ok shapiro sto seguendo quello che mi hai detto, ma non esiste nessuna cartella Antispy Safeguard in C:\Programmi
ho fatto quello che mi hai detto con Hijackthis
idem con rkill e il programma mi ha dato questo log:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Nunzio on 29/09/2010 at 13.35.43.
Services Stopped:
Processes terminated by Rkill or while it was running:
C:\Programmi\Java\jre6\bin\java.exe
C:\Documents and Settings\Nunzio\Documenti\Download\rkill.com
Rkill completed on 29/09/2010 at 13.35.50.
Ora procedo con ComboFix!
questo è il risultato di Combofix, comunque Google Chrome è tornato a funzionare e spero di non aver ancora problemi, comunque se ci sono altre procedure da seguire, attendo tue indicazioni:
ComboFix 10-09-28.03 - Nunzio 29/09/2010 14.07.32.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1919.1483 [GMT 2:00]
Eseguito da: c:\hijackthis\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-EE24-0012-4A53-927CA4101600}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {7C925FAC-DBF8-7FFD-302F-250000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {7C925FAC-DBF8-7FFD-602D-250000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {7C925FAC-EBF8-7FFD-302F-250000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {7C925FAC-EBF8-7FFD-602D-250000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {7C925FAC-FBF8-7FFD-302F-250000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {7C925FAC-FBF8-7FFD-602D-250000000000}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Nunzio\Dati applicazioni\hotfix.exe
c:\documents and settings\Nunzio\Dati applicazioni\Onxef
c:\documents and settings\Nunzio\Dati applicazioni\Onxef\dialc.exe
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\sdra64.exe
La copia infetta di c:\windows\system32\drivers\disk.sys è stata trovata e disinfettata
ipristinata copia da - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Creati Da 2010-08-28 al 2010-09-29 )))))))))))))))))))))))))))))))))))
.
2010-09-29 07:59 . 2010-09-29 11:40 -------- d-----w- C:\HijackThis
2010-09-29 01:17 . 2010-09-29 01:17 -------- d-----w- c:\programmi\CCleaner
2010-09-25 14:27 . 2010-09-25 14:27 476672 --sh--w- c:\windows\system32\w32prxy.dll
2010-09-25 14:27 . 2010-09-25 14:27 60416 --sh--w- c:\windows\system32\dbghook.dll
2010-09-24 20:27 . 2010-09-24 20:27 -------- d-----w- c:\documents and settings\Nunzio\Dati applicazioni\Malwarebytes
2010-09-24 20:26 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-24 20:26 . 2010-09-24 20:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-09-24 20:26 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-24 20:26 . 2010-09-24 20:27 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-09-24 19:19 . 2010-09-24 19:21 -------- d-----w- c:\documents and settings\Nunzio\Dati applicazioni\7A669F5CB83B6898EF56911BE70BBB57
2010-09-16 16:50 . 2010-09-16 16:50 -------- d-----w- c:\programmi\Veetle
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 08:26 . 2010-01-01 19:44 -------- d-----w- c:\documents and settings\Nunzio\Dati applicazioni\Opxua
2010-09-14 19:43 . 2010-07-23 07:12 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-09-02 17:06 . 2010-01-13 22:55 -------- d-----w- c:\documents and settings\Nunzio\Dati applicazioni\gtk-2.0
2010-08-31 18:28 . 2010-05-07 17:54 -------- d-----w- c:\documents and settings\Nunzio\Dati applicazioni\uTorrent
2010-08-29 14:36 . 2008-04-14 12:00 79496 ----a-w- c:\windows\system32\perfc010.dat
2010-08-29 14:36 . 2008-04-14 12:00 479138 ----a-w- c:\windows\system32\perfh010.dat
2010-08-17 13:17 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:48 . 2008-04-14 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-21 23:05 . 2010-05-12 21:59 60 ----a-w- c:\windows\wpd99.drv
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\programmi\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]
"AlcoholAutomount"="c:\programmi\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"Google Update"="c:\documents and settings\Nunzio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-04-01 136176]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\programmi\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"LogitechVideoTray"="c:\programmi\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Easy-PrintToolBox"="c:\programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-10-28 141600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Nunzio\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.1.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Graphisoft\\ArchiCAD 12\\ArchiCAD.exe"=
"c:\\Documents and Settings\\Nunzio\\Impostazioni locali\\Dati applicazioni\\Google\\Chrome\\Application\\chrome.exe"=
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [21/11/2009 22.02.52 1358720]
S2 RadPciNT;RadPciNT;c:\windows\system32\drivers\RadPciNT.sys [24/04/2000 19.26.50 9417]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21/11/2009 21.47.11 691696]
.
Contenuto della cartella 'Scheduled Tasks'
2010-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-926492609-682003330-1003Core.job
- c:\documents and settings\Nunzio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-04-01 13:08]
2010-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-926492609-682003330-1003UA.job
- c:\documents and settings\Nunzio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-04-01 13:08]
.
.
------- Scansione supplementare -------
.
uStart Page =
uInternet Settings,ProxyOverride = local
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Nunzio\Dati applicazioni\Mozilla\Firefox\Profiles\yt3qysz8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - plugin: c:\documents and settings\Nunzio\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Veetle\Player\npvlc.dll
FF - plugin: c:\programmi\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programmi\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-Run-{06061DD0-FEEF-4EAB-7328-03334EF476A3} - c:\documents and settings\Nunzio\Dati applicazioni\Onxef\dialc.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-09-29 14:17
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3528)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\WgaTray.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\programmi\OpenOffice.org 3\program\soffice.exe
c:\programmi\OpenOffice.org 3\program\soffice.bin
c:\programmi\Logitech\Video\FxSvr2.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Ora fine scansione: 2010-09-29 14:23:33 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-09-29 12:23
Pre-Run: 52.294.340.608 byte disponibili
Post-Run: 52.339.396.608 byte disponibili
- - End Of File - - 642D4B84A32D95DE79021381EAD91529
