Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » HO UN VIRUS??

HO UN VIRUS?? Opzioni
Topic Precedente · Topic Sucessivo
fiorediginepro
Inviato: Saturday, November 08, 2008 11:24:38 PM

Rank: Newbie

Iscritto dal : 11/8/2008
Posts: 0
Ciao, scusate per l'ora ma credo di avere un virus e non so cosa fare, mi connetto ad internet e dopo un pò la connessione mi cade, e questo succede ogni volta. Ho fatto una scansione con virit e malwarebytes e mi hanno trovato un virus, adesso vi posto il log di hijack this, ditemi voi cosa devo fare perfavore.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.23.54, on 08/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programmi\Corel\Corel Graphics 12\Languages\IT\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=102708 serial=dr12wex-1504397-kty lang=IT
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7CFDFC0-ACF8-49B9-A637-77B728770E2C}: NameServer = 85.37.17.11 85.38.28.69
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 7197 bytes
Torna in alto
 
Sponsor
Inviato: Saturday, November 08, 2008 11:24:38 PM

 
Torna in alto
 
r16
Inviato: Sunday, November 09, 2008 12:23:14 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Potevi anche postare i log delle scansioni che hai fatto.....
Comunque fai questa ulteriore scansione:
Importante: Disabilita il tuo antivirus (anche Virit) e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Posta un nuovo log di HijackThis .Sempre in questo topic.
Torna in alto
 
fiorediginepro
Inviato: Sunday, November 09, 2008 12:29:04 PM

Rank: Newbie

Iscritto dal : 11/8/2008
Posts: 0
questo è il log di combofix:

ComboFix 08-11-07.01 - Leon 2008-11-09 12.15.59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.206 [GMT 1:00]
Eseguito da: c:\documents and settings\Leon\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((( Files Creati Da 2008-10-09 al 2008-11-09 )))))))))))))))))))))))))))))))))))
.

2008-11-08 23:23 . 2008-11-08 23:23 <DIR> d-------- c:\programmi\Trend Micro
2008-11-08 22:39 . 2008-11-08 22:39 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-11-08 22:39 . 2008-11-08 22:39 <DIR> d-------- c:\documents and settings\Leon\Dati applicazioni\Malwarebytes
2008-11-08 22:39 . 2008-11-08 22:39 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-11-08 22:39 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-08 22:39 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-08 21:50 . 2008-11-09 12:09 <DIR> d-------- C:\VEXPLITE
2008-11-08 21:50 . 2008-08-30 12:11 40,960 --a------ c:\windows\system32\drivers\VIRAGTLT.SYS
2008-11-08 21:20 . 2008-11-08 21:24 <DIR> d-------- c:\programmi\Spybot - Search & Destroy
2008-11-08 21:20 . 2008-11-08 21:46 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-11-08 21:04 . 2008-11-08 21:04 <DIR> d-------- c:\programmi\CCleaner
2008-11-08 20:34 . 2008-11-08 21:06 69 --a------ c:\windows\NeroDigital.ini
2008-11-08 18:20 . 2008-11-08 20:37 <DIR> d-------- c:\documents and settings\Leon\Dati applicazioni\Ahead
2008-11-08 18:19 . 2008-11-08 18:19 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Ahead
2008-11-08 18:15 . 2008-11-08 18:17 <DIR> d-------- c:\programmi\File comuni\Ahead
2008-11-08 18:15 . 2008-11-08 18:15 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Nero
2008-11-04 21:56 . 2008-11-08 14:35 <DIR> d-------- c:\programmi\AskTBar
2008-10-16 20:45 . 2008-08-14 14:42 2,184,064 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 20:45 . 2008-08-14 14:42 2,139,648 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 20:45 . 2008-08-14 14:42 2,061,440 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 20:45 . 2008-08-14 14:42 2,019,328 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 13:00 . 2004-08-03 22:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-10-16 12:41 . 2008-11-08 20:19 <DIR> d-------- c:\programmi\eMule
2008-10-13 21:54 . 2008-10-16 22:46 <DIR> d-------- c:\windows\system32\it-it
2008-10-13 21:26 . 2000-05-22 09:58 647,872 --------- c:\windows\system32\Mscomct2.ocx
2008-10-13 21:26 . 1999-10-11 02:00 41,984 --------- c:\windows\Ctregrun.exe
2008-10-13 21:04 . 2008-10-13 21:04 <DIR> d-------- c:\documents and settings\Leon\Dati applicazioni\Logitech
2008-10-13 21:03 . 2005-05-20 14:01 68,352 --a------ c:\windows\system32\drivers\LMOUKE.sys
2008-10-13 21:03 . 2005-05-20 14:00 54,528 --a------ c:\windows\system32\drivers\L8042MOU.SYS
2008-10-13 21:02 . 2008-10-13 21:02 <DIR> d-------- c:\programmi\Logitech
2008-10-13 21:02 . 2008-10-13 21:02 <DIR> d-------- c:\programmi\File comuni\Logitech
2008-10-13 21:02 . 2005-05-25 01:40 258,352 --a------ c:\windows\system32\unicows.dll
2008-10-13 21:02 . 2005-05-20 14:00 13,056 --a------ c:\windows\system32\drivers\L8042Kbd.sys
2008-10-13 20:55 . 2008-10-13 20:55 <DIR> d-------- c:\documents and settings\Leon\Bluetooth Software
2008-10-13 20:52 . 2008-10-13 20:52 <DIR> d-------- c:\programmi\WIDCOMM
2008-10-13 20:44 . 2008-10-20 20:46 13,758 --a------ c:\windows\EPISMI00.SWB
2008-10-13 20:35 . 2008-10-13 20:35 <DIR> d-------- c:\programmi\MSXML 4.0
2008-10-13 20:21 . 1996-02-02 08:25 133,392 --------- c:\windows\system32\MFCO30.DLL
2008-10-13 20:21 . 1994-12-05 23:23 57,328 --------- c:\windows\system32\OLE2CONV.DLL
2008-10-13 20:21 . 1994-01-10 14:00 14,933 --------- c:\windows\system32\VSHARE.386
2008-10-13 19:48 . 2007-07-30 18:19 271,224 --a------ c:\windows\system32\mucltui.dll
2008-10-13 19:48 . 2007-07-30 18:19 207,736 --a------ c:\windows\system32\muweb.dll
2008-10-13 19:48 . 2007-07-30 18:18 30,072 --a------ c:\windows\system32\mucltui.dll.mui
2008-10-12 18:16 . 2004-08-03 22:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-10-12 18:16 . 2004-08-03 22:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-10-12 18:15 . 2008-10-12 18:16 <DIR> d-------- c:\programmi\EPSON
2008-10-12 18:15 . 2008-10-12 18:15 <DIR> d-------- C:\EPSON
2008-10-12 18:15 . 2002-09-30 01:33 73,676 --a------ c:\windows\system32\EBPMON2.DLL
2008-10-12 18:15 . 2002-07-31 01:25 61,440 --a------ c:\windows\system32\ECBTEG.DLL
2008-10-12 18:15 . 2000-06-07 00:01 34,304 --a------ c:\windows\system32\EBPCHP.DLL
2008-10-12 18:15 . 2001-09-04 01:04 182 --a------ c:\windows\system32\EBPPORT.DAT
2008-10-12 18:10 . 2008-10-12 18:10 <DIR> d-------- c:\documents and settings\Leon\Dati applicazioni\InstallShield
2008-10-12 17:30 . 2008-10-12 17:30 <DIR> d-------- c:\programmi\Pirelli
2008-10-12 17:30 . 2004-10-05 17:41 52,864 --a------ c:\windows\system32\drivers\CnxTrUsb.sys
2008-10-12 17:30 . 2004-10-05 17:41 25,984 --a------ c:\windows\system32\drivers\CnxTrLan.sys
2008-10-12 17:29 . 2008-10-12 17:29 <DIR> d-------- c:\programmi\Telecom Italia
2008-10-12 17:29 . 2008-10-12 17:30 <DIR> d-------- c:\programmi\Alice ti aiuta
2008-10-12 17:08 . 2008-10-12 17:08 <DIR> d-------- c:\documents and settings\Leon\Dati applicazioni\Motive
2008-10-12 16:38 . 2008-10-12 16:38 <DIR> d-------- c:\documents and settings\Leon\Dati applicazioni\Media Player Classic
2008-10-12 16:38 . 2007-09-28 16:07 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2008-10-12 16:38 . 2007-07-25 13:24 1,559,040 --a------ c:\windows\system32\xvidcore.dll
2008-10-12 16:38 . 2007-09-28 16:05 739,840 --a------ c:\windows\system32\divx.dll
2008-10-12 16:38 . 2006-09-24 15:11 389,120 --a------ c:\windows\system32\lameACM.acm
2008-10-12 16:38 . 2007-03-10 11:51 282,624 --a------ c:\windows\system32\xvidvfw.dll
2008-10-12 16:38 . 2004-01-25 16:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2008-10-12 16:38 . 2007-09-04 16:56 164,352 --a------ c:\windows\system32\unrar.dll
2008-10-12 16:38 . 2007-09-21 00:52 118,784 --a------ c:\windows\system32\ac3acm.acm
2008-10-12 16:38 . 2007-09-28 16:05 81,920 --a------ c:\windows\system32\dpl100.dll
2008-10-12 16:38 . 2007-07-29 15:51 7,680 --a------ c:\windows\system32\ff_vfw.dll
2008-10-12 16:38 . 2007-07-10 16:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2008-10-12 16:38 . 2007-10-03 15:03 414 --a------ c:\windows\system32\lame_acm.xml
2008-10-12 16:37 . 2008-10-12 16:38 <DIR> d-------- c:\programmi\K-Lite Codec Pack
2008-10-12 16:16 . 2008-10-13 21:26 <DIR> d-------- c:\programmi\Creative
2008-10-12 16:16 . 1998-10-06 17:57 327,168 --a------ c:\windows\IsUn0410.exe
2008-10-12 15:38 . 2006-10-26 18:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-10-12 15:37 . 2008-10-12 15:37 <DIR> d-------- c:\programmi\MSBuild
2008-10-12 15:37 . 2008-10-12 15:37 <DIR> d-------- c:\programmi\Microsoft Works
2008-10-12 15:31 . 2008-10-12 15:36 <DIR> d-------- c:\windows\SHELLNEW
2008-10-12 15:30 . 2008-10-12 15:30 <DIR> dr-h----- C:\MSOCache
2008-10-12 15:30 . 2008-10-12 15:39 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-10-12 15:10 . 2008-10-12 15:10 <DIR> d-------- c:\programmi\Nero
2008-10-12 15:00 . 2008-10-12 15:00 <DIR> d-------- c:\documents and settings\Leon\Dati applicazioni\Corel
2008-10-12 14:58 . 2008-10-12 14:58 <DIR> d-------- c:\programmi\File comuni\Corel
2008-10-12 14:58 . 2008-10-12 14:58 <DIR> d-------- c:\programmi\Corel
2008-10-12 14:44 . 2006-08-01 14:02 49,152 --a------ c:\windows\system32\ChCfg.exe
2008-10-12 14:43 . 2008-10-12 14:43 <DIR> d-------- c:\programmi\Realtek AC97
2008-10-12 14:43 . 2006-11-17 04:40 18,804,736 --a------ c:\windows\system32\alsndmgr.cpl
2008-10-12 14:43 . 2006-12-08 14:20 10,528,768 --a------ c:\windows\system32\RTLCPL.exe
2008-10-12 14:43 . 2008-01-24 15:36 4,127,488 -ra------ c:\windows\system32\drivers\alcxwdm.sys
2008-10-12 14:43 . 2007-04-16 14:28 577,536 --a------ c:\windows\soundman.exe
2008-10-12 14:43 . 2006-07-31 10:19 315,392 --a------ c:\windows\alcupd.exe
2008-10-12 14:43 . 2006-07-31 10:27 217,088 --a------ c:\windows\Alcrmv.exe
2008-10-12 14:43 . 2006-10-18 01:53 147,456 --a------ c:\windows\system32\RtlCPAPI.dll
2008-10-12 14:43 . 2002-02-05 12:54 141,016 --a------ c:\windows\system32\alsndmgr.wav
2008-10-12 14:10 . 2004-08-03 23:39 142,464 --a------ c:\windows\system32\drivers\aec.sys
2008-10-12 14:10 . 2004-08-04 00:07 6,400 --a------ c:\windows\system32\drivers\splitter.sys
2008-10-12 14:09 . 2004-08-04 00:07 171,776 --a------ c:\windows\system32\drivers\kmixer.sys
2008-10-12 14:09 . 2004-08-04 00:15 82,944 --a------ c:\windows\system32\drivers\wdmaud.sys
2008-10-12 14:09 . 2004-08-04 00:15 60,800 --a------ c:\windows\system32\drivers\sysaudio.sys
2008-10-12 14:09 . 2004-08-19 16:24 58,240 --a------ c:\windows\system32\drivers\redbook.sys
2008-10-12 14:09 . 2001-08-17 23:00 54,272 --a------ c:\windows\system32\drivers\swmidi.sys
2008-10-12 14:09 . 2004-08-04 00:07 52,864 --a------ c:\windows\system32\drivers\DMusic.sys
2008-10-12 14:09 . 2004-08-03 23:58 7,552 --a------ c:\windows\system32\drivers\MSKSSRV.sys
2008-10-12 14:09 . 2004-08-03 23:58 5,376 --a------ c:\windows\system32\drivers\MSPCLOCK.sys
2008-10-12 14:09 . 2004-08-03 23:58 4,992 --a------ c:\windows\system32\drivers\MSPQM.sys
2008-10-12 14:09 . 2001-08-17 22:59 3,072 --a------ c:\windows\system32\drivers\audstub.sys
2008-10-12 14:09 . 2004-08-04 00:07 2,944 --a------ c:\windows\system32\drivers\drmkaud.sys
2008-10-12 14:06 . 2008-11-08 21:24 <DIR> d-------- c:\windows\system32\CatRoot2
2008-10-12 14:06 . 2008-10-12 14:06 <DIR> d--h----- c:\documents and settings\Default User\Risorse di stampa
2008-10-12 14:06 . 2008-10-12 14:06 <DIR> d--h----- c:\documents and settings\Default User\Risorse di rete
2008-10-12 14:06 . 2008-10-12 14:06 <DIR> d-------- c:\documents and settings\Default User\Preferiti
2008-10-12 14:06 . 2008-10-12 12:12 <DIR> d--h----- c:\documents and settings\Default User\Modelli
2008-10-12 14:06 . 2008-10-12 14:06 <DIR> dr------- c:\documents and settings\Default User\Menu Avvio
2008-10-12 14:06 . 2008-10-12 14:06 <DIR> dr-h----- c:\documents and settings\Default User\Impostazioni locali
2008-10-12 14:06 . 2008-10-12 14:06 <DIR> d-------- c:\documents and settings\Default User\Documenti
2008-10-12 14:06 . 2008-10-12 14:06 <DIR> dr-h----- c:\documents and settings\Default User\Dati applicazioni
2008-10-12 14:06 . 2008-10-12 14:06 <DIR> d-------- c:\documents and settings\All Users\Preferiti
2008-10-12 14:06 . 2008-10-12 14:06 <DIR> d--h----- c:\documents and settings\All Users\Modelli
2008-10-12 14:06 . 2008-10-13 20:54 <DIR> dr------- c:\documents and settings\All Users\Menu Avvio
2008-10-12 14:06 . 2008-10-12 12:14 <DIR> dr------- c:\documents and settings\All Users\Documenti
2008-10-12 14:06 . 2008-11-08 22:39 <DIR> dr-h----- c:\documents and settings\All Users\Dati applicazioni
2008-10-12 14:05 . 2008-10-12 12:17 <DIR> d--h----- c:\documents and settings\Default User
2008-10-12 14:05 . 2008-10-12 12:16 <DIR> d-------- c:\documents and settings\All Users
2008-10-12 14:05 . 2008-10-12 12:24 <DIR> d-------- C:\Documents and Settings
2008-10-12 14:04 . 2008-10-12 12:20 261 --a------ c:\windows\system32\$winnt$.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-13 20:26 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-10-12 16:29 --------- d-----w c:\programmi\Motive
2008-10-12 14:27 --------- d-----w c:\programmi\Google
2008-10-12 13:58 --------- d-----w c:\programmi\File comuni\InstallShield
2008-10-12 12:59 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WinZip
2008-10-12 12:12 --------- d-----w c:\programmi\Alwil Software
2008-10-12 11:29 155,995 ----a-w c:\windows\java\Packages\XZXV7JN9.ZIP
2008-10-12 11:29 --------- d-----w c:\programmi\Common Files
2008-10-12 11:17 --------- d-----w c:\programmi\microsoft frontpage
2008-10-12 11:15 --------- d-----w c:\programmi\Servizi in linea
2008-09-15 15:38 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-08-26 07:57 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 13:42 2,184,064 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:42 2,061,440 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-10-12 171448]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"CorelDRAW Graphics Suite 11b"="c:\programmi\Corel\Corel Graphics 12\Languages\IT\Programs\Registration.exe" [2003-11-28 733184]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-10-12 212992]
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2005-05-31 577597]
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2008-10-13 450560]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2008-09-08 525664]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\eMule\\emule.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 V0090VID;Creative WebCam Vista Plus;c:\windows\system32\DRIVERS\V0090Vid.sys [2005-04-14 138112]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{507e30e8-9b77-11dd-a593-000272cbac04}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe wa6.vbs

*Newly Created Service* - PROCEXP90
.
.
------- Supplementare di scansione -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 12:20:11
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-11-09 12.21.39
ComboFix-quarantined-files.txt 2008-11-09 11:20:52

Pre-Run: 30.823.677.952 byte disponibili
Post-Run: 30,816,059,392 byte disponibili

214 --- E O F --- 2008-10-25 20:39:46



E questo il log di hijack tis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.28.40, on 09/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\Programmi\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programmi\Corel\Corel Graphics 12\Languages\IT\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=102708 serial=dr12wex-1504397-kty lang=IT
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7CFDFC0-ACF8-49B9-A637-77B728770E2C}: NameServer = 85.37.17.11 85.38.28.69
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe

--
End of file - 6813 bytes
Torna in alto
 
r16
Inviato: Sunday, November 09, 2008 5:38:36 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao
Disistalla SpyBot completamente (compreso il Tea Timer).
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Riavvia il pc.
Reistalla SpyBot, seguendo BENE questa guida:
http://www.aiutaamici.com/software?ID=10831
Ti sarà indicato come NON attivare il Tea Timer.
Poi:
Se non sai "fixare"le voci,segui questa guida dettagliata: http://www.aiutaamici.com/software?ID=11175
Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked:
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE

Prova a fare una scansione on-line con con kaspersky


http://www.kaspersky.com/virusscanner

Clicca su Kaspersky Online Scanner
Clicca su Accept
Si avvierà un Update
Vai nella colonna di sinistra dove c'è scritto Scan e scegli my computer
Finita la scansione in fondo a destra, clicca sulla la voce View Scan Report, e poi clicca su "Save Report As" e salvalo sul desktop, e postalo qui.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » HO UN VIRUS??


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.