, premi Invio e segui le indicazioni.
    3. Al termine, verrà creato un file log chiamato C:\ComboFix.txt.
    4. Posta il log creato insieme a un log aggiornato di hijackthis.

    Nota: Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.

    Nota: ComboFix non funziona in modalità provvisoria.
    "Domandare è lecito, rispondere è cortesia"

    HJT GMER Avenger
    Rispondi quotando Rispondi quotando
  5. 19-11-2007, 22:28 #5
    Habanero
    Habanero non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di Habanero
    Registrato dal
    Jun 2001
    Messaggi
    9,782
    Liuba per aggiungere un post ad una discussione devi cliccare su Rispondi, non su Nuovo....

    Ho unito le tre discussioni.
    Leggi il REGOLAMENTO!

    E' molto complicato, un mucchio di input e output, una quantità di informazioni, un mucchio di elementi da considerare, ho una quantità di elementi da tener presente...
    Drugo
    Rispondi quotando Rispondi quotando
  6. 19-11-2007, 23:03 #6
    Liuba
    Liuba non è in linea
    Utente di HTML.it
    Registrato dal
    Nov 2007
    Messaggi
    71
    Ho scaricato il combofix e domani (sempre se riesco a far partire internet e rientrare) vi spediro i log. Grazie intanto e perdonate l'errore dei post
    Rispondi quotando Rispondi quotando
  7. 20-11-2007, 00:07 #7
    Liuba
    Liuba non è in linea
    Utente di HTML.it
    Registrato dal
    Nov 2007
    Messaggi
    71
    un problema, quando combofix ha riavviato il PC certi programmi son partiti da soli cmq ecco qui il log:
    ComboFix 07-11-08.3 - utente 2007-11-19 22.43.27.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1614 [GMT 1:00]
    Eseguito da: C:\Documents and Settings\utente\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Creati Da 2007-10-19 al 2007-11-19 )))))))))))))))))))))))))))))))))))
    .

    2007-11-19 22:08 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-19 05:25 79,424 --a------ C:\WINDOWS\system32\honncmla.dll
    2007-11-18 21:17 79,424 --a------ C:\WINDOWS\system32\glvqntlk.dll
    2007-11-18 20:12 <DIR> d-------- C:\QUARANTENA_VIRIT
    2007-11-18 18:58 <DIR> d-------- C:\VEXPLITE
    2007-11-18 18:58 36,096 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
    2007-11-18 18:15 <DIR> d-------- C:\Programmi\Trend Micro
    2007-11-17 21:08 82,496 --a------ C:\WINDOWS\system32\nkgqdeaq.dll
    2007-11-17 20:57 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
    2007-11-16 21:30 <DIR> d-------- C:\Programmi\GameSpy
    2007-11-16 21:29 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
    2007-11-16 21:28 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-11-16 21:28 22,328 --a------ C:\Documents and Settings\utente\Dati applicazioni\PnkBstrK.sys
    2007-11-16 21:27 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
    2007-11-16 21:27 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2007-11-16 21:27 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2007-11-16 21:11 <DIR> d-------- C:\Programmi\Electronic Arts
    2007-11-16 20:39 1 --a------ C:\Documents and Settings\utente\SI.bin
    2007-11-13 05:06 81,472 --a------ C:\WINDOWS\system32\qtqiarbq.dll
    2007-11-13 05:00 89,664 --a------ C:\WINDOWS\system32\jvnwhshg.dll
    2007-11-12 05:08 88,128 --a------ C:\WINDOWS\system32\hfaidskx.dll
    2007-11-12 05:05 79,936 --a------ C:\WINDOWS\system32\ruethygq.dll
    2007-11-11 15:20 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2007-11-11 15:20 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
    2007-11-11 15:20 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2007-11-11 15:20 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
    2007-11-11 08:20 79,936 --a------ C:\WINDOWS\system32\bhdndeny.dll
    2007-11-10 02:37 77,888 --a------ C:\WINDOWS\system32\ixqpxptg.dll
    2007-11-09 03:22 <DIR> d-------- C:\Programmi\MSN Messenger
    2007-11-07 22:30 86,080 --a------ C:\WINDOWS\system32\utxsfcdy.dll
    2007-11-07 22:27 79,936 --a------ C:\WINDOWS\system32\uhfokvlq.dll
    2007-11-07 22:08 <DIR> d-------- C:\Documents and Settings\utente\Dati applicazioni\Lavasoft
    2007-11-07 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
    2007-11-06 19:12 <DIR> d-------- C:\Programmi\Lavasoft
    2007-11-01 05:19 10,752 -rahs---- C:\WINDOWS\system32\avrsvc.exe
    2007-10-31 03:59 10,752 -rahs---- C:\WINDOWS\system32\asrsvc.exe
    2007-10-27 05:15 <DIR> d--h----- C:\WINDOWS\PIF
    2007-10-27 04:46 59,392 -rahs---- C:\WINDOWS\system32\nvsvc64.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    2007-11-19 21:41 --------- d-----w C:\Programmi\Steam
    2007-11-17 05:42 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\IMVU
    2007-11-16 20:05 --------- d--h--w C:\Programmi\InstallShield Installation Information
    2007-11-16 20:05 --------- d-----w C:\Programmi\Ubisoft
    2007-11-12 17:25 --------- d-----w C:\Programmi\Live Billiards
    2007-11-07 21:06 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
    2007-11-04 16:27 --------- d-----w C:\Programmi\eMule
    2007-10-30 03:01 --------- d-----w C:\Programmi\IMVU
    2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-10-25 16:24 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-10-25 16:14 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-10-24 14:51 --------- d-----w C:\Programmi\File comuni\Adobe
    2007-10-16 03:38 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-16 03:32 --------- d-----w C:\Programmi\ubi.com
    2007-10-16 03:32 --------- d-----w C:\Programmi\File comuni\PocketSoft
    2007-10-16 03:32 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\ubi.com
    2007-10-13 05:46 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\InstallShield
    2007-10-11 20:19 --------- d-----w C:\Programmi\Total Video Converter
    2007-10-06 15:10 --------- d-----w C:\Programmi\ReflexiveArcade
    2007-10-05 18:41 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Test Drive Unlimited
    2007-10-03 02:05 737,280 ----a-w C:\WINDOWS\iun6002.exe
    2007-10-01 13:05 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\InstallShield Installation Information
    2007-10-01 13:04 --------- d-----w C:\Programmi\SEGA
    2007-10-01 13:00 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\GetRightToGo
    2007-09-29 02:30 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\Bioshock
    2007-09-27 02:49 --------- d-----w C:\Programmi\Shareaza
    2007-09-27 02:49 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\Shareaza
    2007-09-10 01:59 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-09-04 15:47 62,232 ----a-w C:\WINDOWS\system32\GameuxInstallHelper.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2007-11-19_22.18.32.21 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-19 21:40:00 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_490.dat
    .
    ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* i valori vuoti & legittimi/default non sono visualizzati.

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2CAB42A8-E8F0-41A7-8D9A-E474CC719CAD}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2CEEDDF2-32A0-457D-987D-9E4BFC7A90A8}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F916466-AC69-4B69-A4A2-676702AA3F18}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A6256F2-C4FC-43B5-81C8-359A04C1BF5D}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49AACCCA-00D4-4456-ADC2-F09236565FA1}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5590A9A3-E325-479E-AD2A-0F8DFCB63FD6}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{55F31BC3-D81F-4E57-869B-541317258232}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{584DC9C6-3AA8-4F92-B55C-A2900163852E}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B9438CC-AD21-412E-8B36-C317D7A55FB4}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{701F132D-ECD5-4700-9770-B5D5A3417A74}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74507373-C310-4336-AC66-BCA8F3BA37C5}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B9479E1-3B59-4FB7-9B06-89D5573B8BCD}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81AA98C0-2DA7-468E-8BBE-7990FBC4E03D}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{999BE6FA-8CFA-4FC3-A030-264E64F0C76A}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A67280DA-D950-41E4-98AE-7DBF659F989A}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA48B7B3-8CC5-4ADA-8A9A-DE2E9BA0EBEC}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACB78CCE-879B-404E-8748-CF06A55C3D3B}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA33557B-965D-47EE-95D6-49A0A020D20F}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC152284-AC82-4F77-AFC7-07AC19FEAE02}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D14CB728-4A3A-4CFA-9280-8A806451740D}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D607DC33-8995-44D1-9C18-6CDC5265BBCA}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-10-25 17:20]
    "RemoteControl"="C:\Programmi\CyberLink\PowerDVD\P DVDServ.exe" [2003-10-31 18:42]
    "NWEReboot"="" []
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 10:50]
    "SoundMAXPnP"="C:\Programmi\Analog Devices\Core\smax4pnp.exe" [2006-07-20 06:04]
    "SoundMAX"="C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12]
    "snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-05-10 16:37]
    "EPSON Stylus D88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_FATIABE.exe" [2005-01-27 05:00]
    "Nvidia System Driver Utilities"="nvsvc64.exe" [2007-10-27 02:45 C:\WINDOWS\system32\nvsvc64.exe]
    "ISUSPM Startup"="C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\I SUSPM.exe" []
    "ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15]
    "2c213e16"="C:\WINDOWS\system32\jivqqrus.dll" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39]
    "StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-16 08:47]
    "msnmsgr"="C:\Programmi\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-06-11 17:16]
    "swg"="C:\Programmi\Google\GoogleToolbarNotifier\G oogleToolbarNotifier.exe" [2007-07-03 00:38]
    "Steam"="C:\Programmi\Steam\Steam.exe" [2007-11-15 16:21]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gdoqifqe]
    gdoqifqe.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rsowdywl]
    rsowdywl.dll

    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
    S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
    S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
    S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

    .
    ************************************************** ************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-19 22:45:20
    Windows 5.1.2600 Service Pack 2 NTFS

    scansione processi nascosti ...

    scansione entrate autostart nascoste ...

    Scansione files nascosti ...

    Scansione completata con successo
    Files nascosti: 0

    ************************************************** ************************
    .
    Ora fine scansione: 2007-11-19 22.45.51
    C:\ComboFix2.txt ... 2007-11-19 22:19
    .
    --- E O F ---
    Rispondi quotando Rispondi quotando
  8. 20-11-2007, 00:10 #8
    Liuba
    Liuba non è in linea
    Utente di HTML.it
    Registrato dal
    Nov 2007
    Messaggi
    71
    e questo il log di hijack:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22.48.55, on 19/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    C:\Programmi\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    C:\Programmi\Analog Devices\Core\smax4pnp.exe
    C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA BE.EXE
    C:\WINDOWS\system32\nvsvc64.exe
    C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
    C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
    C:\TinMessenger\c6Messenger.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\explorer.exe
    C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2CAB42A8-E8F0-41A7-8D9A-E474CC719CAD} - (no file)
    O2 - BHO: (no name) - {2CEEDDF2-32A0-457D-987D-9E4BFC7A90A8} - (no file)
    O2 - BHO: (no name) - {2F916466-AC69-4B69-A4A2-676702AA3F18} - (no file)
    O2 - BHO: (no name) - {3A6256F2-C4FC-43B5-81C8-359A04C1BF5D} - (no file)
    O2 - BHO: (no name) - {49AACCCA-00D4-4456-ADC2-F09236565FA1} - (no file)
    O2 - BHO: (no name) - {5590A9A3-E325-479E-AD2A-0F8DFCB63FD6} - (no file)
    O2 - BHO: (no name) - {55F31BC3-D81F-4E57-869B-541317258232} - (no file)
    O2 - BHO: (no name) - {584DC9C6-3AA8-4F92-B55C-A2900163852E} - (no file)
    O2 - BHO: (no name) - {6B9438CC-AD21-412E-8B36-C317D7A55FB4} - (no file)
    O2 - BHO: (no name) - {701F132D-ECD5-4700-9770-B5D5A3417A74} - (no file)
    O2 - BHO: (no name) - {74507373-C310-4336-AC66-BCA8F3BA37C5} - (no file)
    O2 - BHO: (no name) - {7B9479E1-3B59-4FB7-9B06-89D5573B8BCD} - (no file)
    O2 - BHO: (no name) - {81AA98C0-2DA7-468E-8BBE-7990FBC4E03D} - (no file)
    O2 - BHO: (no name) - {999BE6FA-8CFA-4FC3-A030-264E64F0C76A} - (no file)
    O2 - BHO: (no name) - {A67280DA-D950-41E4-98AE-7DBF659F989A} - (no file)
    O2 - BHO: (no name) - {AA48B7B3-8CC5-4ADA-8A9A-DE2E9BA0EBEC} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
    O2 - BHO: (no name) - {ACB78CCE-879B-404E-8748-CF06A55C3D3B} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301. 7164\swg.dll
    O2 - BHO: (no name) - {BA33557B-965D-47EE-95D6-49A0A020D20F} - (no file)
    O2 - BHO: (no name) - {CC152284-AC82-4F77-AFC7-07AC19FEAE02} - (no file)
    O2 - BHO: (no name) - {D14CB728-4A3A-4CFA-9280-8A806451740D} - (no file)
    O2 - BHO: (no name) - {D607DC33-8995-44D1-9C18-6CDC5265BBCA} - (no file)
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA BE.EXE /P23 "EPSON Stylus D88 Series" /O5 "LPT1:" /M "Stylus D88"
    O4 - HKLM\..\Run: [Nvidia System Driver Utilities] nvsvc64.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [2c213e16] rundll32.exe "C:\WINDOWS\system32\jivqqrus.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
    O4 - HKCU\..\Run: [Steam] "C:\Programmi\Steam\Steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: C6 Messenger.lnk = C:\TinMessenger\c6Messenger.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\utente\Menu Avvio\Programmi\IMVU\Run IMVU.lnk
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {9F9AAACA-18CC-40F7-A7AD-8E5F70960865} (LiveView Control) - http://www.flexwatch.com/app_link/download/LiveView.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B10D4ECC-0E1F-4F5E-900E-68A01027F33D}: NameServer = 62.211.69.150,212.48.4.15
    O20 - Winlogon Notify: gdoqifqe - gdoqifqe.dll (file missing)
    O20 - Winlogon Notify: rsowdywl - rsowdywl.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 9810 bytes
    Rispondi quotando Rispondi quotando
  9. 20-11-2007, 13:22 #9
    bdori@no
    bdori@no non è in linea
    Utente di HTML.it L'avatar di bdori@no
    Registrato dal
    Sep 2007
    Messaggi
    51
    Scarica Avenger e scompattalo in una sua cartella non temporanea e non sul desktop

    Avvia AVENGER
    Clicca su input script manually
    Clicca sulla lente d'ingrandimento
    Inserisci le righe seguenti:

    Files to delete:
    C:\WINDOWS\system32\jivqqrus.dll
    C:\WINDOWS\system32\gdoqifqe.dll
    C:\WINDOWS\system32\rsowdywl.dll
    C:\WINDOWS\system32\nvsvc64.exe
    C:\WINDOWS\system32\honncmla.dll
    C:\WINDOWS\system32\glvqntlk.dll
    C:\WINDOWS\system32\nkgqdeaq.dll
    C:\WINDOWS\system32\qtqiarbq.dll
    C:\WINDOWS\system32\jvnwhshg.dll
    C:\WINDOWS\system32\hfaidskx.dll
    C:\WINDOWS\system32\ruethygq.dll
    C:\WINDOWS\system32\bhdndeny.dll
    C:\WINDOWS\system32\ixqpxptg.dll
    C:\WINDOWS\system32\utxsfcdy.dll
    C:\WINDOWS\system32\uhfokvlq.dll
    C:\WINDOWS\system32\avrsvc.exe
    C:\WINDOWS\system32\asrsvc.exe


    Registry keys to delete:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{2CAB42A8-E8F0-41A7-8D9A-E474CC719CAD}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{2CEEDDF2-32A0-457D-987D-9E4BFC7A90A8}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{2F916466-AC69-4B69-A4A2-676702AA3F18}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{3A6256F2-C4FC-43B5-81C8-359A04C1BF5D}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{49AACCCA-00D4-4456-ADC2-F09236565FA1}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{5590A9A3-E325-479E-AD2A-0F8DFCB63FD6}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{55F31BC3-D81F-4E57-869B-541317258232}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{584DC9C6-3AA8-4F92-B55C-A2900163852E}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{6B9438CC-AD21-412E-8B36-C317D7A55FB4}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{701F132D-ECD5-4700-9770-B5D5A3417A74}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{74507373-C310-4336-AC66-BCA8F3BA37C5}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{7B9479E1-3B59-4FB7-9B06-89D5573B8BCD}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{81AA98C0-2DA7-468E-8BBE-7990FBC4E03D}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{999BE6FA-8CFA-4FC3-A030-264E64F0C76A}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{A67280DA-D950-41E4-98AE-7DBF659F989A}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{AA48B7B3-8CC5-4ADA-8A9A-DE2E9BA0EBEC}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{ACB78CCE-879B-404E-8748-CF06A55C3D3B}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{BA33557B-965D-47EE-95D6-49A0A020D20F}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{CC152284-AC82-4F77-AFC7-07AC19FEAE02}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{D14CB728-4A3A-4CFA-9280-8A806451740D}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{D607DC33-8995-44D1-9C18-6CDC5265BBCA}
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gdoqifqe
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rsowdywl

    Registry values to delete:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run | 2c213e16
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run | Nvidia System Driver Utilities


    Clicca su Done
    Clicca sul semaforo
    Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
    Al termine dell'operazione, posta qui il risultato e un log aggiornato di hijackthis.
    "Domandare è lecito, rispondere è cortesia"

    HJT GMER Avenger
    Rispondi quotando Rispondi quotando
  10. 20-11-2007, 19:59 #10
    Liuba
    Liuba non è in linea
    Utente di HTML.it
    Registrato dal
    Nov 2007
    Messaggi
    71
    Ciao a tutti, sono appena rientrata a casa dal lavoro e devo dire che dopo aver usato combofix sembra e dico sembra che le cose vadano meglio. Prima di fare questo lavoro con avenger (a proposito posso fare copia incolla di tutto quello che c'è scrittocosì come è e poi cliccare su done?) volevo chiedere se io faccio da utilità di sistema un ripristino configurazione di sistema posso risolvere il tutto?
    Il giorno dopo dell'apparizione dei primi problemi avevo disattivato il ripristino.
    Ciao e grazie mille per il vostro aiuto
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2026 vBulletin Solutions, Inc. All rights reserved.