Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Blocco di Malwarebytes' Anti-Malware

Blocco di Malwarebytes' Anti-Malware Opzioni
Topic Precedente · Topic Sucessivo
giovanitasca
Inviato: Friday, February 26, 2010 6:29:55 PM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
C'è qualcosa che non va (lentezza, comportamenti strani...) IL programma Malwarebytes' Anti-Malware si blocca dopo uan diecina di secondi e non và più avanti. (Ho provato anche a disinstallarlo e reinstallarlo, ma niente.
Perchè?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.14.07, on 26/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\Programmi\Internet Explorer\iexplore.exe
G:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [butipivisi] Rundll32.exe "C:\WINDOWS\system32\kewowupa.dll",s (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiche di Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {15CAC53B-5F45-4D70-BE98-386E6F3B3328} (MedstWeb Control) - http://192.168.0.200:8085/resources/medweb/MedstWWW.cab
O16 - DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} (Entire Screen Builder Web Viewer) - http://193.205.23.35/vblu/NWWClientFull.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {601B418B-E6A6-47FC-A094-07248741CEB3} (Camtronics Medical Systems Web Viewer) - file:///D:/vwr_data/WebVwr.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225388235067&h=4089f1d284e93945d0eeb3ceca799f9e/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aoumberto.local
O17 - HKLM\Software\..\Telephony: DomainName = aoumberto.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6EED09A-3F29-4747-9A80-2502EC4ED114}: NameServer = 151.99.125.2,151.99.250.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aoumberto.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = aoumberto.local
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Programmi\UltraVNC\WinVNC.exe
O24 - Desktop Component 0: (no name) - http://www.usl11.toscana.it/sviluppo/portalenw/immagini/Ingresso%20nuova%20sede.jpg
O24 - Desktop Component 1: (no name) - http://webmaildomini.aruba.it/nwimg/mail/surge/item.js
O24 - Desktop Component 2: (no name) - http://www.budgetplaces.com/add-ons/currencyconverter/currencyfunctions.js

--
End of file - 9410 bytes
Torna in alto
 
Sponsor
Inviato: Friday, February 26, 2010 6:29:55 PM

 
Torna in alto
 
shapiro
Inviato: Friday, February 26, 2010 7:26:11 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

la lentezza potrebbe dipendere da un trojan nel pc, questo

O4 - HKUS\S-1-5-19\..\Run: [butipivisi] Rundll32.exe "C:\WINDOWS\system32\kewowupa.dll",s (User 'SERVIZIO LOCALE')


fixa quella riga con hijackthis e prova a lanciare nuovamente MALWAREBYTES

se non dovesse partire, prova ad eseguire questo programma
Torna in alto
 
giovanitasca
Inviato: Saturday, February 27, 2010 8:58:27 AM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
Ho fatto quanto detto, ma il programma continua a bloccarsi dopo 8 - 10 secondi
Ecco il nuovo Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8.46.55, on 27/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Malwarebytes' Anti-Malware\750084554750.exe
G:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiche di Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {15CAC53B-5F45-4D70-BE98-386E6F3B3328} (MedstWeb Control) - http://192.168.0.200:8085/resources/medweb/MedstWWW.cab
O16 - DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} (Entire Screen Builder Web Viewer) - http://193.205.23.35/vblu/NWWClientFull.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {601B418B-E6A6-47FC-A094-07248741CEB3} (Camtronics Medical Systems Web Viewer) - file:///D:/vwr_data/WebVwr.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225388235067&h=4089f1d284e93945d0eeb3ceca799f9e/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aoumberto.local
O17 - HKLM\Software\..\Telephony: DomainName = aoumberto.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6EED09A-3F29-4747-9A80-2502EC4ED114}: NameServer = 151.99.125.2,151.99.250.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aoumberto.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = aoumberto.local
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Programmi\UltraVNC\WinVNC.exe
O24 - Desktop Component 0: (no name) - http://www.usl11.toscana.it/sviluppo/portalenw/immagini/Ingresso%20nuova%20sede.jpg
O24 - Desktop Component 1: (no name) - http://webmaildomini.aruba.it/nwimg/mail/surge/item.js
O24 - Desktop Component 2: (no name) - http://www.budgetplaces.com/add-ons/currencyconverter/currencyfunctions.js

--
End of file - 9351 bytes
Torna in alto
 
shapiro
Inviato: Saturday, February 27, 2010 10:12:35 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
dovresti reinstallare hijackthis e metterlo in programmi o documenti se vuoi salvare i backup

scarica hijackthis da QUI

fai pulizia con ccleaner



durante l’installazione deseleziona l’opzione per la barra di Yahoo, lo apri, vai in Opzioni>Avanzate, togli la spunta a “Cancella file temp diwindows solo se più vecchi di 48 ore”, poi avvialo, seleziona "Analizza" ed alla fine dell'analisi premi "Avvia pulizia''


clicca su Registro, nella pagina successiva clicca Trova problemi, poi al termine dello scan clicca su Ripara selezionati , risposndi di sì alla richiesta di salvare il backup (salvalo in una cartella a piacimento) poi ripara tutti gli elementi trovati.

scarica atf cleaner

non ha bisogno di installazione

Avvia ATFCleaner.exe con un doppio click

1) seleziona la casella Select All
2) clicca sul pulsante Empty selected
3) aspetta l'avviso Done Cleaning
(se usi opera o firefox,spunta anche le loro sezioni)


disattiva l'antivirus


disconnetiti da internet

fai una scansione con combofix

esegui ComboFix.exe
- digita 1
- segui le instruzioni
- finita la scansione portati in C:\ e copia/incolla, nella tua prossima risposta, il contenuto del file di testo Combofix.txt
Torna in alto
 
giovanitasca
Inviato: Saturday, February 27, 2010 11:03:01 AM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
Ho fatto tutto quanto detto sopra. Solo che il Combofix è partito automaticamente e non mi ha chiesto nessuna opzione e alla fine mi ha posto sullo schermo un file txt che allego.
Ho allegato anche un nuovo Log di HijackThis dopo averlo installato come da indicazioni:

ComboFix 10-02-26.02 - Ortopedia 27/02/2010 10.38.25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.895.607 [GMT 1:00]
Eseguito da: c:\documents and settings\Ortopedia\Documenti\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ortopedia\Impostazioni locali\Dati applicazioni\oagke.dat
c:\documents and settings\Ortopedia\Impostazioni locali\Dati applicazioni\oagke_nav.dat
c:\documents and settings\Ortopedia\Impostazioni locali\Dati applicazioni\oagke_navps.dat
c:\documents and settings\Ortopedia\Impostazioni locali\Dati applicazioni\uqeeu.dat
c:\documents and settings\Ortopedia\Impostazioni locali\Dati applicazioni\uqeeu_nav.dat
c:\documents and settings\Ortopedia\Impostazioni locali\Dati applicazioni\uqeeu_navps.dat
c:\windows\system32\adefosis.ini
c:\windows\system32\afoyolad.ini
c:\windows\system32\efujotos.ini
c:\windows\system32\igeyimot.ini
c:\windows\system32\ipayekeh.ini
c:\windows\system32\ipemetut.ini
c:\windows\system32\jajagije.exe
c:\windows\system32\ojuvuvif.ini
c:\windows\system32\Process.exe
c:\windows\system32\ugojogut.ini
c:\windows\system32\uhadekip.ini
c:\windows\system32\unegijob.ini
c:\windows\system32\usidudej.ini
c:\windows\system32\utigejoj.ini
c:\windows\system32\wazipiki.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-01-27 al 2010-02-27 )))))))))))))))))))))))))))))))))))
.

2010-02-27 09:33 . 2010-02-27 09:33 -------- d-----w- c:\programmi\Trend Micro
2010-02-26 17:09 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-26 17:08 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-26 17:08 . 2010-02-27 07:53 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-15 16:30 . 2010-02-15 16:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2010-02-15 16:29 . 2010-02-15 16:30 -------- d-----w- c:\programmi\CCleaner
2010-02-13 11:17 . 2010-02-13 11:17 -------- d-----w- c:\programmi\ScarabeoDigital

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 09:35 . 2009-06-11 09:03 -------- d-----w- c:\documents and settings\Ortopedia\Dati applicazioni\uTorrent
2010-02-27 07:51 . 2008-10-20 12:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2010-02-27 07:50 . 2008-10-20 12:58 747872 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-02-27 07:50 . 2008-10-20 12:58 688160 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-02-27 07:50 . 2008-10-20 12:58 53864 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-02-27 07:50 . 2008-10-20 12:58 56419360 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-02-16 09:57 . 2008-04-14 12:00 69790 ----a-w- c:\windows\system32\perfc010.dat
2010-02-16 09:57 . 2008-04-14 12:00 437644 ----a-w- c:\windows\system32\perfh010.dat
2010-02-15 16:30 . 2009-02-15 10:34 -------- d-----w- c:\programmi\Yahoo!
2010-01-19 18:17 . 2009-06-30 08:22 -------- d-----w- c:\documents and settings\Ortopedia\Dati applicazioni\dvdcss
2010-01-08 12:34 . 2009-11-30 17:36 -------- d-----w- c:\programmi\File comuni\Adobe AIR
2010-01-08 12:34 . 2009-11-30 17:36 38784 ----a-w- c:\documents and settings\Ortopedia\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-08 12:34 . 2009-11-30 17:36 38784 ----a-w- c:\documents and settings\Default User\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-08 07:58 . 2009-03-21 18:53 -------- d-----w- c:\programmi\eMule
2009-01-22 07:06 . 2009-01-22 07:05 120 --sh--w- c:\windows\system32\ikudurey.tmp
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-15 39408]
"uTorrent"="c:\programmi\uTorrent\uTorrent.exe" [2009-06-11 272176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-31 16116224]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"VTTimer"="VTTimer.exe" [2006-08-03 53248]
"S3Trayp"="S3trayp.exe" [2006-07-11 176128]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"EPSON Stylus C62 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-04-10 74240]
"WinVNC"="c:\programmi\UltraVNC\WinVNC.exe" [2006-06-18 712704]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-10-30 136600]
"TrueImageMonitor.exe"="c:\programmi\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-11-21 4371440]
"AcronisTimounterMonitor"="c:\programmi\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-11-21 961208]
"Acronis Scheduler2 Service"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2008-11-21 165144]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\UltraVNC\\winvnc.exe"=
"c:\\Programmi\\UltraVNC\\vncviewer.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiapsrv.exe"=
"c:\\Programmi\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0 for Windows Workstations\\avp.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Programmi\\File comuni\\EPSON\\EBAPI\\SAgent2.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:@xpsp2res.dll,-22002

R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\drivers\tdrpm147.sys [15/02/2009 11.30.13 971584]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [21/10/2008 8.59.24 6016]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/05/2007 16.49.06 24344]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [26/02/2010 18.09.02 38224]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [11/09/2008 9.16.53 659456]
S0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys --> c:\windows\system32\drivers\pxscan.sys [?]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - MBAMSWISSARMY

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {C6EED09A-3F29-4747-9A80-2502EC4ED114} = 151.99.125.2,151.99.250.2
DPF: {15CAC53B-5F45-4D70-BE98-386E6F3B3328} - hxxp://192.168.0.200:8085/resources/medweb/MedstWWW.cab
DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} - hxxp://193.205.23.35/vblu/NWWClientFull.cab
DPF: {601B418B-E6A6-47FC-A094-07248741CEB3} - file:///D:/vwr_data/WebVwr.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game09.zylom.com/activex/zylomgamesplayer.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-mIRC - f:\mirc giuseppe giarmana\mirc.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-27 10:40
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1152)
c:\windows\system32\klogon.dll
.
Ora fine scansione: 2010-02-27 10:41:50
ComboFix-quarantined-files.txt 2010-02-27 09:41

Pre-Run: 40.508.559.360 byte disponibili
Post-Run: 40.459.612.160 byte disponibili

- - End Of File - - 1DC979F2DDE4BD2636DFA5D2F5DD53BB




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.47.36, on 27/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiche di Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {15CAC53B-5F45-4D70-BE98-386E6F3B3328} (MedstWeb Control) - http://192.168.0.200:8085/resources/medweb/MedstWWW.cab
O16 - DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} (Entire Screen Builder Web Viewer) - http://193.205.23.35/vblu/NWWClientFull.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {601B418B-E6A6-47FC-A094-07248741CEB3} (Camtronics Medical Systems Web Viewer) - file:///D:/vwr_data/WebVwr.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225388235067&h=4089f1d284e93945d0eeb3ceca799f9e/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aoumberto.local
O17 - HKLM\Software\..\Telephony: DomainName = aoumberto.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6EED09A-3F29-4747-9A80-2502EC4ED114}: NameServer = 151.99.125.2,151.99.250.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aoumberto.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = aoumberto.local
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Programmi\UltraVNC\WinVNC.exe
O24 - Desktop Component 0: (no name) - http://www.usl11.toscana.it/sviluppo/portalenw/immagini/Ingresso%20nuova%20sede.jpg
O24 - Desktop Component 1: (no name) - http://webmaildomini.aruba.it/nwimg/mail/surge/item.js
O24 - Desktop Component 2: (no name) - http://www.budgetplaces.com/add-ons/currencyconverter/currencyfunctions.js

--
End of file - 9140 bytes
Torna in alto
 
shapiro
Inviato: Saturday, February 27, 2010 11:41:09 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
col ''cerca'' di windows trova questi eseguibili, nel log di combofix non sono presenti, non vorrei fossero da qualche parte

oagke.exe

uqeeu.exe

se li vedi, eliminali


abilita la visualizzazione dei file nascosti (apri una cartella qualsiasi, vai su Strumenti--> Opzioni cartella--> Visualizzazione e spunta Visualizza file e cartelle nascosti

segui questo percorso ed elimina il file segnato in rosso

c:\windows\system32\ikudurey.tmp

prova a far ripartire malwarebytes

se tutto va bene fai una scansione completa dopo averlo aggiornato
Torna in alto
 
giovanitasca
Inviato: Saturday, February 27, 2010 6:36:22 PM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
Ho fatto quanto dici:

- Il file oagke.exe lo trova ma non dà la possibilità di eliminarlo (tra le opzioni tasto destro non c'è elimina nè tantomeno si fa trascinare nel cestino.

- Il file uqeeu.exe non viene trovato


- Il file c:\windows\system32\ikudurey.tmp non viene trovato
Torna in alto
 
paolopa
Inviato: Saturday, February 27, 2010 7:07:27 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
prova cosi':malwarebytes,lo apri,clicchi su "altri strumenti",file assassin,e gli dai il percorso del file.
Torna in alto
 
shapiro
Inviato: Saturday, February 27, 2010 7:41:15 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
-
Commenta:
Il file oagke.exe lo trova ma non dà la possibilità di eliminarlo


mi dai il percorso esatto del file?
Torna in alto
 
giovanitasca
Inviato: Sunday, February 28, 2010 10:24:01 AM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
SI trova in Dati applicazioni
Torna in alto
 
shapiro
Inviato: Sunday, February 28, 2010 11:15:30 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
con la visualizzazione dei file nascosti (come prima) segui il percorso ed eliminalo - se non riesci prova da modalita' provvisoria

fai pulizia con ccleaner

questo sito lo conosci?

http://game09.zylom.com

controlla in hjt le chiavi 016 ed elimina quelle riferite agli indirizzi sconosciuti

vai QUI e analizza questo file

c:\windows\system32\drivers\pxscan.sys

prevx lo da cosi' ma non sempre e' attendibile

l'unita' F e' una chiavetta? analizzala col tuo antivirus

poi scarica ninja e inserisci la chiavetta - se rileva l'infezione la elimina subito

in questa pagina trovi delle indicazioni su ninja

hai provato se malwarebytes parte?
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Blocco di Malwarebytes' Anti-Malware


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.