Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Win32:Drefir-F [Wrm] con avast Opzioni
gladmanone
Inviato: Monday, October 13, 2008 2:32:32 PM
Rank: Member

Iscritto dal : 4/27/2007
Posts: 0
salve, un aiuto. ho contratto il virus in oggetto ed avast non riesce ad eliminarmelo. sapreste darmi una dritta? premetto di avere avast, ad aware e spybot serch destroy
Sponsor
Inviato: Monday, October 13, 2008 2:32:32 PM

 
monsee
Inviato: Monday, October 13, 2008 4:23:34 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Qui trovi tutte le informazioni (incluse le istruzioni per la rimozione manuale), però in linguaggio iberico:
http://www.hormiga.org/antivirus/virus/virus_Win32-Drefir.F.html
ecofive
Inviato: Monday, October 13, 2008 4:35:26 PM

Rank: AiutAmico

Iscritto dal : 6/20/2008
Posts: 7,111
monsee ha scritto:
Qui trovi tutte le informazioni (incluse le istruzioni per la rimozione manuale), però in linguaggio iberico:
http://www.hormiga.org/antivirus/virus/virus_Win32-Drefir.F.html


E da qui ho appreso che in spagnolo un worm è proprio un verme ( el gusano).
Ne so una in più.
Ciao a tutti.
r16
Inviato: Monday, October 13, 2008 6:35:21 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Scarica: Malwarebytes' Anti-MalwareMalwarebyte e salvalo dove vuoi tu. : http://www.besttechie.net/tools/mbam-setup.exe

Doppio click sull'icona di mbam-setup.exe che hai salvato,e procedi con l'installazione

Assicurati che ci siano entrambi i segni di spunta su :Aggiorna Malwarebytes' Anti-Malware e Avvia, e clicca Fine
Al primo avvio, ti comparirà un messaggio di benvenuto, Assicurati che il collegamento Internet sia attivo e clicca OK
Attendi la fine dell'aggiornamento.
Compare la schermata principale.
Clicca Scansiona
Potrebbe volerci parecchio tempo,(dipende quanto è infettato il pc) quindi bisogna avere un pò di pazienza.

Al termine della scansione, clicca OK

Assicurati che tutti i files evidenziati siano selezionati e clicca Rimuovi Selezionati

Quando la disinfezione sarà completata, verrà aperto Notepad con il risultato dell'operazione .
Postalo qui.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Posta un nuovo log di HijackThis .Sempre in questo topic.
gladmanone
Inviato: Monday, October 13, 2008 11:29:16 PM
Rank: Member

Iscritto dal : 4/27/2007
Posts: 0
grazie a tutti !!!!!!
per r 16 ti incollo i vari post
Malwarebytes' Anti-Malware 1.28
Versione del database: 1266
Windows 5.1.2600 Service Pack 3

13/10/2008 22.30.28
mbam-log-2008-10-13 (22-30-28).txt

Tipo di scansione: Scansione completa (C:\|E:\|)
Elementi scansionati: 74101
Tempo trascorso: 28 minute(s), 22 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)


ComboFix 08-10-12.01 - pb 2008-10-13 22.40.28.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.419 [GMT 2:00]
Eseguito da: C:\Documents and Settings\pb\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Creati Da 2008-09-13 al 2008-10-13 )))))))))))))))))))))))))))))))))))
.

2008-10-13 21:37 . 2008-10-13 21:38 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-10-13 21:37 . 2008-10-13 21:37 <DIR> d-------- C:\Documents and Settings\pb\Dati applicazioni\Malwarebytes
2008-10-13 21:37 . 2008-10-13 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-10-13 21:37 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-13 21:37 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-13 10:40 . 2008-10-13 10:40 <DIR> d-------- C:\Programmi\ClamWin
2008-10-13 10:40 . 2008-10-13 10:40 <DIR> d-------- C:\Documents and Settings\pb\Dati applicazioni\.clamwin
2008-10-13 10:40 . 2008-10-13 10:40 <DIR> d-------- C:\Documents and Settings\All Users\.clamwin
2008-10-13 10:38 . 2008-10-13 10:38 <DIR> d-------- C:\Programmi\ReflexiveArcade
2008-10-13 10:38 . 2008-10-13 10:38 <DIR> d-------- C:\Programmi\LuckyTender
2008-10-11 10:19 . 2008-10-13 14:36 424 --a------ C:\WINDOWS\zipgenius.xml
2008-10-11 10:18 . 2008-10-11 10:22 <DIR> d-------- C:\Documents and Settings\pb\Dati applicazioni\ZipGenius
2008-10-11 10:17 . 2008-10-11 10:18 <DIR> d-------- C:\Programmi\ZipGenius 6
2008-09-23 09:25 . 2008-09-23 09:25 <DIR> d-------- C:\Programmi\Defraggler
2008-09-23 09:24 . 2008-09-23 09:24 <DIR> d-------- C:\Programmi\Recuva
2008-09-20 20:50 . 2008-09-20 21:49 <DIR> d-------- C:\Programmi\NOS
2008-09-20 20:50 . 2008-09-20 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-13 19:42 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-10-13 17:46 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-10-13 12:43 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-10-13 08:25 --------- d-----w C:\Programmi\Ahead
2008-10-11 19:44 --------- d-----w C:\Documents and Settings\pb\Dati applicazioni\OpenOffice.org2
2008-10-04 13:32 --------- d-----w C:\Programmi\OpenOffice.org 2.4
2008-09-26 17:38 --------- d-----w C:\Programmi\Java
2008-09-12 22:21 --------- d-----w C:\Programmi\File comuni\Adobe
2008-09-10 17:11 --------- d-----w C:\Programmi\CCleaner
2008-09-09 11:39 --------- d-----w C:\Programmi\Pinnacle
2008-09-07 18:57 --------- d-----w C:\Programmi\Windows Live
2008-09-07 18:20 --------- d-----w C:\Programmi\IObit
2008-09-07 18:17 --------- d-----w C:\Programmi\Windows Live Toolbar
2008-09-06 15:47 --------- d-----w C:\Documents and Settings\pb\Dati applicazioni\GlarySoft
2008-08-19 17:45 --------- d-----w C:\Documents and Settings\pb\Dati applicazioni\Video DVD Maker FREE
2008-08-19 17:44 1,024,000 ----a-w C:\WINDOWS\system32\ewmpegco.dll
2008-08-19 17:41 --------- d-----w C:\Programmi\Video DVD Maker FREE
2008-08-19 15:37 --------- d-----w C:\Programmi\Tiscali ADSL Signup
2008-08-19 15:23 --------- d-----w C:\Programmi\QuickTime
2008-08-19 15:13 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-08-19 15:11 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SmartSound Software Inc
2008-08-18 20:26 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle
2008-08-18 20:13 --------- d-----w C:\Programmi\AdorageI-SAL
2008-08-18 20:09 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\QuickTime
2008-08-18 19:57 --------- d-----w C:\Programmi\Microsoft Silverlight
2008-08-18 19:46 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle Studio
2008-08-18 10:26 --------- d-----w C:\Programmi\File comuni\AVSMedia
2008-08-18 10:26 --------- d-----w C:\Programmi\AVS4YOU
2008-08-18 09:57 --------- d-----w C:\Documents and Settings\pb\Dati applicazioni\AVS4YOU
2008-08-18 07:12 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\AVS4YOU
2008-08-17 18:58 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle VideoSpin
2008-08-17 18:49 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\VideoSpin
2008-08-17 18:45 --------- d-----w C:\Programmi\File comuni\Nero
2008-08-17 18:44 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-08-14 08:38 --------- d-----w C:\Documents and Settings\pb\Dati applicazioni\CyberLink
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-16 17:00 17,931,485 -c--a-w C:\Programmi\gimp2.zip
2008-07-15 11:37 87,710 ----a-w C:\Programmi\install_wmp11windowsxpx86itit.exe.exe
2008-07-15 11:10 6,530,392 -c--a-w C:\Programmi\AWCSetup.zip
2008-07-15 07:06 15,083,520 ----a-w C:\Programmi\spybotsd160.exe
2008-07-15 06:51 529,473 ----a-w C:\WINDOWS\system32\flash.zip
2008-06-30 12:23 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008063020080701\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"RMC"="C:\WINDOWS\system32\drivers\RMC.exe" [2005-03-28 24576]
"SynTPLpr"="C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" [2005-03-04 102490]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-03-04 708698]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ClamWin"="C:\Programmi\ClamWin\bin\ClamTray.exe" [2006-12-12 73728]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-04-12 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)
"DisableLockWorkstation"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"EverioService"="C:\Programmi\CyberLink\PCM4Everio\EverioService.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\APPS\\skype\\phone\\Skype.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\eMule\\eMule.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 MTC0001_RMC;Remove Control Device;C:\WINDOWS\system32\drivers\RMC.sys [2005-04-22 13912]
R3 Slazldrv;SmartLink AMR_PCI Driver;C:\WINDOWS\system32\DRIVERS\SLDRV\slazldrv.sys [2005-01-05 226768]
R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-12-31 28160]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'

2008-10-13 C:\WINDOWS\Tasks\Garanzia estesa.job
- C:\APPS\SMP\PBCARNOT.EXE [2005-11-09 13:55]

2008-10-13 C:\WINDOWS\Tasks\Master CD_DVD Creator.job
- C:\Apps\SMP\MCDCHECK.EXE [2005-11-08 15:26]

2008-10-13 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Programmi\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2006-08-11 C:\WINDOWS\Tasks\Promemoria registrazione 1.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2008-04-14 04:14]

2006-08-18 C:\WINDOWS\Tasks\Promemoria registrazione 2.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2008-04-14 04:14]

2006-08-11 C:\WINDOWS\Tasks\Promemoria registrazione 3.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2008-04-14 04:14]

2008-09-25 C:\WINDOWS\Tasks\Schedule Task Weekly.job
- C:\Programmi\Registry Easy\RE.exe []
.
.
------- Supplementare di scansione -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.sitecom.com/connectivity
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1
R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 22:41:24
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-10-13 22.42.09
ComboFix-quarantined-files.txt 2008-10-13 20:42:07
ComboFix2.txt 2008-10-13 20:37:40

Pre-Run: 11.207.122.944 byte disponibili
Post-Run: 11,192,639,488 byte disponibili




180 --- E O F --- 2008-10-09 19:54:57
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.48.10, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\APPS\RecordNow\RecordNow.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\CCleaner\CCleaner.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sitecom.com/connectivity
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 8270 bytes
questo è il risultato, spero possa esserti d'aiuto; una considerazione: in combofix ho trovato forse qusti due programmi che possono essere collegati al virus:

2008-10-13 10:38 . 2008-10-13 10:38 <DIR> d-------- C:\Programmi\ReflexiveArcade
2008-10-13 10:38 . 2008-10-13 10:38 <DIR> d-------- C:\Programmi\LuckyTender

grazie ancora!!!!
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.