Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » PC completamente incasinato

PC completamente incasinato Opzioni
Topic Precedente · Topic Sucessivo
giovanitasca
Inviato: Wednesday, June 16, 2010 11:28:17 AM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
Il Pc di lavoro è completamente icasinato. Cammina a scatti come se fosse in modalità provvisoria. Il programma Malware si blocca dopo 6 - 7 secondi dal suo avvio...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.21.42, on 16/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\RelevantKnowledge\rlvknlg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\Anagrafica\Anagrafica.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Anagrafica\Anagrafica.exe
C:\Programmi\internet explorer\iexplore.exe
G:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Statistiche di Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {15CAC53B-5F45-4D70-BE98-386E6F3B3328} (MedstWeb Control) - http://192.168.0.200:8085/resources/medweb/MedstWWW.cab
O16 - DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} (Entire Screen Builder Web Viewer) - http://193.205.23.35/vblu/NWWClientFull.cab
O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} (Ovi maps browser plugin) - http://static.s2g.gate5.de/ovi_maps/OviMapsPlugin_4.0.12.11.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {601B418B-E6A6-47FC-A094-07248741CEB3} (Camtronics Medical Systems Web Viewer) - file:///D:/vwr_data/WebVwr.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225388235067&h=4089f1d284e93945d0eeb3ceca799f9e/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file:///D:/CDVIEWER/CdViewer.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aoumberto.local
O17 - HKLM\Software\..\Telephony: DomainName = aoumberto.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6EED09A-3F29-4747-9A80-2502EC4ED114}: NameServer = 151.99.125.2,151.99.250.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aoumberto.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = aoumberto.local
O20 - Winlogon Notify: RelevantKnowledge - C:\Programmi\RelevantKnowledge\rlls.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - http://www.budgetplaces.com/add-ons/currencyconverter/currencyfunctions.js

--
End of file - 9038 bytes
Torna in alto
 
Sponsor
Inviato: Wednesday, June 16, 2010 11:28:17 AM

 
Torna in alto
 
shapiro
Inviato: Wednesday, June 16, 2010 11:40:26 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
hai una brutta infezione

apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua la voce qui sotto e premi ''kill process'' :

C:\Programmi\RelevantKnowledge\rlvknlg.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'' :

Code:
O20 - Winlogon Notify: RelevantKnowledge - C:\Programmi\RelevantKnowledge\rlls.dll



disattiva l'antivirus

scarica combofix sul desktop
(non installare la recovery console)

- esegui ComboFix.exe
- digita 1
- segui le instruzioni
- finita la scansione portati in C:\ e copia/incolla, nella tua prossima risposta, il contenuto del file di testo Combofix.txt
Torna in alto
 
giovanitasca
Inviato: Thursday, June 17, 2010 11:38:52 AM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
Ho fatto quanto richiesto.
Grazie

ComboFix 10-06-16.03 - Ortopedia 17/06/2010 11.22.11.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.895.404 [GMT 2:00]
Eseguito da: c:\documents and settings\Ortopedia\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\RelevantKnowledge
c:\programmi\RelevantKnowledge\components\rlxg.dll
c:\programmi\RelevantKnowledge\install.rdf
c:\programmi\RelevantKnowledge\MSVCP71.DLL
c:\programmi\RelevantKnowledge\MSVCR71.DLL
c:\programmi\RelevantKnowledge\rlls.dll
c:\programmi\RelevantKnowledge\rlls64.dll
c:\programmi\RelevantKnowledge\rloci.bin
c:\programmi\RelevantKnowledge\rlph.dll
c:\programmi\RelevantKnowledge\rlservice.exe
c:\programmi\RelevantKnowledge\rlvknlg.exe
c:\programmi\RelevantKnowledge\rlvknlg64.exe
c:\programmi\RelevantKnowledge\rlxf.dll
c:\windows\system32\win.com

.
((((((((((((((((((((((((( Files Creati Da 2010-05-17 al 2010-06-17 )))))))))))))))))))))))))))))))))))
.

2010-06-04 10:41 . 2010-06-04 10:41 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-06-03 16:01 . 2010-06-17 09:22 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-03 15:23 . 2010-06-03 15:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2010-06-03 15:22 . 2010-06-03 15:23 -------- d-----w- c:\programmi\DVD Shrink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-17 09:28 . 2008-10-20 12:58 65207328 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-06-17 09:28 . 2009-06-11 09:03 -------- d-----w- c:\documents and settings\Ortopedia\Dati applicazioni\uTorrent
2010-06-17 09:26 . 2008-10-20 12:58 688928 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-06-17 09:25 . 2008-10-20 12:58 882572 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-06-17 09:25 . 2008-10-20 12:58 72896 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-06-15 13:05 . 2010-03-13 19:52 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2010-06-12 08:01 . 2008-10-20 12:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2010-06-10 01:05 . 2008-04-14 12:00 79292 ----a-w- c:\windows\system32\perfc010.dat
2010-06-10 01:05 . 2008-04-14 12:00 478808 ----a-w- c:\windows\system32\perfh010.dat
2010-06-03 15:59 . 2008-09-11 08:16 -------- d-----w- c:\programmi\S3
2010-06-02 14:15 . 2008-10-21 07:59 -------- d-----w- c:\programmi\UltraVNC
2010-06-02 14:15 . 2010-03-11 12:01 -------- d-----w- c:\programmi\Nokia
2010-06-02 14:12 . 2010-03-03 10:08 -------- d-----w- c:\programmi\File comuni\AVSMedia
2010-06-02 14:12 . 2010-03-03 10:08 -------- d-----w- c:\programmi\AVS4YOU
2010-05-23 10:15 . 2010-02-13 11:17 -------- d-----w- c:\programmi\ScarabeoDigital
2010-05-17 10:57 . 2010-05-17 10:57 -------- d-----w- c:\documents and settings\Ortopedia\Dati applicazioni\Lite
2010-05-14 11:33 . 2010-05-14 11:30 -------- d-----w- c:\programmi\MKV Player
2010-05-08 06:16 . 2008-10-20 12:58 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-08 06:16 . 2008-10-20 12:58 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-05-07 16:03 . 2010-05-07 16:03 -------- d-----w- c:\programmi\Norton Security Scan
2010-05-07 16:03 . 2010-03-13 19:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Norton
2010-05-07 16:03 . 2010-03-13 19:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2010-05-04 17:16 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:15 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:15 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 08:06 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-01-22 07:06 . 2009-01-22 07:05 120 --sh--w- c:\windows\system32\ikudurey.tmp
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-15 39408]
"uTorrent"="c:\programmi\uTorrent\uTorrent.exe" [2009-06-11 272176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer" [X]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-31 16116224]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"EPSON Stylus C62 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-04-10 74240]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-10-30 136600]
"TrueImageMonitor.exe"="c:\programmi\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-11-21 4371440]
"AcronisTimounterMonitor"="c:\programmi\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-11-21 961208]
"Acronis Scheduler2 Service"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2008-11-21 165144]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiapsrv.exe"=
"c:\\Programmi\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0 for Windows Workstations\\avp.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Programmi\\File comuni\\EPSON\\EBAPI\\SAgent2.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\SICILIA SISTEMI TECNOLOGIE\\GESTIONE REPARTO\\Aggiorna.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:@xpsp2res.dll,-22002

R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\drivers\tdrpm147.sys [15/02/2009 12.30.13 971584]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/05/2007 17.49.06 24344]
S0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys --> c:\windows\system32\drivers\pxscan.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [26/02/2010 19.09.02 38224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-16 c:\windows\Tasks\Norton Security Scan for Ortopedia.job
- c:\programmi\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-07 16:03]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
TCP: {C6EED09A-3F29-4747-9A80-2502EC4ED114} = 151.99.125.2,151.99.250.2
DPF: {15CAC53B-5F45-4D70-BE98-386E6F3B3328} - hxxp://192.168.0.200:8085/resources/medweb/MedstWWW.cab
DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} - hxxp://193.205.23.35/vblu/NWWClientFull.cab
DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMapsPlugin_4.0.12.11.cab
DPF: {601B418B-E6A6-47FC-A094-07248741CEB3} - file:///D:/vwr_data/WebVwr.cab
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///D:/CDVIEWER/CdViewer.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-VTTimer - VTTimer.exe
HKLM-Run-S3Trayp - S3trayp.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\programmi\RelevantKnowledge\rlvknlg.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-17 11:26
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1156)
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(3812)
c:\windows\system32\WININET.dll
c:\progra~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\progra~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\windows\system32\mshtml.dll
c:\windows\system32\MSCTF.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
c:\programmi\File comuni\EPSON\EBAPI\SAgent2.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
.
**************************************************************************
.
Ora fine scansione: 2010-06-17 11:29:56 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-06-17 09:29
ComboFix2.txt 2010-02-27 09:41

Pre-Run: 34.845.507.584 byte disponibili
Post-Run: 34.906.898.432 byte disponibili

- - End Of File - - 227DC19CDE4759CE2E451DC04A0145C0
Torna in alto
 
shapiro
Inviato: Thursday, June 17, 2010 11:49:04 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
prova ora se riesci a far partire malwarebytes

1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare per ora le ventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum
Torna in alto
 
giovanitasca
Inviato: Thursday, June 17, 2010 1:32:48 PM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
Ecco il LOG

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4208

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

17/06/2010 13.27.13
mbam-log-2010-06-17 (13-27-13).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 166503
Tempo trascorso: 17 minuti, 34 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 1
File infetti: 35

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
C:\Documents and Settings\All Users\Menu Avvio\Programmi\RelevantKnowledge (Spyware.MarketScore) -> No action taken.

File infetti:
C:\Qoobox\Quarantine\C\Programmi\RelevantKnowledge\rlls.dll.vir (Adware.RelevantKnowledge) -> No action taken.
C:\Qoobox\Quarantine\C\Programmi\RelevantKnowledge\rlls64.dll.vir (Adware.RelevantKnowledge) -> No action taken.
C:\Qoobox\Quarantine\C\Programmi\RelevantKnowledge\rlph.dll.vir (Adware.RelevantKnowledge) -> No action taken.
C:\Qoobox\Quarantine\C\Programmi\RelevantKnowledge\rlservice.exe.vir (Adware.RelevantKnowledge) -> No action taken.
C:\Qoobox\Quarantine\C\Programmi\RelevantKnowledge\rlvknlg.exe.vir (Adware.RelevantKnowledge) -> No action taken.
C:\Qoobox\Quarantine\C\Programmi\RelevantKnowledge\rlvknlg64.exe.vir (Adware.RelevantKnowledge) -> No action taken.
C:\Qoobox\Quarantine\C\Programmi\RelevantKnowledge\rlxf.dll.vir (Adware.RelevantKnowledge) -> No action taken.
C:\Qoobox\Quarantine\C\Programmi\RelevantKnowledge\components\rlxg.dll.vir (Adware.RelevantKnowledge) -> No action taken.
C:\System Volume Information\_restore{667A12F4-4792-4C46-BD23-B9B8B40F0BD1}\RP100\A0036152.exe (Adware.RelevantKnowledge) -> No action taken.
C:\System Volume Information\_restore{667A12F4-4792-4C46-BD23-B9B8B40F0BD1}\RP100\A0036153.exe (Adware.RelevantKnowledge) -> No action taken.
C:\System Volume Information\_restore{667A12F4-4792-4C46-BD23-B9B8B40F0BD1}\RP100\A0036154.exe (Adware.RelevantKnowledge) -> No action taken.
C:\System Volume Information\_restore{667A12F4-4792-4C46-BD23-B9B8B40F0BD1}\RP100\A0036155.dll (Adware.RelevantKnowledge) -> No action taken.
C:\System Volume Information\_restore{667A12F4-4792-4C46-BD23-B9B8B40F0BD1}\RP101\snapshot\MFEX-1.DAT (Adware.RelevantKnowledge) -> No action taken.
C:\System Volume Information\_restore{667A12F4-4792-4C46-BD23-B9B8B40F0BD1}\RP102\snapshot\MFEX-1.DAT (Adware.RelevantKnowledge) -> No action taken.
C:\System Volume Information\_restore{667A12F4-4792-4C46-BD23-B9B8B40F0BD1}\RP103\snapshot\MFEX-1.DAT (Adware.RelevantKnowledge) -> No action taken.
C:\System Volume Information\_restore{667A12F4-4792-4C46-BD23-B9B8B40F0BD1}\RP104\snapshot\MFEX-1.DAT (Adware.RelevantKnowledge) -> No action taken.
C:\System Volume Information\_restore{667A12F4-4792-4C46-BD23-B9B8B40F0BD1}\RP105\snapshot\MFEX-1.DAT (Adware.RelevantKnowledge) -> No action taken.
C:\System Volume Information\_restore{667A12F4-4792-4C46-BD23-B9B8B40F0BD1}\RP106\snapshot\MFEX-1.DAT (Adware.RelevantKnowledge) -> No action taken.
C:\System Volume Information\_restore{667A12F4-4792-4C46-BD23-B9B8B40F0BD1}\RP107\snapshot\MFEX-1.DAT (Adware.RelevantKnowledge) -> No action taken.
C:\System Volume Information\_restore{667A12F4-4792-4C46-BD23-B9B8B40F0BD1}\RP108\A0037146.dll (Adware.RelevantKnowledge) -> No action taken.
C:\System Volume Information\_restore{667A12F4-4792-4C46-BD23-B9B8B40F0BD1}\RP108\snapshot\MFEX-1.DAT (Adware.RelevantKnowledge) -> No action taken.
C:\System Volume Information\_restore{667A12F4-4792-4C46-BD23-B9B8B40F0BD1}\RP122\A0041613.dll (Adware.RelevantKnowledge) -> No action taken.
C:\System Volume Information\_restore{667A12F4-4792-4C46-BD23-B9B8B40F0BD1}\RP122\A0041616.dll (Adware.RelevantKnowledge) -> No action taken.
C:\System Volume Information\_restore{667A12F4-4792-4C46-BD23-B9B8B40F0BD1}\RP122\A0041617.dll (Adware.RelevantKnowledge) -> No action taken.
C:\System Volume Information\_restore{667A12F4-4792-4C46-BD23-B9B8B40F0BD1}\RP122\A0041618.dll (Adware.RelevantKnowledge) -> No action taken.
C:\System Volume Information\_restore{667A12F4-4792-4C46-BD23-B9B8B40F0BD1}\RP122\A0041619.exe (Adware.RelevantKnowledge) -> No action taken.
C:\System Volume Information\_restore{667A12F4-4792-4C46-BD23-B9B8B40F0BD1}\RP122\A0041620.exe (Adware.RelevantKnowledge) -> No action taken.
C:\System Volume Information\_restore{667A12F4-4792-4C46-BD23-B9B8B40F0BD1}\RP122\A0041621.exe (Adware.RelevantKnowledge) -> No action taken.
C:\System Volume Information\_restore{667A12F4-4792-4C46-BD23-B9B8B40F0BD1}\RP122\A0041622.dll (Adware.RelevantKnowledge) -> No action taken.
C:\System Volume Information\_restore{667A12F4-4792-4C46-BD23-B9B8B40F0BD1}\RP85\A0028130.exe (Adware.RelevantKnowledge) -> No action taken.
C:\System Volume Information\_restore{667A12F4-4792-4C46-BD23-B9B8B40F0BD1}\RP85\A0028131.exe (Adware.RelevantKnowledge) -> No action taken.
C:\Documents and Settings\All Users\Menu Avvio\Programmi\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> No action taken.
C:\Documents and Settings\All Users\Menu Avvio\Programmi\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> No action taken.
C:\Documents and Settings\All Users\Menu Avvio\Programmi\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> No action taken.
C:\Documents and Settings\All Users\Menu Avvio\Programmi\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> No action taken.
Torna in alto
 
shapiro
Inviato: Thursday, June 17, 2010 4:53:51 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
elimina quello che ha trovato malwarebytes

rimuovi combofix con OTC by OldTimer

eseguilo
Clicca su CleanUp.
Alla richiesta di riavvio clicca SI


vai in C:\ ed elimina la cartella qoobox

disattiva il ripristino

Start --> programmi --> accessori --> utilita' di sistema --> ripristino configurazioni di sistema --> impostazioni ripristino configurazioni di sistema --> Disattiva ripristino


riavvia il pc e riattivalo creando un nuovo punto

fai anche una scansione con VundoFix
Torna in alto
 
giovanitasca
Inviato: Friday, June 18, 2010 3:13:35 PM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
Ho fatto tutto.
Visivamente, il PC, quando si scorrono le pagine, cammina a scatti, quasi come quando è in modalità provvisoria.

Allego Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.08.17, on 18/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Ortopedia\Desktop\VundoFix706.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe
G:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Statistiche di Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {15CAC53B-5F45-4D70-BE98-386E6F3B3328} (MedstWeb Control) - http://192.168.0.200:8085/resources/medweb/MedstWWW.cab
O16 - DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} (Entire Screen Builder Web Viewer) - http://193.205.23.35/vblu/NWWClientFull.cab
O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} (Ovi maps browser plugin) - http://static.s2g.gate5.de/ovi_maps/OviMapsPlugin_4.0.12.11.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {601B418B-E6A6-47FC-A094-07248741CEB3} (Camtronics Medical Systems Web Viewer) - file:///D:/vwr_data/WebVwr.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225388235067&h=4089f1d284e93945d0eeb3ceca799f9e/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file:///D:/CDVIEWER/CdViewer.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aoumberto.local
O17 - HKLM\Software\..\Telephony: DomainName = aoumberto.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6EED09A-3F29-4747-9A80-2502EC4ED114}: NameServer = 151.99.125.2,151.99.250.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aoumberto.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = aoumberto.local
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - http://www.budgetplaces.com/add-ons/currencyconverter/currencyfunctions.js

--
End of file - 8580 bytes
Torna in alto
 
shapiro
Inviato: Friday, June 18, 2010 3:38:19 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
dovresti postarmi anche il log di vundofix

le scansioni che hanno rilevato le infezioni sono state eliminate.....questo problema da quanto tempo lo hai?

fai un po' di pulizie




scarica ccleaner

durante l’installazione deseleziona l’opzione per la barra di Yahoo, lo apri, vai in Opzioni>Avanzate, togli la spunta a “Cancella file temp diwindows solo se più vecchi di 48 ore”, poi avvialo, seleziona "Analizza" ed alla fine dell'analisi premi "Avvia pulizia''


clicca su Registro, nella pagina successiva clicca Trova problemi, poi al termine dello scan clicca su Ripara selezionati , risposndi di sì alla richiesta di salvare il backup (salvalo in una cartella a piacimento) poi ripara tutti gli elementi trovati.

scarica atf cleaner

non ha bisogno di installazione

Avvia ATF Cleaner.exe con un doppio click
- clicca sul menu main
- seleziona la casella Select All
- clicca sul pulsante Empty selected
- aspetta l'avviso Done Cleaning.
(se non vuoi eliminare le password togli la spunta)
(se usi opera o firefox,spunta anche le loro sezioni)



scarica virit e fai una scansione completa da modalita' provvisoria e posta il rapporto

riesegui malwarebytes ed elimina tutto quello che trova

posta anche il log


Finite le pulizie, postami un nuovo log di hijackthis
Torna in alto
 
giovanitasca
Inviato: Saturday, June 19, 2010 7:13:16 PM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
Ho fatto Tutto, ma mi sembra che in termini di scorrimento delle pagine non sia cambiato granchè. Praticamente è come qundo ci si muove in modalità provvisoria. Potrebbe essere un problema di driver scheda video? In questo caso come faccio la diagnosi?
Ho instalalto virit e ho fatto la scansione. Nonso come prenderla ma alla fine mi dice che non vi sono files infetti così come il programma vundo.
Allego log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.05.58, on 19/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLite\viritsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\internet explorer\iexplore.exe
G:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLite\MONLITE.EXE
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Statistiche di Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {15CAC53B-5F45-4D70-BE98-386E6F3B3328} (MedstWeb Control) - http://192.168.0.200:8085/resources/medweb/MedstWWW.cab
O16 - DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} (Entire Screen Builder Web Viewer) - http://193.205.23.35/vblu/NWWClientFull.cab
O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} (Ovi maps browser plugin) - http://static.s2g.gate5.de/ovi_maps/OviMapsPlugin_4.0.12.11.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {601B418B-E6A6-47FC-A094-07248741CEB3} (Camtronics Medical Systems Web Viewer) - file:///D:/vwr_data/WebVwr.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225388235067&h=4089f1d284e93945d0eeb3ceca799f9e/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file:///D:/CDVIEWER/CdViewer.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aoumberto.local
O17 - HKLM\Software\..\Telephony: DomainName = aoumberto.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6EED09A-3F29-4747-9A80-2502EC4ED114}: NameServer = 151.99.125.2,151.99.250.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aoumberto.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = aoumberto.local
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VirIT eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLite\viritsvc.exe
O24 - Desktop Component 0: (no name) - http://www.budgetplaces.com/add-ons/currencyconverter/currencyfunctions.js

--
End of file - 8764 bytes
Torna in alto
 
shapiro
Inviato: Saturday, June 19, 2010 7:38:03 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
sarebbe bello vedere anche i log delle scansioni.....malwarebytes lo hai ripetuto? lo hai aggiornato prima della scansione?

controlla il sistema in questa pagina trovi delle ottime utility per vedere se il pc ha dei problemi hardware
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » PC completamente incasinato


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.