Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllo log Hijack

2 pages: [1] 2
controllo log Hijack Opzioni
Topic Precedente · Topic Sucessivo
ciccillo
Inviato: Sunday, January 25, 2009 6:08:55 PM
Rank: Member

Iscritto dal : 1/25/2009
Posts: 17
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.57.01, on 25/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\IZArc\IZArc.exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\ARC480\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66022
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66022
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66022
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66022
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programmi\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: MyPlayCity Toolbar - {4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC} - C:\Programmi\MyPlayCity\tbMyPl.dll
O2 - BHO: Poly HTML Filter BHO - {0140DF95-9128-4053-AE72-F43F0CFCA062} - C:\WINDOWS\system32\SiKernel.dll (file missing)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programmi\Winamp Toolbar\winamptb.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Programmi\MyPlayCity\tbMyPl.dll
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Programmi\jZip\WebmailPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programmi\Free Download Manager\iefdm2.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Programmi\MyPlayCity\tbMyPl.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programmi\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\E_S1E.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ciqussk] "c:\documents and settings\administrator\impostazioni locali\dati applicazioni\ciqussk.exe" ciqussk
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Utilità controllo supporti di Picture Motion Browser.lnk = C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con Free Download Manager - file://C:\Programmi\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208884194531
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F465FA73-5A30-48EE-9420-BF9FD890883C}: NameServer = 192.168.1.1
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe

--
End of file - 9677 bytes
Torna in alto
 
Sponsor
Inviato: Sunday, January 25, 2009 6:08:55 PM

 
Torna in alto
 
r16
Inviato: Sunday, January 25, 2009 6:14:19 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.malwarebytes.org/
Prima di fare la scansione AGGIORNALO.
Esegui una scansione completa del sistema e, una volta terminata la scansione,assicurati che tutti i files evidenziati, siano selezionati, e clicca Rimuovi Selezionati
Posta il log.
*********************************************************************************************************
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, digita (oppure, copia ed incolla) questo comando: Combofix /u e premi invio poi cancella le cartelle in "C" di combofix (qoobox)
Posta poi un nuovo log di HJT.
Torna in alto
 
ciccillo
Inviato: Tuesday, January 27, 2009 12:51:06 AM
Rank: Member

Iscritto dal : 1/25/2009
Posts: 17
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 13
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\mssar32.saras (Trojan.Dialer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mssar32.saras.1 (Trojan.Dialer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6a44d8a-c6f2-4ec8-b70d-7a87a514ce25} (Trojan.Dialer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\2b2a8719f0d73b540683675697e40b6f8c7c9a8c (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\394ad7ced9b99836082bdf9b59df73c2633b248e (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\93eb9fd3ea40f221e990e3e71343e6d47d3fa0c0 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\c48d3b9bca9b3a5a04bc26f729ee0c6e389dde2e (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\ecdfb50751ae333aaa4ea5fd47308faa685e8ffe (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\2c5eceb3d45147eb99fa51120e7c7adebe213de6 (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\a6a50b0ebf885a7dd4fb6927f1388592138fffe6 (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
Torna in alto
 
ciccillo
Inviato: Tuesday, January 27, 2009 10:59:59 PM
Rank: Member

Iscritto dal : 1/25/2009
Posts: 17
ComboFix 09-01-21.04 - Administrator 2009-01-27 22.36.48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1014.604 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Sistema Antivirus NOD32 2.70 *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\ciqussk.dat
c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\ciqussk_nav.dat
c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\ciqussk_navps.dat
c:\documents and settings\All Users\Menu Avvio\Programmi\InternetGameBox
c:\documents and settings\All Users\Menu Avvio\Programmi\InternetGameBox\InternetGameBox.lnk

.
((((((((((((((((((((((((( Files Creati Da 2008-12-27 al 2009-01-27 )))))))))))))))))))))))))))))))))))
.

2009-01-26 22:51 . 2009-01-26 22:51 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-01-26 22:51 . 2009-01-26 22:51 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-01-26 22:51 . 2009-01-26 22:51 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2009-01-26 22:51 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-26 22:51 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-25 17:00 . 2009-01-25 17:00 <DIR> d-------- c:\programmi\CCleaner
2009-01-25 13:11 . 2009-01-25 13:11 <DIR> d-------- c:\programmi\ABBYY FineReader 6.0 Sprint
2009-01-25 13:10 . 2009-01-25 13:10 <DIR> d-------- c:\windows\system32\Lang
2009-01-25 13:10 . 2009-01-25 13:10 <DIR> d-------- c:\programmi\Realtek
2009-01-25 13:10 . 2009-01-25 13:10 <DIR> d-------- c:\programmi\MyPlayCity
2009-01-25 13:10 . 2009-01-25 13:10 <DIR> d-------- c:\programmi\jZip
2009-01-25 13:10 . 2009-01-25 13:10 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\InstallShield
2009-01-25 02:37 . 2009-01-25 17:04 <DIR> d-------- c:\programmi\Spybot - Search & Destroy
2009-01-25 02:37 . 2009-01-25 17:05 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-01-25 02:33 . 2009-01-25 14:43 <DIR> d-------- c:\programmi\ClamWin
2009-01-25 02:33 . 2009-01-25 14:43 <DIR> d-------- c:\documents and settings\All Users\.clamwin
2009-01-25 02:33 . 2009-01-25 02:34 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\.clamwin
2009-01-25 01:45 . 2009-01-25 01:45 <DIR> d-------- c:\programmi\Trend Micro
2009-01-21 23:46 . 2009-01-21 23:46 <DIR> d-------- c:\programmi\Java
2009-01-21 23:46 . 2009-01-21 23:46 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-21 23:46 . 2009-01-21 23:46 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-20 21:36 . 2009-01-20 21:36 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-01-20 21:35 . 2009-01-20 21:35 <DIR> d-------- c:\programmi\SUPERAntiSpyware
2009-01-20 21:35 . 2009-01-20 21:35 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com
2009-01-20 21:15 . 2009-01-20 21:15 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2009-01-20 14:43 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-01-20 14:41 . 2009-01-25 03:04 <DIR> d-------- c:\programmi\Panda Security
2009-01-20 01:13 . 2009-01-20 23:44 <DIR> d-a------ c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-01-20 01:12 . 2009-01-20 01:12 <DIR> d-------- c:\programmi\SoftInform
2009-01-20 01:12 . 2009-01-20 01:12 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\SoftInform
2009-01-20 01:12 . 2009-01-23 22:25 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\dvdcss
2009-01-18 18:12 . 2009-01-20 01:13 <DIR> d-------- c:\programmi\Winamp Remote
2009-01-18 18:12 . 2009-01-20 01:13 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\OrbNetworks
2009-01-18 18:09 . 2009-01-20 01:13 <DIR> d-------- c:\programmi\Winamp
2009-01-18 18:09 . 2009-01-20 01:13 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Winamp
2009-01-18 13:22 . 2009-01-20 01:11 <DIR> d-------- c:\programmi\IZArc
2009-01-18 01:34 . 2009-01-26 22:19 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\vlc
2009-01-17 15:29 . 2009-01-20 01:12 <DIR> d-------- c:\programmi\Winamp Toolbar
2009-01-17 15:29 . 2009-01-17 15:29 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Winamp Toolbar
2009-01-17 15:27 . 2007-03-08 00:51 129,784 --------- c:\windows\system32\pxafs.dll
2009-01-16 21:20 . 2009-01-16 21:20 0 --a------ c:\windows\nsreg.dat
2009-01-06 01:52 . 2009-01-06 02:19 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\ImgBurn
2009-01-06 01:16 . 2009-01-06 14:45 <DIR> d-------- c:\programmi\ImgBurn
2008-12-27 15:16 . 2008-12-27 15:17 <DIR> d-------- c:\windows\system32\NtmsData
2008-12-27 15:09 . 2008-12-27 15:20 <DIR> d-------- c:\programmi\Crawler

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-27 21:39 --------- d-----w c:\programmi\Packard Bell Data Secure
2009-01-27 21:33 --------- d-----w c:\programmi\ESET
2009-01-27 21:24 --------- d-----w c:\programmi\eMule
2009-01-25 12:42 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Any Video Converter
2009-01-25 12:00 --------- d-----w c:\programmi\Conduit
2009-01-25 02:07 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-25 02:07 --------- d-----w c:\programmi\epson
2009-01-25 01:56 --------- d-----w c:\programmi\MyPlayCity.com
2009-01-25 01:54 --------- d-----w c:\programmi\CONEXANT
2009-01-20 23:02 --------- d-----w c:\programmi\Any Video Converter
2009-01-20 00:11 --------- d-----w c:\programmi\Spyware Terminator
2009-01-20 00:11 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Spyware Terminator
2009-01-19 23:30 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\programmi\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\programmi\MyPlayCity\tbMyPl.dll" [2008-03-04 1470488]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2008-03-04 12:44 1470488 --a------ c:\programmi\MyPlayCity\tbMyPl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\programmi\MyPlayCity\tbMyPl.dll" [2008-03-04 1470488]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\programmi\MyPlayCity\tbMyPl.dll" [2008-03-04 1470488]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
"Packard Bell Data Secure"="c:\programmi\Packard Bell Data Secure\PBDataSecure.exe" [2006-06-20 2361856]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"PcSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2008-04-11 949376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-01-21 136600]
"ClamWin"="c:\programmi\ClamWin\bin\ClamTray.exe" [2008-11-09 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
Utilit… controllo supporti di Picture Motion Browser.lnk - c:\programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-09-27 344064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\eMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"34509:TCP"= 34509:TCP:ww
"35307:UDP"= 35307:UDP:udp

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-20 28544]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-04-11 15424]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6205ee6a-07a9-11dd-a333-ca1cc0d2ee91}]
\Shell\AutoRun\command - F:\nideiect.com
\Shell\explore\Command - F:\nideiect.com
\Shell\open\Command - F:\nideiect.com
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-ciqussk - c:\documents and settings\administrator\impostazioni locali\dati applicazioni\ciqussk.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: &Winamp Search - c:\documents and settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Scarica con Free Download Manager - file://c:\programmi\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\programmi\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\programmi\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://c:\programmi\Free Download Manager\dlall.htm
LSP: c:\windows\system32\imon.dll
TCP: {F465FA73-5A30-48EE-9420-BF9FD890883C} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\th3nhdpo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-27 22:41:18
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(972)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\igfxsrvc.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\progra~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
c:\programmi\File comuni\EPSON\EBAPI\SAgent2.exe
c:\documents and settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\ESET\nod32krn.exe
c:\programmi\Spyware Terminator\sp_rsser.exe
c:\programmi\File comuni\PCSuite\Services\ServiceLayer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-01-27 22:43:15 - Il pc è stato riavviato [Administrator]
ComboFix-quarantined-files.txt 2009-01-27 21:43:13

Pre-Run: 16.572.628.992 byte disponibili
Post-Run: 16,535,453,696 byte disponibili

204
Torna in alto
 
r16
Inviato: Tuesday, January 27, 2009 11:16:02 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Hai una chiavetta o HD esterno infettata\o.
Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe\ Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6205ee6a-07a9-11dd-a333-ca1cc0d2ee91}]

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
*********************************************************************************************************

Bisogna disattivare momentaneamente il riconoscimento automatico delle periferiche USB;
serve il programma TweakUI scaricabile in questa pagina (lo trovi sulla destra verso metà pagina) e installalo:
http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx
Una volta installato, eseguilo e procedi con questi passaggi:

clicca sul simbolo + la sezione My Computer
clicca sul simbolo [+] la sottosezione Autoplay
Spostati in Types
Togli il segno di spunta a Enable Autoplay for removable drives
Clicca su Apply
Chiudi TweakUI


Da questo momento tutti gli apparati USB smetteranno di avviarsi automaticamente.
Inserisci le tue chiavette e fai una scansione delle stesse, con il tuo antivirus.
Quando sei sicuro che tutto è a posto, puoi riabilitare l'avvio automatico, rifacendo lo stesso percorso che ti ho indicato.

Avevo chiesto anche un log aggiornato di HijackThis
Torna in alto
 
ciccillo
Inviato: Tuesday, January 27, 2009 11:23:32 PM
Rank: Member

Iscritto dal : 1/25/2009
Posts: 17
Grazie per la disponibilità eccoti il log di HJT


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.22.21, on 27/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\PROGRA~1\IZArc\IZArc.exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\ARC5D\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66022
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66022
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programmi\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: MyPlayCity Toolbar - {4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC} - C:\Programmi\MyPlayCity\tbMyPl.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programmi\Winamp Toolbar\winamptb.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Programmi\MyPlayCity\tbMyPl.dll
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Programmi\jZip\WebmailPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programmi\Free Download Manager\iefdm2.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Programmi\MyPlayCity\tbMyPl.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programmi\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Utilità controllo supporti di Picture Motion Browser.lnk = C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con Free Download Manager - file://C:\Programmi\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208884194531
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F465FA73-5A30-48EE-9420-BF9FD890883C}: NameServer = 192.168.1.1
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe

--
End of file - 8881 bytes
Torna in alto
 
r16
Inviato: Tuesday, January 27, 2009 11:32:59 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121
Avvia in modalità provvisoria http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80122
Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programmi\Free Download Manager\iefdm2.dll (file missing)
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Riavvia il pc.
*********************************************************************************************************
Fai una scansione on-line con con kaspersky


http://www.kaspersky.com/virusscanner

Clicca su Kaspersky Online Scanner
Clicca su Accept
Si avvierà un Update
Vai nella colonna di sinistra dove c'è scritto Scan e scegli my computer
Finita la scansione in fondo a destra, clicca sulla la voce View Scan Report, e poi clicca su "Save Report As" e salvalo sul desktop, per poi postarlo qui.
Esegui prima le operazione che ho descritto nel post precedente.
Torna in alto
 
ciccillo
Inviato: Tuesday, January 27, 2009 11:35:31 PM
Rank: Member

Iscritto dal : 1/25/2009
Posts: 17
ComboFix 09-01-21.04 - Administrator 2009-01-27 23.31.40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1014.424 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Sistema Antivirus NOD32 2.70 *On-access scanning enabled* (Updated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2008-12-27 al 2009-01-27 )))))))))))))))))))))))))))))))))))
.

2009-01-26 22:51 . 2009-01-26 22:51 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-01-26 22:51 . 2009-01-26 22:51 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-01-26 22:51 . 2009-01-26 22:51 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2009-01-26 22:51 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-26 22:51 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-25 17:00 . 2009-01-25 17:00 <DIR> d-------- c:\programmi\CCleaner
2009-01-25 13:11 . 2009-01-25 13:11 <DIR> d-------- c:\programmi\ABBYY FineReader 6.0 Sprint
2009-01-25 13:10 . 2009-01-25 13:10 <DIR> d-------- c:\windows\system32\Lang
2009-01-25 13:10 . 2009-01-25 13:10 <DIR> d-------- c:\programmi\Realtek
2009-01-25 13:10 . 2009-01-25 13:10 <DIR> d-------- c:\programmi\MyPlayCity
2009-01-25 13:10 . 2009-01-25 13:10 <DIR> d-------- c:\programmi\jZip
2009-01-25 13:10 . 2009-01-25 13:10 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\InstallShield
2009-01-25 02:37 . 2009-01-25 17:04 <DIR> d-------- c:\programmi\Spybot - Search & Destroy
2009-01-25 02:37 . 2009-01-25 17:05 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-01-25 02:33 . 2009-01-25 14:43 <DIR> d-------- c:\programmi\ClamWin
2009-01-25 02:33 . 2009-01-25 14:43 <DIR> d-------- c:\documents and settings\All Users\.clamwin
2009-01-25 02:33 . 2009-01-25 02:34 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\.clamwin
2009-01-25 01:45 . 2009-01-25 01:45 <DIR> d-------- c:\programmi\Trend Micro
2009-01-21 23:46 . 2009-01-21 23:46 <DIR> d-------- c:\programmi\Java
2009-01-21 23:46 . 2009-01-21 23:46 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-21 23:46 . 2009-01-21 23:46 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-20 21:36 . 2009-01-20 21:36 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-01-20 21:35 . 2009-01-20 21:35 <DIR> d-------- c:\programmi\SUPERAntiSpyware
2009-01-20 21:35 . 2009-01-20 21:35 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com
2009-01-20 21:15 . 2009-01-20 21:15 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2009-01-20 14:43 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-01-20 14:41 . 2009-01-25 03:04 <DIR> d-------- c:\programmi\Panda Security
2009-01-20 01:13 . 2009-01-20 23:44 <DIR> d-a------ c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-01-20 01:12 . 2009-01-20 01:12 <DIR> d-------- c:\programmi\SoftInform
2009-01-20 01:12 . 2009-01-20 01:12 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\SoftInform
2009-01-20 01:12 . 2009-01-23 22:25 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\dvdcss
2009-01-18 18:12 . 2009-01-20 01:13 <DIR> d-------- c:\programmi\Winamp Remote
2009-01-18 18:12 . 2009-01-20 01:13 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\OrbNetworks
2009-01-18 18:09 . 2009-01-20 01:13 <DIR> d-------- c:\programmi\Winamp
2009-01-18 18:09 . 2009-01-20 01:13 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Winamp
2009-01-18 13:22 . 2009-01-20 01:11 <DIR> d-------- c:\programmi\IZArc
2009-01-18 01:34 . 2009-01-26 22:19 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\vlc
2009-01-17 15:29 . 2009-01-20 01:12 <DIR> d-------- c:\programmi\Winamp Toolbar
2009-01-17 15:29 . 2009-01-17 15:29 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Winamp Toolbar
2009-01-17 15:27 . 2007-03-08 00:51 129,784 --------- c:\windows\system32\pxafs.dll
2009-01-16 21:20 . 2009-01-16 21:20 0 --a------ c:\windows\nsreg.dat
2009-01-06 01:52 . 2009-01-06 02:19 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\ImgBurn
2009-01-06 01:16 . 2009-01-06 14:45 <DIR> d-------- c:\programmi\ImgBurn
2008-12-27 15:16 . 2008-12-27 15:17 <DIR> d-------- c:\windows\system32\NtmsData
2008-12-27 15:09 . 2008-12-27 15:20 <DIR> d-------- c:\programmi\Crawler

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-27 21:56 --------- d-----w c:\programmi\Packard Bell Data Secure
2009-01-27 21:33 --------- d-----w c:\programmi\ESET
2009-01-27 21:24 --------- d-----w c:\programmi\eMule
2009-01-25 12:42 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Any Video Converter
2009-01-25 12:00 --------- d-----w c:\programmi\Conduit
2009-01-25 02:07 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-25 02:07 --------- d-----w c:\programmi\epson
2009-01-25 01:56 --------- d-----w c:\programmi\MyPlayCity.com
2009-01-25 01:54 --------- d-----w c:\programmi\CONEXANT
2009-01-20 23:02 --------- d-----w c:\programmi\Any Video Converter
2009-01-20 00:11 --------- d-----w c:\programmi\Spyware Terminator
2009-01-20 00:11 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Spyware Terminator
2009-01-19 23:30 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\programmi\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\programmi\MyPlayCity\tbMyPl.dll" [2008-03-04 1470488]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2008-03-04 12:44 1470488 --a------ c:\programmi\MyPlayCity\tbMyPl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\programmi\MyPlayCity\tbMyPl.dll" [2008-03-04 1470488]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\programmi\MyPlayCity\tbMyPl.dll" [2008-03-04 1470488]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
"Packard Bell Data Secure"="c:\programmi\Packard Bell Data Secure\PBDataSecure.exe" [2006-06-20 2361856]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"PcSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2008-04-11 949376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-01-21 136600]
"ClamWin"="c:\programmi\ClamWin\bin\ClamTray.exe" [2008-11-09 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
Utilit… controllo supporti di Picture Motion Browser.lnk - c:\programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-09-27 344064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\eMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"34509:TCP"= 34509:TCP:ww
"35307:UDP"= 35307:UDP:udp

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-20 28544]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-04-11 15424]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6205ee6a-07a9-11dd-a333-ca1cc0d2ee91}]
\Shell\AutoRun\command - F:\nideiect.com
\Shell\explore\Command - F:\nideiect.com
\Shell\open\Command - F:\nideiect.com
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: &Winamp Search - c:\documents and settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Scarica con Free Download Manager - file://c:\programmi\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\programmi\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\programmi\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://c:\programmi\Free Download Manager\dlall.htm
LSP: c:\windows\system32\imon.dll
TCP: {F465FA73-5A30-48EE-9420-BF9FD890883C} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\th3nhdpo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-27 23:32:32
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(972)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2009-01-27 23.33.39
ComboFix-quarantined-files.txt 2009-01-27 22:33:23
ComboFix2.txt 2009-01-27 21:43:17

Pre-Run: 16.553.459.712 byte disponibili
Post-Run: 16,580,431,872 byte disponibili

181
Torna in alto
 
r16
Inviato: Tuesday, January 27, 2009 11:40:51 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ti chiedo scusa, c'è un errore nello script di Combofix:

Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe\ Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt



Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6205ee6a-07a9-11dd-a333-ca1cc0d2ee91}]

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
Torna in alto
 
ciccillo
Inviato: Tuesday, January 27, 2009 11:46:45 PM
Rank: Member

Iscritto dal : 1/25/2009
Posts: 17
Scusami ma in TweakUI nella voce da te indicata sono spuntate tutte è due le voci.
quindi devo lasciare come stanno
Torna in alto
 
ciccillo
Inviato: Tuesday, January 27, 2009 11:49:10 PM
Rank: Member

Iscritto dal : 1/25/2009
Posts: 17
Scusami non avevo letto il 'Togli' da te scritto.
Torna in alto
 
r16
Inviato: Wednesday, January 28, 2009 12:58:07 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Penso avrai letto il post precedente, in cui devi rifare l'operazione di Combofix causa un errore (mio) nello script.
Torna in alto
 
ciccillo
Inviato: Wednesday, January 28, 2009 3:47:00 PM
Rank: Member

Iscritto dal : 1/25/2009
Posts: 17
Scusami un dubbio il nome del file in cui salvare quel codice è CFSctript con estensione txt oppure è Cfscript.txt con estensione txt
Cmq eccoti il log aggiornato di combofix.


ComboFix 09-01-21.04 - Administrator 2009-01-28 15.39.25.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1014.538 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Sistema Antivirus NOD32 2.70 *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2008-12-28 al 2009-01-28 )))))))))))))))))))))))))))))))))))
.

2009-01-27 23:36 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2009-01-27 23:36 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2009-01-26 22:51 . 2009-01-26 22:51 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-01-26 22:51 . 2009-01-26 22:51 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-01-26 22:51 . 2009-01-26 22:51 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2009-01-26 22:51 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-26 22:51 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-25 17:00 . 2009-01-25 17:00 <DIR> d-------- c:\programmi\CCleaner
2009-01-25 13:11 . 2009-01-25 13:11 <DIR> d-------- c:\programmi\ABBYY FineReader 6.0 Sprint
2009-01-25 13:10 . 2009-01-25 13:10 <DIR> d-------- c:\windows\system32\Lang
2009-01-25 13:10 . 2009-01-25 13:10 <DIR> d-------- c:\programmi\Realtek
2009-01-25 13:10 . 2009-01-25 13:10 <DIR> d-------- c:\programmi\MyPlayCity
2009-01-25 13:10 . 2009-01-25 13:10 <DIR> d-------- c:\programmi\jZip
2009-01-25 13:10 . 2009-01-25 13:10 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\InstallShield
2009-01-25 02:37 . 2009-01-25 17:04 <DIR> d-------- c:\programmi\Spybot - Search & Destroy
2009-01-25 02:37 . 2009-01-25 17:05 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-01-25 02:33 . 2009-01-25 14:43 <DIR> d-------- c:\programmi\ClamWin
2009-01-25 02:33 . 2009-01-25 14:43 <DIR> d-------- c:\documents and settings\All Users\.clamwin
2009-01-25 02:33 . 2009-01-25 02:34 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\.clamwin
2009-01-25 01:45 . 2009-01-25 01:45 <DIR> d-------- c:\programmi\Trend Micro
2009-01-21 23:46 . 2009-01-21 23:46 <DIR> d-------- c:\programmi\Java
2009-01-21 23:46 . 2009-01-21 23:46 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-21 23:46 . 2009-01-21 23:46 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-20 21:36 . 2009-01-20 21:36 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-01-20 21:35 . 2009-01-20 21:35 <DIR> d-------- c:\programmi\SUPERAntiSpyware
2009-01-20 21:35 . 2009-01-20 21:35 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com
2009-01-20 21:15 . 2009-01-20 21:15 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2009-01-20 14:43 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-01-20 14:41 . 2009-01-25 03:04 <DIR> d-------- c:\programmi\Panda Security
2009-01-20 01:13 . 2009-01-20 23:44 <DIR> d-a------ c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-01-20 01:12 . 2009-01-20 01:12 <DIR> d-------- c:\programmi\SoftInform
2009-01-20 01:12 . 2009-01-20 01:12 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\SoftInform
2009-01-20 01:12 . 2009-01-23 22:25 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\dvdcss
2009-01-18 18:12 . 2009-01-20 01:13 <DIR> d-------- c:\programmi\Winamp Remote
2009-01-18 18:12 . 2009-01-20 01:13 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\OrbNetworks
2009-01-18 18:09 . 2009-01-20 01:13 <DIR> d-------- c:\programmi\Winamp
2009-01-18 18:09 . 2009-01-20 01:13 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Winamp
2009-01-18 13:22 . 2009-01-20 01:11 <DIR> d-------- c:\programmi\IZArc
2009-01-18 01:34 . 2009-01-26 22:19 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\vlc
2009-01-17 15:29 . 2009-01-20 01:12 <DIR> d-------- c:\programmi\Winamp Toolbar
2009-01-17 15:29 . 2009-01-17 15:29 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Winamp Toolbar
2009-01-17 15:27 . 2007-03-08 00:51 129,784 --------- c:\windows\system32\pxafs.dll
2009-01-16 21:20 . 2009-01-16 21:20 0 --a------ c:\windows\nsreg.dat
2009-01-06 01:52 . 2009-01-06 02:19 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\ImgBurn
2009-01-06 01:16 . 2009-01-06 14:45 <DIR> d-------- c:\programmi\ImgBurn

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 13:55 --------- d-----w c:\programmi\Packard Bell Data Secure
2009-01-27 21:33 --------- d-----w c:\programmi\ESET
2009-01-27 21:24 --------- d-----w c:\programmi\eMule
2009-01-25 12:42 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Any Video Converter
2009-01-25 12:00 --------- d-----w c:\programmi\Conduit
2009-01-25 02:07 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-25 02:07 --------- d-----w c:\programmi\epson
2009-01-25 01:56 --------- d-----w c:\programmi\MyPlayCity.com
2009-01-25 01:54 --------- d-----w c:\programmi\CONEXANT
2009-01-20 23:02 --------- d-----w c:\programmi\Any Video Converter
2009-01-20 00:11 --------- d-----w c:\programmi\Spyware Terminator
2009-01-20 00:11 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Spyware Terminator
2009-01-19 23:30 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2008-12-27 14:20 --------- d-----w c:\programmi\Crawler
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\programmi\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\programmi\MyPlayCity\tbMyPl.dll" [2008-03-04 1470488]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2008-03-04 12:44 1470488 --a------ c:\programmi\MyPlayCity\tbMyPl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\programmi\MyPlayCity\tbMyPl.dll" [2008-03-04 1470488]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\programmi\MyPlayCity\tbMyPl.dll" [2008-03-04 1470488]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
"Packard Bell Data Secure"="c:\programmi\Packard Bell Data Secure\PBDataSecure.exe" [2006-06-20 2361856]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"PcSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2008-04-11 949376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-01-21 136600]
"ClamWin"="c:\programmi\ClamWin\bin\ClamTray.exe" [2008-11-09 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
Utilit… controllo supporti di Picture Motion Browser.lnk - c:\programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-09-27 344064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\eMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"34509:TCP"= 34509:TCP:ww
"35307:UDP"= 35307:UDP:udp

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-20 28544]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-04-11 15424]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: &Winamp Search - c:\documents and settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Scarica con Free Download Manager - file://c:\programmi\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\programmi\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\programmi\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://c:\programmi\Free Download Manager\dlall.htm
LSP: c:\windows\system32\imon.dll
TCP: {F465FA73-5A30-48EE-9420-BF9FD890883C} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\th3nhdpo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 15:40:41
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(968)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2009-01-28 15.41.50
ComboFix-quarantined-files.txt 2009-01-28 14:41:36
ComboFix2.txt 2009-01-27 22:33:41
ComboFix3.txt 2009-01-27 21:43:17

Pre-Run: 16.580.947.968 byte disponibili
Post-Run: 16,571,146,240 byte disponibili

179
Torna in alto
 
r16
Inviato: Wednesday, January 28, 2009 5:40:48 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Lo hai scritto giusto: CFScript.txt
Infatti, la chiave è stata eliminata.
Posta un log di HJT, per un ultimo controllo.
Riferisci se ci sono ancora problemi.
Torna in alto
 
ciccillo
Inviato: Thursday, January 29, 2009 9:15:41 PM
Rank: Member

Iscritto dal : 1/25/2009
Posts: 17
Ho segiuito alla lettera le istruzioni da te fornitemi ma la scansione online di kaspersky non sono riuscita a farla perchè al momento che cliccavo su Kaspersky Online Scanner mi si eliminava la finestra aperta, quindi ho esegiuto la scansione con NOD32 che non mi rilevato nessuna infezione.

Questo è il log di HJ come da te richiesto..

Grazie per avermi aiutato e complimenti per la tua competenza


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.09.56, on 29/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\eMule\eMule.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\PROGRA~1\IZArc\IZArc.exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\ARCFDF4\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66022
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66022
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programmi\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: MyPlayCity Toolbar - {4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC} - C:\Programmi\MyPlayCity\tbMyPl.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programmi\Winamp Toolbar\winamptb.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Programmi\MyPlayCity\tbMyPl.dll
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Programmi\jZip\WebmailPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Programmi\MyPlayCity\tbMyPl.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programmi\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Utilità controllo supporti di Picture Motion Browser.lnk = C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con Free Download Manager - file://C:\Programmi\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208884194531
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F465FA73-5A30-48EE-9420-BF9FD890883C}: NameServer = 192.168.1.1
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe

--
End of file - 8508 bytes
Torna in alto
 
r16
Inviato: Thursday, January 29, 2009 9:53:00 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Il log di HijackThis è pulito.
Fai queste operazioni di pulizia:

Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp.
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected

Se non riscontri problemi, direi che abbiamo finito.
Torna in alto
 
ciccillo
Inviato: Thursday, January 29, 2009 10:28:03 PM
Rank: Member

Iscritto dal : 1/25/2009
Posts: 17
Ho un prblema nella cartella temp ho 4 file che non vengono eliminati, come fare?
Torna in alto
 
r16
Inviato: Thursday, January 29, 2009 10:31:48 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Me li puoi scrivere?
Torna in alto
 
ciccillo
Inviato: Thursday, January 29, 2009 10:33:38 PM
Rank: Member

Iscritto dal : 1/25/2009
Posts: 17
Sono:

~DF92E7.tmp

~DF92EE.tmp

~DFFE6F.tmp

~DFFE22.tmp
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllo log Hijack


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.