Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Maledetto MALWARE...

Maledetto MALWARE... Opzioni
Topic Precedente · Topic Sucessivo
pizzamike1969
Inviato: Wednesday, September 03, 2008 5:15:29 PM
Rank: Newbie

Iscritto dal : 9/3/2008
Posts: 0
Gentili amici,

ho un problema, quando apro delle pagine da IE che visualizzano Java mi si apre AVAST con il seguente messaggio:

MALWARE-GEN
v4jud.dhhjk.info/code/java.jar\javajava\java.clas.

impedendomi la visualizzazione di alcuni siti o la parziale visione.

AVAST me lo blocca me lo mette nel cestino ma esce sempre ho provato da modalità provvisoria, spuntando anche la voce "RIPRISTO DELLA CONFIGURAZIONE" utilizzando i + comuni spyware ma niente da fare.

Vi posto il log estrapolato con HIJACK, se GENTILMENTEEEE mi aiutate a capire se devo cancellare qualcosa oppure che strada seguire per eliminare l'ospite indesiderato.

Grazie MILLLLLEEEEEEE
Mike.

P.S.: per chiunque avesse bisogno nel mondo della pizza sono a Vs. disposizione.........THANKKKKKK


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCSVR.EXE
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.repubblica.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=25040
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [U.S. Robotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Controllo dello stato.lnk = C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Point&&Go - C:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1D1AE84-888B-4BA6-808B-4D96D8C6E9FC}: NameServer = 151.99.125.2
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7315 bytes
Torna in alto
 
Sponsor
Inviato: Wednesday, September 03, 2008 5:15:29 PM

 
Torna in alto
 
pizzamike1969
Inviato: Wednesday, September 03, 2008 5:44:25 PM
Rank: Newbie

Iscritto dal : 9/3/2008
Posts: 0
Nel frattempo ho fatto una scansione anche con COMBOFIX.
Posto di seguito il log che mi sembra a occhio più avvelenato di quello sopra.

Resto in attesa di qualche anima buona.


Ciaoooooo




ComboFix 08-09-01.05 - User 2008-09-03 17.35.30.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.1591 [GMT 2:00]
Eseguito da: C:\Scaricamenti\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\eoekykg.dat
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\eoekykg.exe
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\eoekykg_nav.dat
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\eoekykg_navps.dat
C:\Programmi\Instant Access
C:\Programmi\instant access\Center\Crazy Girls.upd
C:\Programmi\instant access\Center\GAMES-DESKTOP.COM.upd
C:\Programmi\instant access\Center\Icons\Crazy Girls.lnk
C:\Programmi\instant access\Center\SERIALPLAYERS.upd
C:\Programmi\instant access\Center\tray1.ico
C:\Programmi\instant access\Dialer\1037119235\es6-external-api.dlv4.com\js\56e9f5a87b1a3e91908dd5028c596703
C:\Programmi\instant access\Dialer\1037119235\es6-www.0texkax7c6hzuidk.com\Common\7014f4e7d9cbcb7c414c665b3d6c8a75.html
C:\Programmi\instant access\Dialer\1037119235\es6-www.0texkax7c6hzuidk.com\custom\4282\EN\button1.gif
C:\Programmi\instant access\Dialer\1037119235\es6-www.0texkax7c6hzuidk.com\custom\4282\EN\button2.gif
C:\Programmi\instant access\Dialer\1037119235\es6-www.0texkax7c6hzuidk.com\custom\4282\EN\button3.gif
C:\Programmi\instant access\Dialer\1037119235\es6-www.0texkax7c6hzuidk.com\custom\4282\EN\button4.gif
C:\Programmi\instant access\Dialer\1037119235\fp.pc-on-internet.com\27dff682a6ad22e30d7aa094cb066654.html
C:\Programmi\instant access\Dialer\1037119235\fp.pc-on-internet.com\27dff682a6ad22e30d7aa094cb066654.html_0.loginvis
C:\Programmi\instant access\Dialer\1037119235\fp.pc-on-internet.com\50214\images\index_02.jpg
C:\Programmi\instant access\Dialer\1037119235\fp.pc-on-internet.com\50214\images\index_04.jpg
C:\Programmi\instant access\Dialer\1037119235\fp.pc-on-internet.com\50214\images\IT\index_01.jpg
C:\Programmi\instant access\Dialer\1039423223\es6-external-api.dlv4.com\js\20e75a56de575e67c022552bbab33434
C:\Programmi\instant access\Dialer\1039423223\es6-www.0texkax7c6hzuidk.com\Common\eb999567273ff6b6cbfe60c479ab6f6f.html
C:\Programmi\instant access\Dialer\1039423223\es6-www.0texkax7c6hzuidk.com\custom\4160\4160_dialer.ico
C:\Programmi\instant access\Dialer\1039423223\es6-www.0texkax7c6hzuidk.com\custom\4160\EN\button1.gif
C:\Programmi\instant access\Dialer\1039423223\es6-www.0texkax7c6hzuidk.com\custom\4160\EN\button2.gif
C:\Programmi\instant access\Dialer\1039423223\es6-www.0texkax7c6hzuidk.com\custom\4160\EN\button3.gif
C:\Programmi\instant access\Dialer\1039423223\es6-www.0texkax7c6hzuidk.com\custom\4160\EN\button4.gif
C:\Programmi\instant access\Dialer\1039423223\fp.pc-on-internet.com\3041\images\00.gif
C:\Programmi\instant access\Dialer\1039423223\fp.pc-on-internet.com\3041\images\bando.jpg
C:\Programmi\instant access\Dialer\1039423223\fp.pc-on-internet.com\3041\images\bando_bas.jpg
C:\Programmi\instant access\Dialer\1039423223\fp.pc-on-internet.com\3041\images\bando_haut.jpg
C:\Programmi\instant access\Dialer\1039423223\fp.pc-on-internet.com\3041\images\bas.gif
C:\Programmi\instant access\Dialer\1039423223\fp.pc-on-internet.com\3041\images\d.gif
C:\Programmi\instant access\Dialer\1039423223\fp.pc-on-internet.com\3041\images\EN\fun1.gif
C:\Programmi\instant access\Dialer\1039423223\fp.pc-on-internet.com\3041\images\EN\fun2.gif
C:\Programmi\instant access\Dialer\1039423223\fp.pc-on-internet.com\3041\images\EN\fun3.gif
C:\Programmi\instant access\Dialer\1039423223\fp.pc-on-internet.com\3041\images\EN\fun4.gif
C:\Programmi\instant access\Dialer\1039423223\fp.pc-on-internet.com\3041\images\EN\jeu1.gif
C:\Programmi\instant access\Dialer\1039423223\fp.pc-on-internet.com\3041\images\EN\jeu2.gif
C:\Programmi\instant access\Dialer\1039423223\fp.pc-on-internet.com\3041\images\EN\jeu3.gif
C:\Programmi\instant access\Dialer\1039423223\fp.pc-on-internet.com\3041\images\EN\titre.gif
C:\Programmi\instant access\Dialer\1039423223\fp.pc-on-internet.com\3041\images\g.gif
C:\Programmi\instant access\Dialer\1039423223\fp.pc-on-internet.com\99496371c07e2114a8e98a2a221b19bb.html
C:\Programmi\instant access\Dialer\1039423223\fp.pc-on-internet.com\99496371c07e2114a8e98a2a221b19bb.html_0.loginvis
C:\Programmi\instant access\Dialer\1039423223\GAMES-DESKTOP.COM.lnk
C:\Programmi\instant access\Dialer\1039423223\www.rapid-pass.net\17f38ce2f402b25609625a73b9a0d0a4
C:\Programmi\instant access\Dialer\1134219008\es6-external-api.dlv4.com\js\fc91ef7753f9d69b9e877fcb329ac211
C:\Programmi\instant access\Dialer\1134219008\es6-www.0texkax7c6hzuidk.com\Common\3debdf80e1998feee0b5ebe27a185492.html
C:\Programmi\instant access\Dialer\1134219008\es6-www.0texkax7c6hzuidk.com\custom\4239\EN\button1.gif
C:\Programmi\instant access\Dialer\1134219008\es6-www.0texkax7c6hzuidk.com\custom\4239\EN\button2.gif
C:\Programmi\instant access\Dialer\1134219008\es6-www.0texkax7c6hzuidk.com\custom\4239\EN\button3.gif
C:\Programmi\instant access\Dialer\1134219008\es6-www.0texkax7c6hzuidk.com\custom\4239\EN\button4.gif
C:\Programmi\instant access\Dialer\1134219008\fp.pc-on-internet.com\197c9615dd286e19bcb16fc77ddd1bd9.html
C:\Programmi\instant access\Dialer\1134219008\fp.pc-on-internet.com\197c9615dd286e19bcb16fc77ddd1bd9.html_0.loginvis
C:\Programmi\instant access\Dialer\1134219008\fp.pc-on-internet.com\50297\images\EN\index_07.gif
C:\Programmi\instant access\Dialer\1134219008\fp.pc-on-internet.com\50297\images\index_01.gif
C:\Programmi\instant access\Dialer\1134219008\fp.pc-on-internet.com\50297\images\index_02.gif
C:\Programmi\instant access\Dialer\1134219008\fp.pc-on-internet.com\50297\images\index_04.gif
C:\Programmi\instant access\Dialer\1134219008\fp.pc-on-internet.com\50297\images\index_05.gif
C:\Programmi\instant access\Dialer\1134219008\fp.pc-on-internet.com\50297\images\index_06.gif
C:\Programmi\instant access\Dialer\172976500\es6-external-api.dlv4.com\js\ca46c4a9d6d8167369ef49449042924c
C:\Programmi\instant access\Dialer\172976500\es6-www.0texkax7c6hzuidk.com\Common\112c91997cc32d08b33c3bb75ee0f0b5.html
C:\Programmi\instant access\Dialer\172976500\es6-www.0texkax7c6hzuidk.com\custom\4282\EN\button1.gif
C:\Programmi\instant access\Dialer\172976500\es6-www.0texkax7c6hzuidk.com\custom\4282\EN\button2.gif
C:\Programmi\instant access\Dialer\172976500\es6-www.0texkax7c6hzuidk.com\custom\4282\EN\button3.gif
C:\Programmi\instant access\Dialer\172976500\es6-www.0texkax7c6hzuidk.com\custom\4282\EN\button4.gif
C:\Programmi\instant access\Dialer\172976500\fp.pc-on-internet.com\27dff682a6ad22e30d7aa094cb066654.html
C:\Programmi\instant access\Dialer\172976500\fp.pc-on-internet.com\27dff682a6ad22e30d7aa094cb066654.html_0.loginvis
C:\Programmi\instant access\Dialer\172976500\fp.pc-on-internet.com\50214\images\index_02.jpg
C:\Programmi\instant access\Dialer\172976500\fp.pc-on-internet.com\50214\images\index_04.jpg
C:\Programmi\instant access\Dialer\172976500\fp.pc-on-internet.com\50214\images\IT\index_01.jpg
C:\Programmi\instant access\Dialer\638844246\Crazy Girls.lnk
C:\Programmi\instant access\Dialer\638844246\es6-external-api.dlv4.com\js\f905ceb09eb2130ca29223b1b9052911
C:\Programmi\instant access\Dialer\638844246\es6-www.0texkax7c6hzuidk.com\Common\626f670afde7d42c4ccd5afc1d2e48f1.html
C:\Programmi\instant access\Dialer\638844246\es6-www.0texkax7c6hzuidk.com\custom\4239\4239_dialer.ico
C:\Programmi\instant access\Dialer\638844246\es6-www.0texkax7c6hzuidk.com\custom\4239\EN\button1.gif
C:\Programmi\instant access\Dialer\638844246\es6-www.0texkax7c6hzuidk.com\custom\4239\EN\button2.gif
C:\Programmi\instant access\Dialer\638844246\es6-www.0texkax7c6hzuidk.com\custom\4239\EN\button3.gif
C:\Programmi\instant access\Dialer\638844246\es6-www.0texkax7c6hzuidk.com\custom\4239\EN\button4.gif
C:\Programmi\instant access\Dialer\638844246\fp.pc-on-internet.com\50285\images\index_03.jpg
C:\Programmi\instant access\Dialer\638844246\fp.pc-on-internet.com\50285\images\index_04.jpg
C:\Programmi\instant access\Dialer\638844246\fp.pc-on-internet.com\50285\images\index_06.jpg
C:\Programmi\instant access\Dialer\638844246\fp.pc-on-internet.com\50285\images\index_07.jpg
C:\Programmi\instant access\Dialer\638844246\fp.pc-on-internet.com\50285\images\IT\index_01.gif
C:\Programmi\instant access\Dialer\638844246\fp.pc-on-internet.com\50285\images\IT\index_02.gif
C:\Programmi\instant access\Dialer\638844246\fp.pc-on-internet.com\9b03920051094effe175851798348a88.html
C:\Programmi\instant access\Dialer\638844246\fp.pc-on-internet.com\9b03920051094effe175851798348a88.html_0.loginvis
C:\Programmi\instant access\Dialer\638844246\www.rapid-pass.net\265e6dfbe4c0dad5bc9a39abe3f42025
C:\Programmi\instant access\Dialer\785493123\es6-external-api.dlv4.com\js\05bf4b8b8199be655792c1202d61c4d6
C:\Programmi\instant access\Dialer\785493123\es6-www.0texkax7c6hzuidk.com\Common\9aeac94d3949a40ea7014f3c40f93434.html
C:\Programmi\instant access\Dialer\785493123\es6-www.0texkax7c6hzuidk.com\custom\4282\EN\button1.gif
C:\Programmi\instant access\Dialer\785493123\es6-www.0texkax7c6hzuidk.com\custom\4282\EN\button2.gif
C:\Programmi\instant access\Dialer\785493123\es6-www.0texkax7c6hzuidk.com\custom\4282\EN\button3.gif
C:\Programmi\instant access\Dialer\785493123\es6-www.0texkax7c6hzuidk.com\custom\4282\EN\button4.gif
C:\Programmi\instant access\Dialer\785493123\fp.pc-on-internet.com\3001077be26db7121fe838bfe5b522ff.html
C:\Programmi\instant access\Dialer\785493123\fp.pc-on-internet.com\3001077be26db7121fe838bfe5b522ff.html_0.loginvis
C:\Programmi\instant access\Dialer\785493123\fp.pc-on-internet.com\50214\images\index_02.jpg
C:\Programmi\instant access\Dialer\785493123\fp.pc-on-internet.com\50214\images\index_04.jpg
C:\Programmi\instant access\Dialer\785493123\fp.pc-on-internet.com\50214\images\IT\index_01.jpg
C:\Programmi\instant access\Dialer\865148910\es6-external-api.dlv4.com\js\05bf4b8b8199be655792c1202d61c4d6
C:\Programmi\instant access\Dialer\865148910\es6-www.0texkax7c6hzuidk.com\Common\9aeac94d3949a40ea7014f3c40f93434.html
C:\Programmi\instant access\Dialer\865148910\es6-www.0texkax7c6hzuidk.com\custom\4282\EN\button1.gif
C:\Programmi\instant access\Dialer\865148910\es6-www.0texkax7c6hzuidk.com\custom\4282\EN\button2.gif
C:\Programmi\instant access\Dialer\865148910\es6-www.0texkax7c6hzuidk.com\custom\4282\EN\button3.gif
C:\Programmi\instant access\Dialer\865148910\es6-www.0texkax7c6hzuidk.com\custom\4282\EN\button4.gif
C:\Programmi\instant access\Dialer\865148910\fp.pc-on-internet.com\3001077be26db7121fe838bfe5b522ff.html
C:\Programmi\instant access\Dialer\865148910\fp.pc-on-internet.com\3001077be26db7121fe838bfe5b522ff.html_0.loginvis
C:\Programmi\instant access\Dialer\865148910\fp.pc-on-internet.com\50214\images\index_02.jpg
C:\Programmi\instant access\Dialer\865148910\fp.pc-on-internet.com\50214\images\index_04.jpg
C:\Programmi\instant access\Dialer\865148910\fp.pc-on-internet.com\50214\images\IT\index_01.jpg
C:\Programmi\instant access\Dialer\865148910\SERIALPLAYERS.lnk
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\rtl60.bpl

.
((((((((((((((((((((((((( Files Creati Da 2008-08-03 al 2008-09-03 )))))))))))))))))))))))))))))))))))
.

2008-09-03 16:24 . 2008-09-03 16:24 <DIR> d-------- C:\Programmi\Trend Micro
2008-09-03 15:28 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-03 15:28 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-03 15:28 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-03 15:28 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-03 15:28 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-03 15:28 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-03 15:28 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-03 15:28 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-03 15:28 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-03 12:20 . 2008-09-03 15:31 <DIR> d-------- C:\Programmi\ewido anti-spyware 4.0
2008-09-03 11:51 . 2008-09-03 11:51 <DIR> d-------- C:\fsaua.data
2008-09-03 10:09 . 2005-04-27 10:56 36,864 --------- C:\WINDOWS\system32\pnpchk.exe
2008-09-03 10:06 . 2005-06-16 23:55 1,400,932 --------- C:\WINDOWS\system32\AegisE5.dll
2008-09-03 10:06 . 2005-05-25 13:58 1,253,485 --------- C:\WINDOWS\system32\BCMWLCPL.CPL
2008-09-03 10:06 . 2005-05-25 16:15 819,308 --------- C:\WINDOWS\system32\BCMWLTRY.EXE
2008-09-03 10:06 . 2005-01-19 12:01 634,982 --------- C:\WINDOWS\system32\wltray.exe
2008-09-03 10:06 . 2005-01-19 12:01 192,512 --------- C:\WINDOWS\system32\AegisI5.exe
2008-09-03 10:06 . 2005-01-19 12:01 172,032 --------- C:\WINDOWS\system32\BCMLogon.dll
2008-09-03 10:06 . 2005-05-25 16:23 81,920 --------- C:\WINDOWS\system32\wltrynt.dll
2008-09-03 10:06 . 2005-03-02 11:16 65,536 --------- C:\WINDOWS\system32\WLTRYSVC.EXE
2008-09-03 10:06 . 2008-09-03 10:06 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-09-03 10:05 . 2005-06-17 15:32 991,232 --------- C:\WINDOWS\system32\MfcGF.dll
2008-09-03 10:05 . 2005-03-11 16:10 233,472 --------- C:\WINDOWS\system32\Veneer.dll
2008-09-03 10:05 . 2006-02-03 15:33 217,088 --------- C:\WINDOWS\system32\Cylon.dll
2008-09-03 10:05 . 2005-01-19 12:01 184,320 --------- C:\WINDOWS\system32\BCMWLU00.EXE
2008-09-03 10:05 . 2004-11-17 14:09 102,400 --------- C:\WINDOWS\system32\W32N55.dll
2008-09-03 10:05 . 2005-01-19 12:01 69,632 --------- C:\WINDOWS\system32\BCMWLD2K.EXE
2008-09-03 10:05 . 2004-10-29 12:09 53,248 --------- C:\WINDOWS\system32\preflib.dll
2008-09-03 10:05 . 2004-11-17 14:09 49,152 --------- C:\WINDOWS\system32\usrnicvw.dll
2008-09-03 10:05 . 2004-09-07 16:42 17,664 --------- C:\WINDOWS\system32\drivers\PCASp50.sys
2008-09-03 10:05 . 2008-09-03 10:05 8 --a------ C:\WINDOWS\usrwiz.ini
2008-09-03 10:01 . 2008-09-03 16:03 25,837 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2008-09-03 09:48 . 2008-09-03 15:28 1,542 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-03 09:36 . 2008-09-03 09:48 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2008-09-03 09:36 . 2008-09-03 09:48 <DIR> d-------- C:\Documents and Settings\User\Dati applicazioni\SUPERAntiSpyware.com
2008-09-03 09:36 . 2008-09-03 09:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-09-01 19:39 . 2008-09-01 19:47 <DIR> d-------- C:\Programmi\RegistryFix7
2008-09-01 10:59 . 2008-09-01 10:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-08-31 19:22 . 2008-08-31 19:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-31 19:22 . 2008-08-31 19:22 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-29 21:06 . 2008-08-29 21:06 <DIR> d-------- C:\Documents and Settings\User\Dati applicazioni\Lavasoft
2008-08-28 12:33 . 2008-09-01 22:30 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-26 20:01 . 2008-08-26 20:01 268 --ah----- C:\sqmdata00.sqm
2008-08-26 20:01 . 2008-08-26 20:01 244 --ah----- C:\sqmnoopt00.sqm
2008-08-03 19:10 . 2008-08-03 19:10 2,580,168 --a------ C:\Programmi\emule049a.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-03 08:05 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-08-30 12:31 --------- d-----w C:\Programmi\File comuni\Logitech
2008-08-29 18:45 --------- d-----w C:\Programmi\File comuni\Adobe
2008-08-07 16:22 --------- d-----w C:\Programmi\Emule
2008-07-24 19:32 --------- d-----w C:\Programmi\Conduit
2008-07-23 23:28 --------- d-----w C:\Programmi\LphantBar
2008-07-23 22:26 --------- d-----w C:\Programmi\Lphant
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-13 13:17 --------- d-----w C:\Programmi\LimeWire
2008-07-13 13:14 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\LimeWire
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:15 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2004-10-27 15:05 22,144 ----a-w C:\WINDOWS\inf\other\ADM851X.sys
2004-10-27 15:05 22,144 ----a-w C:\WINDOWS\inf\ADM851X.sys
.
Code:
<pre>
----a-w           438,359 2006-04-21 14:41:20  C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB .exe
----a-r           925,696 2005-05-18 08:00:00  C:\Programmi\Analog Devices\Core\smax4pnp .exe
----a-w            49,152 2005-01-26 16:02:22  C:\Programmi\Brother\Brmfl05a\BrStDvPt .exe
----a-w            68,856 2007-11-05 20:20:34  C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w            49,152 2005-05-11 21:12:54  C:\Programmi\HP\HP Software Update\HPWuSchd2 .exe
----a-w           356,352 2001-11-09 06:47:50  C:\Programmi\NASDAK\OmniMouse Driver\4.0\MOUSE32A .exe
----a-w            15,360 2006-03-02 12:00:00  C:\WINDOWS\system32\ctfmon .exe
</pre>



((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"U.S. Robotics Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [X]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-12-07 217088]
Controllo dello stato.lnk - C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe [2007-07-03 802816]
Logitech SetPoint.lnk - C:\Programmi\Logitech\SetPoint\SetPoint.exe [2008-02-17 692224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 21:21 57344 C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2005-03-11 01:28 40960 C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2005-03-11 01:01 57393 C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Programmi\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-10-14 10:22 155648 C:\Programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Lphant\\eLePhantClient.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2002-09-25 59338]
S3 ADM851X;IDF Alice Gate 2 plus USB;C:\WINDOWS\system32\DRIVERS\ADM851X.SYS [2004-10-27 22144]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-04-02 17920]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2004-09-07 17664]
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-09-03 25837]
S3 TaurusUsb;ADSL Modem USB Service 1.09a;C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-01-09 527980]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09157517-b4a2-11dc-8dda-001737a826a8}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e49b405-c932-11dc-8e09-001737a826a8}]
\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d26478b1-5fd1-11dc-8d1a-001a9256b56f}]
\Shell\AutoRun\command - H:\InstallTomTomHOME.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.repubblica.it/
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1
O8 -: &Point&&Go - C:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{F1D1AE84-888B-4BA6-808B-4D96D8C6E9FC}: NameServer = 151.99.125.2

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-03 17:37:26
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-09-03 17:38:17
ComboFix-quarantined-files.txt 2008-09-03 15:38:12

Pre-Run: 149,823,086,592 byte disponibili
Post-Run: 149,961,707,520 byte disponibili

299 --- E O F --- 2008-09-01 20:30:50
Torna in alto
 
pidue
Inviato: Wednesday, September 03, 2008 6:24:04 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
ComboFix ti ha tolto una tonellata di cacca.
Dovresti dirmi se il log di HijackThis viene prima o dopo la scansione di ComboFix.
Ciao.
Torna in alto
 
pizzamike1969
Inviato: Wednesday, September 03, 2008 6:28:42 PM
Rank: Newbie

Iscritto dal : 9/3/2008
Posts: 0
Prima HijackThis poi ComboFix.
Tieni conto che dopo ComboFix ho provato la navigazione ma si presenta sempre lo stesso problema.

Si apre sempre AVAST segnalandomi lo stesso MALWER-GEN ogni volta gli cambia nome adesso inizia per A6DXG.DHHJK.INFO.......il resto è uguale.
Torna in alto
 
pidue
Inviato: Wednesday, September 03, 2008 6:31:17 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Rifai una scansione con HijackThis e pubblica un nuovo log.
Torna in alto
 
pizzamike1969
Inviato: Wednesday, September 03, 2008 6:47:07 PM
Rank: Newbie

Iscritto dal : 9/3/2008
Posts: 0
ECCOLOOOO appena rifatto.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:44:20, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.repubblica.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=25040
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [U.S. Robotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Controllo dello stato.lnk = C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Point&&Go - C:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1D1AE84-888B-4BA6-808B-4D96D8C6E9FC}: NameServer = 151.99.125.2
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7064 bytes
Torna in alto
 
pidue
Inviato: Wednesday, September 03, 2008 6:53:24 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Il log è a posto.
Scarica VirIt , installalo e aggiornalo. Fai due scansioni in modalità provvisoria. Pubblica il log.

Aggiorna il JRE, il tuo è scaduto da un pezzo. Lo scarichi da qui.
Torna in alto
 
pizzamike1969
Inviato: Thursday, September 04, 2008 12:11:45 PM
Rank: Newbie

Iscritto dal : 9/3/2008
Posts: 0
Ecco il LOG di VIRIT dopo le 2 scansioni in modalità provvisoria:

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
04/09/2008 - 09:40:30

[SCANSIONE DEL REGISTRO]
OK

[A:]
BOOT SECTOR: OK


[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Documents and Settings\User\Desktop\SmitfraudFix\exit.exe Infetto da Trojan.Win32.Agent.AWE
* * * RIMOSSO * * *

[D:]


[F:]


[G:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 91802.
Files Totali: 91802.
Chiavi Registro rimosse: 0.
Virus Rimossi: 1.

04/09/2008 - 10:48:43

[SCANSIONE DEL REGISTRO]
OK

[A:]
BOOT SECTOR: OK


[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[D:]


[F:]


[G:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 91801.
Files Totali: 91801.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
Torna in alto
 
pizzamike1969
Inviato: Thursday, September 04, 2008 12:24:28 PM
Rank: Newbie

Iscritto dal : 9/3/2008
Posts: 0
Niente da fare amici.....

Fatte le due scansioni con virIT da modalità provvisoria,
aggiornato JER ma appena apro una pagina che contiene qualche Java, AVAST mi segnala il MALWARE-GE

Vi prego non so + che fare.

Ciaoooo
Torna in alto
 
monsee
Inviato: Thursday, September 04, 2008 12:40:11 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Potrebbe anche trattarsi di un falso-positivo: Avast! -notoriamente- ne prende, eccome, di cantonate simili...
Torna in alto
 
pizzamike1969
Inviato: Thursday, September 04, 2008 12:44:35 PM
Rank: Newbie

Iscritto dal : 9/3/2008
Posts: 0
monsee ha scritto:
Potrebbe anche trattarsi di un falso-positivo: Avast! -notoriamente- ne prende, eccome, di cantonate simili...


Quindi potrei provare a disinstallare AVAST metto magari AVG, scansiono da modalità provv. togliendo il ripristino della configurazione, e provo la navigazione.....che ne dici?????
Torna in alto
 
monsee
Inviato: Thursday, September 04, 2008 1:15:14 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Senza esser tanto drastici: vai a fare una bella scansione online sul sito Housecall/Trendmicro.
Un'altra opzione valida consiste nel far verificare il file "presunto-infetto" sul sito VirusTotal.
Puoi anche optar per fare ambo le cose: prima la scansione online e poi l'analisi del file.
Disinstallare Avast! ha senso solo se non ti va più il Programma.
Torna in alto
 
pizzamike1969
Inviato: Thursday, September 04, 2008 3:44:47 PM
Rank: Newbie

Iscritto dal : 9/3/2008
Posts: 0
SONO AVVILITO!!!!!

ho disinstallato AVAST installato AVG 8 fatto l'update, tolto il ripristino della configurazione avviato in mod. provv. e fatto scansione con AVG, rilevato niente di niente........fatta anche la scansione con Spyware Terminator sempre da modalità provvisioria e ancora niente di niente.

Vado a navigare e mi compare:
trojan horse dowloader delf 12 ae..............

Credo che a questo punto devo solo formattare.

Vi ringrazio per l'aiuto anche se non ci siamo riusciti.

Che lavoraccio del cavolo adesso odio le formattazioni

Ciaooo
Torna in alto
 
pidue
Inviato: Thursday, September 04, 2008 4:23:10 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
prima di formattare leggi qui sotto.

http://forum.aiutamici.com/Default.aspx?g=posts&t=48140
http://forum.zeusnews.com/viewtopic.php?t=32736

Ciao.
Torna in alto
 
shapiro
Inviato: Friday, September 05, 2008 1:45:00 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
questo programmino, da molti considerato nulla, toglie di tutto

provalo fai una scansione completa(appena lo lanci te la fa' generica)

vedrai cosa ti trova


ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Maledetto MALWARE...


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.