Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Problemi antivirus

2 pages: [1] 2
Problemi antivirus Opzioni
Topic Precedente · Topic Sucessivo
piopio1
Inviato: Saturday, June 05, 2010 10:17:37 AM
Rank: Member

Iscritto dal : 6/5/2010
Posts: 10
Salve, vorrei un vostro aiuto poichè non riesco ad installare antivirus e antispyware e non riesco ad accedere a siti come avg.com.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10.02.50, on 05/06/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\admServ.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\honestech\honestech TVR\scheduleTV.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\AmiCo\IMPOST~1\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ScheduleTV.lnk = C:\Programmi\honestech\honestech TVR\scheduleTV.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Servizio di Google Update (gupdate1cad8b12bbedce5) (gupdate1cad8b12bbedce5) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 10813 bytes
Torna in alto
 
Sponsor
Inviato: Saturday, June 05, 2010 10:17:37 AM

 
Torna in alto
 
paolopa
Inviato: Saturday, June 05, 2010 10:31:51 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
scarica e avvia questo programma: http://download.bleepingcomputer.com/grinler/rkill.com
prova ad installare l antivirus.
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
se trova infezioni posta il log che ti rilascera'.
tra un operazione e l altra non spegnere il pc.
dovrai anche aggiornare il sistema operativo.
Torna in alto
 
piopio1
Inviato: Saturday, June 05, 2010 11:56:27 AM
Rank: Member

Iscritto dal : 6/5/2010
Posts: 10
Ok, grazie per la veloce risposta.
Ho eseguito una scansione completa con MalwareBytes.
Riporto di seguito il Log:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4170

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

05/06/2010 11.45.56
mbam-log-2010-06-05 (11-45-56).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi esaminati: 205913
Tempo trascorso: 22 minuti, 1 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 3
Cartelle infette: 0
File infetti: 1

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
C:\WINDOWS\system32\02.tmp (Worm.Conficker) -> No action taken.
Torna in alto
 
shapiro
Inviato: Saturday, June 05, 2010 12:17:24 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
scusa per l'intervento paolopa ma ha il conficker come supponevo

piopio1

mentre paolopa entra elimina quello che ha trovato malwarebytes e fai una scansione con questo tool


installa anche questa patch della Microsoft
Torna in alto
 
paolopa
Inviato: Saturday, June 05, 2010 12:27:28 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
ciao shapiro,di che ti scusi??!!si una brutta bestia,ma si puo' rimediare.quando hai eseguito le indicazioni di shapiro fai questo:

http://www.atribune.org/ccount/click.php?id=1

ATF cleaner.. non necessita di installazione.. è solo un piccolo tool per la pulizia del pc dei file non necessari (temporanei ecc)


http://www.bdtools.net/download/bd_rem_tool.zip

BdTools
Estri tutti i file ed avvia bd_rem_tool_gui.exe. Clicca start e fai scansionare bene il pc.
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: dopo aver scaricato COMBOFIX chiudi la connessione disabilita il tuo antivirus e
chiudi TUTTI i programmi aperti,(Firewall compreso) e

Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix)
tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse)
e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
Torna in alto
 
monsee
Inviato: Saturday, June 05, 2010 1:27:39 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
PER Paolo e Shapiro: Applause Applause Applause è la prova ulteriore che "l'unione fa la forza" (è questo, penso io, che rende grande Aiutamici).
Torna in alto
 
piopio1
Inviato: Saturday, June 05, 2010 1:42:06 PM
Rank: Member

Iscritto dal : 6/5/2010
Posts: 10
Grazie ancora per l'aiuto.
Ho fatto tutto ciò che mi avete detto.
Copio il log di Combofix:



ComboFix 10-06-03.01 - AmiCo 05/06/2010 13.30.54.1.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.1022.490 [GMT 2:00]
Eseguito da: c:\documents and settings\AmiCo\Desktop\ComboFix.exe

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
I seguenti file sono stati disabilitati durante la scansione:
c:\programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\WinPCap
c:\programmi\WinPCap\daemon_mgm.exe
c:\programmi\WinPCap\npf_mgm.exe
c:\programmi\WinPCap\rpcapd.exe
c:\windows\system\msvcr71.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000014_.tmp.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Creati Da 2010-05-05 al 2010-06-05 )))))))))))))))))))))))))))))))))))
.

2010-06-05 09:22 . 2010-06-05 09:22 -------- d-----w- c:\documents and settings\AmiCo\Dati applicazioni\Malwarebytes
2010-06-05 09:22 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-05 09:22 . 2010-06-05 09:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-06-05 09:22 . 2010-06-05 09:22 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-06-05 09:22 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-05 08:02 . 2010-06-05 08:02 388096 ----a-r- c:\documents and settings\AmiCo\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-05 08:02 . 2010-06-05 08:02 -------- d-----w- c:\programmi\Trend Micro
2010-06-05 07:58 . 2010-06-05 07:58 -------- d-----w- c:\documents and settings\AmiCo\Dati applicazioni\.clamwin
2010-06-05 07:58 . 2010-06-05 07:58 -------- d-----w- c:\programmi\ClamWin
2010-06-05 07:58 . 2010-06-05 07:58 -------- d-----w- c:\documents and settings\All Users\.clamwin
2010-06-05 07:21 . 2010-06-05 07:22 -------- d-----w- c:\documents and settings\AmiCo\Dati applicazioni\Yahoo!
2010-06-05 07:21 . 2010-06-05 07:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2010-06-05 07:21 . 2010-06-05 07:21 -------- d-----w- c:\programmi\Yahoo!
2010-06-05 07:21 . 2010-06-05 07:21 -------- d-----w- c:\programmi\CCleaner
2010-06-05 07:19 . 2010-06-05 07:19 -------- d-----w- c:\documents and settings\AmiCo\Dati applicazioni\AVG8
2010-06-05 07:00 . 2010-06-05 07:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2010-06-05 06:29 . 2010-06-05 06:29 -------- d-----w- C:\FOUND.020
2010-06-05 06:08 . 2010-06-05 06:08 -------- d-----w- C:\FOUND.019
2010-06-04 08:25 . 2010-06-04 08:25 -------- d-----w- C:\FOUND.018
2010-06-03 13:57 . 2010-06-03 13:57 -------- d-----w- C:\FOUND.017
2010-06-03 13:39 . 2010-06-03 13:39 -------- d-----w- C:\FOUND.016
2010-06-03 07:55 . 2010-06-03 07:55 -------- d-----w- C:\FOUND.015
2010-06-02 15:50 . 2010-06-02 15:50 -------- d-----w- C:\FOUND.014
2010-06-02 15:46 . 2010-06-02 15:46 -------- d-----w- C:\FOUND.013
2010-06-02 07:47 . 2010-06-02 07:47 -------- d-----w- C:\FOUND.012
2010-06-02 07:43 . 2010-06-02 07:43 -------- d-----w- C:\FOUND.011
2010-06-01 08:07 . 2010-06-01 08:07 -------- d-----w- C:\FOUND.010

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-05 06:38 . 2005-10-18 07:11 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-10 13:35 . 2010-04-10 13:35 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-10 13:35 . 2010-04-10 13:35 -------- d-----w- c:\documents and settings\AmiCo\Dati applicazioni\skypePM
2010-04-10 13:24 . 2010-04-10 13:24 -------- d-----w- c:\documents and settings\AmiCo\Dati applicazioni\Skype
2010-04-10 13:24 . 2010-04-10 13:24 -------- d-----w- c:\programmi\Google
2010-04-10 13:24 . 2010-04-10 13:24 -------- d-----w- c:\programmi\File comuni\Skype
2010-04-10 13:24 . 2010-04-10 13:24 -------- d-----r- c:\programmi\Skype
2010-04-10 13:24 . 2010-04-10 13:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2006-07-05 09:56 . 2004-08-19 03:00 163879 --sh--r- c:\windows\system32\bfjaeezt.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2005-11-01 102491]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-11-01 692315]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2005-12-13 151552]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-02 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-02 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-02 118784]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"ntiMUI"="c:\programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-08-24 53248]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 352256]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-08 3080704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-04-03 471040]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-03-31 225280]
"LogitechCameraAssistant"="c:\programmi\Acer\OrbiCam\CameraAssistant.exe" [2006-03-31 331776]
"LogitechVideo[inspector]"="c:\programmi\Acer\OrbiCam\InstallHelper.exe" [2006-03-31 08:32 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2006-09-08 77824]
"EPSON Stylus DX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304]
"ClamWin"="c:\programmi\ClamWin\bin\ClamTray.exe" [2010-05-24 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2006-9-8 113664]
ScheduleTV.lnk - c:\programmi\honestech\honestech TVR\scheduleTV.exe [2006-9-8 307200]
Adobe Reader Speed Launch.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Messenger\\MSMSGS.EXE"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3453:TCP"= 3453:TCP:huxutzgk

R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [30/11/2005 5.28.58 1097472]
S2 evpkfkgz;zdtrgywu;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 5.00.00 14336]
S2 gupdate1cad8b12bbedce5;Servizio di Google Update (gupdate1cad8b12bbedce5);c:\programmi\Google\Update\GoogleUpdate.exe [10/04/2010 15.24.38 133104]
S2 ytbfilc;Monitor Task;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 5.00.00 14336]
S3 AVerE506;AVerE506 service;c:\windows\system32\drivers\AVerE506.sys [19/03/2006 20.29.00 520192]
S3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [19/03/2006 20.28.00 1274880]
S3 hawhx;hawhx;\??\c:\windows\system32\05.tmp --> c:\windows\system32\05.tmp [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [22/03/2010 19.47.23 100736]
S3 ubafzw;ubafzw;\??\c:\windows\system32\05.tmp --> c:\windows\system32\05.tmp [?]
S3 uigpkmuk;uigpkmuk;\??\c:\windows\system32\03.tmp --> c:\windows\system32\03.tmp [?]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - EVPKFKGZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ricajradq
ytbfilc
evpkfkgz
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://global.acer.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Notify-WgaLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-05 13:35
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hawhx]
"ImagePath"="\??\c:\windows\system32\05.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ubafzw]
"ImagePath"="\??\c:\windows\system32\05.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uigpkmuk]
"ImagePath"="\??\c:\windows\system32\03.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\evpkfkgz]
"ServiceDll"="c:\windows\system32\bfjaeezt.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ytbfilc]
"ServiceDll"="c:\windows\system32\bfjaeezt.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4296)
c:\programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
c:\acer\Empowering Technology\admServ.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\programmi\CyberLink\Shared Files\RichVideo.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\docume~1\AmiCo\IMPOST~1\Temp\RtkBtMnt.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-06-05 13:37:26 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-06-05 11:37

Pre-Run: 38.155.255.808 byte disponibili
Post-Run: 38.089.981.952 byte disponibili

- - End Of File - - 83DA199999E4C16A8929B8A202EFE1FE
Torna in alto
 
paolopa
Inviato: Saturday, June 05, 2010 1:59:05 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
http://www2.gmer.net/gmer.zip

Gmer non richiede installazione... ma una volta avviato è opportuno selezionare tutte le caselle di destra in modo che il pc sia scansionato completamente.
guarda se trova delle voci in rosso.
Torna in alto
 
piopio1
Inviato: Saturday, June 05, 2010 2:29:49 PM
Rank: Member

Iscritto dal : 6/5/2010
Posts: 10
Ho scansionato il pc con Gmer. Copio il Log:





GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-05 14:24:00
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\AmiCo\IMPOST~1\Temp\agndikoc.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF71ACDBF]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1044] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes JMP 01859DB4
.text C:\WINDOWS\System32\svchost.exe[1044] NETAPI32.dll!NetpwPathCanonicalize 5BC7A101 5 Bytes JMP 01859D54
.text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes JMP 008E9DB4

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[1852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01CE2F10] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\Explorer.EXE[1852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01CE2D60] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\Explorer.EXE[1852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01CE2D20] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\Explorer.EXE[1852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01CE2D70] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002F10] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002D60] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002D20] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002D70] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\DOCUME~1\AmiCo\IMPOST~1\Temp\RtkBtMnt.exe[3572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002F10] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\DOCUME~1\AmiCo\IMPOST~1\Temp\RtkBtMnt.exe[3572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002D60] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\DOCUME~1\AmiCo\IMPOST~1\Temp\RtkBtMnt.exe[3572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002D20] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\DOCUME~1\AmiCo\IMPOST~1\Temp\RtkBtMnt.exe[3572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002D70] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe[3700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002F10] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe[3700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002D60] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe[3700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002D20] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe[3700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002D70] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\DOCUME~1\AmiCo\IMPOST~1\Temp\Directory temporanea 1 per gmer.zip\gmer.exe[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002F10] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\DOCUME~1\AmiCo\IMPOST~1\Temp\Directory temporanea 1 per gmer.zip\gmer.exe[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002D60] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\DOCUME~1\AmiCo\IMPOST~1\Temp\Directory temporanea 1 per gmer.zip\gmer.exe[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002D20] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\DOCUME~1\AmiCo\IMPOST~1\Temp\Directory temporanea 1 per gmer.zip\gmer.exe[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002D70] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\Programmi\ATI Technologies\ATI.ACE\cli.exe[3888] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [10002F10] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\Programmi\ATI Technologies\ATI.ACE\cli.exe[3888] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [10002D60] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\Programmi\ATI Technologies\ATI.ACE\cli.exe[3888] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [10002D20] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\Programmi\ATI Technologies\ATI.ACE\cli.exe[3888] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [10002D70] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\Programmi\ATI Technologies\ATI.ACE\cli.exe[3904] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [10002F10] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\Programmi\ATI Technologies\ATI.ACE\cli.exe[3904] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [10002D60] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\Programmi\ATI Technologies\ATI.ACE\cli.exe[3904] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [10002D20] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\Programmi\ATI Technologies\ATI.ACE\cli.exe[3904] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [10002D70] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Cdrom \Device\CdRom0 OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)

AttachedDevice \FileSystem\Fastfat \Fat OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] evpkfkgz <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] ytbfilc <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\evpkfkgz@DisplayName zdtrgywu
Reg HKLM\SYSTEM\CurrentControlSet\Services\evpkfkgz@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\evpkfkgz@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\evpkfkgz@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\evpkfkgz@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\evpkfkgz@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\evpkfkgz@Description Consente di inviare e ricevere fax utilizzando le risorse fax disponibili nel computer o in rete.
Reg HKLM\SYSTEM\CurrentControlSet\Services\evpkfkgz\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\evpkfkgz\Parameters@ServiceDll C:\WINDOWS\system32\bfjaeezt.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\ytbfilc@DisplayName Monitor Task
Reg HKLM\SYSTEM\CurrentControlSet\Services\ytbfilc@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\ytbfilc@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\ytbfilc@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\ytbfilc@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\ytbfilc@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\ytbfilc@Description Crea e mantiene le connessioni di rete tra client e server remoti. Se il servizio ? stato arrestato, le connessioni non saranno disponibili. Se il servizio ? stato disabilitato, i servizi esplicitamente dipendenti da esso non verranno avviati.
Reg HKLM\SYSTEM\CurrentControlSet\Services\ytbfilc\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\ytbfilc\Parameters@ServiceDll C:\WINDOWS\system32\bfjaeezt.dll
Reg HKLM\SYSTEM\ControlSet002\Services\evpkfkgz@DisplayName zdtrgywu
Reg HKLM\SYSTEM\ControlSet002\Services\evpkfkgz@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\evpkfkgz@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\evpkfkgz@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\evpkfkgz@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\evpkfkgz@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\evpkfkgz@Description Consente di inviare e ricevere fax utilizzando le risorse fax disponibili nel computer o in rete.
Reg HKLM\SYSTEM\ControlSet002\Services\evpkfkgz\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\evpkfkgz\Parameters@ServiceDll C:\WINDOWS\system32\bfjaeezt.dll
Reg HKLM\SYSTEM\ControlSet002\Services\ytbfilc@DisplayName Monitor Task
Reg HKLM\SYSTEM\ControlSet002\Services\ytbfilc@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\ytbfilc@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\ytbfilc@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\ytbfilc@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\ytbfilc@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\ytbfilc@Description Crea e mantiene le connessioni di rete tra client e server remoti. Se il servizio ? stato arrestato, le connessioni non saranno disponibili. Se il servizio ? stato disabilitato, i servizi esplicitamente dipendenti da esso non verranno avviati.
Reg HKLM\SYSTEM\ControlSet002\Services\ytbfilc\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\ytbfilc\Parameters@ServiceDll C:\WINDOWS\system32\bfjaeezt.dll

---- EOF - GMER 1.0.15 ----


Come procedo?
Torna in alto
 
paolopa
Inviato: Saturday, June 05, 2010 2:43:33 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
clicca col dx sulle voci in rosso e scegli l opzione per eliminarle.come va adesso il pc?
Torna in alto
 
r16
Inviato: Saturday, June 05, 2010 3:00:46 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::
File::
C:\FOUND.020
C:\FOUND.019
C:\FOUND.018
C:\FOUND.017
C:\FOUND.016
C:\FOUND.015
C:\FOUND.014
C:\FOUND.013
C:\FOUND.012
C:\FOUND.011
C:\FOUND.010
c:\windows\system32\bfjaeezt.dll
c:\windows\system32\05.tmp
c:\windows\system32\03.tmp
Folder::
C:\FOUND.020
C:\FOUND.019
C:\FOUND.018
C:\FOUND.017
C:\FOUND.016
C:\FOUND.015
C:\FOUND.014
C:\FOUND.013
C:\FOUND.012
C:\FOUND.011
C:\FOUND.010
C:\WINDOWS\temp
C:\WINDOWS\Tasks
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3453:TCP"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ricajradq]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ricajradq]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ricajradq]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ricajradq]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_ricajradq]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ricajradq]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ricajradq]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ricajradq]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ricajradq]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ricajradq]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ytbfilc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ytbfilc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ytbfilc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ytbfilc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_ytbfilc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ytbfilc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ytbfilc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ytbfilc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ytbfilc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ytbfilc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_evpkfkgz]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_evpkfkgz]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_evpkfkgz]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_evpkfkgz]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_evpkfkgz]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\evpkfkgz]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\evpkfkgz]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\evpkfkgz]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\evpkfkgz]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\evpkfkgz]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hawhx]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ubafzw]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uigpkmuk]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\evpkfkgz]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ytbfilc]
Driver::
evpkfkgz
ytbfilc
hawhx
ubafzw
uigpkmuk
NetSvcs::
ricajradq
ytbfilc
evpkfkgz
.
.
e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix.

N.B:
Hai un antivirus obsoleto.
Per non parlare del S.O.
Il pc, in quelle condizioni, è molto esposto a gravi infezioni.
Torna in alto
 
paolopa
Inviato: Saturday, June 05, 2010 3:02:28 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
@r16:eheheheh,ti aspettavo,è questa l ora di arrivare?stavo sudando...tutto tuo!!!!!
Torna in alto
 
piopio1
Inviato: Saturday, June 05, 2010 3:03:00 PM
Rank: Member

Iscritto dal : 6/5/2010
Posts: 10
Ho eliminato le 2 voci rosse, solo che mi è uscita una stana schermata blu. Quindi ho riavviato e ora mi esce un pop-up con scritto:

"Impossibile gestire un'eccezione generata dall'applicazione.
ID processo: 0xa= (160), ID thread: 0x88 (136)

Per terminare l'applicazione scegliere OK.
Per eseguire il debug scegliere Annulla."

Cosa faccio?

PS: non mi compare più la barra Start.
Torna in alto
 
paolopa
Inviato: Saturday, June 05, 2010 3:04:02 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
segui le indicazioni di r16
Torna in alto
 
piopio1
Inviato: Saturday, June 05, 2010 3:16:10 PM
Rank: Member

Iscritto dal : 6/5/2010
Posts: 10
Ragazzi dopo aver cancellato quelle 2 righe rosse il pc non mi permette di far nulla. Non mi compare la Barra Start.
Non sò come fare, aiutatemi!!!
Torna in alto
 
piopio1
Inviato: Saturday, June 05, 2010 3:16:44 PM
Rank: Member

Iscritto dal : 6/5/2010
Posts: 10
PS: sto scrivendo da un'altro pc.
Torna in alto
 
r16
Inviato: Saturday, June 05, 2010 3:17:48 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Prova a riavviare il pc.
Se si riavvia, esegui le indicazioni che ti ho dato.
Torna in alto
 
piopio1
Inviato: Saturday, June 05, 2010 3:18:52 PM
Rank: Member

Iscritto dal : 6/5/2010
Posts: 10
Ho già provato, ma mi esce quel popup. Dopo aver cancellato quelle righe con Gmer cosa posso fare?
Torna in alto
 
r16
Inviato: Saturday, June 05, 2010 3:23:28 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Entra in modalità provvisoria.
E prova ad eseguire un'altra scansione con Malwarebytes, e Combofix.
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Problemi antivirus


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.