Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » chi mi aiuta a cancellare questo virus Win32:Malware-gen?

3 pages: [1] 2 3
chi mi aiuta a cancellare questo virus Win32:Malware-gen? Opzioni
Topic Precedente · Topic Sucessivo
draco
Inviato: Saturday, July 24, 2010 1:12:46 PM

Rank: AiutAmico

Iscritto dal : 5/4/2008
Posts: 225
ciau a tutti il mio antivirus avast mi segnala in continuazione questo virus , io faccio cancella e mi dice che l'operazione è avvenuta con successo ma nel giro di due ore di nuovo ... come caratteristiche del virus avas mi dice questo

nome del file: C:\DOCUME~1\merco\IMPOST~1\Temp\~temp\mlp300\mdm.exe
nome malware: Win32:Malware-gen
tipo malware: Virus/Worm
versine VPS: 100724-0,24/10/2010

aiutatemi......grazie a tutti
Torna in alto
 
Sponsor
Inviato: Saturday, July 24, 2010 1:12:46 PM

 
Torna in alto
 
francesco240194
Inviato: Saturday, July 24, 2010 1:24:58 PM

Rank: AiutAmico

Iscritto dal : 7/13/2010
Posts: 150
Scarica HJT da qui:
www.aiutamici.com/software?ID=11175
Esegui una scansione con tal programma, cliccando, quando lo apri, su Do a system scan and save a logfile.
Posta qui il log.
Torna in alto
 
logic
Inviato: Saturday, July 24, 2010 1:30:32 PM

Rank: AiutAmico

Iscritto dal : 2/25/2010
Posts: 1,008
draco ha scritto:
ciau a tutti il mio antivirus avast mi segnala in continuazione questo virus , io faccio cancella e mi dice che l'operazione è avvenuta con successo ma nel giro di due ore di nuovo ... come caratteristiche del virus avas mi dice questo

nome del file: C:\DOCUME~1\merco\IMPOST~1\Temp\~temp\mlp300\mdm.exe
nome malware: Win32:Malware-gen
tipo malware: Virus/Worm
versine VPS: 100724-0,24/10/2010

aiutatemi......grazie a tutti


Leggi questa discussione che dovrebbe farti risolvere:
http://www.assistenzafree.com/forum-old/risolto_win32malwaregen-t391.0.html
Torna in alto
 
draco
Inviato: Saturday, July 24, 2010 1:30:49 PM

Rank: AiutAmico

Iscritto dal : 5/4/2008
Posts: 225
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13.30.29, on 24/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\DOCUME~1\merco\DATIAP~1\MICROS~1\spoolsv.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\VIAudioi\SBADeck\ADeck.exe
C:\Programmi\Hercules\Deluxe Optical Glass\Camservice.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\Packard Bell\Software Suite\PBSoftSuite.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Belkin\F5D8053\v6\BelkinWCUI.exe
C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Programmi\Belkin\F5D8053\v6\WifiSvc.exe
C:\Programmi\Sitecom\IVT BlueSoleil\BTNtService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Packard Bell\Software Suite\pbDevDetect.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Sitecom\IVT BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F3 - REG:win.ini: load=C:\DOCUME~1\merco\DATIAP~1\MICROS~1\spoolsv.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Programmi\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Programmi\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [CamserviceDeluxe2] C:\Programmi\Hercules\Deluxe Optical Glass\Camservice.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Software Suite] "C:\Programmi\Packard Bell\Software Suite\PBSoftSuite.exe" /RUN
O4 - HKCU\..\Run: [Packard Bell Software Suite] "C:\Programmi\Packard Bell\Software Suite\PBSoftSuite.exe" /run
O4 - HKLM\..\Policies\Explorer\Run: [IEudinit] C:\WINDOWS\System\ieudinit.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\WINDOWS\dllhst3g.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [MqtgSVC] C:\Documents and Settings\merco\LOCALS~1\APPLIC~1\MICROS~1\mqtgsvc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [IEudinit] C:\WINDOWS\ieudinit.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Logman] C:\DOCUME~1\merco\IMPOST~1\Temp\logman.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Spool] C:\DOCUME~1\merco\DATIAP~1\spoolsv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [MstInit] C:\DOCUME~1\merco\DATIAP~1\MICROS~1\mstinit.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\merco\DATIAP~1\MICROS~1\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Esent Utl] C:\Documents and Settings\merco\LOCALS~1\APPLIC~1\esentutl.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\merco\IMPOST~1\Temp\cisvc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\merco\IMPOST~1\Temp\cisvc.exe /waitservice (User 'Default user')
O4 - Global Startup: Utility di rete wireless Belkin.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Programmi\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACAD3C7B-F2E8-46BB-B4FD-FBB169DA75D0}: NameServer = 193.70.152.15,193.70.152.25
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin Wifi Service - Unknown owner - C:\Programmi\Belkin\F5D8053\v6\WifiSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\Sitecom\IVT BlueSoleil\BTNtService.exe
O23 - Service: Remote Connections Service (FlexService) - Unknown owner - C:\Programmi\RapidBIT\cisvc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: PowerSave Service (PowerSave) - Packard Bell Services - C:\Programmi\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10474 bytes
Torna in alto
 
thepiratebay
Inviato: Saturday, July 24, 2010 1:34:17 PM
Rank: AiutAmico

Iscritto dal : 12/27/2008
Posts: 2,018
mi limito a segnalarti che hai solo in uso un antivirus .. non aggiornato. ora cè avast 5.0 forse è meglio che lo aggiorni .. o di altro tipo di tua sinpatia


ot :oggi o deciso di andare nell'ippodromo mio preferito


etciùùùùùùùùùùùùùùùùùùùùùùùùù
Torna in alto
 
francesco240194
Inviato: Saturday, July 24, 2010 1:38:59 PM

Rank: AiutAmico

Iscritto dal : 7/13/2010
Posts: 150
Hai qualcosa come 20 Virus ALL'AVVIO DEL PC.

Apri HJT, seleziona la voce "Do a System Scan Only" e metti la spunta SOLAMENTE su queste voci:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Programmi\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Programmi\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [CamserviceDeluxe2] C:\Programmi\Hercules\Deluxe Optical Glass\Camservice.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Software Suite] "C:\Programmi\Packard Bell\Software Suite\PBSoftSuite.exe" /RUN
O4 - HKCU\..\Run: [Packard Bell Software Suite] "C:\Programmi\Packard Bell\Software Suite\PBSoftSuite.exe" /run
O4 - HKLM\..\Policies\Explorer\Run: [IEudinit] C:\WINDOWS\System\ieudinit.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\WINDOWS\dllhst3g.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [MqtgSVC] C:\Documents and Settings\merco\LOCALS~1\APPLIC~1\MICROS~1\mqtgsvc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [IEudinit] C:\WINDOWS\ieudinit.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Logman] C:\DOCUME~1\merco\IMPOST~1\Temp\logman.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Spool] C:\DOCUME~1\merco\DATIAP~1\spoolsv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [MstInit] C:\DOCUME~1\merco\DATIAP~1\MICROS~1\mstinit.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\merco\DATIAP~1\MICROS~1\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Esent Utl] C:\Documents and Settings\merco\LOCALS~1\APPLIC~1\esentutl.exe /waitservice
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\merco\IMPOST~1\Temp\cisvc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\merco\IMPOST~1\Temp\cisvc.exe /waitservice (User 'Default user')
O4 - Global Startup: Utility di rete wireless Belkin.lnk = ?
O8 - Extra context menu item: Link to &MidpX - C:\Programmi\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

e clicca su "Fix checked".

Scarica MALWAREBYTES da qui:

Esegui una scansione completa del sistema, prima pero' aggiorna il programma - clicca su aggiornamenti e aggiorna -.
Posta qui il LOG.
Torna in alto
 
draco
Inviato: Saturday, July 24, 2010 3:13:20 PM

Rank: AiutAmico

Iscritto dal : 5/4/2008
Posts: 225
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4343

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24/07/2010 15.08.12
mbam-log-2010-07-24 (15-08-12).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|H:\|)
Elementi esaminati: 188157
Tempo trascorso: 51 minuti, 28 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 5
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 10

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cisvc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rsvp (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ieudinit (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sessmgr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\spool (Trojan.Agent) -> Quarantined and deleted successfully.

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
C:\System Volume Information\_restore{8033721E-F732-4AD9-A805-9DE6BA39E4FD}\RP365\A0127016.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\merco\Dati applicazioni\ieudinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\merco\Dati applicazioni\Microsoft\mstinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\merco\Dati applicazioni\Microsoft\spoolsv.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\merco\Dati applicazioni\spoolsv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cisvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\rsvp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\ieudinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\merco\Impostazioni locali\Temp\sessmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\spoolsv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Torna in alto
 
draco
Inviato: Saturday, July 24, 2010 3:14:28 PM

Rank: AiutAmico

Iscritto dal : 5/4/2008
Posts: 225
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15.14.23, on 24/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Programmi\Belkin\F5D8053\v6\WifiSvc.exe
C:\Programmi\Sitecom\IVT BlueSoleil\BTNtService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System\mqtgsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\merco\IMPOST~1\Temp\~temp\mlp301\mdm.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSoft.dll
F3 - REG:win.ini: load=C:\DOCUME~1\merco\DATIAP~1\MICROS~1\spoolsv.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSoft.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSoft.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\DOCUME~1\merco\DATIAP~1\logman.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\WINDOWS\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [MqtgSVC] C:\WINDOWS\System\mqtgsvc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Logman] C:\WINDOWS\logman.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\Documents and Settings\merco\LOCALS~1\APPLIC~1\cisvc.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [IEudinit] C:\Documents and Settings\merco\LOCALS~1\APPLIC~1\ieudinit.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Mstsc] C:\Documents and Settings\merco\LOCALS~1\APPLIC~1\MICROS~1\mstsc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [rsvp] C:\DOCUME~1\merco\DATIAP~1\rsvp.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Spool] C:\DOCUME~1\merco\DATIAP~1\MICROS~1\spoolsv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MstInit] C:\WINDOWS\System32\drivers\mstinit.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [SessMgr] C:\DOCUME~1\merco\DATIAP~1\MICROS~1\sessmgr.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Logman] C:\Documents and Settings\merco\LOCALS~1\APPLIC~1\MICROS~1\logman.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Esent Utl] C:\WINDOWS\System\esentutl.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ClipSrv] C:\WINDOWS\clipsrv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [DllHst] C:\DOCUME~1\merco\IMPOST~1\Temp\dllhst3g.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [CmSTP] C:\Documents and Settings\merco\LOCALS~1\APPLIC~1\MICROS~1\cmstp.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Cisvc] C:\WINDOWS\cisvc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [IEudinit] C:\Documents and Settings\merco\LOCALS~1\APPLIC~1\ieudinit.exe /waitservice (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACAD3C7B-F2E8-46BB-B4FD-FBB169DA75D0}: NameServer = 193.70.152.15,193.70.152.25
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin Wifi Service - Unknown owner - C:\Programmi\Belkin\F5D8053\v6\WifiSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\Sitecom\IVT BlueSoleil\BTNtService.exe
O23 - Service: Remote Connections Service (FlexService) - Unknown owner - C:\Programmi\RapidBIT\cisvc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: PowerSave Service (PowerSave) - Packard Bell Services - C:\Programmi\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7959 bytes
Torna in alto
 
fdaccc
Inviato: Saturday, July 24, 2010 3:16:57 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
SCARICA COMBOFIX:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: dopo aver scaricato COMBOFIX chiudi la connessione disabilita il tuo antivirus e
chiudi TUTTI i programmi aperti,(Firewall compreso) e

Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix)
tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse)
e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
Torna in alto
 
draco
Inviato: Saturday, July 24, 2010 3:37:18 PM

Rank: AiutAmico

Iscritto dal : 5/4/2008
Posts: 225
ComboFix 10-07-23.04 - merco 24/07/2010 15.27.04.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1673 [GMT 2:00]
Eseguito da: c:\documents and settings\merco\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100724-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\merco\IMPOST~1\Temp\tmp1.tmp
c:\docume~1\merco\IMPOST~1\Temp\tmp2.tmp
c:\documents and settings\merco\Dati applicazioni\cmstp.exe
c:\documents and settings\merco\Dati applicazioni\logman.exe
c:\documents and settings\merco\Dati applicazioni\Microsoft\clipsrv.exe
c:\documents and settings\merco\Dati applicazioni\Microsoft\cmstp.exe
c:\documents and settings\merco\Dati applicazioni\Microsoft\comrepl.exe
c:\documents and settings\merco\Dati applicazioni\Microsoft\dllhst3g.exe
c:\documents and settings\merco\Dati applicazioni\Microsoft\mqtgsvc.exe
c:\documents and settings\merco\Dati applicazioni\Microsoft\sessmgr.exe
c:\documents and settings\merco\Dati applicazioni\Microsoft\spoolsv.exe
c:\documents and settings\merco\Dati applicazioni\mqtgsvc.exe
c:\documents and settings\merco\Dati applicazioni\rsvp.exe
c:\documents and settings\merco\mvlcqnva.exe
c:\windows\CISVC.exe
c:\windows\cmstp.exe
c:\windows\dllhst3g.exe
c:\windows\esentutl.exe
c:\windows\ieudinit.exe
c:\windows\logman.exe
c:\windows\mqtgsvc.exe
c:\windows\mstsc.exe
c:\windows\system\dllhst3g.exe
c:\windows\system\esentutl.exe
c:\windows\system\ieudinit.exe
c:\windows\system\mqtgsvc.exe
c:\windows\System\mstinit.exe
c:\windows\system\sessmgr.exe
c:\windows\system32\drivers\cisvc.exe
c:\windows\system32\drivers\cmstp.exe
c:\windows\system32\drivers\comrepl.exe
c:\windows\system32\drivers\dllhst3g.exe
c:\windows\system32\drivers\esentutl.exe
c:\windows\system32\drivers\logman.exe
c:\windows\system32\drivers\mstinit.exe
c:\windows\system32\vbzlib1.dll
E:\install.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-06-24 al 2010-07-24 )))))))))))))))))))))))))))))))))))
.

2010-07-24 13:17 . 2010-07-23 14:53 91136 ----a-w- c:\windows\system\mstsc.exe
2010-07-24 13:11 . 2010-07-23 14:53 91136 ----a-w- c:\windows\clipsrv.exe
2010-07-24 12:14 . 2010-07-24 12:14 -------- d-----w- c:\documents and settings\merco\Impostazioni locali\Dati applicazioni\Conduit
2010-07-24 12:14 . 2010-07-24 12:14 -------- d-----w- c:\programmi\Conduit
2010-07-24 12:14 . 2010-07-24 12:14 -------- d-----w- c:\documents and settings\merco\Impostazioni locali\Dati applicazioni\Softonic-IT
2010-07-24 12:14 . 2010-07-24 12:14 -------- d-----w- c:\programmi\Softonic-IT
2010-07-24 11:29 . 2010-07-24 11:29 388096 ----a-r- c:\documents and settings\merco\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-24 08:41 . 2010-07-24 08:41 -------- d-----w- c:\documents and settings\merco\Dati applicazioni\fretsonfire
2010-07-23 19:02 . 2010-07-23 19:02 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-07-23 19:01 . 2009-05-27 15:31 584832 ----a-w- c:\windows\system32\drivers\RTL8192su.sys
2010-07-23 18:55 . 2010-07-23 18:55 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-23 17:13 . 2010-07-23 17:13 -------- d-----w- c:\programmi\Belkin
2010-07-23 15:43 . 2010-07-23 15:43 -------- d-----w- c:\programmi\Zuma Deluxe
2010-07-23 15:28 . 2010-07-23 17:30 22 ----a-w- c:\windows\popcinfot.dat
2010-07-20 21:03 . 2010-07-20 21:04 -------- d-----w- c:\windows\system32\NtmsData
2010-07-20 18:21 . 2010-07-20 18:22 -------- d-----w- c:\documents and settings\merco\Impostazioni locali\Dati applicazioni\Packard Bell
2010-07-20 18:21 . 2010-07-20 18:21 -------- d-----w- c:\programmi\Packard Bell
2010-07-20 18:18 . 2010-07-20 18:18 -------- d-----w- c:\programmi\Packard Bell External HDD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-24 13:14 . 2001-08-31 10:00 70544 ----a-w- c:\windows\system32\perfc010.dat
2010-07-24 13:14 . 2001-08-31 10:00 440128 ----a-w- c:\windows\system32\perfh010.dat
2010-07-24 12:15 . 2009-08-02 22:35 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-07-24 12:10 . 2009-05-30 12:20 -------- d-----w- c:\documents and settings\merco\Dati applicazioni\DNA
2010-07-24 08:57 . 2009-07-01 14:34 -------- d-----w- c:\documents and settings\merco\Dati applicazioni\uTorrent
2010-07-24 07:59 . 2009-05-30 12:20 -------- d-----w- c:\programmi\DNA
2010-07-23 22:25 . 2009-07-01 14:35 -------- d-----w- c:\programmi\uTorrent
2010-07-23 20:34 . 2009-05-30 12:20 -------- d-----w- c:\documents and settings\merco\Dati applicazioni\BitTorrent
2010-07-23 19:35 . 2009-08-25 22:27 10 ----a-w- c:\windows\popcinfo.dat
2010-07-23 17:13 . 2009-05-29 17:57 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-07-18 21:55 . 2010-04-04 21:35 -------- d-----w- c:\programmi\Nokia
2010-07-05 17:50 . 2009-09-25 18:00 -------- d-----w- c:\documents and settings\merco\Dati applicazioni\gtk-2.0
2010-06-19 21:34 . 2009-05-29 23:05 -------- d-----w- c:\programmi\Metin2_Italiano
2010-06-13 17:06 . 2010-06-13 17:06 503808 ----a-w- c:\documents and settings\merco\Dati applicazioni\Sun\Java\Deployment\cache\6.0\46\f84c6ae-10e315dd-n\msvcp71.dll
2010-06-13 17:06 . 2010-06-13 17:06 499712 ----a-w- c:\documents and settings\merco\Dati applicazioni\Sun\Java\Deployment\cache\6.0\46\f84c6ae-10e315dd-n\jmc.dll
2010-06-13 17:06 . 2010-06-13 17:06 348160 ----a-w- c:\documents and settings\merco\Dati applicazioni\Sun\Java\Deployment\cache\6.0\46\f84c6ae-10e315dd-n\msvcr71.dll
2010-06-06 20:57 . 2009-05-29 23:09 -------- d-----w- c:\documents and settings\merco\Dati applicazioni\Skype
2010-04-29 13:39 . 2009-08-02 22:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-08-02 22:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\programmi\Softonic-IT\tbSoft.dll" [2010-06-03 2736736]

[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3393495-8103-46a0-8181-270273eddd60}]
2010-06-03 16:24 2736736 ----a-w- c:\programmi\Softonic-IT\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\programmi\Softonic-IT\tbSoft.dll" [2010-06-03 2736736]

[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Sitecom\\IVT BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Metin2_Italiano\\metin2.bin"=
"c:\\Programmi\\Hercules\\Deluxe Optical Glass\\Station2.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29/05/2009 20.16.36 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29/05/2009 20.16.36 20560]
R2 Belkin Wifi Service;Belkin Wifi Service;c:\programmi\Belkin\F5D8053\v6\WifiSvc.exe [23/07/2010 21.01.54 274432]
R2 PowerSave;PowerSave Service;c:\programmi\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe [06/04/2009 11.35.46 1002016]
R3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [29/05/2009 20.34.22 94720]
S2 FlexService;Remote Connections Service;"c:\programmi\RapidBIT\cisvc.exe" --> c:\programmi\RapidBIT\cisvc.exe [?]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [23/07/2010 21.01.56 584832]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {ACAD3C7B-F2E8-46BB-B4FD-FBB169DA75D0} = 193.70.152.15,193.70.152.25
FF - ProfilePath - c:\documents and settings\merco\Dati applicazioni\Mozilla\Firefox\Profiles\2srz2fid.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - google.it
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\documents and settings\merco\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Explorer_Run-Logman - c:\docume~1\merco\DATIAP~1\logman.exe
HKU-Default-Explorer_Run-IEudinit - c:\windows\System\ieudinit.exe
HKU-Default-Explorer_Run-MqtgSVC - c:\docume~1\merco\DATIAP~1\mqtgsvc.exe
HKU-Default-Explorer_Run-ComRepl - c:\docume~1\merco\DATIAP~1\MICROS~1\comrepl.exe
HKU-Default-Explorer_Run-Mstsc - c:\documents and settings\merco\LOCALS~1\APPLIC~1\mstsc.exe
HKU-Default-Explorer_Run-rsvp - c:\docume~1\merco\DATIAP~1\rsvp.exe
HKU-Default-Explorer_Run-Spool - c:\documents and settings\merco\LOCALS~1\APPLIC~1\spoolsv.exe
HKU-Default-Explorer_Run-MstInit - c:\windows\System\mstinit.exe
HKU-Default-Explorer_Run-SessMgr - c:\windows\System\sessmgr.exe
HKU-Default-Explorer_Run-Logman - c:\windows\System32\drivers\logman.exe
HKU-Default-Explorer_Run-Esent Utl - c:\windows\esentutl.exe
HKU-Default-Explorer_Run-DllHst - c:\windows\System32\drivers\dllhst3g.exe
HKU-Default-Explorer_Run-CmSTP - c:\windows\cmstp.exe
HKU-Default-Explorer_Run-Cisvc - c:\documents and settings\merco\LOCALS~1\APPLIC~1\cisvc.exe
AddRemove-Zuma Deluxe 1.0 - c:\programmi\PopCap Games\Zuma Deluxe\PopUninstall.exe
AddRemove-Zuma's Revenge! - c:\programmi\PopCap Games\Zuma's Revenge\PopUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-24 15:32
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2010-07-24 15:34:28
ComboFix-quarantined-files.txt 2010-07-24 13:34

Pre-Run: 10.463.023.104 byte disponibili
Post-Run: 13.031.657.472 byte disponibili

- - End Of File - - 850409ACF0AA785698D040B1E13A41AE
Torna in alto
 
antonpaco
Inviato: Saturday, July 24, 2010 5:53:09 PM
Rank: AiutAmico

Iscritto dal : 11/7/2006
Posts: 1,180
draco, appena puoi aggiorna avast alla versione 5.0, su aiutamici c'e' la procedura scritta da alfonso in modo molto chiaro, ti consiglio di farlo quanto prima perche' oltre ad essere completamente diversa la struttura grafica del programma e' molto migliorato anche a livello di prestazioni.
Torna in alto
 
draco
Inviato: Saturday, July 24, 2010 11:22:08 PM

Rank: AiutAmico

Iscritto dal : 5/4/2008
Posts: 225
ho notato con grandissimo piacere......la sfera che gira è arancione e poi si è completamente diverso
Torna in alto
 
enigmista63
Inviato: Sunday, July 25, 2010 12:55:43 AM

Rank: AiutAmico

Iscritto dal : 4/28/2007
Posts: 1,976
Whistle Ciao il problema non e' solo aggiornare l'antivirus,ma chiedersi cosa ci fanno tutte queste infezioni con un antivirus installato sul pc,che sia poco sveglio e reattivo?
Torna in alto
 
draco
Inviato: Sunday, July 25, 2010 12:22:25 PM

Rank: AiutAmico

Iscritto dal : 5/4/2008
Posts: 225
può dari che sia amche così.....cmq il mio prob è risolto?
Torna in alto
 
bazzurlone
Inviato: Sunday, July 25, 2010 1:17:49 PM

Rank: AiutAmico

Iscritto dal : 1/20/2005
Posts: 1,537
Lo devi dire tu,come funziona il pc?
Torna in alto
 
fdaccc
Inviato: Sunday, July 25, 2010 6:49:16 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
Per una volta che aiuto, bazzurellone non contesta. :o)
Torna in alto
 
monsee
Inviato: Sunday, July 25, 2010 7:24:58 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Bazz è sempre stato un'ottima persona. Non è mai stato uno che "contesta" solo per fare un po' di scena.
Torna in alto
 
thepiratebay
Inviato: Sunday, July 25, 2010 7:35:06 PM
Rank: AiutAmico

Iscritto dal : 12/27/2008
Posts: 2,018
@: censurata

in merito a quanto si chiede dopo: io un d-link lo uso come router, se tolgo certi processi forse una chiavetta usb wifi non potrebbe collegarsi
alla rete per scivere in questa sezione

:post soggetto a modifiche




Torna in alto
 
bazzurlone
Inviato: Sunday, July 25, 2010 7:58:10 PM

Rank: AiutAmico

Iscritto dal : 1/20/2005
Posts: 1,537
Cari ragazzetti,è sottinteso a chi mi rivolgo,due cose,anzi tre:la prima,non capisco il post del pirata spiegamelo;la seconda,scrivete un po' meglio dai!
La terza, seguo un vecchio proverbio cinese che dice:e' meglio tacere e rischiare di passare da stupido che aprire la bocca e togliere qualsiasi dubbio.
perchè non fate cosi' anche voi? Perchè continuate a provocare anche chi come me' non rompe le palle a nessuno? Fuori ci sono un sacco di ragazzine della vostra eta' che sono una meraviglia,ma corretele dietro! o preferite lo schermo di un pc?contenti voi
Torna in alto
 
Utenti presenti in questo topic
Guest

3 pages: [1] 2 3

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » chi mi aiuta a cancellare questo virus Win32:Malware-gen?


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.